diff --git a/app/registrations/registrations.php b/app/registrations/registrations.php
index 05c7c9de24..1f262a8b39 100644
--- a/app/registrations/registrations.php
+++ b/app/registrations/registrations.php
@@ -44,11 +44,11 @@
$text = $language->get();
//get the http values and set them as variables
- $search = check_str($_GET["search"]);
+ $search = $_REQUEST["search"];
//set the format
$template = true;
- if ($_GET["template"] == "false" && permission_exists('registration_reload')) {
+ if ($_REQUEST["template"] == "false" && permission_exists('registration_reload')) {
$template = false;
}
@@ -71,11 +71,18 @@
$language = new text;
$text = $language->get();
+//debug
+ //echo "\n";
+ //print_r($_REQUEST);
+ //echo "
\n";
+
//get the HTTP values and set as variables
$profile = trim($_REQUEST["profile"]);
$search = trim($_REQUEST["search"]);
$show = trim($_REQUEST["show"]);
- if ($show == "all") { $profile = 'all'; }
+ if ($show == "all") {
+ $profile = 'all';
+ }
//set the registrations variable
$registrations = $_REQUEST["registrations"];
@@ -108,6 +115,11 @@
}
}
+//get the list
+ $sql = "select sip_profile_name as name from v_sip_profiles ";
+ $database = new database;
+ $sip_profiles = $database->select($sql, null, 'all');
+
//create the event socket connection
$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
@@ -115,30 +127,45 @@
if (isset($action)) {
if (is_array($registrations)) {
foreach ($registrations as $row) {
- if ($fp) {
- //get the vendor
- $vendor = device::get_vendor_by_agent($row['agent']);
- //prepare the command
+ if ($fp) {
+ //validate the profile
+ foreach($sip_profiles as $field) {
+ if ($field['name'] == $row['profile']) {
+ $profile = $row['profile'];
+ }
+ }
+ //validate the user
+ if (strlen($row['user']) > 0) {
+ $user = preg_replace('#[^a-zA-Z0-9_\-\.\@]#', '', $row['user']);
+ }
+ //validate the host
+ if (strlen($row['host']) > 0) {
+ $host = preg_replace('#[^a-zA-Z0-9_\-\.]#', '', $row['host']);
+ }
+ //get the vendor
+ $vendor = device::get_vendor_by_agent($row['agent']);
+ //prepare and send the command
+ if (strlen($vendor) > 0 && strlen($profile) > 0 && strlen($user) > 0) {
if ($action == "unregister") {
- $command = "sofia profile ".$row['profile']." flush_inbound_reg ".$row['user']." reboot";
+ $command = "sofia profile ".$profile." flush_inbound_reg ".$user." reboot";
}
- if ($action == "provision") {
- $command = "lua app.lua event_notify ".$row['profile']." check_sync ".$row['user']." ".$vendor." ".$row['host'];
+ if ($action == "provision" && strlen($host) > 0) {
+ $command = "lua app.lua event_notify ".$profile." check_sync ".$user." ".$vendor." ".$host;
}
- if ($action == "reboot") {
- $command = "lua app.lua event_notify ".$row['profile']." reboot ".$row['user']." ".$vendor." ".$row['host'];
+ if ($action == "reboot" && strlen($host) > 0) {
+ $command = "lua app.lua event_notify ".$profile." reboot ".$user." ".$vendor." ".$host;
}
- //send the command
$response = event_socket_request($fp, "api ".$command);
$response = event_socket_request($fp, "api log notice ".$command);
- }
+ }
+ }
}
}
}
//show the response
if (isset($response)) {
- message::add($text['label-event']." ".ucwords($cmd)." ".$text['label-response'].htmlentities($response));
+ message::add($text['label-event']." ".escape(ucwords($cmd))." ".$text['label-response'].escape($response));
}
//define variables
@@ -198,13 +225,13 @@
echo "\n";
- echo "\n";
+ echo "\n";
echo "\n";
//close the connection and unset the variable