Ticket #3266: secret_same_as_extension.3.patch

File secret_same_as_extension.3.patch, 2.8 kB (added by acaley, 3 years ago)

  • amp_conf/htdocs/admin/modules/core/functions.inc.php

    old new  
    40764076    $msgInvalidChannel = _("Please enter the channel for this device"); 
    40774077    $msgConfirmSecret = _("You have not entered a Secret for this device, although this is possible it is generally bad practice to not assign a Secret to a device. Are you sure you want to leave the Secret empty?"); 
    40784078    $msgInvalidSecret = _("Please enter a Secret for this device"); 
    4079      
     4079 
     4080        $msgSecretSameAsExtension = _("You have set your secret and device/extension to the same value. This can be a serious security vulnerability resulting in a hacker compromising your system to make free phone calls. There are many known instances where this has already occurred"); 
     4081 
    40804082    // zap 
    40814083    $tmparr = array(); 
    40824084    $tmparr['channel'] = array('value' => '', 'level' => 0, 'jsvalidation' => 'isEmpty()', 'failvalidationmsg' => $msgInvalidChannel); 
     
    40944096    $tmparr['mailbox'] = array('value' => '', 'level' => 1); 
    40954097    $currentcomponent->addgeneralarrayitem('devtechs', 'zap', $tmparr); 
    40964098    unset($tmparr); 
    4097      
     4099 
     4100        if ($_REQUEST['extdisplay']) $ext = $_REQUEST['extdisplay']; 
     4101        else $ext = 'document.getElementById("deviceid").value'; 
     4102 
    40984103    // iax2 
    40994104    $tmparr = array(); 
    4100    $tmparr['secret'] = array('value' => '', 'level' => 0, 'jsvalidation' => 'isEmpty() && !confirm("'.$msgConfirmSecret.'")', 'failvalidationmsg' => $msgInvalidSecret); 
     4105        $tmparr['secret'] = array('value' => '', 'level' => 0, 'jsvalidation' => '(' . $ext . ' == theForm.devinfo_secret.value && !confirm("' . $msgSecretSameAsExtension . '")) || isEmpty() && !confirm("'.$msgConfirmSecret.'")', 'failvalidationmsg' => $msgInvalidSecret); 
    41014106    $tmparr['notransfer'] = array('value' => 'yes', 'level' => 1); 
    41024107    $tmparr['context'] = array('value' => 'from-internal', 'level' => 1); 
    41034108    $tmparr['host'] = array('value' => 'dynamic', 'level' => 1); 
     
    41144119 
    41154120    // sip 
    41164121    $tmparr = array(); 
    4117     $tmparr['secret'] = array('value' => '', 'level' => 0, 'jsvalidation' => 'isEmpty() && !confirm("'.$msgConfirmSecret.'")', 'failvalidationmsg' => $msgInvalidSecret); 
     4122    $tmparr['secret'] = array('value' => '', 'level' => 0, 'jsvalidation' => '(' . $ext . ' == theForm.devinfo_secret.value && !confirm("' . $msgSecretSameAsExtension . '")) || isEmpty() && !confirm("'.$msgConfirmSecret.'")', 'failvalidationmsg' => $msgInvalidSecret); 
    41184123    $tmparr['dtmfmode'] = array('value' => 'rfc2833', 'level' => 0, 'jsvalidation' => 'isEmpty()', 'failvalidationmsg' => $msgInvalidDTMFMODE ); 
    41194124    $tmparr['canreinvite'] = array('value' => 'no', 'level' => 1); 
    41204125    $tmparr['context'] = array('value' => 'from-internal', 'level' => 1);