root/modules/branches/2.6/customappsreg/page.customextens.php

Revision 10519, 6.2 kB (checked in by p_lindheimer, 3 years ago)

Merged revisions 10518 via svnmerge from
http://www.freepbx.org/v2/svn/modules/branches/2.7

................

r10518 | p_lindheimer | 2010-11-02 12:14:32 -0700 (Tue, 02 Nov 2010) | 16 lines


Merged revisions 10517 via svnmerge from
http://svn.freepbx.org/modules/branches/2.8


................

r10517 | p_lindheimer | 2010-11-02 12:12:08 -0700 (Tue, 02 Nov 2010) | 9 lines


Merged revisions 10516 via svnmerge from
http://svn.freepbx.org/modules/branches/2.9


........

r10516 | p_lindheimer | 2010-11-02 12:10:23 -0700 (Tue, 02 Nov 2010) | 1 line


fixes #4618 xss security issue and some other precations unreported

........

................

................

Line 
1 <?php
2 /** Custom Extensions Display for FreePBX 2.4
3  * Copyright 2006 Philippe Lindheimer - Astrogen LLC
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License
6  * as published by the Free Software Foundation; either version 2
7  * of the License, or (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12  * GNU General Public License for more details.
13  */
14
15 $tabindex = 0;
16 $display = 'customextens';
17
18 $type   = isset($_REQUEST['type']) ? $_REQUEST['type'] : 'tool';
19 $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
20 if (isset($_REQUEST['delete'])) $action = 'delete';
21
22 $custom_exten = preg_replace("/[^0-9*#]/" ,"", trim($custom_exten));
23
24 $old_custom_exten = isset($_REQUEST['old_custom_exten']) ? preg_replace("/[^0-9*#]/" ,"",$_REQUEST['old_custom_exten']) :  '';
25 $custom_exten     = isset($_REQUEST['extdisplay']) ? preg_replace("/[^0-9*#]/" ,"",$_REQUEST['extdisplay']) :  '';
26 $description     = isset($_REQUEST['description']) ? htmlentities($_REQUEST['description']) :  '';
27 $notes           = isset($_REQUEST['notes']) ? htmlentities($_REQUEST['notes']) :  '';
28
29 switch ($action) {
30     case 'add':
31         $conflict_url = array();
32         $usage_arr = framework_check_extension_usage($custom_exten);
33         if (!empty($usage_arr)) {
34             $conflict_url = framework_display_extension_usage_alert($usage_arr);
35             $custom_exten='';
36         } else {
37             if (customappsreg_customextens_add($custom_exten, $description, $notes)) {
38                 needreload();
39                 redirect_standard();
40             } else {
41                 $custom_exten='';
42             }
43         }
44     break;
45     case 'edit':
46         $conflict_url = array();
47         if ($old_custom_exten != $custom_exten) {
48             $usage_arr = framework_check_extension_usage($custom_exten);
49             if (!empty($usage_arr)) {
50                 $conflict_url = framework_display_extension_usage_alert($usage_arr);
51             }
52         }
53         if (empty($conflict_url)) {
54             if (customappsreg_customextens_edit($old_custom_exten, $custom_exten, $description, $notes)) {
55                 needreload();
56                 redirect_standard('extdisplay');
57             }
58         }
59     break;
60     case 'delete':
61         customappsreg_customextens_delete($custom_exten);
62         needreload();
63         redirect_standard();
64     break;
65 }
66
67 ?> 
68 </div>
69
70 <div class="rnav"><ul>
71 <?php
72
73 echo '<li><a href="config.php?display='.$display.'&amp;type='.$type.'">'._('Add Custom Extension').'</a></li>';
74
75 foreach (customappsreg_customextens_list() as $row) {
76     $descr = $row['description'] != '' ? $row['description'] : '('.$row['custom_exten'].')';
77     echo '<li><a href="config.php?display='.$display.'&amp;type='.$type.'&amp;extdisplay='.$row['custom_exten'].'" class="">'.$descr.'</a></li>';
78 }
79
80 ?>
81 </ul></div>
82
83 <div class="content">
84
85 <?php
86
87 if ($custom_exten != '') {
88     // load
89     $row = customappsreg_customextens_get($custom_exten);
90     
91     $description = $row['description'];
92     $notes       = $row['notes'];
93
94     $disp_description = $row['description'] != '' ? '('.$row['custom_exten'].') '.$row['description'] : '('.$row['custom_exten'].')';
95     echo "<h2>"._("Edit: ")."$disp_description"."</h2>";
96 } else {
97     echo "<h2>"._("Add Custom Extension")."</h2>";
98 }
99
100 $helptext = _("Custom Extensions provides you with a facility to register any custom extensions or feature codes that you have created in a custom file and FreePBX doesn't otherwise know about them. This allows the Extension Registry to be aware of your own extensions so that it can detect conflicts or report back information about your custom extensions to other modules that may make use of the information. You should not put extensions that you create in the Misc Apps Module as those are not custom.");
101 echo $helptext;
102
103 if (!empty($conflict_url)) {
104     echo "<h5>"._("Conflicting Extensions")."</h5>";
105     echo implode('<br .>',$conflict_url);
106 }
107 ?>
108
109 <form name="editCustomExten" action="<?php  $_SERVER['PHP_SELF'] ?>" method="post" onsubmit="return checkCustomExten(editCustomExten);">
110     <input type="hidden" name="extdisplay" value="<?php echo $custom_exten; ?>">
111     <input type="hidden" name="old_custom_exten" value="<?php echo $custom_exten; ?>">
112     <input type="hidden" name="action" value="<?php echo ($custom_exten != '' ? 'edit' : 'add'); ?>">
113     <table>
114     <tr><td colspan="2"><h5><?php  echo ($custom_exten ? _("Edit Custom Extension") : _("Add Custom Extension")) ?><hr></h5></td></tr>
115     <tr>
116         <td><a href="#" class="info"><?php echo _("Custom Extension")?>:<span><?php echo _("This is the Extension or Feature Code you are using in your dialplan that you want the FreePBX Extension Registry to be aware of.")?></span></a></td>
117         <td><input size="10" type="text" name="extdisplay" id="extdisplay" value="<?php  echo $custom_exten; ?>" tabindex="<?php echo ++$tabindex;?>"></td>
118     </tr>
119
120     <tr>
121         <td><a href="#" class="info"><?php echo _("Description")?>:<span><?php echo _("Brief description that will be published in the Extension Registry about this extension")?></span></a></td>
122         <td><input size="30" type="text" name="description" value="<?php  echo $description; ?>" tabindex="<?php echo ++$tabindex;?>"></td>
123     </tr>
124     <tr>
125         <td valign="top"><a href="#" class="info"><?php echo _("Notes")?>:<span><?php echo _("More detailed notes about this extension to help document it. This field is not used elsewhere.")?></span></a></td>
126         <td><textarea name="notes" cols="23" rows="6" tabindex="<?php echo ++$tabindex;?>"><?php echo $notes; ?></textarea></td>
127     </tr>
128
129     <tr>
130         <td colspan="2"><br><input name="Submit" type="submit" value="<?php echo _("Submit Changes")?>" tabindex="<?php echo ++$tabindex;?>">
131         <?php if ($custom_exten != '') { echo '&nbsp;<input name="delete" type="submit" value="'._("Delete").'">'; } ?>
132         </td>       
133     </tr>
134     </table>
135     </form>
136            
137 <script language="javascript">
138 <!--
139
140 function checkCustomExten(theForm) {
141
142     var msgInvalidCustomExten = "<?php echo _('Invalid Extension, must not be blank'); ?>";
143     var msgInvalidDescription = "<?php echo _('Invalid description specified, must not be blank'); ?>";
144
145     // form validation
146     defaultEmptyOK = false;   
147
148     if (isEmpty(theForm.extdisplay.value)) {
149         return warnInvalid(theForm.extdisplay, msgInvalidCustomExten);
150     }
151     if (isEmpty(theForm.description.value)) {
152         return warnInvalid(theForm.description, msgInvalidDescription);
153     }
154
155     return true;
156 }
157 //-->
158 </script>
159
Note: See TracBrowser for help on using the browser.