Changeset 10299
- Timestamp:
- 09/23/10 13:28:13 (3 years ago)
- Files:
-
- modules/branches/2.8/recordings/module.xml (modified) (2 diffs)
- modules/branches/2.8/recordings/page.recordings.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
modules/branches/2.8/recordings/module.xml
r9809 r10299 2 2 <rawname>recordings</rawname> 3 3 <name>Recordings</name> 4 <version>3.3.10. 0</version>4 <version>3.3.10.1</version> 5 5 <publisher>FreePBX</publisher> 6 6 <license>GPLv2+</license> … … 11 11 <description>Creates and manages system recordings, used by many other modules (eg, IVR).</description> 12 12 <changelog> 13 *3.3.10.1* #4553 Security Patch 13 14 *3.3.10.0* #4244, #4309 14 15 *3.3.9.4* localizations modules/branches/2.8/recordings/page.recordings.php
r9786 r10299 44 44 $astsnd .= "/sounds/"; 45 45 46 if (empty($usersnum)) { 46 // check ctype_digit() to avoid very obscure vulnerability that can be made if certain proxy's are used 47 // with the PBX system 48 if (empty($usersnum) || !ctype_digit($usersnum)) { 47 49 $dest = "unnumbered-"; 48 50 } else { … … 198 200 <?php 199 201 if (isset($_FILES['ivrfile']['tmp_name']) && is_uploaded_file($_FILES['ivrfile']['tmp_name'])) { 200 if (empty($usersnum)) {202 if (empty($usersnum) || !ctype_digit($usersnum)) { 201 203 $dest = "unnumbered-"; 202 204 } else {
