Changeset 10455
- Timestamp:
- 11/01/10 15:12:39 (3 years ago)
- Files:
-
- modules/branches/2.9/music/page.music.php (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
modules/branches/2.9/music/page.music.php
r10444 r10455 19 19 $randoff = isset($_REQUEST['randoff'])?$_REQUEST['randoff']:''; 20 20 $category = isset($_REQUEST['category'])?htmlspecialchars(strtr($_REQUEST['category']," ./\"\'\`", "------")):''; 21 $volume = isset($_REQUEST['volume']) ? escapeshellcmd($_REQUEST['volume']) : ''; 22 if (isset($_FILES['mohfile']['name'])) {$_FILES['mohfile']['name'] = escapeshellcmd($_FILES['mohfile']['name']); } 21 $volume = isset($_REQUEST['volume']) && is_numeric($_REQUEST['volume']) ? $_REQUEST['volume'] : ''; 23 22 24 23 // Determine default path to music directory, old default was mohmp3, now settable … … 51 50 case "addednewstream": 52 51 case "editednewstream": 53 $stream = isset($_REQUEST['stream'])? escapeshellcmd($_REQUEST['stream']):'';54 $format = isset($_REQUEST['format'])?trim( escapeshellcmd($_REQUEST['format'])):'';52 $stream = isset($_REQUEST['stream'])?$_REQUEST['stream']:''; 53 $format = isset($_REQUEST['format'])?trim($_REQUEST['format']):''; 55 54 if ($format != "") { 56 55 $stream .= "\nformat=$format"; … … 209 208 $output = 0; 210 209 $returncode = 0; 210 $mohfile = escapeshellcmd($mohfile); 211 211 $origmohfile=$path_to_dir."/orig_".$mohfile; 212 212 if ($amp_conf['AMPMPG123']) { … … 429 429 <tr> 430 430 <td><a href="#" class="info"><?php echo _("Optional Format:")?><span><?php echo _("Optional value for \"format=\" line used to provide the format to Asterisk. This should be a format understood by Asterisk such as ulaw, and is specific to the streaming application you are using. See information on musiconhold.conf configuration for different audio and Internet streaming source options.")?> </span></a></td> 431 <td><input type="text" name="format" size="6" value="<?php echo $format?>"></td>431 <td><input type="text" name="format" size="6" value="<?php echo htmlentities($format)?>"></td> 432 432 </tr> 433 433 <tr> … … 507 507 echo "<h5> PHP "._("Error Processing")."! "._("No file provided")." "._("Please select a file to upload")."</h5>"; 508 508 } else { 509 echo "<h5> PHP "._("Error Processing")." ". $_FILES['mohfile']['name']."! "._("Check")." upload_max_filesize "._("in")." /etc/php.ini</h5>";509 echo "<h5> PHP "._("Error Processing")." ".htmlentities($_FILES['mohfile']['name'])."! "._("Check")." upload_max_filesize "._("in")." /etc/php.ini</h5>"; 510 510 } 511 511 } … … 521 521 522 522 if (isset($process_err)) { 523 echo "<h5>"._("Error Processing").": \"$process_err\" for ". $_FILES['mohfile']['name']."!</h5>\n";523 echo "<h5>"._("Error Processing").": \"$process_err\" for ".htmlentities($_FILES['mohfile']['name'])."!</h5>\n"; 524 524 echo "<h5>"._("This is not a fatal error, your Music on Hold may still work.")."</h5>\n"; 525 525 } else { 526 echo "<h5>"._("Completed processing")." ". $_FILES['mohfile']['name']."!</h5>";526 echo "<h5>"._("Completed processing")." ".htmlentities($_FILES['mohfile']['name'])."!</h5>"; 527 527 } 528 528 needreload();
