Changeset 10457

Show
Ignore:
Timestamp:
11/01/10 15:46:35 (3 years ago)
Author:
p_lindheimer
Message:

Merged revisions 10456 via svnmerge from
http://svn.freepbx.org/modules/branches/2.8

................

r10456 | p_lindheimer | 2010-11-01 12:39:25 -0700 (Mon, 01 Nov 2010) | 17 lines


Merged revisions 10444,10447,10449-10451,10453-10455 via svnmerge from
http://svn.freepbx.org/modules/branches/2.9


........

r10444 | mbrevda | 2010-10-25 05:43:18 -0700 (Mon, 25 Oct 2010) | 1 line


re #4604 - potential injection when uploading files. Can be closed by when published/backported

........

r10454 | p_lindheimer | 2010-11-01 10:51:02 -0700 (Mon, 01 Nov 2010) | 1 line


block xss re #4615

........

r10455 | p_lindheimer | 2010-11-01 12:12:39 -0700 (Mon, 01 Nov 2010) | 1 line


changes to some of the fixes re #4604

........

................

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • modules/branches/2.7

    • Property svnmerge-integrated changed from /modules/branches/2.6:1-8497,8589,8613,8620,8651,8672,9414-9416,9752,9773 /modules/branches/2.8:1-9044,9047,9049-9054,9056-9070,9072-9073,9075,9079-9080,9082-9085,9088-9089,9092-9093,9095-9098,9102,9105,9107-9123,9127-9128,9130-9132,9137,9149-9204,9211-9214,9216,9218-9224,9230-9232,9234,9237-9239,9248-9252,9257-9262,9267-9270,9272-9274,9277-9278,9280,9282,9288-9292,9295,9297,9300-9324,9326-9327,9329-9342,9345-9349,9353-9354,9358,9363-9376,9378-9379,9385,9387-9389,9392-9393,9395-9405,9407-9408,9410,9414-9421,9423-9424,9440,9442,9446-9449,9451-9452,9454-9458,9460-9462,9464-9469,9474-9475,9483-9484,9486,9489,9495,9500-9502,9504,9508,9607,9845,9880,9976,10020-10021,10299,10338,10391,10418,10432 to /modules/branches/2.6:1-8497,8589,8613,8620,8651,8672,9414-9416,9752,9773 /modules/branches/2.8:1-9044,9047,9049-9054,9056-9070,9072-9073,9075,9079-9080,9082-9085,9088-9089,9092-9093,9095-9098,9102,9105,9107-9123,9127-9128,9130-9132,9137,9149-9204,9211-9214,9216,9218-9224,9230-9232,9234,9237-9239,9248-9252,9257-9262,9267-9270,9272-9274,9277-9278,9280,9282,9288-9292,9295,9297,9300-9324,9326-9327,9329-9342,9345-9349,9353-9354,9358,9363-9376,9378-9379,9385,9387-9389,9392-9393,9395-9405,9407-9408,9410,9414-9421,9423-9424,9440,9442,9446-9449,9451-9452,9454-9458,9460-9462,9464-9469,9474-9475,9483-9484,9486,9489,9495,9500-9502,9504,9508,9607,9845,9880,9976,10020-10021,10299,10338,10391,10418,10432,10456

  • modules/branches/2.7/core/module.xml

    r10366 r10457  
    44  <category>Basic</category> 
    55  <name>Core</name> 
    6   <version>2.7.0.9</version> 
     6  <version>2.7.0.10</version> 
    77  <publisher>FreePBX</publisher> 
    88  <license>GPLv2+</license> 
     
    1010  <canuninstall>no</canuninstall> 
    1111  <changelog> 
     12    *2.7.0.10* #4615 (Security Bug) 
    1213    *2.7.0.9* #4396, #4507, #4574 
    1314    *2.7.0.8* #4089 

  • modules/branches/2.7/core/page.trunks.php

    r9747 r10457  
    2525$action = isset($_REQUEST['action'])?$_REQUEST['action']:''; 
    2626 
    27 $tech         = strtolower(isset($_REQUEST['tech'])?$_REQUEST['tech']:''); 
     27$tech         = strtolower(isset($_REQUEST['tech'])?htmlentities($_REQUEST['tech']):''); 
    2828$outcid       = isset($_REQUEST['outcid'])?$_REQUEST['outcid']:''; 
    2929$maxchans     = isset($_REQUEST['maxchans'])?$_REQUEST['maxchans']:''; 

  • modules/branches/2.7/music/module.xml

    r9606 r10457  
    22  <rawname>music</rawname> 
    33  <name>Music on Hold</name> 
    4   <version>2.7.0.5</version> 
     4  <version>2.7.0.6</version> 
    55  <publisher>FreePBX</publisher> 
    66  <license>GPLv2+</license> 
     
    1111  <description>Uploading and management of sound files (wav, mp3) to be used for on-hold music.</description> 
    1212  <changelog> 
     13    *2.7.0.6* #4615 (Security Bug) 
    1314    *2.7.0.5* #4261 
    1415    *2.7.0.4* #4157 

  • modules/branches/2.7/music/page.music.php

    r9364 r10457  
    1919$randoff = isset($_REQUEST['randoff'])?$_REQUEST['randoff']:''; 
    2020$category = strtr(isset($_REQUEST['category'])?$_REQUEST['category']:''," ./\"\'\`", "------"); 
     21$volume = isset($_REQUEST['volume']) && is_numeric($_REQUEST['volume']) ? $_REQUEST['volume'] : ''; 
    2122 
    2223// Determine default path to music directory, old default was mohmp3, now settable 
     
    207208  $output = 0; 
    208209  $returncode = 0; 
     210  $mohfile = escapeshellcmd($mohfile); 
    209211  $origmohfile=$path_to_dir."/orig_".$mohfile; 
    210212  if ($amp_conf['AMPMPG123']) { 
     
    427429    <tr> 
    428430      <td><a href="#" class="info"><?php echo _("Optional Format:")?><span><?php echo _("Optional value for \"format=\" line used to provide the format to Asterisk. This should be a format understood by Asterisk such as ulaw, and is specific to the streaming application you are using. See information on musiconhold.conf configuration for different audio and Internet streaming source options.")?> </span></a></td> 
    429       <td><input type="text" name="format" size="6" value="<?php echo $format?>"></td> 
     431      <td><input type="text" name="format" size="6" value="<?php echo htmlentities($format)?>"></td> 
    430432    </tr> 
    431433    <tr> 
     
    505507      echo "<h5> PHP "._("Error Processing")."! "._("No file provided")." "._("Please select a file to upload")."</h5>"; 
    506508    } else { 
    507       echo "<h5> PHP "._("Error Processing")." ".$_FILES['mohfile']['name']."! "._("Check")." upload_max_filesize "._("in")." /etc/php.ini</h5>"; 
     509      echo "<h5> PHP "._("Error Processing")." ".htmlentities($_FILES['mohfile']['name'])."! "._("Check")." upload_max_filesize "._("in")." /etc/php.ini</h5>"; 
    508510    } 
    509511  } 
     
    513515 
    514516    if ($amp_conf['AMPMPG123']) { 
    515       $process_err = process_mohfile($_FILES['mohfile']['name'],true,$_REQUEST['volume']); 
     517      $process_err = process_mohfile($_FILES['mohfile']['name'],true,$volume); 
    516518    } else { 
    517519      $process_err = process_mohfile($_FILES['mohfile']['name'],($_REQUEST['onlywav'] != '')); 
     
    519521 
    520522    if (isset($process_err)) { 
    521       echo "<h5>"._("Error Processing").": \"$process_err\" for ".$_FILES['mohfile']['name']."!</h5>\n"; 
     523      echo "<h5>"._("Error Processing").": \"$process_err\" for ".htmlentities($_FILES['mohfile']['name'])."!</h5>\n"; 
    522524      echo "<h5>"._("This is not a fatal error, your Music on Hold may still work.")."</h5>\n"; 
    523525    } else { 
    524       echo "<h5>"._("Completed processing")." ".$_FILES['mohfile']['name']."!</h5>"; 
     526      echo "<h5>"._("Completed processing")." ".htmlentities($_FILES['mohfile']['name'])."!</h5>"; 
    525527    } 
    526528    needreload(); 

  • modules/branches/2.7/recordings/module.xml

    r10350 r10457  
    22  <rawname>recordings</rawname> 
    33  <name>Recordings</name> 
    4   <version>3.3.9.8</version> 
     4  <version>3.3.9.9</version> 
    55  <publisher>FreePBX</publisher> 
    66  <license>GPLv2+</license> 
     
    1111  <description>Creates and manages system recordings, used by many other modules (eg, IVR).</description> 
    1212  <changelog> 
     13    *3.3.9.9* #4615 (Security Bug) 
    1314    *3.3.9.8* #4568 Security Patch 
    1415    *3.3.9.7* #4553 Security Patch 

  • modules/branches/2.7/recordings/page.recordings.php

    r10340 r10457  
    1919// Lite weight popup code here, don't need everything else below 
    2020// 
     21 
    2122switch ($action) { 
    2223  case 'popup': 
     
    7980    break; 
    8081  case "recorded": 
    81     // Clean up the filename, take out any nasty characters 
     82    // Clean up the filename,suffix, take out any nasty characters 
    8283    $filename = escapeshellcmd(strtr($rname, '/ ', '__')); 
     84    $suffix = escapeshellcmd(strtr($suffix, '/ ', '__')); 
    8385    if (!file_exists($astsnd."custom")) { 
    8486      if (!mkdir($astsnd."custom", 0775)) {