Changeset 10462

Show
Ignore:
Timestamp:
11/01/10 15:25:23 (2 years ago)
Author:
p_lindheimer
Message:

Merged revisions 10461 via svnmerge from
http://www.freepbx.org/v2/svn/modules/branches/2.5

................

r10461 | p_lindheimer | 2010-11-01 13:13:34 -0700 (Mon, 01 Nov 2010) | 46 lines


Merged revisions 10460 via svnmerge from
http://www.freepbx.org/v2/svn/modules/branches/2.6


................

r10460 | p_lindheimer | 2010-11-01 13:02:25 -0700 (Mon, 01 Nov 2010) | 39 lines


Merged revisions 10399-10418,10420-10422,10424-10426,10428-10429,10432,10436-10458 via svnmerge from
http://www.freepbx.org/v2/svn/modules/branches/2.7


................

r10399 | GameGamer?43 | 2010-10-14 10:05:48 -0700 (Thu, 14 Oct 2010) | 1 line


closes #4590 - fixes issues with phonebook import

................

r10457 | p_lindheimer | 2010-11-01 12:46:35 -0700 (Mon, 01 Nov 2010) | 24 lines


Merged revisions 10456 via svnmerge from
http://svn.freepbx.org/modules/branches/2.8


................

r10456 | p_lindheimer | 2010-11-01 12:39:25 -0700 (Mon, 01 Nov 2010) | 17 lines


Merged revisions 10444,10447,10449-10451,10453-10455 via svnmerge from
http://svn.freepbx.org/modules/branches/2.9


........

r10444 | mbrevda | 2010-10-25 05:43:18 -0700 (Mon, 25 Oct 2010) | 1 line


re #4604 - potential injection when uploading files. Can be closed by when published/backported

........

r10454 | p_lindheimer | 2010-11-01 10:51:02 -0700 (Mon, 01 Nov 2010) | 1 line


block xss re #4615

........

r10455 | p_lindheimer | 2010-11-01 12:12:39 -0700 (Mon, 01 Nov 2010) | 1 line


changes to some of the fixes re #4604

........

................

................

r10458 | p_lindheimer | 2010-11-01 12:49:10 -0700 (Mon, 01 Nov 2010) | 1 line


update xml re #4590

................

................

................

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • modules/branches/2.4

    • Property svnmerge-integrated changed from /modules/branches/2.3:1-5233,5245,5333,5336 /modules/branches/2.5:1-5852,5880,5930,5995,6016-6017,6030-6031,6142,6218,6291,6361,6363,6413-6414,6422,6428-6430,6442-6443,6557,6710,6714-6715,6969-6970,6984,7248,7281,7858-7859,7875,7878,7886,7890,8615,8622,10302,10342 to /modules/branches/2.3:1-5233,5245,5333,5336 /modules/branches/2.5:1-5852,5880,5930,5995,6016-6017,6030-6031,6142,6218,6291,6361,6363,6413-6414,6422,6428-6430,6442-6443,6557,6710,6714-6715,6969-6970,6984,7248,7281,7858-7859,7875,7878,7886,7890,8615,8622,10302,10342,10461

  • modules/branches/2.4/core/module.xml

    r9401 r10462  
    44  <category>Basic</category> 
    55  <name>Core</name> 
    6   <version>2.4.1.4</version> 
     6  <version>2.4.1.5</version> 
    77  <candisable>no</candisable> 
    88  <canuninstall>no</canuninstall> 
    99  <changelog> 
     10    *2.4.1.5* #4615 (Security Bug) 
    1011    *2.4.1.4* #4075 
    1112    *2.4.1.3* fixed missing global 

  • modules/branches/2.4/core/page.trunks.php

    r7881 r10462  
    1717$extdisplay=isset($_REQUEST['extdisplay'])?$_REQUEST['extdisplay']:''; 
    1818$action = isset($_REQUEST['action'])?$_REQUEST['action']:''; 
    19 $tech = strtolower(isset($_REQUEST['tech'])?$_REQUEST['tech']:''); 
     19$tech = strtolower(isset($_REQUEST['tech'])?htmlentities($_REQUEST['tech']):''); 
    2020 
    2121$trunknum = ltrim($extdisplay,'OUT_'); 

  • modules/branches/2.4/music/module.xml

    r5997 r10462  
    22  <rawname>music</rawname> 
    33  <name>Music on Hold</name> 
    4   <version>2.4.0.3</version> 
     4  <version>2.4.0.4</version> 
    55  <candisable>no</candisable> 
    66  <canuninstall>no</canuninstall> 
     
    99  <description>Uploading and management of sound files (wav, mp3) to be used for on-hold music.</description> 
    1010  <changelog> 
     11    *2.4.0.4* #4615 (Security Bug) 
    1112    *2.4.0.3* #2773 change change from exec of rm to unlink to remove security vulnerability 
    1213    *2.4.0.2* #2843 Russian Translation 

  • modules/branches/2.4/music/page.music.php

    r7005 r10462  
    179179  $output = 0; 
    180180  $returncode = 0; 
     181  $mohfile = escapeshellcmd($mohfile); 
    181182 
    182183  $origmohfile=$path_to_dir."/orig_".$mohfile; 
     
    300301      echo "<h5> PHP "._("Error Processing")."! "._("No file provided")." "._("Please select a file to upload")."</h5>"; 
    301302    } else { 
    302       echo "<h5> PHP "._("Error Processing")." ".$_FILES['mohfile']['name']."! "._("Check")." upload_max_filesize "._("in")." /etc/php.ini</h5>"; 
     303      echo "<h5> PHP "._("Error Processing")." ".htmlentities($_FILES['mohfile']['name'])."! "._("Check")." upload_max_filesize "._("in")." /etc/php.ini</h5>"; 
    303304    } 
    304305  } 
     
    310311 
    311312    if (isset($process_err)) { 
    312       echo "<h5>"._("Error Processing").": \"$process_err\" for ".$_FILES['mohfile']['name']."!</h5>\n"; 
     313      echo "<h5>"._("Error Processing").": \"$process_err\" for ".htmlentities($_FILES['mohfile']['name'])."!</h5>\n"; 
    313314      echo "<h5>"._("This is not a fatal error, your Music on Hold may still work.")."</h5>\n"; 
    314315    } else { 
    315       echo "<h5>"._("Completed processing")." ".$_FILES['mohfile']['name']."!</h5>"; 
     316      echo "<h5>"._("Completed processing")." ".htmlentities($_FILES['mohfile']['name'])."!</h5>"; 
    316317    } 
    317318    needreload(); 

  • modules/branches/2.4/phonebook/module.xml

    r5807 r10462  
    22  <rawname>phonebook</rawname> 
    33  <name>Phonebook</name> 
    4   <version>2.4.0.1</version> 
     4  <version>2.4.0.2</version> 
    55  <description>Provides a phonebook for FreePBX, it can be used as base for Caller ID Lookup and Speed Dial</description> 
    66  <type>tool</type> 
     
    1212  <md5sum>2a22268a76e4761b33ea3cd23cd0a85b</md5sum> 
    1313  <changelog> 
     14    *2.4.0.2* #4590 
    1415    *2.4.0.1* #2843 Russian Translation 
    1516    *2.4.0* it translation, bump for 2.4 

  • modules/branches/2.4/phonebook/page.phonebook.php

    r4767 r10462  
    5555            if (is_array($fields) && count($fields) == 3 && is_numeric($fields[2]) &&  ($fields[3] == '' || is_numeric($fields[3]))) { 
    5656              phonebook_del($fields[2], $numbers[$fields[2]]['speeddial']); 
    57               phonebook_add($fields[2], addslashes($fields[1]), $fields[3]); 
     57              phonebook_add(htmlentities($fields[2],ENT_QUOTES), addslashes(htmlentities($fields[1],ENT_QUOTES)), htmlentities($fields[3],ENT_QUOTES)); 
    5858              $i++; 
    5959            } 

  • modules/branches/2.4/recordings/module.xml

    r10353 r10462  
    22  <rawname>recordings</rawname> 
    33  <name>Recordings</name> 
    4   <version>3.3.6.5</version> 
     4  <version>3.3.6.6</version> 
    55  <candisable>no</candisable> 
    66  <canuninstall>no</canuninstall> 
     
    99  <description>Creates and manages system recordings, used by many other modules (eg, IVR).</description> 
    1010  <changelog> 
     11    *3.3.6.6* #4615 (Security Bug) 
    1112    *3.3.6.5* #4568 Security Patch 
    1213    *3.3.6.4* #4553 Security Patch 

  • modules/branches/2.4/recordings/page.recordings.php

    r10343 r10462  
    6262    break; 
    6363  case "recorded": 
    64     // Clean up the filename, take out any nasty characters 
     64    // Clean up the filename,suffix, take out any nasty characters 
    6565    $filename = escapeshellcmd(strtr($rname, '/ ', '__')); 
     66    $suffix = escapeshellcmd(strtr($suffix, '/ ', '__')); 
    6667    if (!file_exists($astsnd."custom")) { 
    6768      if (!mkdir($astsnd."custom", 0775)) {