Changeset 13883

Show
Ignore:
Timestamp:
03/23/12 14:57:51 (1 year ago)
Author:
p_lindheimer
Message:

Merged revisions 13882 via svnmerge from
http://www.freepbx.org/v2/svn/freepbx/branches/2.8

................

r13882 | p_lindheimer | 2012-03-23 11:56:46 -0700 (Fri, 23 Mar 2012) | 9 lines


Merged revisions 13881 via svnmerge from
http://www.freepbx.org/v2/svn/freepbx/branches/2.9


........

r13881 | p_lindheimer | 2012-03-23 11:55:00 -0700 (Fri, 23 Mar 2012) | 1 line


fixes potential XSS Security issue

........

................

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • freepbx/branches/2.7

    • Property svn:mergeinfo changed from
      /freepbx/branches/2.10:13870,13876
      /freepbx/branches/2.8:13872,13878
      /freepbx/branches/2.9:13871,13875-13877       to
      /freepbx/branches/2.10:13870,13876
      /freepbx/branches/2.8:13872,13878,13882
      /freepbx/branches/2.9:13871,13875-13877,13881
    • Property svnmerge-integrated changed from /freepbx/branches/2.6:1-8598,8646-8647,8828 /freepbx/branches/2.8:1-9715,9728,9961,9977,10010,10038,10050,10453,11465,11623,11673,11743,13872,13878 to /freepbx/branches/2.8:1-9715,9728,9961,9977,10010,10038,10050,10453,11465,11623,11673,11743,13872,13878,13882 /freepbx/branches/2.6:1-8598,8646-8647,8828

  • freepbx/branches/2.7/amp_conf/htdocs_panel/dhtml/index.php

    r8166 r13883  
    33 
    44if(isset($_GET['context'])) { 
    5     $contexto=$_GET['context']
     5    $contexto=htmlspecialchars($_GET['context'])
    66    $contexto=strtoupper($contexto); 
    77    $archivo = "variables$contexto.txt"; 

  • freepbx/branches/2.7/amp_conf/htdocs_panel/flash/mypage.php

    r8166 r13883  
    88     echo "No caller ID provided<BR>"; 
    99} else { 
    10      echo "Caller id is: ".$_GET['clid']."<BR>"; 
     10     echo "Caller id is: " . htmlspecialchars($_GET['clid']) . "<BR>"; 
    1111} 
    1212 
     
    1414     echo "No caller ID Name provided<BR>"; 
    1515} else { 
    16    echo "Your clid name: ".base64_decode($_GET['clidname'])."<BR>"; 
     16   echo "Your clid name: " . htmlspecialchars(base64_decode($_GET['clidname'])) . "<BR>"; 
    1717} 
    1818 

  • freepbx/branches/2.7/amp_conf/htdocs_panel/index_amp.php

    r8095 r13883  
    4343<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="100%" height="100%" id="operator_panel" align="left"> 
    4444<param name="allowScriptAccess" value="sameDomain" /> 
    45 <param name="movie" value="flash/operator_panel.swf?context=<?php echo $_REQUEST['context'] ?>" /> 
     45<param name="movie" value="flash/operator_panel.swf?context=<?php echo htmlspecialchars($_REQUEST['context']) ?>" /> 
    4646<param name="quality" value="high" /> 
    4747<param name="bgcolor" value="#ffffff" /> 
    4848<param name="scale" value="exactfit" /> 
    49 <embed src="flash/operator_panel.swf?context=<?php echo $_REQUEST['context'] ?>" quality="high" scale="exactfit" bgcolor="#ffffff" width="100%" height="100%" name="operator_panel" align="left" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" /> 
     49<embed src="flash/operator_panel.swf?context=<?php echo htmlspecialchars($_REQUEST['context']) ?>" quality="high" scale="exactfit" bgcolor="#ffffff" width="100%" height="100%" name="operator_panel" align="left" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" /> 
    5050</object> 
    5151</body>