Changeset 6699
- Timestamp:
- 09/12/08 08:06:35 (3 months ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
freepbx/branches/2.5/amp_conf/htdocs/recordings/includes/main.conf.php
r6595 r6699 68 68 69 69 # 70 # Admin only account 70 # Admin only account - change defaults to prevent unauthorized access to call recordings 71 71 # 72 72 $ARI_ADMIN_USERNAME = "admin"; … … 79 79 80 80 # 81 # Authentication password to unlock cookie password 81 # Authentication password to unlock cookie password and voicemail links 82 82 # This must be all continuous and only letters and numbers 83 # Change this password to prevent unauthorized access to voicemail and call recordings 83 84 # 84 85 $ARI_CRYPT_PASSWORD = "z1Mc6KRxA7Nw90dGjY5qLXhtrPgJOfeCaUmHvQT3yW8nDsI2VkEpiS4blFoBuZ"; freepbx/branches/2.5/amp_conf/htdocs/recordings/misc/audio.php
r6456 r6699 19 19 $path = $crypt->decrypt($_GET['recording'],$ARI_CRYPT_PASSWORD); 20 20 21 // strip ".." from path for security22 $path = preg_replace('/\.\./','',$path);21 // strip ".." from path and retrieve absolute path from filesystem for security 22 $path = realpath(preg_replace('/\.\./','',$path)); 23 23 24 24 // See if the file exists
