Changeset 6732
- Timestamp:
- 09/15/08 20:45:17 (3 months ago)
- Files:
-
- freepbx/branches/2.3 (modified) (1 prop)
- freepbx/branches/2.3/amp_conf/htdocs/recordings/includes/main.conf.php (modified) (2 diffs)
- freepbx/branches/2.3/amp_conf/htdocs/recordings/misc/audio.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
freepbx/branches/2.3
- Property svnmerge-integrated changed from /freepbx/branches/2.2:1-4145,4434,4437 /freepbx/branches/2.4:1-5454,5492,5517,5648,5656,5710,5828,6057,6564 to /freepbx/branches/2.2:1-4145,4434,4437 /freepbx/branches/2.4:1-5454,5492,5517,5648,5656,5710,5828,6057,6564,6700
freepbx/branches/2.3/amp_conf/htdocs/recordings/includes/main.conf.php
r4328 r6732 68 68 69 69 # 70 # Admin only account 70 # Admin only account - change defaults to prevent unauthorized access to call recordings 71 71 # 72 72 $ARI_ADMIN_USERNAME = "admin"; … … 81 81 # Authentication password to unlock cookie password 82 82 # This must be all continuous and only letters and numbers 83 # Change this password to prevent unauthorized access to voicemail and call recordings 83 84 # 84 85 $ARI_CRYPT_PASSWORD = "z1Mc6KRxA7Nw90dGjY5qLXhtrPgJOfeCaUmHvQT3yW8nDsI2VkEpiS4blFoBuZ"; freepbx/branches/2.3/amp_conf/htdocs/recordings/misc/audio.php
r1065 r6732 19 19 $path = $crypt->decrypt($_GET['recording'],$ARI_CRYPT_PASSWORD); 20 20 21 // strip ".." from path for security22 $path = preg_replace('/\.\./','',$path);21 // strip ".." from path and retrieve absolute path from filesystem for security 22 $path = realpath(preg_replace('/\.\./','',$path)); 23 23 24 24 // See if the file exists
