Changeset 6733
- Timestamp:
- 09/15/08 20:47:09 (3 months ago)
- Files:
-
- freepbx/branches/2.2 (modified) (1 prop)
- freepbx/branches/2.2/amp_conf/htdocs/recordings/includes/main.conf.php (modified) (2 diffs)
- freepbx/branches/2.2/amp_conf/htdocs/recordings/misc/audio.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
freepbx/branches/2.2
- Property svnmerge-integrated changed from /freepbx/branches/2.3:1-4135,4219,4249,4258,4262,4273,4277,4282,4289,4307,4310-4322,4357,4400,4561,6565 /freepbx/trunk:1-3224,3231,3245-3246,3291-3295,3297,3299-3332,3336,3338-3365,3367-3373,3375-3388,3390-3391,3393-3395,3419,3437,3567,3614-3622,3624,3652,3688,3696,3756,3850,3885,4005,4084,4105 to /freepbx/branches/2.3:1-4135,4219,4249,4258,4262,4273,4277,4282,4289,4307,4310-4322,4357,4400,4561,6565,6732 /freepbx/trunk:1-3224,3231,3245-3246,3291-3295,3297,3299-3332,3336,3338-3365,3367-3373,3375-3388,3390-3391,3393-3395,3419,3437,3567,3614-3622,3624,3652,3688,3696,3756,3850,3885,4005,4084,4105
freepbx/branches/2.2/amp_conf/htdocs/recordings/includes/main.conf.php
r1825 r6733 68 68 69 69 # 70 # Admin only account 70 # Admin only account - change defaults to prevent unauthorized access to call recordings 71 71 # 72 72 $ARI_ADMIN_USERNAME = "admin"; … … 81 81 # Authentication password to unlock cookie password 82 82 # This must be all continuous and only letters and numbers 83 # Change this password to prevent unauthorized access to voicemail and call recordings 83 84 # 84 85 $ARI_CRYPT_PASSWORD = "z1Mc6KRxA7Nw90dGjY5qLXhtrPgJOfeCaUmHvQT3yW8nDsI2VkEpiS4blFoBuZ"; freepbx/branches/2.2/amp_conf/htdocs/recordings/misc/audio.php
r1065 r6733 19 19 $path = $crypt->decrypt($_GET['recording'],$ARI_CRYPT_PASSWORD); 20 20 21 // strip ".." from path for security22 $path = preg_replace('/\.\./','',$path);21 // strip ".." from path and retrieve absolute path from filesystem for security 22 $path = realpath(preg_replace('/\.\./','',$path)); 23 23 24 24 // See if the file exists
