Index: /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/includes/bootstrap.php =================================================================== --- /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/includes/bootstrap.php (revision 4993) +++ /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/includes/bootstrap.php (revision 6832) @@ -98,4 +98,6 @@ */ function getFiles($path,$filter,$recursive_max,$recursive_count) { + global $SETTINGS_MAX_FILES; + $SETTINGS_MAX_FILES = isset($SETTINGS_MAX_FILES) ? $SETTINGS_MAX_FILES : 3000; $files = array(); @@ -110,5 +112,5 @@ $fileCount++; - if ($fileCount>3000) { + if ($fileCount>$SETTINGS_MAX_FILES) { $_SESSION['ari_error'] .= _("To many files in $msg_path Not all files processed") . "
"; Index: /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/includes/display.php =================================================================== --- /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/includes/display.php (revision 1395) +++ /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/includes/display.php (revision 6832) @@ -171,6 +171,6 @@ function displayNavigationBlock($m,$q,$url_opts,$start,$span,$total) { - $start = $start=='' ? 0 : $start ; - $span = $span=='' ? 15 : $span ; + $start = ($start=='' || !ctype_digit($start)) ? 0 : $start; + $span = ($span=='' || !ctype_digit($span)) ? 15 : $span; $total_pages = ceil($total/$span); Index: /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/includes/login.php =================================================================== --- /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/includes/login.php (revision 6419) +++ /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/includes/login.php (revision 6832) @@ -336,6 +336,9 @@ $_SESSION['ari_user']['default_page'] = $default_page; - // force the session data saved - session_write_close(); + // Make sure nothing stale is here: + // + unset($_SESSION['ari_user']['recfiles']); + + // don't force the session data saved, there may be voicemail or callmonitor files still } } Index: /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/includes/main.conf.php =================================================================== --- /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/includes/main.conf.php (revision 4993) +++ /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/includes/main.conf.php (revision 6832) @@ -68,5 +68,5 @@ # -# Admin only account +# Admin only account - change defaults to prevent unauthorized access to call recordings # $ARI_ADMIN_USERNAME = "admin"; @@ -81,4 +81,5 @@ # Authentication password to unlock cookie password # This must be all continuous and only letters and numbers +# Change this password to prevent unauthorized access to cookie contents # $ARI_CRYPT_PASSWORD = "z1Mc6KRxA7Nw90dGjY5qLXhtrPgJOfeCaUmHvQT3yW8nDsI2VkEpiS4blFoBuZ"; @@ -263,5 +264,5 @@ $ASTERISK_PROTOCOLS['sip']['config_files'] = "/etc/asterisk/sip.conf;/etc/asterisk/sip_additional.conf"; $ASTERISK_PROTOCOLS['zap']['table'] = "zap"; -$ASTERISK_PROTOCOLS['zap']['config_files'] = "/etc/asterisk/zapata.conf;/etc/asterisk/zapata_additional.conf"; +$ASTERISK_PROTOCOLS['zap']['config_files'] = "/etc/asterisk/zapata.conf;/etc/asterisk/zapata_additional.conf;/etc/asterisk/chan_dahdi.conf;/etc/asterisk/chan_dahdi_additional.conf"; # Settings for Follow-Me Select Boxes in seconds @@ -326,5 +327,9 @@ $SETTINGS_ALLOW_PHONE_SETTINGS = 1; - +# +# Maximum number of sound files that will be read before an error is generated indicating issues since +# too many files can be create problems but on some systems this may need to be increased. +# +$SETTINGS_MAX_FILES=3000; ?> Index: /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/modules/callmonitor.module =================================================================== --- /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/modules/callmonitor.module (revision 6476) +++ /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/modules/callmonitor.module (revision 6832) @@ -60,12 +60,18 @@ $files = array(); foreach($_REQUEST as $key => $value) { - if (preg_match('/selected/',$key)) { - array_push($files, $value); + if (preg_match('/selected/',$key) && isset($_SESSION['ari_user']['recfiles'][$value])) { + array_push($files, $_SESSION['ari_user']['recfiles'][$value]); } } if ($a=='delete') { - $this->deleteRecData($files); - } + if (count($files) > 0) { + $this->deleteRecData($files); + } else { + $_SESSION['ari_error'] + = _("One or more messages must be selected before clicking delete."); + } + } + if ($a=='ignore') { @@ -100,8 +106,6 @@ global $CALLMONITOR_ALLOW_DELETE; global $AJAX_PAGE_REFRESH_ENABLE; - global $ARI_CRYPT_PASSWORD; $display = new DisplaySearch(); - $crypt = new Crypt(); // get the search string @@ -115,8 +119,8 @@ $duration_filter = getArgument($args,'duration_filter'); - $start = $start=='' ? 0 : $start; - $span = $span=='' ? 15 : $span; + $start = ($start=='' || !ctype_digit($start)) ? 0 : $start; + $span = ($span=='' || !ctype_digit($span)) ? 15 : $span; $order = $order=='' ? 'calldate' : $order; - $sort = $sort=='' ? 'desc' : $sort; + $sort = ($sort=='' || strtolower($sort) == 'desc') ? 'desc' : 'asc'; $displayname = $_SESSION['ari_user']['displayname']; @@ -138,6 +142,12 @@ // build controls if ($CALLMONITOR_ALLOW_DELETE) { + if (count($recordings) > 0) { + $controls .= " @@ -204,11 +214,12 @@ // table body - $playbackRow = 2; // Index to keep track of where playback control rows should be inserted. - foreach($data as $key=>$value) { + unset($_SESSION['ari_user']['recfiles']); + // Index to keep track of where playback control rows should be inserted. + $playbackRow = 2; + if (is_array($data)) foreach($data as $key=>$value) { + $i++; // recording file $recording = $recordings[$value['uniqueid'] . $value['calldate']]; - $fileCrypt = $crypt->encrypt($recording,$ARI_CRYPT_PASSWORD); - $recordingCrypt = urlencode($fileCrypt); // date and time @@ -217,14 +228,17 @@ $time = $buf[1]; - // recording delete checkbox - if ($CALLMONITOR_ALLOW_DELETE) { - $recording_delete_checkbox = ""; - } - $recordingLink = ''; $downloadLink = ''; - if (is_file($recordings[$value['uniqueid'] . $value['calldate']])) { - $recordingLink = ""; - $downloadLink = ""; + if (is_file($recording)) { + $_SESSION['ari_user']['recfiles'][$i] = $recording; + $recordingLink = ""; + $downloadLink = ""; + if ($CALLMONITOR_ALLOW_DELETE) { + $recording_delete_checkbox = ""; + } + } else { + if ($CALLMONITOR_ALLOW_DELETE) { + $recording_delete_checkbox = ""; + } } $playbackRow++; @@ -273,5 +287,5 @@ $ret .= "
- + @@ -306,5 +320,5 @@ newRow = cmTable.insertRow(row_num); newRow.id = playbackId; - cell_left = newRow.insertCell(0); + cell_left = newRow.insertCell(0); cell_left.colSpan = 9; cell_left.innerHTML = playback_src; @@ -407,5 +421,5 @@ } - foreach($data as $data_key => $data_value) { + if (is_array($data)) foreach($data as $data_key => $data_value) { $recording=''; @@ -551,10 +565,5 @@ function deleteRecData($files) { - global $ARI_CRYPT_PASSWORD; - - $crypt = new Crypt(); - - foreach($files as $key => $fileCrypt) { - $file = $crypt->decrypt($fileCrypt,$ARI_CRYPT_PASSWORD); + foreach($files as $key => $file) { if (is_writable($file)) { unlink($file); @@ -573,8 +582,13 @@ function getSearchText($q,$duration_filter) { + $duration_filter = ctype_digit($duration_filter) ? $duration_filter : 0; + // search text if ($q!='*' && $q!=NULL) { + + $dbh = $_SESSION['dbh_cdr']; $searchText .= "WHERE "; $tok = strtok($q," \n\t"); + $tok = $dbh->escapeSimple($tok); while ($tok) { $searchText .= " (calldate regexp '" . $tok . "' @@ -590,4 +604,5 @@ )"; $tok = strtok(" \n\t"); + $tok = $dbh->escapeSimple($tok); if ($tok) { $searchText .= " AND"; @@ -684,4 +699,5 @@ $dbh = $_SESSION['dbh_cdr']; + $order = $dbh->escapeSimple($order); $sql = "SELECT * FROM " . $ASTERISKCDR_DBTABLE . " Index: /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/modules/followme.module =================================================================== --- /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/modules/followme.module (revision 6029) +++ /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/modules/followme.module (revision 6832) @@ -655,4 +655,5 @@ if (isset($_SESSION['dbh_asterisk'])) { + $db = $_SESSION['dbh_asterisk']; //format for SQL database @@ -660,5 +661,5 @@ $sql = "UPDATE findmefollow SET grptime = '" . $follow_me_listring_time . "', grplist = '". - str_replace("'", "''", trim($follow_me_list)) . "', pre_ring = '" . $follow_me_prering_time . + $db->escapeSimple(trim($follow_me_list)) . "', pre_ring = '" . $follow_me_prering_time . "', needsconf = '" . $follow_me_confirm . "' WHERE grpnum = $exten LIMIT 1"; $results = $_SESSION['dbh_asterisk']->query($sql); Index: /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/modules/voicemail.module =================================================================== --- /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/modules/voicemail.module (revision 6650) +++ /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/modules/voicemail.module (revision 6832) @@ -11,4 +11,5 @@ class Voicemail { var $callme_num = ""; + /* * rank (for prioritizing modules) @@ -28,4 +29,5 @@ if (empty($this->callme_num)) { $this->callme_num = $extension; // callme_num defaults to user's extension. + callme_setnum($extension, $extension); } } @@ -154,11 +156,17 @@ $files = array(); foreach($_REQUEST as $key => $value) { - if (preg_match('/selected/',$key)) { - array_push($files, $value); + if (preg_match('/selected/',$key) && isset($_SESSION['ari_user']['recfiles'][$value])) { + array_push($files, $_SESSION['ari_user']['recfiles'][$value]); } } if ($a=='delete') { - $this->deleteVoicemailData($files); + if (count($files) > 0) { + $this->deleteVoicemailData($files); + } + else { + $_SESSION['ari_error'] + = _("One or more messages must be selected before clicking delete."); + } } else if ($a=='move_to') { @@ -168,8 +176,12 @@ = _("A folder must be selected before the message can be moved."); } - else { + else if (count($files) > 0) { $context = $_SESSION['ari_user']['context']; $extension = $_SESSION['ari_user']['extension']; $this->moveVoicemailData($files, $context, $extension, $folder_rx); + } + else { + $_SESSION['ari_error'] + = _("One or more messages must be selected before clicking move_to."); } } @@ -182,7 +194,11 @@ = _("An extension must be selected before the message can be forwarded."); } - else { + else if (count($files) > 0) { $folder_rx = $ASTERISK_VOICEMAIL_FOLDERS[0]['folder']; $this->moveVoicemailData($files, $context_rx, $extension_rx, $folder_rx, false); + } + else { + $_SESSION['ari_error'] + = _("One or more messages must be selected before clicking forward_to."); } } @@ -213,10 +229,8 @@ global $ASTERISK_VOICEMAIL_FOLDERS; global $AJAX_PAGE_REFRESH_ENABLE; - global $ARI_CRYPT_PASSWORD; $voicemail_audio_format = $_COOKIE['ari_voicemail_audio_format']; $display = new DisplaySearch(); - $crypt = new Crypt(); // args @@ -392,9 +406,10 @@ $download_header .= "" . _("Download"). ""; // table body + unset($_SESSION['ari_user']['recfiles']); if (isset($data)) { $playbackRow = 2; // Index for where playback control rows used by javascript playback() should appear in the table. // First control row would appear below row 1 (hence $playbackRow starts at 2); control rows are inserted/deleted as needed. foreach($data as $file=>$value) { - + $i++; // Playback links $voicemail_audio_format = $voicemail_audio_format=='' ? '.wav' : $voicemail_audio_format; @@ -407,12 +422,10 @@ $duration = $value[duration]; if (is_file($recording)) { - $recordingCrypt = urlencode($crypt->encrypt($recording,$ARI_CRYPT_PASSWORD)); - $recordingLink = ""; - $msgFromCrypt = urlencode($crypt->encrypt($extension,$ARI_CRYPT_PASSWORD)); - $callmenumCrypt = urlencode($crypt->encrypt($this->callme_num,$ARI_CRYPT_PASSWORD)); - $callmePage = "'misc/callme_page.php?recording=" . $recordingCrypt . "&callmenum=" . $callmenumCrypt . "&action=c&msgFrom=" . $msgFromCrypt . "'"; + $_SESSION['ari_user']['recfiles'][$i] = $recording; + $recordingLink = ""; + $callmePage = "'misc/callme_page.php?recindex=" . $i . "&callmenum=" . $this->callme_num . "&action=c&msgFrom=" . $extension . "'"; $callme_tooltip = _("Play message at: ") . $this->callme_num; $callmeLink = ""; - $downloadLink = ""; + $downloadLink = ""; } else { @@ -421,9 +434,7 @@ } - $fileCrypt = $crypt->encrypt($file,$ARI_CRYPT_PASSWORD); - $tableText .= " - + " . $date . " " . $time . " @@ -433,5 +444,5 @@ " . $duration . " sec " . $recordingLink . "  " . $callmeLink . " - " . $downloadLink . " + " . $downloadLink . " "; @@ -481,5 +492,5 @@ $ret .= " - + @@ -574,5 +585,5 @@ " . $recording_delete_header . " " . $recording_header . " - " . $download_header . " + " . $download_header . " " . $tableText . " @@ -680,12 +691,5 @@ function deleteVoicemailData($files) { - global $ARI_CRYPT_PASSWORD; - - $crypt = new Crypt(); - - foreach($files as $key => $pathCrypt) { - - // decrypt path - $path = $crypt->decrypt($pathCrypt,$ARI_CRYPT_PASSWORD); + foreach($files as $key => $path) { // get file parts for search @@ -724,7 +728,4 @@ global $ASTERISK_VOICEMAIL_PATH; - global $ARI_CRYPT_PASSWORD; - - $crypt = new Crypt(); $perm = fileperms($ASTERISK_VOICEMAIL_PATH); @@ -781,7 +782,5 @@ } - foreach($files as $key => $pathCrypt) { - // decrypt path - $pathPlain = $crypt->decrypt($pathCrypt,$ARI_CRYPT_PASSWORD); + foreach($files as $key => $pathPlain) { // add plain path to new array $filesPlain[] = $pathPlain; Index: /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/misc/audio.php =================================================================== --- /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/misc/audio.php (revision 6459) +++ /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/misc/audio.php (revision 6832) @@ -7,19 +7,11 @@ - -if (isset($_GET['recording'])) { +if (isset($_GET['recindex'])) { chdir(".."); include_once("./includes/bootstrap.php"); - global $ARI_CRYPT_PASSWORD; + $path = $_SESSION['ari_user']['recfiles'][$_GET['recindex']]; - $crypt = new Crypt(); - - $path = $crypt->decrypt($_GET['recording'],$ARI_CRYPT_PASSWORD); - - // strip ".." from path for security - $path = preg_replace('/\.\./','',$path); - // See if the file exists if (!is_file($path)) { die("404 File not found!"); } Index: /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/version.php =================================================================== --- /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/version.php (revision 6651) +++ /freepbx/branches/ari_changes/amp_conf/htdocs/recordings/version.php (revision 6832) @@ -6,5 +6,5 @@ */ -$ARI_VERSION = 'FreePBX 2.5 with Call Me'; +$ARI_VERSION = 'FreePBX 2.5'; ?>