Changeset 7001 for modules/branches

Show
Ignore:
Timestamp:
10/18/08 12:43:36 (5 years ago)
Author:
p_lindheimer
Message:

closes #3266 add confirm box when sip secret == device number since it is a commonly exploited security vulnerability on systems exposed to the outside

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • modules/branches/2.5/core/functions.inc.php

    r6983 r7001  
    45374537    $msgConfirmSecret = _("You have not entered a Secret for this device, although this is possible it is generally bad practice to not assign a Secret to a device. Are you sure you want to leave the Secret empty?"); 
    45384538    $msgInvalidSecret = _("Please enter a Secret for this device"); 
    4539      
     4539    $msgSecretSameAsExtension = _("You have set your secret and device/extension to the same value. This can be a serious security vulnerability resulting in a hacker compromising your system to make free phone calls. There are many known instances where this has already occurred"); 
     4540 
    45404541    // zap 
    45414542    $tmparr = array(); 
     
    45604561    // iax2 
    45614562    $tmparr = array(); 
    4562     $tmparr['secret'] = array('value' => '', 'level' => 0, 'jsvalidation' => 'isEmpty() && !confirm("'.$msgConfirmSecret.'")', 'failvalidationmsg' => $msgInvalidSecret); 
     4563    $tmparr['secret'] = array('value' => '', 'level' => 0, 'jsvalidation' => '(' . $_REQUEST['extdisplay'] . ' == theForm.devinfo_secret.value && !confirm("' . $msgSecretSameAsExtension . '")) || isEmpty() && !confirm("'.$msgConfirmSecret.'")', 'failvalidationmsg' => $msgInvalidSecret); 
    45634564    $tmparr['notransfer'] = array('value' => 'yes', 'level' => 1); 
    45644565    $tmparr['context'] = array('value' => 'from-internal', 'level' => 1); 
     
    45774578    // sip 
    45784579    $tmparr = array(); 
    4579     $tmparr['secret'] = array('value' => '', 'level' => 0, 'jsvalidation' => 'isEmpty() && !confirm("'.$msgConfirmSecret.'")', 'failvalidationmsg' => $msgInvalidSecret); 
     4580    $tmparr['secret'] = array('value' => '', 'level' => 0, 'jsvalidation' => '(' . $_REQUEST['extdisplay'] . ' == theForm.devinfo_secret.value && !confirm("' . $msgSecretSameAsExtension . '")) || isEmpty() && !confirm("'.$msgConfirmSecret.'")', 'failvalidationmsg' => $msgInvalidSecret); 
    45804581    $tmparr['dtmfmode'] = array('value' => 'rfc2833', 'level' => 0, 'jsvalidation' => 'isEmpty()', 'failvalidationmsg' => $msgInvalidDTMFMODE ); 
    45814582    $tmparr['canreinvite'] = array('value' => 'no', 'level' => 1);