Changeset 7598
- Timestamp:
- 04/29/09 19:46:45 (4 years ago)
- Files:
-
- freepbx/trunk (modified) (1 prop)
- freepbx/trunk/amp_conf/htdocs/admin/cdr/lib/defines.php (modified) (1 diff)
- freepbx/trunk/amp_conf/htdocs/admin/config.php (modified) (3 diffs)
- freepbx/trunk/amp_conf/htdocs/admin/functions.inc.php (modified) (1 diff)
- freepbx/trunk/amp_conf/htdocs/admin/reports.php (modified) (2 diffs)
- freepbx/trunk/amp_conf/htdocs/recordings/includes/display.php (modified) (1 diff)
- freepbx/trunk/amp_conf/htdocs/recordings/includes/login.php (modified) (2 diffs)
- freepbx/trunk/amp_conf/htdocs/recordings/modules/callmonitor.module (modified) (2 diffs)
- freepbx/trunk/amp_conf/htdocs/recordings/modules/voicemail.module (modified) (4 diffs)
- freepbx/trunk/amportal.conf (modified) (2 diffs)
- freepbx/trunk/install_amp (modified) (1 diff)
- freepbx/trunk/libfreepbx.install.php (modified) (1 diff)
- freepbx/trunk/setup_svn.php (modified) (1 diff)
- freepbx/trunk/start_asterisk (modified) (1 diff)
- freepbx/trunk/update_l10n.sh (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
freepbx/trunk
- Property svnmerge-integrated changed from /freepbx/branches/2.5:1-7351,7461-7544 to /freepbx/branches/2.5:1-7351,7461-7544,7552-7571,7573-7597
freepbx/trunk/amp_conf/htdocs/admin/cdr/lib/defines.php
r6816 r7598 97 97 if (isset($_POST[$test_var])) { 98 98 global $$test_var; 99 $$test_var = $_POST[$test_var];99 $$test_var = htmlspecialchars($_POST[$test_var]); 100 100 } elseif (isset($_GET[$test_var])) { 101 101 global $$test_var; 102 $$test_var = $_GET[$test_var];102 $$test_var = htmlspecialchars($_GET[$test_var]); 103 103 } 104 104 } freepbx/trunk/amp_conf/htdocs/admin/config.php
r7348 r7598 19 19 $type = isset($_REQUEST['type'])?$_REQUEST['type']:'setup'; 20 20 $display = isset($_REQUEST['display'])?$_REQUEST['display']:''; 21 $extdisplay = isset($_REQUEST['extdisplay'])?$_REQUEST['extdisplay']:null; 21 if (isset($_REQUEST['extdisplay'])) { 22 $extdisplay = htmlspecialchars($_REQUEST['extdisplay']); 23 $_REQUEST['extdisplay'] = $extdisplay; 24 } else { 25 $extdisplay = null; 26 } 22 27 $skip = isset($_REQUEST['skip'])?$_REQUEST['skip']:0; 23 28 $action = isset($_REQUEST['action'])?$_REQUEST['action']:null; … … 39 44 40 45 include('header.php'); 46 /* If there is an action request then some sort of update is usually being done. 47 This will protect from cross site request forgeries unless disabled. 48 */ 49 if ($action != '' && $amp_conf['CHECKREFERER']) { 50 if (isset($_SERVER['HTTP_REFERER'])) { 51 $referer = parse_url($_SERVER['HTTP_REFERER']); 52 $refererok = (trim($referer['host']) == trim($_SERVER['HTTP_HOST'])) ? true : false; 53 } else { 54 $refererok = false; 55 } 56 57 if (!$refererok) { 58 die_freepbx(_("POTENTIAL SECURITY BREACH: an attempt was made to modify settings from a URL that did not come from a FreePBX page. This action has been blocked because the HTTP_REFERER does not match your current SERVER. If you require this access, you can set CHECKREFERER=false in amportal.conf to disable this security check")); 59 } 60 } 41 61 42 62 // handle special requests … … 286 306 $itemid = ''; 287 307 foreach($possibilites as $possibility) { 288 if ( isset($_REQUEST[$possibility]) && $_REQUEST[$possibility] != '' ) 289 $itemid = $_REQUEST[$possibility]; 308 if ( isset($_REQUEST[$possibility]) && $_REQUEST[$possibility] != '' ) { 309 $itemid = htmlspecialchars($_REQUEST[$possibility]); 310 $_REQUEST[$possibility] = $itemid; 311 } 290 312 } 291 313 freepbx/trunk/amp_conf/htdocs/admin/functions.inc.php
r7478 r7598 745 745 'FOPDISABLE' => array('bool' , false), 746 746 'ZAP2DAHDICOMPAT' => array('bool' , false), 747 'CHECKREFERER' => array('bool' , true), 747 748 ); 748 749 freepbx/trunk/amp_conf/htdocs/admin/reports.php
r6976 r7598 32 32 } 33 33 34 $display=1;35 if (isset($_REQUEST['display'])) {36 $display=$_REQUEST['display'];37 }38 39 34 // setup menu 40 35 $menu = array( … … 45 40 ); 46 41 42 if (isset($_REQUEST['display']) && isset($menu[$_REQUEST['display']])) { 43 $display=$_REQUEST['display']; 44 } else { 45 $display=1; 46 } 47 47 48 // CDR viewer from www.areski.net. 48 49 // Changes for -- AMP -- commented in: freepbx/trunk/amp_conf/htdocs/recordings/includes/display.php
r6600 r7598 87 87 <form class='bar' action='" . $_SESSION['ARI_ROOT'] . "' method='GET' name='search'> 88 88 <input type=hidden name=m value=" . $m . "> 89 <input type=text name=q size=40 value='" . $q. "' maxlength=256>89 <input type=text name=q size=40 value='" . htmlspecialchars($q) . "' maxlength=256> 90 90 " . $option_text . " 91 91 <input type=hidden name=start value=0> freepbx/trunk/amp_conf/htdocs/recordings/includes/login.php
r6816 r7598 193 193 } 194 194 else { 195 $_SESSION['ari_error'] = "Incorrect Password";195 $_SESSION['ari_error'] = _("Incorrect Username or Password"); 196 196 return; 197 197 } … … 265 265 else if ($protocol_username==$username && 266 266 $protocol_password!=$password) { 267 $_SESSION['ari_error'] = _("Incorrect Password");267 $_SESSION['ari_error'] = _("Incorrect Username or Password"); 268 268 return; 269 269 } freepbx/trunk/amp_conf/htdocs/recordings/modules/callmonitor.module
r7305 r7598 87 87 <script> 88 88 <!-- 89 window.location = \"" . $_SESSION['ARI_ROOT'] . "?m=" . $m . "&q=" . $q. "&start=" . $start . "&span=" . $span . "&order=" . $order . "&sort=" . $sort . "&duration_filter=" . $duration_filter . "\"89 window.location = \"" . $_SESSION['ARI_ROOT'] . "?m=" . $m . "&q=" . urlencode($q) . "&start=" . $start . "&span=" . $span . "&order=" . $order . "&sort=" . $sort . "&duration_filter=" . $duration_filter . "\" 90 90 // --> 91 91 </script> … … 291 291 <input type=hidden name=f value=recAction> 292 292 <input type=hidden name=a value=''> 293 <input type=hidden name=q value=" . $q. ">293 <input type=hidden name=q value=" . urlencode($q) . "> 294 294 <input type=hidden name=start value=" . $start . "> 295 295 <input type=hidden name=span value=" . $span . "> freepbx/trunk/amp_conf/htdocs/recordings/modules/voicemail.module
r7305 r7598 118 118 // add folder to list 119 119 $ret .= "<p><small><small> 120 <a " . $class . " href='" . $_SESSION['ARI_ROOT'] . "?m=Voicemail&q=" . $q. "&folder=" . $f. "'>120 <a " . $class . " href='" . $_SESSION['ARI_ROOT'] . "?m=Voicemail&q=" . urlencode($q) . "&folder=" . $f. "'> 121 121 " . $fn . " (" . $record_count . ")" . " 122 122 </a> … … 334 334 <script> 335 335 <!-- 336 window.location = \"" . $_SESSION['ARI_ROOT'] . "?m=" . $m . "&folder=" . $folder . "&q=" . $q. "&start=" . $start . "&span=" . $span . "&order=" . $order . "&sort=" . $sort . "\"336 window.location = \"" . $_SESSION['ARI_ROOT'] . "?m=" . $m . "&folder=" . $folder . "&q=" . urlencode($q) . "&start=" . $start . "&span=" . $span . "&order=" . $order . "&sort=" . $sort . "\" 337 337 // --> 338 338 </script> … … 371 371 $span = $span=='' ? 15 : $span; 372 372 $order = $order=='' ? 'calldate' : $order; 373 $sort = $sort=='' ? 'desc' : $sort;373 $sort = ($sort=='' || strtolower($sort) == 'desc') ? 'desc' : 'asc'; 374 374 375 375 $paths = split(';',$ASTERISK_VOICEMAIL_PATH); … … 625 625 <input type=hidden name=f value=msgAction> 626 626 <input type=hidden name=a value=''> 627 <input type=hidden name=q value=" . $q. ">627 <input type=hidden name=q value=" . urlencode($q) . "> 628 628 <input type=hidden name=folder value=" . $folder . "> 629 629 <input type=hidden name=start value=" . $start . "> freepbx/trunk/amportal.conf
r7088 r7598 1 # This file is part of FreePBX. 2 # 3 # FreePBX is free software: you can redistribute it and/or modify 4 # it under the terms of the GNU General Public License as published by 5 # the Free Software Foundation, either version 2 of the License, or 6 # (at your option) any later version. 7 # 8 # FreePBX is distributed in the hope that it will be useful, 9 # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 # GNU General Public License for more details. 12 # 13 # You should have received a copy of the GNU General Public License 14 # along with FreePBX. If not, see <http://www.gnu.org/licenses/>. 15 # 1 16 # This file contains settings for components of the Asterisk Management Portal 2 17 # Spaces are not allowed! … … 210 225 # GUI will continue to refer to these as ZAP but it will use the proper DAHDI channels. 211 226 # This will also keep Zap Channel DIDs working. 227 228 # CHECKREFERER=true|false 229 # DEFAULT VALUE: true 230 # When set to the default value of true, all requests into FreePBX that might possibly add/edit/delete settings will 231 # be validated to assure the request is coming from the server. This will protect the system from CSRF (cross site 232 # request forgery) attacks. It will have the effect of preventing legitimately entering URLs that could modify 233 # settings which can be allowed by changing this field to false 234 # freepbx/trunk/install_amp
r7088 r7598 1 1 #!/usr/bin/php -q 2 2 <?php 3 3 //This file is part of FreePBX. 4 // 5 // FreePBX is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU General Public License as published by 7 // the Free Software Foundation, either version 2 of the License, or 8 // (at your option) any later version. 9 // 10 // FreePBX is distributed in the hope that it will be useful, 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU General Public License for more details. 14 // 15 // You should have received a copy of the GNU General Public License 16 // along with FreePBX. If not, see <http://www.gnu.org/licenses/>. 17 // 18 // Copyright 2006, qldrob 19 // Copyright 2009, Bandwith.com 20 // 4 21 require_once ("libfreepbx.install.php"); 5 22 freepbx/trunk/libfreepbx.install.php
r6215 r7598 1 1 <?php 2 //This file is part of FreePBX. 3 // 4 // FreePBX is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 2 of the License, or 7 // (at your option) any later version. 8 // 9 // FreePBX is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with FreePBX. If not, see <http://www.gnu.org/licenses/>. 16 // 17 // Copyright 2007, Philippe Lindheimer 18 // 2 19 3 20 /********************************************************************************************************************/ freepbx/trunk/setup_svn.php
r7094 r7598 1 1 #!/usr/bin/php -q 2 2 <?php 3 //This file is part of FreePBX. 4 // 5 // FreePBX is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU General Public License as published by 7 // the Free Software Foundation, either version 2 of the License, or 8 // (at your option) any later version. 9 // 10 // FreePBX is distributed in the hope that it will be useful, 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU General Public License for more details. 14 // 15 // You should have received a copy of the GNU General Public License 16 // along with FreePBX. If not, see <http://www.gnu.org/licenses/>. 17 // 18 // Copyright 2007, Philippe Lindheimer 19 // 3 20 4 21 /** setup_svn.php freepbx/trunk/start_asterisk
r7526 r7598 1 1 #!/usr/bin/env bash 2 2 # This file is part of FreePBX. 3 # 4 # FreePBX is free software: you can redistribute it and/or modify 5 # it under the terms of the GNU General Public License as published by 6 # the Free Software Foundation, either version 2 of the License, or 7 # (at your option) any later version. 8 # 9 # FreePBX is distributed in the hope that it will be useful, 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 # GNU General Public License for more details. 13 # 14 # You should have received a copy of the GNU General Public License 15 # along with FreePBX. If not, see <http://www.gnu.org/licenses/>. 16 # 17 # Copyright 2007, Philippe Lindheimer 18 # 3 19 ROOT_UID=0 # root uid is 0 4 20 E_NOTROOT=67 # Non-root exit error freepbx/trunk/update_l10n.sh
r2836 r7598 1 1 #! /bin/sh 2 2 # This file is part of FreePBX. 3 # 4 # FreePBX is free software: you can redistribute it and/or modify 5 # it under the terms of the GNU General Public License as published by 6 # the Free Software Foundation, either version 2 of the License, or 7 # (at your option) any later version. 8 # 9 # FreePBX is distributed in the hope that it will be useful, 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 # GNU General Public License for more details. 13 # 14 # You should have received a copy of the GNU General Public License 15 # along with FreePBX. If not, see <http://www.gnu.org/licenses/>. 16 # 17 # Copyright 2006, diego_iastrubni 18 # 3 19 echo "Creating new POT template file" 4 20 find amp_conf/htdocs/admin -name '*.php' | xargs xgettext -L PHP -o freepbx.pot --keyword=_ -
