Ticket #5647 (closed Bugs: fixed)

Opened 1 year ago

Last modified 1 year ago

Dests do funny things when mixing dest with and without id

Reported by: mbrevda Assigned to:
Priority: minor Milestone: 2.11
Component: FreePBX Framework Version: 2.10-branch
Keywords: Cc:
Confirmation: Unreviewed Distro:
Backend Engine: All Distro Ver:
Backend Ver: SVN Revision (if applicable):

Description

The first dest select controls the correct second select when all dests are using goto<something here>, or in the case of a single dest on the page (with no unique string). When adding new entry to a list that doesn't have an id assigned to it yet, it is at times desirable for the dest not to be unique (so that $goto.$id works for both assigned and unassigned items, sample code will follow), however other dest on the page might be unique. In that case, weird things can happen, including messing up ALL dests on the page.

This is the code I'm using that highlights the use case: 

$id = $_REQUEST['id'];
$goto = $_REQUEST['goto' . $id];
$dest = $_REQUEST[$goto];

Attachments

dest.diff (2.3 kB) - added by mbrevda on 03/03/12 17:09:11.

Change History

03/02/12 09:32:06 changed by mbrevda

Enclosed patch seems to resolve the issue in limited testing, please test further before releasing to released branch! (feel free to check this in, I wont be able to for a while - my dev box is down)

03/02/12 10:43:04 changed by p_lindheimer

please grab me offline to go over the failure mode and review this as it's not clear what you ran into that created this issue.

03/03/12 17:09:11 changed by mbrevda

  • attachment dest.diff added.

03/15/12 08:34:52 changed by mbrevda

  • status changed from new to closed.
  • resolution set to fixed.

(In [13842]) closes #5647 - allow blank id to be a 'unique' destiantion identifier

03/15/12 09:43:15 changed by mbrevda

(In [13844]) re #5647

03/26/12 17:26:17 changed by p_lindheimer

(In [13915]) Merged revisions 13790,13801,13805,13840,13842,13844,13863,13869-13870,13876,13907,13909,13913-13914 via svnmerge from http://www.freepbx.org/v2/svn/freepbx/branches/2.10

........

r13790 | p_lindheimer | 2012-03-08 08:56:52 -0800 (Thu, 08 Mar 2012) | 1 line

closes #5662 adds mixmonitor and stopmixmonitor methods, not tested but not used anywhere yet

........

r13801 | p_lindheimer | 2012-03-13 08:31:18 -0700 (Tue, 13 Mar 2012) | 1 line

add logging when AMI connection can't be made

........

r13805 | p_lindheimer | 2012-03-14 11:33:02 -0700 (Wed, 14 Mar 2012) | 1 line

provide option to leave mailbox= lines as some devices subscribe whether or not they have mailboxes leading to many notices in the logs re #5678

........

r13840 | mbrevda | 2012-03-15 04:27:01 -0700 (Thu, 15 Mar 2012) | 1 line

comments

........

r13842 | mbrevda | 2012-03-15 05:34:51 -0700 (Thu, 15 Mar 2012) | 1 line

closes #5647 - allow blank id to be a 'unique' destiantion identifier

........

r13844 | mbrevda | 2012-03-15 06:43:15 -0700 (Thu, 15 Mar 2012) | 1 line

re #5647

........

r13863 | p_lindheimer | 2012-03-21 16:38:39 -0700 (Wed, 21 Mar 2012) | 1 line

fixes #5695 mal formed html when no classes

........

r13869 | mbrevda | 2012-03-23 02:47:08 -0700 (Fri, 23 Mar 2012) | 1 line

closes #5708, pusblishing optional, as many more framework goodies coming next week

........

r13870 | p_lindheimer | 2012-03-23 10:47:34 -0700 (Fri, 23 Mar 2012) | 1 line

fixes RCE security vulnerability reported and solution provided by Martin Tschirsich with some bug fixes present in his original patch

........

r13876 | p_lindheimer | 2012-03-23 11:40:54 -0700 (Fri, 23 Mar 2012) | 1 line

fix potential XSS security issue

........

r13907 | mbrevda | 2012-03-26 10:01:06 -0700 (Mon, 26 Mar 2012) | 1 line

make menubar less jumpy and more stable/polished; menu bottons shouldnt hide anymore

........

r13909 | mbrevda | 2012-03-26 10:18:48 -0700 (Mon, 26 Mar 2012) | 1 line

add try exec ext and some includes for posible future features

........

r13913 | mbrevda | 2012-03-26 11:25:34 -0700 (Mon, 26 Mar 2012) | 1 line

revert r13909

........

r13914 | GameGamer?43 | 2012-03-26 11:36:51 -0700 (Mon, 26 Mar 2012) | 1 line

Adds tryexec application

........