dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add escapeshellarg to the variables used in the command line.

This commit is contained in:
FusionPBX 2022-06-29 10:38:36 -06:00 committed by GitHub
parent de22a9121a
commit 07679fe80d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
secure/fax_to_email.php
View File

@ -427,7 +427,7 @@ if (!function_exists('fax_split_dtmf')) {
$route_array = outbound_route_to_bridge($domain_uuid, $fax_forward_number); $route_array = outbound_route_to_bridge($domain_uuid, $fax_forward_number);
if (count($route_array) == 0) { if (count($route_array) == 0) {
//send the internal call to the registered extension //send the internal call to the registered extension
$fax_uri = "user/".$fax_forward_number."@".$domain_name; $fax_uri = "user/".escapeshellarg($fax_forward_number)."@".escapeshellarg($domain_name);
$fax_variables = ""; $fax_variables = "";
} }
else { else {
@ -435,35 +435,35 @@ if (!function_exists('fax_split_dtmf')) {
$fax_uri = $route_array[0]; $fax_uri = $route_array[0];
$fax_variables = ""; $fax_variables = "";
foreach($_SESSION['fax']['variable'] as $variable) { foreach($_SESSION['fax']['variable'] as $variable) {
$fax_variables .= $variable.","; $fax_variables .= escapeshellarg($variable).",";
} }
} }
//build the dial string //build the dial string
$dial_string = "absolute_codec_string='PCMU,PCMA',"; $dial_string = "absolute_codec_string='PCMU,PCMA',";
$dial_string .= "accountcode='" . $fax_accountcode . "',"; $dial_string .= "accountcode='" . escapeshellarg($fax_accountcode) . "',";
$dial_string .= "sip_h_X-accountcode='" . $fax_accountcode . "',"; $dial_string .= "sip_h_X-accountcode='" . escapeshellarg($fax_accountcode) . "',";
$dial_string .= "domain_uuid=" . $domain_uuid . ","; $dial_string .= "domain_uuid=" . escapeshellarg($domain_uuid) . ",";
$dial_string .= "domain_name=" . $domain_name . ","; $dial_string .= "domain_name=" . escapeshellarg($domain_name) . ",";
$dial_string .= "origination_caller_id_name='" . $fax_caller_id_name . "',"; $dial_string .= "origination_caller_id_name='" . escapeshellarg($fax_caller_id_name) . "',";
$dial_string .= "origination_caller_id_number='" . $fax_caller_id_number . "',"; $dial_string .= "origination_caller_id_number='" . escapeshellarg($fax_caller_id_number) . "',";
$dial_string .= "fax_ident='" . $fax_caller_id_number . "',"; $dial_string .= "fax_ident='" . escapeshellarg($fax_caller_id_number) . "',";
$dial_string .= "fax_header='" . $fax_caller_id_name . "',"; $dial_string .= "fax_header='" . escapeshellarg($fax_caller_id_name) . "',";
$dial_string .= "fax_file='" . $fax_file . "',"; $dial_string .= "fax_file='" . escapeshellarg($fax_file) . "',";
if ($fax_send_mode != 'queue') { if ($fax_send_mode != 'queue') {
//add more ot the dial string //add more ot the dial string
$dial_string .= $fax_variables; $dial_string .= $fax_variables;
$dial_string .= "mailto_address='" . $mail_to_address . "',"; $dial_string .= "mailto_address='" . escapeshellarg($mail_to_address) . "',";
$dial_string .= "mailfrom_address='" . $mail_from_address . "',"; $dial_string .= "mailfrom_address='" . escapeshellarg($mail_from_address) . "',";
$dial_string .= "fax_uri=" . $fax_uri . ","; $dial_string .= "fax_uri=" . escapeshellarg($fax_uri) . ",";
$dial_string .= "fax_retry_attempts=1" . ","; $dial_string .= "fax_retry_attempts=1" . ",";
$dial_string .= "fax_retry_limit=20" . ","; $dial_string .= "fax_retry_limit=20" . ",";
$dial_string .= "fax_retry_sleep=180" . ","; $dial_string .= "fax_retry_sleep=180" . ",";
$dial_string .= "fax_verbose=true" . ","; $dial_string .= "fax_verbose=true" . ",";
$dial_string .= "fax_use_ecm=off" . ","; $dial_string .= "fax_use_ecm=off" . ",";
$dial_string .= "api_hangup_hook='lua fax_retry.lua'"; $dial_string .= "api_hangup_hook='lua fax_retry.lua'";
$dial_string = "{" . $dial_string . "}" . $fax_uri." &txfax('".$fax_file."')"; $dial_string = "{" . $dial_string . "}" . escapeshellarg($fax_uri)." &txfax('".escapeshellarg($fax_file)."')";
//get the event socket information //get the event socket information
$sql = "select * from v_settings "; $sql = "select * from v_settings ";
@ -629,23 +629,6 @@ if (!function_exists('fax_split_dtmf')) {
fwrite($fp, $fax_file_name." received on ".$fax_extension." emailed to ".$fax_email." ".$fax_messages."\n"); fwrite($fp, $fax_file_name." received on ".$fax_extension." emailed to ".$fax_email." ".$fax_messages."\n");
fclose($fp); fclose($fp);
} }
else {
//create an instruction log to email messages once the connection to the mail server has been restored
$fp = fopen($fax_to_email_queue_dir."/failed_fax_emails.log", "a");
fwrite($fp, PHP_BINDIR."/php ".$_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/secure/fax_to_email.php email='".$fax_email."' extension=".$fax_extension." name='".$fax_file."' messages='".$fax_messages."' domain=".$domain_name." caller_id_name='".$caller_id_name."' caller_id_number=".$caller_id_number." retry=true\n");
fclose($fp);
//create a script to do the delayed mailing
$fp = fopen($_SESSION['server']['temp']['dir']."/failed_fax_emails.sh", "w");
fwrite($fp, "rm ".$_SESSION['server']['temp']['dir']."/fax_email_retry.sh\n");
fwrite($fp, "mv ".$fax_to_email_queue_dir."/failed_fax_emails.log ".$_SESSION['server']['temp']['dir']."/fax_email_retry.sh\n");
fwrite($fp, "chmod 777 ".$_SESSION['server']['temp']['dir']."/fax_email_retry.sh\n");
fwrite($fp, $_SESSION['server']['temp']['dir']."/fax_email_retry.sh\n");
fclose($fp);
$tmp_response = exec("chmod 777 ".$_SESSION['server']['temp']['dir']."/failed_fax_emails.sh");
//note we use batch in order to execute when system load is low. Alternatively this could be replaced with AT.
$tmp_response = exec("at -f ".$_SESSION['server']['temp']['dir']."/failed_fax_emails.sh now + 3 minutes");
}
} }
} }