Fix a problem with call flows. Increase the security for both the xm_edit and the provision_editor.

2012-09-23 10:31:31 +00:00 · 2012-09-23 10:31:31 +00:00 · 1b781dd048
parent 25259972f5
commit 1b781dd048
3 changed files with 20 additions and 8 deletions
--- a/app/provision_editor/fileread.php
+++ b/app/provision_editor/fileread.php
@ -25,6 +25,7 @@
 */
 include "root.php";
 require_once "includes/require.php";
+require_once "includes/checkauth.php";
 if (permission_exists('xml_editor_view')) {
 	//access granted
 }
@ -33,7 +34,7 @@ else {
 	exit;
 }

-$filename = $_POST["file"];
+$filename = check_str($_POST["file"]);
 $filename = str_replace ("\\", "/", $filename);

 $handle = fopen($filename, "r");
--- a/app/xml_edit/fileread.php
+++ b/app/xml_edit/fileread.php
@ -25,6 +25,7 @@
 */
 include "root.php";
 require_once "includes/require.php";
+require_once "includes/checkauth.php";
 if (permission_exists('xml_editor_view')) {
 	//access granted
 }
@ -33,7 +34,7 @@ else {
 	exit;
 }

-$filename = $_POST["file"];
+$filename = check_str($_POST["file"]);
 $filename = str_replace ("\\", "/", $filename);

 $handle = fopen($filename, "r");
--- a/includes/install/scripts/call_flow_monitor.lua
+++ b/includes/install/scripts/call_flow_monitor.lua
@ -25,7 +25,11 @@
 --	POSSIBILITY OF SUCH DAMAGE.

 --set the time between loops in seconds
-	sleep = 500;
+	sleep = 300;
+
+--set the debug level
+	debug["log"] = false;
+	debug["sql"] = false;

 --include the lua script
 	scripts_dir = string.sub(debug.getinfo(1).source,2,string.len(debug.getinfo(1).source)-(string.len(argv[0])+1));
@ -74,8 +78,10 @@
 			sql = [[select d.domain_name, f.call_flow_uuid, f.call_flow_extension, f.call_flow_feature_code, f.call_flow_status, f.call_flow_label, f.call_flow_anti_label
 			from v_call_flows as f, v_domains as d 
 			where f.domain_uuid = d.domain_uuid]]
-			--and call_flow_enabled = 'true' 
-			--freeswitch.consoleLog("notice", "SQL:" .. sql .. "\n");
+			--and call_flow_enabled = 'true'
+			if (debug["sql"]) then
+				freeswitch.consoleLog("notice", "SQL:" .. sql .. "\n");
+			end
 			x = 0;
 			dbh:query(sql, function(row)
 				domain_name = row.domain_name;
@ -103,7 +109,9 @@
 						event:addHeader("answer-state", "terminated");
 						event:fire();
 					--show in the console
-						freeswitch.consoleLog("notice", "Call Flow: label="..call_flow_label..",status=true,uuid="..call_flow_uuid.."\n");
+						if (debug["log"]) then
+							freeswitch.consoleLog("notice", "Call Flow: label="..call_flow_label..",status=true,uuid="..call_flow_uuid.."\n");
+						end
 				else
 					--set presence in - turn lamp on
 						event = freeswitch.Event("PRESENCE_IN");
@ -120,7 +128,9 @@
 						event:addHeader("answer-state", "confirmed");
 						event:fire();
 					--show in the console
-						freeswitch.consoleLog("notice", "Call Flow: label="..call_flow_anti_label..",status=false,uuid="..call_flow_uuid.."\n");
+						if (debug["log"]) then
+							freeswitch.consoleLog("notice", "Call Flow: label="..call_flow_anti_label..",status=false,uuid="..call_flow_uuid.."\n");
+						end
 				end
 			end);

@ -131,4 +141,4 @@

 		--sleep a moment to prevent using unecessary resources
 			freeswitch.msleep(sleep*1000);
-	end
+	end