dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve the security on when adding inbound dialplans.

This commit is contained in:
Mark Crane 2013-08-26 23:18:01 +00:00
parent 2d1c83eee5
commit 252571bd19
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/dialplan_inbound/dialplan_inbound_add.php
View File

@ -678,7 +678,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
echo "</td>\n"; echo "</td>\n";
echo "</tr>\n"; echo "</tr>\n";
if (permission_exists("inbound_route_edit") && $action == "advanced") { if (permission_exists("inbound_route_edit") && $action == "advanced" && if_group("superadmin")) {
echo "<tr>\n"; echo "<tr>\n";
echo "<td class='vncellreq' valign='top' align='left' nowrap>\n"; echo "<td class='vncellreq' valign='top' align='left' nowrap>\n";
echo " ".$text['label-condition_1'].":\n"; echo " ".$text['label-condition_1'].":\n";
@ -974,9 +974,11 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
echo "<tr>\n"; echo "<tr>\n";
echo " <td colspan='5' align='right'>\n"; echo " <td colspan='5' align='right'>\n";
if ($action == "update") { if ($action == "update") {
echo " <input type='hidden' name='dialplan_uuid' value='$dialplan_uuid'>\n"; if ($action == "update" && if_group("superadmin")) {
echo " <input type='hidden' name='dialplan_uuid' value='$dialplan_uuid'>\n";
}
echo " <input type='submit' class='btn' value='".$text['button-save']."'>\n";
} }
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n"; echo " </td>\n";
echo "</tr>"; echo "</tr>";