Prevent application duplicates and update the applications array. (#6173)
* Prevent application duplicates and filter the applications before the content. * Don't allow the new spawn commands as they are as dangerous as system commands. * Update dialplan_valid false to include bg_spawn, spawn and spawn_stream.
This commit is contained in:
FusionPBX
GitHub
parent
72c9aa5a61
commit
38dea5f699
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
The Initial Developer of the Original Code is
|
The Initial Developer of the Original Code is
|
||||||
Mark J Crane <markjcrane@fusionpbx.com>
|
Mark J Crane <markjcrane@fusionpbx.com>
|
||||||
Portions created by the Initial Developer are Copyright (C) 2008-2020
|
Portions created by the Initial Developer are Copyright (C) 2008-2021
|
||||||
the Initial Developer. All Rights Reserved.
|
the Initial Developer. All Rights Reserved.
|
||||||
|
|
||||||
Contributor(s):
|
Contributor(s):
|
||||||
|
|
@ -86,10 +86,35 @@
|
||||||
$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
|
$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
|
||||||
if ($fp) {
|
if ($fp) {
|
||||||
$result = event_socket_request($fp, 'api show application');
|
$result = event_socket_request($fp, 'api show application');
|
||||||
$_SESSION['switch']['applications'] = explode("\n\n", $result);
|
|
||||||
$_SESSION['switch']['applications'] = explode("\n", $_SESSION['switch']['applications'][0]);
|
$show_applications = explode("\n\n", $result);
|
||||||
|
$raw_applications = explode("\n", $show_applications[0]);
|
||||||
unset($result);
|
unset($result);
|
||||||
unset($fp);
|
unset($fp);
|
||||||
|
|
||||||
|
$previous_application = null;
|
||||||
|
foreach($raw_applications as $row) {
|
||||||
|
if (strlen($row) > 0) {
|
||||||
|
$application_array = explode(",", $row);
|
||||||
|
$application = $application_array[0];
|
||||||
|
|
||||||
|
if (
|
||||||
|
$application != "name"
|
||||||
|
&& $application != "system"
|
||||||
|
&& $application != "bgsystem"
|
||||||
|
&& $application != "spawn"
|
||||||
|
&& $application != "bg_spawn"
|
||||||
|
&& $application != "spawn_stream"
|
||||||
|
&& stristr($application, "[") != true
|
||||||
|
) {
|
||||||
|
if ($application != $previous_application) {
|
||||||
|
$applications[] = $application;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$previous_application = $application;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$_SESSION['switch']['applications'] = $applications;
|
||||||
} else {
|
} else {
|
||||||
$_SESSION['switch']['applications'] = Array();
|
$_SESSION['switch']['applications'] = Array();
|
||||||
}
|
}
|
||||||
|
|
@ -221,9 +246,15 @@
|
||||||
if (!preg_match("/system/i", $row["dialplan_detail_type"])) {
|
if (!preg_match("/system/i", $row["dialplan_detail_type"])) {
|
||||||
$dialplan_detail_type = $row["dialplan_detail_type"];
|
$dialplan_detail_type = $row["dialplan_detail_type"];
|
||||||
}
|
}
|
||||||
|
if (!preg_match("/spawn/i", $row["dialplan_detail_type"])) {
|
||||||
|
$dialplan_detail_type = $row["dialplan_detail_type"];
|
||||||
|
}
|
||||||
if (!preg_match("/system/i", $row["dialplan_detail_data"])) {
|
if (!preg_match("/system/i", $row["dialplan_detail_data"])) {
|
||||||
$dialplan_detail_data = $row["dialplan_detail_data"];
|
$dialplan_detail_data = $row["dialplan_detail_data"];
|
||||||
}
|
}
|
||||||
|
if (!preg_match("/spawn/i", $row["dialplan_detail_data"])) {
|
||||||
|
$dialplan_detail_data = $row["dialplan_detail_data"];
|
||||||
|
}
|
||||||
$array['dialplans'][$x]['dialplan_details'][$y]['domain_uuid'] = is_uuid($_POST["domain_uuid"]) ? $_POST["domain_uuid"] : null;
|
$array['dialplans'][$x]['dialplan_details'][$y]['domain_uuid'] = is_uuid($_POST["domain_uuid"]) ? $_POST["domain_uuid"] : null;
|
||||||
$array['dialplans'][$x]['dialplan_details'][$y]['dialplan_detail_tag'] = $row["dialplan_detail_tag"];
|
$array['dialplans'][$x]['dialplan_details'][$y]['dialplan_detail_tag'] = $row["dialplan_detail_tag"];
|
||||||
$array['dialplans'][$x]['dialplan_details'][$y]['dialplan_detail_type'] = $dialplan_detail_type;
|
$array['dialplans'][$x]['dialplan_details'][$y]['dialplan_detail_type'] = $dialplan_detail_type;
|
||||||
|
|
@ -860,13 +891,8 @@
|
||||||
//if (strlen($dialplan_detail_tag) == 0 || $dialplan_detail_tag == "action" || $dialplan_detail_tag == "anti-action") {
|
//if (strlen($dialplan_detail_tag) == 0 || $dialplan_detail_tag == "action" || $dialplan_detail_tag == "anti-action") {
|
||||||
echo " <optgroup label='".$text['optgroup-applications']."'>\n";
|
echo " <optgroup label='".$text['optgroup-applications']."'>\n";
|
||||||
if (is_array($_SESSION['switch']['applications'])) {
|
if (is_array($_SESSION['switch']['applications'])) {
|
||||||
foreach ($_SESSION['switch']['applications'] as $row) {
|
foreach ($_SESSION['switch']['applications'] as $application) {
|
||||||
if (strlen($row) > 0) {
|
echo " <option value='".escape($application)."'>".escape($application)."</option>\n";
|
||||||
$application = explode(",", $row);
|
|
||||||
if ($application[0] != "name" && $application[0] != "system" && stristr($application[0], "[") != true) {
|
|
||||||
echo " <option value='".escape($application[0])."'>".escape($application[0])."</option>\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
echo " </optgroup>\n";
|
echo " </optgroup>\n";
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
The Initial Developer of the Original Code is
|
The Initial Developer of the Original Code is
|
||||||
Mark J Crane <markjcrane@fusionpbx.com>
|
Mark J Crane <markjcrane@fusionpbx.com>
|
||||||
Portions created by the Initial Developer are Copyright (C) 2008-2019
|
Portions created by the Initial Developer are Copyright (C) 2008-2021
|
||||||
the Initial Developer. All Rights Reserved.
|
the Initial Developer. All Rights Reserved.
|
||||||
|
|
||||||
Contributor(s):
|
Contributor(s):
|
||||||
|
|
@ -81,12 +81,30 @@
|
||||||
if (preg_match("/.*([\"\'])bgsystem([\"\']).*>/i", $dialplan_xml)) {
|
if (preg_match("/.*([\"\'])bgsystem([\"\']).*>/i", $dialplan_xml)) {
|
||||||
$dialplan_valid = false;
|
$dialplan_valid = false;
|
||||||
}
|
}
|
||||||
|
if (preg_match("/.*([\"\'])bg_spawn([\"\']).*>/i", $dialplan_xml)) {
|
||||||
|
$dialplan_valid = false;
|
||||||
|
}
|
||||||
|
if (preg_match("/.*([\"\'])spawn([\"\']).*>/i", $dialplan_xml)) {
|
||||||
|
$dialplan_valid = false;
|
||||||
|
}
|
||||||
|
if (preg_match("/.*([\"\'])spawn_stream([\"\']).*>/i", $dialplan_xml)) {
|
||||||
|
$dialplan_valid = false;
|
||||||
|
}
|
||||||
if (preg_match("/.*{system.*/i", $dialplan_xml)) {
|
if (preg_match("/.*{system.*/i", $dialplan_xml)) {
|
||||||
$dialplan_valid = false;
|
$dialplan_valid = false;
|
||||||
}
|
}
|
||||||
if (preg_match("/.*{bgsystem.*/i", $dialplan_xml)) {
|
if (preg_match("/.*{bgsystem.*/i", $dialplan_xml)) {
|
||||||
$dialplan_valid = false;
|
$dialplan_valid = false;
|
||||||
}
|
}
|
||||||
|
if (preg_match("/.*{bg_spawn.*/i", $dialplan_xml)) {
|
||||||
|
$dialplan_valid = false;
|
||||||
|
}
|
||||||
|
if (preg_match("/.*{spawn.*/i", $dialplan_xml)) {
|
||||||
|
$dialplan_valid = false;
|
||||||
|
}
|
||||||
|
if (preg_match("/.*{spawn_stream.*/i", $dialplan_xml)) {
|
||||||
|
$dialplan_valid = false;
|
||||||
|
}
|
||||||
|
|
||||||
//disable xml entities and load the xml object to test if the xml is valid
|
//disable xml entities and load the xml object to test if the xml is valid
|
||||||
libxml_disable_entity_loader(true);
|
libxml_disable_entity_loader(true);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue