From 485928230642a391d04a9902885ad5d096543917 Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Wed, 26 Apr 2023 10:20:13 -0600
Subject: [PATCH] [bug] Allow specific safe variables

This is a bug fix for recent security changes. These particular variables are essential to the SIP profile: record-template.
---
 .../resources/scripts/configuration/sofia.conf.lua         | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/scripts/resources/scripts/app/xml_handler/resources/scripts/configuration/sofia.conf.lua b/app/scripts/resources/scripts/app/xml_handler/resources/scripts/configuration/sofia.conf.lua
index 91026f2a94..fcce326057 100644
--- a/app/scripts/resources/scripts/app/xml_handler/resources/scripts/configuration/sofia.conf.lua
+++ b/app/scripts/resources/scripts/app/xml_handler/resources/scripts/configuration/sofia.conf.lua
@@ -267,6 +267,13 @@
 					--	sip_profile_setting_value = sip_profile_setting_value:gsub("%$", "");
 					--end
 
+				--sanitize the sip profile setting value, allow specific safe variables
+					sip_profile_setting_value = xml.sanitize(sip_profile_setting_value);
+					sip_profile_setting_value = string.gsub(sip_profile_setting_value, "{domain_name}", "${domain_name}"); 
+					sip_profile_setting_value = string.gsub(sip_profile_setting_value, "{strftime", "${strftime");
+					sip_profile_setting_value = string.gsub(sip_profile_setting_value, "{uuid}", "${uuid}");
+					sip_profile_setting_value = string.gsub(sip_profile_setting_value, "{record_ext}", "${record_ext}");
+
 				--set the parameters
 					if (sip_profile_setting_name) then
 						xml:append([[						<param name="]] .. xml.sanitize(sip_profile_setting_name) .. [[" value="]] .. xml.sanitize(sip_profile_setting_value) .. [["/>]]);