diff --git a/app/call_recordings/resources/classes/call_recordings.php b/app/call_recordings/resources/classes/call_recordings.php index b3a36af65f..a8ef50307e 100644 --- a/app/call_recordings/resources/classes/call_recordings.php +++ b/app/call_recordings/resources/classes/call_recordings.php @@ -8,19 +8,11 @@ if (!class_exists('call_recordings')) { class call_recordings { - public $db; - /** * Called when the object is created */ public function __construct() { - //connect to the database if not connected - if (!$this->db) { - require_once "resources/classes/database.php"; - $database = new database; - $database->connect(); - $this->db = $database->db; - } + } /** @@ -43,25 +35,22 @@ if (!class_exists('call_recordings')) { session_cache_limiter('public'); //get call recording from database - $call_recording_uuid = check_str($_GET['id']); - if ($call_recording_uuid != '') { - $sql = "select call_recording_name, call_recording_path, call_recording_base64 from v_call_recordings "; - $sql .= "where call_recording_uuid = '".$call_recording_uuid."' "; - //$sql .= "and domain_uuid = '".$domain_uuid."' \n"; - $prep_statement = $this->db->prepare($sql); - $prep_statement->execute(); - $call_recordings = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - if (is_array($call_recordings)) { - foreach($call_recordings as &$row) { - $call_recording_name = $row['call_recording_name']; - $call_recording_path = $row['call_recording_path']; - if ($_SESSION['call_recordings']['storage_type']['text'] == 'base64' && $row['call_recording_base64'] != '') { - file_put_contents($path.'/'.$call_recording_name, base64_decode($row['call_recording_base64'])); - } - break; + $call_recording_uuid = $_GET['id']; + if (is_uuid($call_recording_uuid)) { + $sql = "select call_recording_name, call_recording_path, call_recording_base64 "; + $sql .= "from v_call_recordings "; + $sql .= "where call_recording_uuid = :call_recording_uuid "; + $parameters['call_recording_uuid'] = $call_recording_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { + $call_recording_name = $row['call_recording_name']; + $call_recording_path = $row['call_recording_path']; + if ($_SESSION['call_recordings']['storage_type']['text'] == 'base64' && $row['call_recording_base64'] != '') { + file_put_contents($path.'/'.$call_recording_name, base64_decode($row['call_recording_base64'])); } } - unset ($sql, $prep_statement, $call_recordings); + unset($sql, $parameters, $row); } //set the path for the directory @@ -96,7 +85,7 @@ if (!class_exists('call_recordings')) { header('Content-Disposition: attachment; filename="'.$call_recording_name.'"'); header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past - // header("Content-Length: " . filesize($full_recording_path)); + // header("Content-Length: ".filesize($full_recording_path)); ob_clean(); fpassthru($fd); } @@ -118,23 +107,28 @@ if (!class_exists('call_recordings')) { session_cache_limiter('public'); //delete single call recording - if (isset($id) && is_uuid($id)) { - $sql = "delete from v_call_recordings "; - $sql .= "where call_recording_uuid = '".$id."'; "; - $this->db->query($sql); - unset($sql); + if (is_uuid($id)) { + //build delete array + $array['call_recordings'][]['call_recording_uuid'] = $id; + //grant temporary permissions + $p = new permissions; + $p->add('call_recording_delete', 'temp'); + //execute delete + $database = new database; + $database->app_name = 'call_recordings'; + $database->app_uuid = '56165644-598d-4ed8-be01-d960bcb8ffed'; + $database->delete($array); + unset($array); + //revoke temporary permissions + $p->delete('call_recording_delete', 'temp'); } //delete multiple call recordings - if (is_array($id)) { + if (is_array($id) && @sizeof($id) != 0) { //set the array $call_recordings = $id; - //debug info - //echo "
\n";
-							//print_r($call_recordings);
-							//echo "
\n"; //get the action - foreach($call_recordings as $row) { + foreach ($call_recordings as $row) { if ($row['action'] == 'delete') { $action = 'delete'; break; @@ -142,34 +136,42 @@ if (!class_exists('call_recordings')) { } //delete the checked rows if ($action == 'delete') { - foreach($call_recordings as $row) { + foreach ($call_recordings as $row) { if ($row['checked'] == 'true') { //get the information to delete - $sql = "select call_recording_name, call_recording_path from v_call_recordings "; - $sql .= "where call_recording_uuid = '".$row['call_recording_uuid']."' "; - //$sql .= "and domain_uuid = '".$domain_uuid."' \n"; - $prep_statement = $this->db->prepare(check_sql($sql)); - $prep_statement->execute(); - $array = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - if (is_array($array)) { - foreach($array as &$field) { - //delete the file on the file system - if (file_exists($field['call_recording_path'].'/'.$field['call_recording_name'])) { - unlink($field['call_recording_path'].'/'.$field['call_recording_name']); - } - //delete call recordings in the database - $sql = "delete from v_call_recordings "; - $sql .= "where call_recording_uuid = '".$row['call_recording_uuid']."'; "; - //echo $sql."\n"; - $this->db->query($sql); - unset($sql); - } + $sql = "select call_recording_name, call_recording_path "; + $sql .= "from v_call_recordings "; + $sql .= "where call_recording_uuid = :call_recording_uuid "; + $parameters['call_recording_uuid'] = $row['call_recording_uuid']; + $database = new database; + $field = $database->select($sql, $parameters, 'row'); + if (is_array($field) && @sizeof($field) != 0) { + //delete the file on the file system + if (file_exists($field['call_recording_path'].'/'.$field['call_recording_name'])) { + unlink($field['call_recording_path'].'/'.$field['call_recording_name']); + } + //build call recording delete array + $array['call_recordings'][]['call_recording_uuid'] = $row['call_recording_uuid']; + } - unset ($sql, $prep_statement, $id, $array); + unset($sql, $parameters, $field); } } - unset($call_recordings); + if (is_array($array) && @sizeof($array) != 0) { + //grant temporary permissions + $p = new permissions; + $p->add('call_recording_delete', 'temp'); + //execute delete + $database = new database; + $database->app_name = 'call_recordings'; + $database->app_uuid = '56165644-598d-4ed8-be01-d960bcb8ffed'; + $database->delete($array); + unset($array); + //revoke temporary permissions + $p->delete('call_recording_delete', 'temp'); + } } + unset($call_recordings, $row); } } } //end the delete function @@ -182,4 +184,4 @@ $obj = new call_recordings; $obj->download('all'); */ -?> +?> \ No newline at end of file diff --git a/app/number_translations/resources/classes/number_translations.php b/app/number_translations/resources/classes/number_translations.php index 1c1e407ac9..9fe595771c 100644 --- a/app/number_translations/resources/classes/number_translations.php +++ b/app/number_translations/resources/classes/number_translations.php @@ -32,19 +32,11 @@ if (!class_exists('number_translations')) { class number_translations { - public $db; - /** * Called when the object is created */ public function __construct() { - //connect to the database if not connected - if (!$this->db) { - require_once "resources/classes/database.php"; - $database = new database; - $database->connect(); - $this->db = $database->db; - } + } /** @@ -61,20 +53,12 @@ if (!class_exists('number_translations')) { * Check to see if the number translation already exists */ public function number_translation_exists($name) { - $sql = "select number_translation_uuid from v_number_translations "; - $sql .= "where number_translation_name = '$name' "; - $prep_statement = $this->db->prepare(check_sql($sql)); - if ($prep_statement) { - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - if (count($result)) { - return true; - } - else { - return false; - } - } - unset($sql, $prep_statement, $result); + $sql = "select count(*) from v_number_translations "; + $sql .= "where number_translation_name = :number_translation_name "; + $parameters['number_translation_name'] = $name; + $database = new database; + return $database->select($sql, $parameters, 'column') != 0 ? true : false; + unset($sql, $parameters); } /** @@ -90,7 +74,7 @@ if (!class_exists('number_translations')) { //convert to an array $number_translation = json_decode($json, true); } - elseif (strlen($this->json) > 0) { + else if (strlen($this->json) > 0) { //convert to an array $number_translation = json_decode($this->json, true); } @@ -99,33 +83,37 @@ if (!class_exists('number_translations')) { } //check if the number_translation exists if (!$this->number_translation_exists($number_translation['@attributes']['name'])) { - $permissions = new permissions; - $permissions->add('number_translation_add', 'temp'); - $permissions->add('number_translation_detail_add', 'temp'); - $x=0; + //begin insert array + $x = 0; $array['number_translations'][$x]['number_translation_name'] = $number_translation['@attributes']['name']; $array['number_translations'][$x]['number_translation_enabled'] = "true"; if (strlen($number_translation['@attributes']['enabled']) > 0) { $array['number_translations'][$x]['number_translation_enabled'] = $number_translation['@attributes']['enabled']; } $array['number_translations'][$x]['number_translation_description'] = $number_translation['@attributes']['description']; - //loop through the condition array $order = 5; if (isset($number_translation['rule'])) { foreach ($number_translation['rule'] as &$row) { - if(array_key_exists('@attributes', $row)) + if (array_key_exists('@attributes', $row)) { $row = $row['@attributes']; + } $array['number_translations'][$x]['number_translation_details'][$order]['number_translation_detail_regex'] = $row['regex']; $array['number_translations'][$x]['number_translation_details'][$order]['number_translation_detail_replace'] = $row['replace']; $array['number_translations'][$x]['number_translation_details'][$order]['number_translation_detail_order'] = $order; $order = $order + 5; } } + //grant temporary permissions + $p = new permissions; + $p->add('number_translation_add', 'temp'); + $p->add('number_translation_detail_add', 'temp'); + //execute insert $database = new database; $database->app_name = 'number_translations'; $database->app_uuid = '6ad54de6-4909-11e7-a919-92ebcb67fe33'; $database->save($array); + unset($array); if ($this->display_type == "text") { if ($database->message['code'] != '200') { echo "number_translation:".$number_translation['@attributes']['name'].": failed: ".$database->message['message']."\n"; @@ -134,8 +122,9 @@ if (!class_exists('number_translations')) { echo "number_translation:".$number_translation['@attributes']['name'].": added with ".(($order/5)-1)." entries\n"; } } - $permissions->delete('number_translation_add', 'temp'); - $permissions->delete('number_translation_detail_add', 'temp'); + //revoke temporary permissions + $p->delete('number_translation_add', 'temp'); + $p->delete('number_translation_detail_add', 'temp'); } unset ($this->xml, $this->json); } @@ -149,7 +138,7 @@ if (!class_exists('number_translations')) { //delete multiple number_translations if (is_array($number_translations)) { //get the action - foreach($number_translations as $row) { + foreach ($number_translations as $row) { if ($row['action'] == 'delete') { $action = 'delete'; break; @@ -157,12 +146,23 @@ if (!class_exists('number_translations')) { } //delete the checked rows if ($action == 'delete') { - foreach($number_translations as $row) { + foreach ($number_translations as $row) { if ($row['action'] == 'delete' or $row['checked'] == 'true') { - $sql = "delete from v_number_translations "; - $sql .= "where number_translation_uuid = '".$row['number_translation_uuid']."'; "; - $this->db->query($sql); - unset($sql); + //build delete array + $array['number_translations'][]['number_translation_uuid'] = $row['number_translation_uuid']; + } + if (is_array($array) && @sizeof($array) != 0) { + //grant temporary permissions + $p = new permissions; + $p->add('number_translation_delete', 'temp'); + //execute delete + $database = new database; + $database->app_name = 'number_translations'; + $database->app_uuid = '6ad54de6-4909-11e7-a919-92ebcb67fe33'; + $database->delete($array); + unset($array); + //revoke temporary permissions + $p->delete('number_translation_delete', 'temp'); } } unset($number_translations); @@ -179,4 +179,4 @@ $obj = new number_translations; $obj->delete(); */ -?> +?> \ No newline at end of file diff --git a/app/recordings/resources/classes/switch_recordings.php b/app/recordings/resources/classes/switch_recordings.php index 91ae13165b..b2f64f98de 100644 --- a/app/recordings/resources/classes/switch_recordings.php +++ b/app/recordings/resources/classes/switch_recordings.php @@ -30,15 +30,8 @@ include "root.php"; class switch_recordings { public $domain_uuid; - private $db; public function __construct() { - if (!$this->db) { - require_once "resources/classes/database.php"; - $database = new database; - $database->connect(); - $this->db = $database->db; - } $this->domain_uuid = $_SESSION['domain_uuid']; } @@ -49,15 +42,18 @@ include "root.php"; } public function list_recordings() { - $sql = "select recording_uuid, recording_filename, recording_base64 from v_recordings "; - $sql .= "where domain_uuid = '".$this->domain_uuid."' "; - $prep_statement = $this->db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { - $recordings[$_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name']."/".$row['recording_filename']] = $row['recording_filename']; + $sql = "select recording_uuid, recording_filename, recording_base64 "; + $sql .= "from v_recordings "; + $sql .= "where domain_uuid = :domain_uuid "; + $parameters['domain_uuid'] = $this->domain_uuid; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + if (is_array($result) && @sizeof($result) != 0) { + foreach ($result as &$row) { + $recordings[$_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name']."/".$row['recording_filename']] = $row['recording_filename']; + } } - unset ($prep_statement); + unset($sql, $parameters, $result, $row); return $recordings; } diff --git a/app/voicemails/voicemail_edit.php b/app/voicemails/voicemail_edit.php index 4d8500e036..9dbea200c8 100644 --- a/app/voicemails/voicemail_edit.php +++ b/app/voicemails/voicemail_edit.php @@ -117,7 +117,6 @@ $database->save($array); unset($array); //revoke temporary permissions - $p = new permissions; $p->delete('voicemail_destination_add', 'temp'); //set message message::add($text['message-add']); diff --git a/core/menu/menu_delete.php b/core/menu/menu_delete.php index 1423284ccf..2c25a49aa2 100644 --- a/core/menu/menu_delete.php +++ b/core/menu/menu_delete.php @@ -64,7 +64,6 @@ else { unset($array); //revoke temporary permissions - $p = new permissions; $p->delete('menu_delete', 'temp'); $p->delete('menu_item_delete', 'temp'); $p->delete('menu_item_group_delete', 'temp'); diff --git a/logout.php b/logout.php index eb874de7c1..b51d6fc4f4 100644 --- a/logout.php +++ b/logout.php @@ -91,7 +91,6 @@ $database->save($array); unset($array); //revoke temporary permissions - $p = new permissions; $p->delete('user_setting_add', 'temp'); } } diff --git a/resources/switch.php b/resources/switch.php index a64d69a069..e1b980f368 100644 --- a/resources/switch.php +++ b/resources/switch.php @@ -614,7 +614,6 @@ function dialplan_add($domain_uuid, $dialplan_uuid, $dialplan_name, $dialplan_or $database->save($array); unset($array); //revoke temporary permissions - $p = new permissions; $p->delete('dialplan_add', 'temp'); } @@ -641,7 +640,6 @@ function dialplan_detail_add($domain_uuid, $dialplan_uuid, $dialplan_detail_tag, $database->save($array); unset($array); //revoke temporary permissions - $p = new permissions; $p->delete('dialplan_detail_add', 'temp'); } diff --git a/secure/v_mailto.php b/secure/v_mailto.php index 52dae20e6e..07a58255fb 100755 --- a/secure/v_mailto.php +++ b/secure/v_mailto.php @@ -376,7 +376,6 @@ $database->save($array); unset($array); //revoke temporary permissions - $p = new permissions; $p->delete('email_log_add', 'temp'); }