diff --git a/app/dialplan_inbound/dialplan_inbound_add.php b/app/dialplan_inbound/dialplan_inbound_add.php index 370a24736f..86202fbcc0 100644 --- a/app/dialplan_inbound/dialplan_inbound_add.php +++ b/app/dialplan_inbound/dialplan_inbound_add.php @@ -56,54 +56,53 @@ //get the http post values and set them as php variables if (count($_POST) > 0) { - $dialplan_name = check_str($_POST["dialplan_name"]); - $caller_id_outbound_prefix = check_str($_POST["caller_id_outbound_prefix"]); - $limit = check_str($_POST["limit"]); - $public_order = check_str($_POST["public_order"]); - $condition_field_1 = check_str($_POST["condition_field_1"]); - $condition_expression_1 = check_str($_POST["condition_expression_1"]); - $condition_field_2 = check_str($_POST["condition_field_2"]); - $condition_expression_2 = check_str($_POST["condition_expression_2"]); - $destination_uuid = check_str($_POST["destination_uuid"]); + $dialplan_name = $_POST["dialplan_name"]; + $caller_id_outbound_prefix = $_POST["caller_id_outbound_prefix"]; + $limit = $_POST["limit"]; + $public_order = $_POST["public_order"]; + $condition_field_1 = $_POST["condition_field_1"]; + $condition_expression_1 = $_POST["condition_expression_1"]; + $condition_field_2 = $_POST["condition_field_2"]; + $condition_expression_2 = $_POST["condition_expression_2"]; + $destination_uuid = $_POST["destination_uuid"]; - $action_1 = check_str($_POST["action_1"]); + $action_1 = $_POST["action_1"]; //$action_1 = "transfer:1001 XML default"; $action_1_array = explode(":", $action_1); $action_application_1 = array_shift($action_1_array); $action_data_1 = join(':', $action_1_array); - $action_2 = check_str($_POST["action_2"]); + $action_2 = $_POST["action_2"]; //$action_2 = "transfer:1001 XML default"; $action_2_array = explode(":", $action_2); $action_application_2 = array_shift($action_2_array); $action_data_2 = join(':', $action_2_array); - //$action_application_1 = check_str($_POST["action_application_1"]); - //$action_data_1 = check_str($_POST["action_data_1"]); - //$action_application_2 = check_str($_POST["action_application_2"]); - //$action_data_2 = check_str($_POST["action_data_2"]); + //$action_application_1 = $_POST["action_application_1"]; + //$action_data_1 = $_POST["action_data_1"]; + //$action_application_2 = $_POST["action_application_2"]; + //$action_data_2 = $_POST["action_data_2"]; $destination_carrier = ''; $destination_accountcode = ''; //use the destination_uuid to set the condition_expression_1 - if (strlen($destination_uuid) > 0) { + if (is_uuid($destination_uuid)) { $sql = "select * from v_destinations "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and destination_uuid = '$destination_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - if (count($result) > 0) { - foreach ($result as &$row) { - $destination_number = $row["destination_number"]; - $condition_expression_1 = $row["destination_number"]; - $fax_uuid = $row["fax_uuid"]; - $destination_carrier = $row["destination_carrier"]; - $destination_accountcode = $row["destination_accountcode"]; - } + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and destination_uuid = :destination_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['destination_uuid'] = $destination_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { + $destination_number = $row["destination_number"]; + $condition_expression_1 = $row["destination_number"]; + $fax_uuid = $row["fax_uuid"]; + $destination_carrier = $row["destination_carrier"]; + $destination_accountcode = $row["destination_accountcode"]; } - unset ($prep_statement); + unset($sql, $parameters, $row); } if (permission_exists("inbound_route_advanced") && $action == "advanced") { @@ -117,8 +116,8 @@ $condition_expression_1 = '^('.$condition_expression_1.')$'; } } - $dialplan_enabled = check_str($_POST["dialplan_enabled"]); - $dialplan_description = check_str($_POST["dialplan_description"]); + $dialplan_enabled = $_POST["dialplan_enabled"]; + $dialplan_description = $_POST["dialplan_description"]) if (strlen($dialplan_enabled) == 0) { $dialplan_enabled = "true"; } //set default to enabled } @@ -248,16 +247,17 @@ } //set fax_uuid - if (strlen($fax_uuid) > 0) { + if (is_uuid($fax_uuid)) { //get the fax information $sql = "select * from v_fax "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and fax_uuid = '".$fax_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and fax_uuid = :fax_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['fax_uuid'] = $fax_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $fax_extension = $row["fax_extension"]; $fax_destination_number = $row["fax_destination_number"]; $fax_name = $row["fax_name"]; @@ -268,7 +268,7 @@ $fax_forward_number = $row["fax_forward_number"]; $fax_description = $row["fax_description"]; } - unset ($prep_statement); + unset($sql, $parameters, $row); //add set codec_string=PCMU,PCMA $y++; @@ -381,13 +381,14 @@ } //update the destination dialplan_uuid - if (strlen($destination_uuid) > 0) { - $sql = "update v_destinations set "; - $sql .= "dialplan_uuid = '".$dialplan_uuid."' "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and destination_uuid = '".$destination_uuid."' "; - $db->exec(check_sql($sql)); - unset($sql); + if (is_uuid($destination_uuid)) { + + $p = new permissions; + $p->add('destination_edit', 'temp'); + + $array['destinations'][0]['destination_uuid'] = $destination_uuid; + $array['destinations'][0]['domain_uuid'] = $domain_uuid; + $array['destinations'][0]['dialplan_uuid'] = $dialplan_uuid; } //save the data @@ -396,6 +397,12 @@ $database->app_uuid = $app_uuid; $database->save($array); $message = $database->message; + unset($array); + + //remove temp permission, if exists + if (is_uuid($destination_uuid)) { + $p->delete('destination_edit', 'temp'); + } //update the dialplan xml $dialplans = new dialplan; @@ -414,8 +421,8 @@ //redirect message message::add($text['confirm-update-complete']); header("Location: ".PROJECT_PATH."/app/dialplans/dialplans.php?app_uuid=c03b422e-13a8-bd1b-e42b-b6b9b4d27ce4"); - return; - } //end if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + exit; + } //initialize the destinations object $destination = new destinations; @@ -654,13 +661,13 @@ echo "\n"; $sql = "select * from v_destinations "; - $sql .= "where domain_uuid = '$domain_uuid' "; + $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and destination_type = 'inbound' "; $sql .= "order by destination_number asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - if (count($result) > 0) { + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + if (is_array($result) && @sizeof($result) != 0) { echo " \n"; } - unset ($prep_statement); + unset($sql, $parameters, $result, $row); echo "\n"; echo "\n"; diff --git a/app/dialplan_outbound/dialplan_outbound_add.php b/app/dialplan_outbound/dialplan_outbound_add.php index 5c711ff54b..392040f164 100644 --- a/app/dialplan_outbound/dialplan_outbound_add.php +++ b/app/dialplan_outbound/dialplan_outbound_add.php @@ -54,19 +54,19 @@ //get the http post values and set theme as php variables if (is_array($_POST) > 0) { //set the variables - $dialplan_name = check_str($_POST["dialplan_name"]); - $dialplan_order = check_str($_POST["dialplan_order"]); - $dialplan_expression = check_str($_POST["dialplan_expression"]); - $prefix_number = check_str($_POST["prefix_number"]); - $condition_field_1 = check_str($_POST["condition_field_1"]); - $condition_expression_1 = check_str($_POST["condition_expression_1"]); - $condition_field_2 = check_str($_POST["condition_field_2"]); - $condition_expression_2 = check_str($_POST["condition_expression_2"]); - $gateway = check_str($_POST["gateway"]); - $limit = check_str($_POST["limit"]); - $accountcode = check_str($_POST["accountcode"]); - $toll_allow = check_str($_POST["toll_allow"]); - $pin_numbers_enable = check_str($_POST["pin_numbers_enabled"]); + $dialplan_name = $_POST["dialplan_name"]; + $dialplan_order = $_POST["dialplan_order"]; + $dialplan_expression = $_POST["dialplan_expression"]; + $prefix_number = $_POST["prefix_number"]; + $condition_field_1 = $_POST["condition_field_1"]; + $condition_expression_1 = $_POST["condition_expression_1"]; + $condition_field_2 = $_POST["condition_field_2"]; + $condition_expression_2 = $_POST["condition_expression_2"]; + $gateway = $_POST["gateway"]; + $limit = $_POST["limit"]; + $accountcode = $_POST["accountcode"]; + $toll_allow = $_POST["toll_allow"]; + $pin_numbers_enable = $_POST["pin_numbers_enabled"]; if (strlen($pin_numbers_enable) == 0) { $pin_numbers_enable = "false"; } //set the default type $gateway_type = 'gateway'; @@ -104,7 +104,7 @@ } //set the gateway_2 variable - $gateway_2 = check_str($_POST["gateway_2"]); + $gateway_2 = $_POST["gateway_2"]; //set the type to bridge if (strtolower(substr($gateway_2, 0, 6)) == "bridge") { $gateway_2_type = 'bridge'; @@ -137,7 +137,7 @@ } //set the gateway_3 variable - $gateway_3 = check_str($_POST["gateway_3"]); + $gateway_3 = $_POST["gateway_3"]; //set the type to bridge if (strtolower(substr($gateway_3, 0, 6)) == "bridge") { $gateway_3_type = 'bridge'; @@ -169,8 +169,8 @@ $gateway_3_name = ''; } //set additional variables - $dialplan_enabled = check_str($_POST["dialplan_enabled"]); - $dialplan_description = check_str($_POST["dialplan_description"]); + $dialplan_enabled = $_POST["dialplan_enabled"]; + $dialplan_description = $_POST["dialplan_description"]; //set default to enabled if (strlen($dialplan_enabled) == 0) { $dialplan_enabled = "true"; } } @@ -698,6 +698,7 @@ $database->app_uuid = $app_uuid; $database->save($array); $message = $database->message; + unset($array); //update the dialplan xml $dialplans = new dialplan; @@ -717,15 +718,14 @@ message::add($text['message-update']); header("Location: ".PROJECT_PATH."/app/dialplans/dialplans.php?app_uuid=8c914ec3-9fc0-8ab5-4cda-6c9288bdc9a3"); return; - } //end if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + } //get the domains $sql = "select * from v_domains "; $sql .= "where domain_enabled = 'true' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $domains = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $database = new database; + $domains = $database->select($sql, null, 'all'); + unset($sql); //get the gateways $sql = "select * from v_gateways "; @@ -734,22 +734,22 @@ $sql .= "order by domain_uuid "; } else { - $sql .= "and domain_uuid = '$domain_uuid' "; + $sql .= "and domain_uuid = :domain_uuid "; + $parameters['domain_uuid'] = $domain_uuid; } - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $gateways = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $database = new database; + $gateways = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //get the bridges if (permission_exists('bridge_view')) { $sql = "select * from v_bridges "; $sql .= "where bridge_enabled = 'true' "; - $sql .= "and domain_uuid = '$domain_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $bridges = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $sql .= "and domain_uuid = :domain_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $bridges = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); } ?>