From c17d369cd50e2eab826d4233abe3e8aeae8c6322 Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Mon, 17 Jun 2019 01:37:59 -0600
Subject: [PATCH] Update call_center_exec.php

---
 app/call_center_active/call_center_exec.php | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/app/call_center_active/call_center_exec.php b/app/call_center_active/call_center_exec.php
index e709fde50b..0598d44e8a 100644
--- a/app/call_center_active/call_center_exec.php
+++ b/app/call_center_active/call_center_exec.php
@@ -50,6 +50,26 @@
 		$caller_id_number = trim($_GET["extension"]);
 	}
 
+//validate the extension
+	if (!is_numeric($extension)) {
+		$extension = null;
+	}
+	
+//validate the uuid
+	if (!is_uuid($uuid)) {
+		$uuid = null;
+	}
+
+//validate the caller_id_name
+	if (isset($caller_id_name) && strlen($caller_id_name)) {
+		$caller_id_name = substr($caller_id_name, 0, 10);
+	}
+
+//validate the caller_id_number
+	if (!is_numeric($caller_id_number)) {
+		$caller_id_number = null;
+	}
+
 //validate the command
 	switch ($command) {
 		case "eavesdrop":