diff --git a/app/destinations/app_defaults.php b/app/destinations/app_defaults.php index 47ea16eaf3..6b69b9c1f4 100644 --- a/app/destinations/app_defaults.php +++ b/app/destinations/app_defaults.php @@ -32,19 +32,25 @@ $sql .= "and dialplan_detail_tag = 'action'\n"; $sql .= "and (dialplan_detail_type = 'transfer' or dialplan_detail_type = 'bridge')\n"; $sql .= "order by dialplan_detail_order;\n"; - $prep_statement = $db->prepare(check_sql($sql)); - if ($prep_statement) { - $prep_statement->execute(); - $extensions = $prep_statement->fetchall(PDO::FETCH_ASSOC); + $database = new database; + $extensions = $database->select($sql, null, 'all'); + unset($sql); + + if (is_array($extensions) && @sizeof($extensions) != 0) { foreach($extensions as $row) { - $sql = "UPDATE v_destinations "; - $sql .= "SET destination_app = '".$row['destination_app']."', "; - $sql .= "destination_data = '".$row['destination_data']."' "; - $sql .= "WHERE dialplan_uuid = '". $row['dialplan_uuid'] ."' "; - $db->exec(check_sql($sql)); - unset($sql); + $sql = "update v_destinations "; + $sql .= "set destination_app = :destination_app "; + $sql .= "destination_data = :destination_data "; + $sql .= "where dialplan_uuid = :dialplan_uuid "; + $parameters['destination_app'] = $row['destination_app']; + $parameters['destination_data'] = $row['destination_data']; + $parameters['dialplan_uuid'] = $row['dialplan_uuid']; + $database = new database; + $database->execute($sql, $parameters); + unset($sql, $parameters); } } + unset($extensions, $row); } ?> diff --git a/app/destinations/destination_delete.php b/app/destinations/destination_delete.php index 56d43e4546..49c7bb30e0 100644 --- a/app/destinations/destination_delete.php +++ b/app/destinations/destination_delete.php @@ -42,63 +42,61 @@ $language = new text; $text = $language->get(); -//get the ID - if (is_array($_GET)) { - $id = check_str($_GET["id"]); +//get the id + $destination_uuid = $_GET["id"]; + +//if valid id + if (is_uuid($destination_uuid)) { + + //get the dialplan uuid and context + $sql = "select * from v_destinations "; + $sql .= "where destination_uuid = :destination_uuid "; + $parameters['destination_uuid'] = $destination_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { + if (permission_exists('destination_domain')) { + $domain_uuid = $row["domain_uuid"]; + } + $dialplan_uuid = $row["dialplan_uuid"]; + $destination_context = $row["destination_context"]; + } + unset($sql, $parameters, $row); + + //add the dialplan permission + $p = new permissions; + $p->add('dialplan_delete', 'temp'); + $p->add('dialplan_detail_delete', 'temp'); + + //delete the destination and related dialplan + if (is_uuid($dialplan_uuid)) { + $array['dialplans'][]['dialplan_uuid'] = $dialplan_uuid; + $array['dialplan_details'][]['dialplan_uuid'] = $dialplan_uuid; + } + $array['destinations'][]['destination_uuid'] = $destination_uuid; + $database = new database; + $database->app_name = 'destinations'; + $database->app_uuid = '5ec89622-b19c-3559-64f0-afde802ab139'; + $database->delete($array); + $message = $database->message; + + //remove the temporary permission + $p->delete('dialplan_delete', 'temp'); + $p->delete('dialplan_detail_delete', 'temp'); + + //synchronize the xml config + save_dialplan_xml(); + + //clear the cache + $cache = new cache; + $cache->delete("dialplan:".$destination_context); + + //set message + message::add($text['message-delete']); } -//if the ID is not set then exit - if (!is_uuid($id)) { - echo "ID is required."; - exit; - } - -//get the dialplan uuid and context - $sql = "select * from v_destinations "; - $sql .= "where destination_uuid = '$id' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { - if (permission_exists('destination_domain')) { - $domain_uuid = $row["domain_uuid"]; - } - $dialplan_uuid = $row["dialplan_uuid"]; - $destination_context = $row["destination_context"]; - } - unset ($prep_statement); - -//add the dialplan permission - $p = new permissions; - $p->add('dialplan_delete', 'temp'); - $p->add('dialplan_detail_delete', 'temp'); - -//delete the destination and related dialplan - if (isset($dialplan_uuid) && is_uuid($dialplan_uuid)) { - $array['dialplans'][]['dialplan_uuid'] = $dialplan_uuid; - $array['dialplan_details'][]['dialplan_uuid'] = $dialplan_uuid; - } - $array['destinations'][]['destination_uuid'] = $id; - $database = new database; - $database->app_name = 'destinations'; - $database->app_uuid = '5ec89622-b19c-3559-64f0-afde802ab139'; - $database->delete($array); - $message = $database->message; - -//remove the temporary permission - $p->delete('dialplan_delete', 'temp'); - $p->delete('dialplan_detail_delete', 'temp'); - -//synchronize the xml config - save_dialplan_xml(); - -//clear the cache - $cache = new cache; - $cache->delete("dialplan:".$destination_context); - -//redirect the user - message::add($text['message-delete']); +//redirect header("Location: destinations.php"); - return; + exit; ?> diff --git a/app/destinations/destination_edit.php b/app/destinations/destination_edit.php index 5b19fdf26a..90bd264dfe 100644 --- a/app/destinations/destination_edit.php +++ b/app/destinations/destination_edit.php @@ -43,7 +43,7 @@ $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; $destination_uuid = trim($_REQUEST["id"]); } @@ -52,35 +52,27 @@ } //set the type - if ($_GET['type'] == 'inbound') { - $destination_type = 'inbound'; - } - elseif ($_GET['type'] == 'outbound') { - $destination_type = 'outbound'; - } - elseif ($_GET['type'] == 'local') { - $destination_type = 'local'; - } - else { - $destination_type = 'inbound'; + switch ($_GET['type']) { + case 'inbound': $destination_type = 'inbound'; break; + case 'outbound': $destination_type = 'outbound'; break; + case 'local': $destination_type = 'local'; break; + default: $destination_type = 'inbound'; } //get total destination count from the database, check limit, if defined if (!permission_exists('destination_domain')) { if ($action == 'add') { if ($_SESSION['limit']['destinations']['numeric'] != '') { - $sql = "select count(*) as num_rows from v_destinations where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - $total_destinations = $row['num_rows']; - } - unset($prep_statement, $row); + $sql = "select count(*) from v_destinations where domain_uuid = :domain_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $total_destinations = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); + if ($total_destinations >= $_SESSION['limit']['destinations']['numeric']) { message::add($text['message-maximum_destinations'].' '.$_SESSION['limit']['destinations']['numeric'], 'negative'); header('Location: destinations.php'); - return; + exit; } } } @@ -108,9 +100,9 @@ $currency_buy = trim($_POST["currency_buy"]); $destination_record = trim($_POST["destination_record"]); $destination_accountcode = trim($_POST["destination_accountcode"]); - $destination_type_voice = check_str($_POST["destination_type_voice"]); - $destination_type_fax = check_str($_POST["destination_type_fax"]); - $destination_type_text = check_str($_POST["destination_type_text"]); + $destination_type_voice = $_POST["destination_type_voice"]; + $destination_type_fax = $_POST["destination_type_fax"]; + $destination_type_text = $_POST["destination_type_text"]; $destination_carrier = trim($_POST["destination_carrier"]); //convert the number to a regular expression $destination_number_regex = string_to_regex($destination_number, $destination_prefix); @@ -138,7 +130,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { //get the uuid - if ($action == "update" && isset($_POST["destination_uuid"])) { + if ($action == "update" && is_uuid($_POST["destination_uuid"])) { $destination_uuid = trim($_POST["destination_uuid"]); } else { @@ -162,18 +154,16 @@ //check for duplicates if ($destination_type == 'inbound' && $destination_number != $db_destination_number) { - $sql = "select count(*) as num_rows from v_destinations "; - $sql .= "where destination_number = '".$destination_number."' "; + $sql = "select count(*) from v_destinations "; + $sql .= "where destination_number = :destination_number "; $sql .= "and destination_type = 'inbound' "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] > 0) { - $msg .= $text['message-duplicate']."
\n"; - } - unset($prep_statement); + $parameters['destination_number'] = $destination_number; + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); + if ($num_rows > 0) { + $msg .= $text['message-duplicate']."
\n"; } + unset($sql, $parameters, $num_rows); } //show the message @@ -206,14 +196,15 @@ //get the fax information if (strlen($fax_uuid) > 0) { $sql = "select * from v_fax "; - $sql .= "where fax_uuid = '".$fax_uuid."' "; + $sql .= "where fax_uuid = :fax_uuid "; if (!permission_exists('destination_domain')) { - $sql .= "and domain_uuid = '".$domain_uuid."' "; + $sql .= "and domain_uuid = :domain_uuid "; } - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $parameters['fax_uuid'] = $fax_uuid; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $fax_extension = $row["fax_extension"]; $fax_destination_number = $row["fax_destination_number"]; $fax_name = $row["fax_name"]; @@ -224,11 +215,11 @@ $fax_forward_number = $row["fax_forward_number"]; $fax_description = $row["fax_description"]; } - unset ($prep_statement); + unset($sql, $parameters, $row); } //if empty then get new uuid - if (strlen($dialplan_uuid) == 0) { + if (!is_uuid($dialplan_uuid)) { $dialplan_uuid = uuid(); } @@ -307,16 +298,19 @@ //delete previous dialplan details $sql = "delete from v_dialplan_details "; - $sql .= "where (domain_uuid = '".$domain_uuid."' or domain_uuid is null) "; - $sql .= "and (dialplan_uuid = '".$dialplan_uuid."' or dialplan_uuid is null) "; + $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) "; + $sql .= "and (dialplan_uuid = :dialplan_uuid or dialplan_uuid is null) "; $sql .= "and ("; $sql .= " dialplan_detail_data like '%tone_detect%' "; $sql .= " or dialplan_detail_type = 'tone_detect' "; $sql .= " or dialplan_detail_type = 'record_session' "; $sql .= " or (dialplan_detail_type = 'sleep' and dialplan_detail_data = '3000') "; $sql .= ")"; - $db->exec($sql); - unset($sql); + $parameters['domain_uuid'] = $domain_uuid; + $parameters['dialplan_uuid'] = $dialplan_uuid; + $database = new database; + $database->execute($sql, $parameters); + unset($sql, $parameters); //increment the dialplan detail order $dialplan_detail_order = $dialplan_detail_order + 10; @@ -566,13 +560,15 @@ //delete the previous details if ($action == "update") { $sql = "delete from v_dialplan_details "; - $sql .= "where dialplan_uuid = '".$dialplan_uuid."' "; + $sql .= "where dialplan_uuid = :dialplan_uuid "; if (!permission_exists('destination_domain')) { - $sql .= "and (domain_uuid = '".$domain_uuid."' or domain_uuid is null) "; + $sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) "; + $parameters['domain_uuid'] = $domain_uuid; } - //echo $sql."

"; - $db->exec(check_sql($sql)); - unset($sql); + $parameters['dialplan_uuid'] = $dialplan_uuid; + $database = new database; + $database->execute($sql, $parameters); + unset($sql, $parameters); } //remove empty dialplan details from the POST array @@ -689,14 +685,13 @@ if (is_uuid($_GET["id"])) { $destination_uuid = $_GET["id"]; $sql = "select * from v_destinations "; - $sql .= "where (domain_uuid = '".$domain_uuid."' or domain_uuid is null) "; - $sql .= "and destination_uuid = '".$destination_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $destinations = $prep_statement->fetchAll(PDO::FETCH_NAMED); - } - if (is_array($destinations)) { - foreach ($destinations as &$row) { + $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) "; + $sql .= "and destination_uuid = :destination_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['destination_uuid'] = $destination_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $domain_uuid = $row["domain_uuid"]; $dialplan_uuid = $row["dialplan_uuid"]; $destination_type = $row["destination_type"]; @@ -724,18 +719,20 @@ $currency_buy = $row["currency_buy"]; $destination_carrier = $row["destination_carrier"]; } + unset($sql, $parameters, $row); } } //get the dialplan details in an array $sql = "select * from v_dialplan_details "; - $sql .= "where (domain_uuid = '".$domain_uuid."' or domain_uuid is null) "; - $sql .= "and dialplan_uuid = '".$dialplan_uuid."' "; + $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) "; + $sql .= "and dialplan_uuid = :dialplan_uuid "; $sql .= "order by dialplan_detail_group asc, dialplan_detail_order asc"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $dialplan_details = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $parameters['domain_uuid'] = $domain_uuid; + $parameters['dialplan_uuid'] = $dialplan_uuid; + $database = new database; + $dialplan_details = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //add an empty row to the array $x = count($dialplan_details); @@ -973,32 +970,35 @@ echo " \n"; $x = 0; $order = 10; - foreach($dialplan_details as $row) { - if ($row["dialplan_detail_tag"] != "condition") { - if ($row["dialplan_detail_tag"] == "action" && $row["dialplan_detail_type"] == "set" && strpos($row["dialplan_detail_data"], "accountcode") == 0) { continue; } //exclude set:accountcode actions - echo " \n"; - echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; } - echo " \n"; - echo " \n"; - $data = $row['dialplan_detail_data']; - $label = explode("XML", $data); - $divider = ($row['dialplan_detail_type'] != '') ? ":" : null; - $detail_action = $row['dialplan_detail_type'].$divider.$row['dialplan_detail_data']; - echo $destination->select('dialplan', 'dialplan_details['.$x.'][dialplan_detail_data]', $detail_action); - echo " \n"; - echo " \n"; - echo " \n"; + $order = $order + 10; + $x++; } - $order = $order + 10; - $x++; } + unset($dialplan_details, $row); echo "
\n"; - if (strlen($row['dialplan_detail_uuid']) > 0) { - echo " \n"; + if (is_array($dialplan_details) && @sizeof($dialplan_details) != 0) { + foreach($dialplan_details as $row) { + if ($row["dialplan_detail_tag"] != "condition") { + if ($row["dialplan_detail_tag"] == "action" && $row["dialplan_detail_type"] == "set" && strpos($row["dialplan_detail_data"], "accountcode") == 0) { continue; } //exclude set:accountcode actions + echo "
\n"; + if (strlen($row['dialplan_detail_uuid']) > 0) { + echo " \n"; + } + echo " \n"; + echo " \n"; + $data = $row['dialplan_detail_data']; + $label = explode("XML", $data); + $divider = ($row['dialplan_detail_type'] != '') ? ":" : null; + $detail_action = $row['dialplan_detail_type'].$divider.$row['dialplan_detail_data']; + echo $destination->select('dialplan', 'dialplan_details['.$x.'][dialplan_detail_data]', $detail_action); + echo " "; + if (strlen($row['destination_uuid']) > 0) { + echo " ".$v_link_label_delete."\n"; + } + echo "
"; - if (strlen($row['destination_uuid']) > 0) { - echo " ".$v_link_label_delete."\n"; - } - echo "
\n"; echo "\n"; echo "\n"; @@ -1006,13 +1006,12 @@ if (permission_exists('destination_fax')) { $sql = "select * from v_fax "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; + $sql .= "where domain_uuid = :domain_uuid "; $sql .= "order by fax_name asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - unset ($prep_statement, $extension); - if (is_array($result) && sizeof($result) > 0) { + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + if (is_array($result) && @sizeof($result) != 0) { echo "\n"; echo "\n"; echo " ".$text['label-fax_uuid']."\n"; @@ -1034,6 +1033,7 @@ echo "\n"; echo "\n"; } + unset($sql, $parameters, $result, $row); } echo "\n"; @@ -1177,4 +1177,4 @@ //include the footer require_once "resources/footer.php"; -?> +?> \ No newline at end of file diff --git a/app/destinations/destination_imports.php b/app/destinations/destination_imports.php index 672689a003..c59271afcf 100644 --- a/app/destinations/destination_imports.php +++ b/app/destinations/destination_imports.php @@ -58,16 +58,16 @@ ini_set(max_execution_time,7200); //get the http get values and set them as php variables - $action = check_str($_POST["action"]); - $order_by = check_str($_POST["order_by"]); - $order = check_str($_POST["order"]); - $from_row = check_str($_POST["from_row"]); - $delimiter = check_str($_POST["data_delimiter"]); - $enclosure = check_str($_POST["data_enclosure"]); - $destination_type = check_str($_POST["destination_type"]); - $destination_action = check_str($_POST["destination_action"]); - $destination_context = check_str($_POST["destination_context"]); - $destination_record = check_str($_POST["destination_record"]); + $action = $_POST["action"]; + $order_by = $_POST["order_by"]; + $order = $_POST["order"]; + $from_row = $_POST["from_row"]; + $delimiter = $_POST["data_delimiter"]; + $enclosure = $_POST["data_enclosure"]; + $destination_type = $_POST["destination_type"]; + $destination_action = $_POST["destination_action"]; + $destination_context = $_POST["destination_context"]; + $destination_record = $_POST["destination_record"]; //set the defaults if (strlen($destination_type) == 0) { $destination_type = 'inbound'; } @@ -85,7 +85,7 @@ //copy the csv file //$_POST['submit'] == "Upload" && if ( is_uploaded_file($_FILES['ulfile']['tmp_name']) && permission_exists('destination_upload')) { - if (check_str($_POST['type']) == 'csv') { + if ($_POST['type'] == 'csv') { move_uploaded_file($_FILES['ulfile']['tmp_name'], $_SESSION['server']['temp']['dir'].'/'.$_FILES['ulfile']['name']); $save_msg = "Uploaded file to ".$_SESSION['server']['temp']['dir']."/". htmlentities($_FILES['ulfile']['name']); //system('chmod -R 744 '.$_SESSION['server']['temp']['dir'].'*'); diff --git a/app/destinations/destinations.php b/app/destinations/destinations.php index 43e0bd7660..609e46dadf 100644 --- a/app/destinations/destinations.php +++ b/app/destinations/destinations.php @@ -65,36 +65,15 @@ } //get variables used to control the order - $order_by = check_str($_GET["order_by"]); - $order = check_str($_GET["order"]); - -//validate order by - if (strlen($order_by) > 0) { - $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by); - } - -//validate the order - switch ($order) { - case 'asc': - break; - case 'desc': - break; - default: - $order = ''; - } + $order_by = $_GET["order_by"]; + $order = $_GET["order"]; //set the type - if ($_GET['type'] == 'inbound') { - $destination_type = 'inbound'; - } - elseif ($_GET['type'] == 'outbound') { - $destination_type = 'outbound'; - } - elseif ($_GET['type'] == 'local') { - $destination_type = 'local'; - } - else { - $destination_type = 'inbound'; + switch ($_GET['type']) { + case 'inbound': $destination_type = 'inbound'; break; + case 'outbound': $destination_type = 'outbound'; break; + case 'local': $destination_type = 'local'; break; + default: $destination_type = 'inbound'; } //add the search term @@ -115,23 +94,26 @@ $sql_search .= ") "; } -//prepare to page the results - $sql = "select count(destination_uuid) as num_rows from v_destinations "; - $sql .= "where destination_type = :destination_type "; +//common sql where + $sql_where = "where destination_type = :destination_type "; if ($_GET['show'] == "all" && permission_exists('destination_all')) { //show all - } else { - $sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) "; + } + else { + $sql_where .= "and (domain_uuid = :domain_uuid or domain_uuid is null) "; $parameters['domain_uuid'] = $domain_uuid; } if (isset($sql_search)) { - $sql .= "and ".$sql_search; + $sql_where .= "and ".$sql_search; $parameters['search'] = '%'.$search.'%'; } $parameters['destination_type'] = $destination_type; + +//prepare to page the results + $sql = "select count(destination_uuid) from v_destinations "; + $sql .= $sql_where; $database = new database; $num_rows = $database->select($sql, $parameters, 'column'); - unset($parameters); //prepare to page the results require_once "resources/paging.php"; @@ -146,24 +128,9 @@ $offset = $rows_per_page * $page; //get the list - $sql = "select * from v_destinations "; - $sql .= "where destination_type = :destination_type "; - if ($_GET['show'] == "all" && permission_exists('destination_all')) { - //show all - } else { - $sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) "; - $parameters['domain_uuid'] = $domain_uuid; - } - if (isset($sql_search)) { - $sql .= "and ".$sql_search; - $parameters['search'] = '%'.$search.'%'; - } - $sql .= "and destination_type = :destination_type "; - if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } - $sql .= "limit :rows_per_page offset :offset "; - $parameters['destination_type'] = $destination_type; - $parameters['rows_per_page'] = $rows_per_page; - $parameters['offset'] = $offset; + $sql = str_replace('count(destination_uuid)', '*', $sql); + $sql .= order_by($order_by, $order); + $sql .= limit_offset($rows_per_page, $offset); $database = new database; $destinations = $database->select($sql, $parameters, 'all'); unset($parameters); @@ -282,7 +249,7 @@ } echo " \n"; echo "\n"; - if (is_array($destinations)) { + if (is_array($destinations) && @sizeof($destinations) != 0) { $x = 0; foreach($destinations as $row) { $action_name = action_name($destination_array, $row['destination_app'].':'.$row['destination_data']);