From cd91c1e7d953c2bffb6c13704aae5462ea519d54 Mon Sep 17 00:00:00 2001
From: Digital Daz <support@directvoip.co.uk>
Date: Tue, 7 Apr 2015 23:50:36 +0000
Subject: [PATCH] Prevent users bypassing extension limits by using range

---
 app/extensions/extension_edit.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/extensions/extension_edit.php b/app/extensions/extension_edit.php
index 8c5df53122..e3922d6216 100644
--- a/app/extensions/extension_edit.php
+++ b/app/extensions/extension_edit.php
@@ -327,6 +327,10 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 				$user_context = $_SESSION['domain_name'];
 			}
 		}
+	//Prevent users from bypassing extension limit by using range
+	if ($total_extensions + $range > $_SESSION['limit']['extensions']['numeric']){
+		$range = $_SESSION['limit']['extensions']['numeric'] - $total_extensions;
+	}
 
 	//add or update the database
 	if ($_POST["persistformvar"] != "true") {
@@ -1832,4 +1836,4 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 //include the footer
 	require_once "resources/footer.php";
 
-?>
\ No newline at end of file
+?>