dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update music_on_hold.php

This commit is contained in:
FusionPBX 2019-10-05 15:38:38 -06:00 committed by GitHub
parent eda482aa9b
commit cf5bea7758
1 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/music_on_hold/music_on_hold.php
View File

@ -43,9 +43,6 @@
$language = new text; $language = new text;
$text = $language->get(); $text = $language->get();
//increase the exucution time
ini_set('max_execution_time', 7200);
//get the music_on_hold array //get the music_on_hold array
$sql = "select * from v_music_on_hold "; $sql = "select * from v_music_on_hold ";
$sql .= "where ( "; $sql .= "where ( ";
@ -80,14 +77,16 @@
//replace the sounds_dir variable in the path //replace the sounds_dir variable in the path
$stream_path = str_replace('$${sounds_dir}', $_SESSION['switch']['sounds']['dir'], $stream_path); $stream_path = str_replace('$${sounds_dir}', $_SESSION['switch']['sounds']['dir'], $stream_path);
$stream_path = str_replace('..', '', $stream_path);
//get the file //get the file and sanitize it
$stream_file = $_GET['file']; $stream_file = basename($_GET['file']);
$search = array('..', '/', ':');
$stream_file = str_replace($search, '', $stream_file);
//join the path and file name
$stream_full_path = path_join($stream_path, $stream_file); $stream_full_path = path_join($stream_path, $stream_file);
//sanitize path
$stream_full_path = str_replace('../', '', $stream_full_path);
//download the file //download the file
session_cache_limiter('public'); session_cache_limiter('public');
if (file_exists($stream_full_path)) { if (file_exists($stream_full_path)) {