dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Security: validate the user 

Safest approach is to validate the user for the current domain.
This commit is contained in:
FusionPBX 2023-01-08 11:49:34 -07:00 committed by GitHub
parent 60aa8f6ab2
commit d796eee8a0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
app/devices/cmd.php
View File

@ -17,7 +17,7 @@
The Initial Developer of the Original Code is The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com> Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2021 Portions created by the Initial Developer are Copyright (C) 2008-2023
the Initial Developer. All Rights Reserved. the Initial Developer. All Rights Reserved.
Contributor(s): Contributor(s):
@ -48,14 +48,31 @@
//set the variables //set the variables
$cmd = $_GET['cmd']; $cmd = $_GET['cmd'];
$user = $_GET['user']; $user = $_GET['user'];
$domain = $_GET['domain'];
$vendor = device::get_vendor_by_agent($_GET['agent']); $vendor = device::get_vendor_by_agent($_GET['agent']);
//get the count
$sql = "select d.domain_name ";
$sql .= "from v_extensions as e, v_domains as d ";
$sql .= "where e.domain_uuid = :domain_uuid ";
$sql .= "and e.domain_uuid = d.domain_uuid ";
$sql .= "and extension = :extension ";
$parameters['extension'] = $user;
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$database = new database;
$row = $database->select($sql, $parameters, 'row');
if (is_array($row)) {
$domain_name = $row['domain_name'];
}
else {
echo "invalid user\n";
exit;
}
//create the event socket connection //create the event socket connection
$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']); $fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
if ($fp) { if ($fp) {
// Get the SIP profiles for the user // Get the SIP profiles for the user
$command = "sofia_contact */{$user}"; $command = "sofia_contact */{$user}@{$domain_name}";
$contact_string = event_socket_request($fp, "api ".$command); $contact_string = event_socket_request($fp, "api ".$command);
// The first value in the array will be full matching text, the second one will be the array of profile matches // The first value in the array will be full matching text, the second one will be the array of profile matches
@ -70,12 +87,12 @@
foreach ($profiles as $profile) { foreach ($profiles as $profile) {
//prepare the command //prepare the command
if ($cmd == "unregister") { if ($cmd == "unregister") {
$command = "sofia profile {$profile} flush_inbound_reg {$user} reboot"; $command = "sofia profile {$profile} flush_inbound_reg {$user}@{$domain_name} reboot";
} }
elseif ($cmd == "check_sync") { elseif ($cmd == "check_sync") {
$command = "lua app.lua event_notify {$profile} {$cmd} {$user} {$vendor}"; $command = "lua app.lua event_notify {$profile} {$cmd} {$user}@{$domain_name} {$vendor}";
//if ($cmd == "check_sync") { //if ($cmd == "check_sync") {
// $command = "sofia profile ".$profile." check_sync ".$user; // $command = "sofia profile ".$profile." check_sync ".$user."@".$domain_name;
//} //}
} }