dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1116 from moteus/verify_number_alias 

Fix. Verify number-alias and user id.
This commit is contained in:
FusionPBX 2015-08-20 18:45:45 -06:00
parent 053571497d 7fb9a7f15e
commit e7c8cbd59b
1 changed files with 34 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
resources/install/scripts/app/xml_handler/resources/scripts/directory/directory.lua
View File

@ -62,6 +62,20 @@
--all other directory actions: sip_auth, user_call --all other directory actions: sip_auth, user_call
--except for the action: group_call --except for the action: group_call
local sip_auth_method = params:getHeader("sip_auth_method")
if sip_auth_method then
sip_auth_method = sip_auth_method:upper();
end
local from_user = params:getHeader("sip_from_user")
-- verify from_user and number alias for this methods
local METHODS = {
-- _ANY_ = true,
REGISTER = true,
-- INVITE = true,
}
if (user == nil) then if (user == nil) then
user = ""; user = "";
end end
@ -250,6 +264,15 @@
forward_no_answer_destination = row.forward_no_answer_destination; forward_no_answer_destination = row.forward_no_answer_destination;
do_not_disturb = row.do_not_disturb; do_not_disturb = row.do_not_disturb;
-- check matching UserID and AuthName
if sip_auth_method and (METHODS[sip_auth_method] or METHODS._ANY_) then
continue = (sip_from_user == user) and ((sip_from_number == user) or (sip_from_number == from_user))
if not continue then
XML_STRING = nil;
return 1;
end
end
--set the dial_string --set the dial_string
if (string.len(row.dial_string) > 0) then if (string.len(row.dial_string) > 0) then
dial_string = row.dial_string; dial_string = row.dial_string;
@ -509,11 +532,17 @@
end end
end end
--disable registration for number-alias if XML_STRING and sip_auth_method and (METHODS[sip_auth_method] or METHODS._ANY_) then
if (params:getHeader("sip_auth_method") == "REGISTER") then --disable registration for number-alias
if (api:execute("user_data", user .. "@" .. domain_name .." attr id") ~= user) then if (api:execute("user_data", user .. "@" .. domain_name .." attr id") ~= user) then
XML_STRING = nil; XML_STRING = nil;
end end
--disable registration for foreign number_alias
if from_user ~= user then
if (api:execute("user_data", from_user .. "@" .. domain_name .." attr id") ~= user) then
XML_STRING = nil;
end
end
end end
--get the XML string from the cache --get the XML string from the cache