Ticket #2565: ari_ticket_2565.patch
| File ari_ticket_2565.patch, 8.2 kB (added by p_lindheimer, 4 months ago) |
|---|
-
includes/crypt.php
old new 62 62 */ 63 63 function decrypt($enc, $salt, $iv_len = 16) { 64 64 65 $enc = urldecode(base64_decode($enc));65 $enc = base64_decode(urldecode($enc)); 66 66 $n = strlen($enc); 67 67 $i = $iv_len; 68 68 $str = ''; -
modules/callmonitor.module
old new 99 99 global $ASTERISK_CALLMONITOR_PATH; 100 100 global $CALLMONITOR_ALLOW_DELETE; 101 101 global $AJAX_PAGE_REFRESH_ENABLE; 102 global $ARI_CRYPT_PASSWORD; 102 103 103 104 $display = new DisplaySearch(); 105 $crypt = new Crypt(); 104 106 105 107 // get the search string 106 108 $m = getArgument($args,'m'); … … 205 207 206 208 // recording file 207 209 $recording = $recordings[$value['uniqueid'] . $value['calldate']]; 210 $recordingCrypt = $crypt->encrypt($recording,$ARI_CRYPT_PASSWORD); 208 211 209 212 // date and time 210 213 $buf = split(' ', $value[calldate]); … … 213 216 214 217 // recording delete checkbox 215 218 if ($CALLMONITOR_ALLOW_DELETE) { 216 $recording_delete_checkbox = "<td class='checkbox'><input type=checkbox name='selected" . ++$i . "' value=" . $recording . "></td>";219 $recording_delete_checkbox = "<td class='checkbox'><input type=checkbox name='selected" . ++$i . "' value=" . $recordingCrypt . "></td>"; 217 220 } 218 221 219 222 $recordingLink = ''; 220 223 if (is_file($recordings[$value['uniqueid'] . $value['calldate']])) { 221 $recordingLink = "<a href='#' onClick=\"javascript:popUp('misc/recording_popup.php?recording=" . $recording . "&date=" . $date . "&time=" . $time . "'); return false;\">" . _("play") . "</a>";224 $recordingLink = "<a href='#' onClick=\"javascript:popUp('misc/recording_popup.php?recording=" . $recordingCrypt . "&date=" . $date . "&time=" . $time . "'); return false;\">" . _("play") . "</a>"; 222 225 } 223 226 224 227 $recording_body .= "<tr> … … 526 529 */ 527 530 function deleteRecData($files) { 528 531 529 foreach($files as $key => $file) { 532 global $ARI_CRYPT_PASSWORD; 533 534 $crypt = new Crypt(); 535 536 foreach($files as $key => $fileCrypt) { 537 $file = $crypt->decrypt($fileCrypt,$ARI_CRYPT_PASSWORD); 530 538 if (is_writable($file)) { 531 539 unlink($file); 532 540 } else { -
modules/voicemail.module
old new 207 207 global $ASTERISK_VOICEMAIL_PATH; 208 208 global $ASTERISK_VOICEMAIL_FOLDERS; 209 209 global $AJAX_PAGE_REFRESH_ENABLE; 210 global $ARI_CRYPT_PASSWORD; 210 211 211 212 $voicemail_audio_format = $_COOKIE['ari_voicemail_audio_format']; 212 213 213 214 $display = new DisplaySearch(); 215 $crypt = new Crypt(); 214 216 215 217 // args 216 218 $m = getArgument($args,'m'); … … 385 387 // recording popup link 386 388 $voicemail_audio_format = $voicemail_audio_format=='' ? '.wav' : $voicemail_audio_format; 387 389 $recording = preg_replace('/.txt/', $voicemail_audio_format, $file); 390 $date = GetDateFormat($value['origtime']); 391 $time = GetTimeFormat($value['origtime']); 392 $from = $value[callerid]; 393 $priority = $value[priority]; 394 $to = $value[origmailbox]; 395 $duration = $value[duration]; 388 396 if (is_file($recording)) { 389 $recordingLink = "<a href='#' onClick=\"javascript:popUp('misc/recording_popup.php?recording=" . $recording . "&date=" . $date . "&time=" . $time . "'); return false;\"> 397 $recordingCrypt = $crypt->encrypt($recording,$ARI_CRYPT_PASSWORD); 398 $recordingLink = "<a href='#' onClick=\"javascript:popUp('misc/recording_popup.php?recording=" . $recordingCrypt . "&date=" . $date . "&time=" . $time . "'); return false;\"> 390 399 " . _("play") . " 391 400 </a>"; 392 401 } … … 395 404 sprintf(_("On settings page, change voicemail audio format. It is currently set to %s"),$voicemail_audio_format); 396 405 } 397 406 407 $fileCrypt = $crypt->encrypt($file,$ARI_CRYPT_PASSWORD); 408 398 409 $tableText .= " 399 410 <tr> 400 <td class='checkbox'><input type=checkbox name='selected" . ++$i . "' value=" . $file . "></td>401 <td width=68>" . GetDateFormat($value['origtime']). "</td>402 <td>" . GetTimeFormat($value['origtime']). "</td>403 <td width=100>" . $ value[callerid]. "</td>411 <td class='checkbox'><input type=checkbox name='selected" . ++$i . "' value=" . $fileCrypt . "></td> 412 <td width=68>" . $date . "</td> 413 <td>" . $time . "</td> 414 <td width=100>" . $from . "</td> 404 415 <td>" . $value[priority] . "</td> 405 <td width=90>" . $ value[origmailbox]. "</td>406 <td>" . $ value[duration]. " sec</td>416 <td width=90>" . $to . "</td> 417 <td>" . $duration . " sec</td> 407 418 <td>" . $recordingLink . "</td> 408 419 </tr>"; 409 420 } … … 607 618 */ 608 619 function deleteVoicemailData($files) { 609 620 610 foreach($files as $key => $path) {621 global $ARI_CRYPT_PASSWORD; 611 622 623 $crypt = new Crypt(); 624 625 foreach($files as $key => $pathCrypt) { 626 627 // decrypt path 628 $path = $crypt->decrypt($pathCrypt,$ARI_CRYPT_PASSWORD); 629 612 630 // get file parts for search 613 631 $path_parts = pathinfo($path); 614 632 $path = fixPathSlash($path_parts['dirname']); … … 642 660 function moveVoicemailData($files,$context_rx,$extension_rx,$folder_rx) { 643 661 644 662 global $ASTERISK_VOICEMAIL_PATH; 663 global $ARI_CRYPT_PASSWORD; 645 664 665 $crypt = new Crypt(); 666 646 667 $perm = fileperms($ASTERISK_VOICEMAIL_PATH); 647 668 $uid = fileowner($ASTERISK_VOICEMAIL_PATH); 648 669 $gid = filegroup($ASTERISK_VOICEMAIL_PATH); … … 696 717 return; 697 718 } 698 719 720 foreach($files as $key => $pathCrypt) { 721 // decrypt path 722 $pathPlain = $crypt->decrypt($pathCrypt,$ARI_CRYPT_PASSWORD); 723 // add plain path to new array 724 $filesPlain[] = $pathPlain; 725 } 726 699 727 // copy files to new location, incrementing each message number 700 asort($files );701 foreach($files as $key => $path) {728 asort($filesPlain); 729 foreach($filesPlain as $key => $path) { 702 730 703 731 // get file parts for search 704 732 $path_parts = pathinfo($path); -
misc/recording_popup.php
old new 14 14 <html xmlns="http://www.w3.org/1999/xhtml"> 15 15 <head> 16 16 <TITLE>ARI</TITLE> 17 <link rel="stylesheet" href="../theme/main.css" type="text/css"> 17 18 <link rel="stylesheet" href="popup.css" type="text/css"> 18 19 <meta http-equiv="content-type" content="text/html; charset=UTF-8"> 19 20 </head> … … 21 22 22 23 <?php 23 24 24 global $ARI_CRYPT_PASSWORD;25 $path = urlencode($_GET['recording']); 25 26 26 $crypt = new Crypt();27 28 $path = $crypt->encrypt($_GET['recording'],$ARI_CRYPT_PASSWORD);29 30 27 if (isset($path)) { 31 28 if (isset($_GET['date'])) { 32 echo( $_GET['date'] . "<br>");29 echo("<small>" . $_GET['date'] . "</small><br>"); 33 30 } 34 31 if (isset($_GET['time'])) { 35 echo( $_GET['time'] . "<br>");32 echo("<small>" . $_GET['time'] . "</small><br>"); 36 33 } 34 37 35 echo("<br>"); 38 echo("<embed src='audio.php?recording=" . $path . "' width=300, height=2 0autoplay=true loop=false></embed><br>");36 echo("<embed src='audio.php?recording=" . $path . "' width=300, height=25 autoplay=true loop=false></embed><br>"); 39 37 echo("<a class='popup_download' href=/recordings/misc/audio.php?recording=" . $path . ">" . _("download") . "</a><br>"); 40 38 } 41 39 -
misc/audio.php
old new 16 16 17 17 $crypt = new Crypt(); 18 18 19 $path = $crypt->decrypt( $_GET['recording'],$ARI_CRYPT_PASSWORD);19 $path = $crypt->decrypt(urlencode($_GET['recording']),$ARI_CRYPT_PASSWORD); 20 20 21 21 // strip ".." from path for security 22 22 $path = preg_replace('/\.\./','',$path);
