Changeset 6566

Show
Ignore:
Timestamp:
09/04/08 14:49:05 (3 months ago)
Author:
p_lindheimer
Message:

Merged revisions 6565 via svnmerge from
http://svn.freepbx.org/freepbx/branches/2.3

................

r6565 | p_lindheimer | 2008-09-04 14:47:28 -0700 (Thu, 04 Sep 2008) | 16 lines


Merged revisions 6564 via svnmerge from
http://svn.freepbx.org/freepbx/branches/2.4


................

r6564 | p_lindheimer | 2008-09-04 14:45:33 -0700 (Thu, 04 Sep 2008) | 9 lines


Merged revisions 6563 via svnmerge from
http://svn.freepbx.org/freepbx/branches/2.5


........

r6563 | p_lindheimer | 2008-09-04 14:43:50 -0700 (Thu, 04 Sep 2008) | 1 line


fix SECURITY SQL Injection vulnerability that could allow an authenticated user to access CDR and recorded calls from any other user on the system

........

................

................

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • freepbx/branches/2.2

    • Property svnmerge-integrated changed from /freepbx/branches/2.3:1-4135,4219,4249,4258,4262,4273,4277,4282,4289,4307,4310-4322,4357,4400,4561 /freepbx/trunk:1-3224,3231,3245-3246,3291-3295,3297,3299-3332,3336,3338-3365,3367-3373,3375-3388,3390-3391,3393-3395,3419,3437,3567,3614-3622,3624,3652,3688,3696,3756,3850,3885,4005,4084,4105 to /freepbx/branches/2.3:1-4135,4219,4249,4258,4262,4273,4277,4282,4289,4307,4310-4322,4357,4400,4561,6565 /freepbx/trunk:1-3224,3231,3245-3246,3291-3295,3297,3299-3332,3336,3338-3365,3367-3373,3375-3388,3390-3391,3393-3395,3419,3437,3567,3614-3622,3624,3652,3688,3696,3756,3850,3885,4005,4084,4105

  • freepbx/branches/2.2/amp_conf/htdocs/recordings/modules/callmonitor.module

    r1773 r6566  
    203203 
    204204    // table body 
    205     foreach($data as $key=>$value) { 
     205    if (is_array($data)) foreach($data as $key=>$value) { 
    206206 
    207207      // recording file 
     
    384384    } 
    385385 
    386     foreach($data as $data_key => $data_value) { 
     386    if (is_array($data)) foreach($data as $data_key => $data_value) { 
    387387 
    388388      $recording=''; 
     
    546546    // search text 
    547547    if ($q!='*' && $q!=NULL) { 
     548 
     549      $dbh = $_SESSION['dbh_cdr']; 
    548550      $searchText .= "WHERE "; 
    549551      $tok = strtok($q," \n\t"); 
     552      $tok = $dbh->escapeSimple($tok); 
    550553      while ($tok) { 
    551554        $searchText .= " (calldate regexp '" . $tok . "' 
     
    561564                       )"; 
    562565        $tok = strtok(" \n\t"); 
     566        $tok = $dbh->escapeSimple($tok); 
    563567        if ($tok) { 
    564568          $searchText .= " AND"; 
Donate



Support
Download
Develop
Forums
News
Documentation
Paid Support
About

Paid Ads