Open Source Training Seminar FreePBX Paid Support

Ticket #1785 (closed Bugs: fixed)

Opened 2 years ago

Last modified 1 year ago

ARI crypted file bug with apache/ubuntu

Reported by: cpawelko Assigned to: dan_littlejohn
Priority: minor Milestone: 2.2
Component: ARI Version: 2.3-branch
Keywords: url encoding Cc:
Confirmation: SVN Revision (if applicable):
Backend Engine: All Backend Engine Version:

Description

I'm using freepbx on ubuntu 6.10 / apache / php5 and have a bug with ari : When trying to listen a recording, if the crypted recording filename contains a plus (+), audio.php receives this crypted filename with a space instead of the "plus". Example with url : http://pabx/recordings/misc/audio.php?recording=Uj+dVmL0WqLs+MJE+vSFSLp6iZlI+mZhYBG40am7f+ZXonOoKDk3j8AB3TlwkKdPyfeCvPtNEzV9+VsJwWMesmUhs716C1PZXfrSE/+4sFTA1nEtQ2pKYEA8p/veDKZQ $_GET['recording'] will be "Uj dVmL0WqLs MJE vSFSLp6iZlI mZhYBG40am7f ZXonOoKDk3j8AB3TlwkKdPyfeCvPtNEzV9 VsJwWMesmUhs716C1PZXfrSE/ 4sFTA1nEtQ2pKYEA8p/veDKZQ"

I tried to change apache and php codepage, installed php4, tried debian : same thing.

I've created a phpinfo.php file. When I call phpinfo.php?record=a+b, I always have: $_GET['recording'] = "a b"

I was unable to know if this is a normal behavior or not.

I solved it using urlencode function in crypt.php :

function encrypt($str, $salt, $iv_len = 16) {

...

return urlencode(base64_encode($enc_text));

function decrypt($enc, $salt, $iv_len = 16) {

$enc = urldecode(base64_decode($enc));

...

No more problems then.

Change History

04/10/07 21:35:23 changed by grin

Or maybe programmers could specifically encode URIs, and not just throw junk at the end user, like, say

(recording_popup.php) 

    echo("<a class='popup_download' href=audio.php?recording="  . urlencode($path) . ">" . _("download") . "</a><br>");

since who said BASE64 is URI-safe? Naturally unless this is done ARI module have a good chance to be completely useless :-)

04/10/07 21:36:54 changed by grin

And this is completely apache or ubuntu unspecific: it screws up in any standards compliant browser.

04/10/07 21:43:51 changed by grin

Related to ticket#813 and this isn't minor IMHO. Funny that 813 wasn't fixed for a year... anyone with svn access would please submit this one? :)

04/11/07 05:26:43 changed by p_lindheimer

ARI is from another project that is packaged with freepbx but mostly End of Life so for the most part nothing gets done on it, depsite there have been a few things added to it and fixed in the past.

It will be completely replaced by a supported portal so until then - use as you see fit. You are alwasy welcome to submit issues against it, but the likely hood of them being addressed is usually fairly low.

06/25/07 08:15:16 changed by p_lindheimer

  • version changed from 2.2.1 to 2.3-branch.

r4220, r4291

06/25/07 08:17:42 changed by p_lindheimer

  • status changed from new to closed.
  • resolution set to fixed.

r4220, r4219 (not 91) and r4221 now

Donate



Support
Download
Develop
Forums
News
Documentation
Paid Support
About

Paid Ads