Open Source Training Seminar FreePBX Paid Support

Ticket #2565 (closed Bugs: fixed)

Opened 9 months ago

Last modified 1 month ago

Voicemail audio recording does not play inside ARI very often

Reported by: olivier1010 Assigned to: pkaplan
Priority: minor Milestone: 2.5
Component: ARI Version:
Keywords: Cc:
Confirmation: Need Feedback SVN Revision (if applicable):
Backend Engine: All Backend Engine Version:

Description

This bug is an old one.

I recall it here, as it would be a good time to correct it for version 2.4.

The ARI play audio voicemail window is using an URI encoding to transmitt file names.

Very often, this encoding fails, and the voicemail audio files cannot be read by ARI.

We get an error message from Firefox or IE saying that we are missing the "text/html" plugin.

This is a bluring error message. In fact the problem does not come from a missing plugin, but simply from the fact that the URL of the audio file is not correctly encoded / decoded.

We got the missing plugin error because the file name extension is not the good one, as we get a garbage audio file name after decoding the URL.

This is very simple to correct, just remove the encoding function, or use a more robust one.

To remove this encoding call, there is only two files to modify inside

/var/www/html/recordings/misc

audio.php recording_popup.php

Two use another encoding function, it's a bit longer but should be a very small work for an experienced programmer.

I tried to contact the author of ARI without success.

Attachments

patched ari.rar (1.4 kB) - added by olivier1010 on 12/17/07 02:16:16.
Patched files to solve the missing plugin
audio.php (1.6 kB) - added by sasargen on 04/08/08 10:19:27.
Patched to urlencode path before attempting decrypt.
crypt.php (1.8 kB) - added by sasargen on 04/08/08 10:21:18.
Fixed order of urldecode and base64_decode operations in decrypt function
voicemail.module (22.9 kB) - added by sasargen on 04/08/08 10:35:53.
Patched to encrypt all file paths in html output and function arguments.
audio.php.patch (416 bytes) - added by sasargen on 04/08/08 10:37:50.
crypt.php.patch (368 bytes) - added by sasargen on 04/08/08 10:38:10.
recording_popup.php.patch (1.4 kB) - added by sasargen on 04/08/08 10:48:29.
voicemail.module.patch (3.8 kB) - added by sasargen on 04/08/08 10:49:00.
recording_popup.php (1.1 kB) - added by sasargen on 04/08/08 10:51:36.
Patched to urlencode crypted path and pass to audio.php. Changed height of playback control to work better with Windows Media Player.
callmonitor.module (19.9 kB) - added by sasargen on 04/10/08 08:21:04.
Patched to encrypt file paths in html output and function arguments.
callmonitor.module.patch (2.0 kB) - added by sasargen on 04/10/08 08:21:41.
ari_ticket_2565.patch (8.2 kB) - added by p_lindheimer on 07/25/08 19:15:32.
comprehensive patch of what I think is needed per all the discussion on this thread

Change History

12/16/07 18:23:44 changed by p_lindheimer

  • priority changed from major to minor.
  • confirmation changed from Unreviewed to Confirmed.
  • version deleted.
  • milestone changed from Cut Line to 3.0.

instead of lecturing on the simplicity, please provide a patch that you think addresses the problem and we will review it. The original author of ARI is MIA since over a year. Any maintenance to ARI happens here.

12/17/07 02:16:16 changed by olivier1010

  • attachment patched ari.rar added.

Patched files to solve the missing plugin

12/17/07 02:20:04 changed by olivier1010

Here is the patched files as a joined .rar file.

It is the simpler method : supressing the encoding. I don't have php programming kwnoledge to do more.

Nevertheless this solve the problem.

Removing Encoding is not really a problem because all serious professional installations will use a VPN to access such informations.

04/04/08 17:48:26 changed by sasargen

The file path must be encrypted to prevent a directory traversal exploit. However, the crypt functions produce output that is not URI safe. This was handled by adding urlencode and urldecode calls to the encrypt and decrypt functions. See ticket #1785.

I am attaching patched versions of recordings/modules/voicemail.module and recordings/misc/recording_popup.php. This patch moves the file path encryption calls to voicemail.module. This prevents a directory traversal exploit since unencrypted file paths are never passed in the URL. The encryption call is removed from recording_popup.php, but a call to urlencode is added. This compensates for passing the encrypted file path via GET twice.

(follow-up: ↓ 5 ) 04/04/08 18:35:35 changed by p_lindheimer

sasargen, please attach a patch file for your change if you could. You can make one as follows: 

diff -ubB original_file new_file > file.patch

and attach that as well. Thanks.

04/08/08 10:19:27 changed by sasargen

  • attachment audio.php added.

Patched to urlencode path before attempting decrypt.

04/08/08 10:21:18 changed by sasargen

  • attachment crypt.php added.

Fixed order of urldecode and base64_decode operations in decrypt function

04/08/08 10:35:53 changed by sasargen

  • attachment voicemail.module added.

Patched to encrypt all file paths in html output and function arguments.

04/08/08 10:37:50 changed by sasargen

  • attachment audio.php.patch added.

04/08/08 10:38:10 changed by sasargen

  • attachment crypt.php.patch added.

04/08/08 10:48:29 changed by sasargen

  • attachment recording_popup.php.patch added.

04/08/08 10:49:00 changed by sasargen

  • attachment voicemail.module.patch added.

04/08/08 10:51:36 changed by sasargen

  • attachment recording_popup.php added.

Patched to urlencode crypted path and pass to audio.php. Changed height of playback control to work better with Windows Media Player.

(in reply to: ↑ 4 ) 04/08/08 11:18:57 changed by sasargen

My previous patch was incomplete. It seems the fix from #1785 introduced a bug in the decrypt function. It also seems that strings passed as arguments in a URL are automatically urldecoded, but not arrays. I think I patched everything to deal with each situation correctly.

I attached full copies of misc/audio.php, misc/recording_popup.php, includes/crypt.php, and modules/voicemail.module. See file comments for explanation of patches made.

I also attached patch files for each new file against the ARI code from the freepbx-2.3.1 tarball.

04/08/08 12:10:21 changed by p_lindheimer

  • confirmation changed from Confirmed to Need Feedback.

I'd like to get some of the other developers to review this and provide their feedback if they think it is a good solution to the issue, and to make sure their are no other issues recognized. Please post here. Thanks.

04/10/08 08:21:04 changed by sasargen

  • attachment callmonitor.module added.

Patched to encrypt file paths in html output and function arguments.

04/10/08 08:21:41 changed by sasargen

  • attachment callmonitor.module.patch added.

04/10/08 08:31:14 changed by sasargen

Since callmonitor.module uses the same techniques as voicemail.module to create playback links and checkboxes for deleting files, I have patched callmonitor.module, too.

07/01/08 16:49:12 changed by lazytt

housekeeping: any testers for these patches?

07/01/08 16:51:15 changed by lazytt

see also #2515

07/16/08 06:58:04 changed by sasargen

I'm have been using these patches on a system with about 100 accounts. Before the patches were applied, there were constant trouble calls about ARI. Once the patches were applied the trouble calls ended.

(follow-up: ↓ 13 ) 07/25/08 19:05:32 changed by p_lindheimer

sasargen, trying to make sense of all these patches and which ones to apply and not is what is delaying this. Is this correct, I need the following 5 patches from above?:

  • audio.php.patch
  • crypt.php.patch
  • recording_popup.php.patch
  • voicemail.module.patch
  • callmonitor.module.patch

Is that correct?

07/25/08 19:15:32 changed by p_lindheimer

  • attachment ari_ticket_2565.patch added.

comprehensive patch of what I think is needed per all the discussion on this thread

07/25/08 19:24:21 changed by p_lindheimer

  • status changed from new to closed.
  • resolution set to fixed.

(In [6190]) fixes #2565 but needs some good testing, there were a lot of patches and files attached to this ticket so if the original author can review and confirm that all the correct pathces were applied that would be helpful

(in reply to: ↑ 11 ) 07/26/08 06:48:13 changed by sasargen

philippe, sorry for the confusion. Your patch list is correct.

Donate



Support
Download
Develop
Forums
News
Documentation
Paid Support
About

Paid Ads