Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Debug v20

Browse Source
This commit is contained in:
Laurent Destailleur
2024-06-04 10:18:56 +02:00
parent c00ffbcd66
commit b3a42dad39
2 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
htdocs/asterisk/wrapper.php
View File

@@ -77,7 +77,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
// Security check
if (empty($conf->clicktodial->enabled)) {
if (!isModEnabled('clicktodial')) {
accessforbidden();
exit;
}
@@ -118,8 +118,11 @@ $password = GETPOST('password', 'none');
$caller = GETPOST('caller', 'alphanohtml');
$called = GETPOST('called', 'alphanohtml');
// Sanitize password to avoid to use the wrapper to inject malicious paylod into asterisk
// Sanitize input data to avoid to use the wrapper to inject malicious paylod into asterisk
$login = preg_replace('/[\n\r]/', '', $login);
$password = preg_replace('/[\n\r]/', '', $password);
$caller = preg_replace('/[\n\r]/', '', $caller);
$called = preg_replace('/[\n\r]/', '', $called);
// IP address of Asterisk server
$strHost = getDolGlobalString('ASTERISK_HOST');