Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #20 in FREEPBX/cdr from ~VMISHRA/cdr:bugfix/FREEI-…
…1763-14 to release/14.0

* commit '4aceac9f7e27b4715d702ce5fee377f13da6e89f':
  FREEI-1763 (ver14)SQL Injection in Cdr Module for the UCP application
  • Loading branch information
kguptasangoma committed Aug 10, 2020
2 parents e933ce7 + 4aceac9 commit f1a9eea
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
4 changes: 2 additions & 2 deletions ucp/Cdr.class.php
Expand Up @@ -157,13 +157,13 @@ function ajaxHandler() {
$return = array("status" => false, "message" => "");
switch($_REQUEST['command']) {
case "grid":
$limit = $_REQUEST['limit'];
$limit = filter_var($_REQUEST['limit'], FILTER_SANITIZE_NUMBER_INT);
$ext = $_REQUEST['extension'];
$order = $_REQUEST['order'];
$orderby = !empty($_REQUEST['sort']) ? $_REQUEST['sort'] : "date";
$search = !empty($_REQUEST['search']) ? $_REQUEST['search'] : "";
$pages = $this->cdr->getPages($ext,$search,$limit);
$offset = $_REQUEST['offset'];
$offset = filter_var($_REQUEST['offset'], FILTER_SANITIZE_NUMBER_INT);
$page = ($offset / $limit) + 1;
$total = $this->cdr->getTotalCalls($ext,$search);
$data = $this->postProcessCalls($this->cdr->getCalls($ext,$page,$orderby,$order,$search,$limit),$ext);
Expand Down
2 changes: 1 addition & 1 deletion views/ucp_config.php
Expand Up @@ -41,7 +41,7 @@
<div class="col-md-9">
<select data-placeholder="Extensions" id="ucp_cdr" class="form-control chosenmultiselect ucp-cdr" name="ucp_cdr[]" multiple="multiple" <?php echo (!is_null($enable) && !$enable) ? "disabled" : ""?>>
<?php foreach($ausers as $key => $value) {?>
<option value="<?php echo $key?>" <?php echo in_array($key,$cdrassigned) ? 'selected' : '' ?>><?php echo $value?></option>
<option value="<?php echo htmlentities($key)?>" <?php echo in_array($key,$cdrassigned) ? 'selected' : '' ?>><?php echo htmlentities($value)?></option>
<?php } ?>
</select>
</div>
Expand Down

0 comments on commit f1a9eea

Please sign in to comment.