Skip to content
Permalink
Browse files Browse the repository at this point in the history
FREEI-2107--stored-xss
  • Loading branch information
akbar khan committed Sep 15, 2021
1 parent 2cff659 commit ffce488
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 4 deletions.
6 changes: 4 additions & 2 deletions page.voicemail.php
Expand Up @@ -398,7 +398,8 @@
//TODO: Do we really need to say "UPDATE COMPLETED??"
if ($need_update && $action != 'usage') {
$args = array();
if (voicemail_update_settings($action, $context, $extension, $_REQUEST)) {
$request = freepbxGetSanitizedRequest(FILTER_UNSAFE_RAW);
if (voicemail_update_settings($action, $context, $extension, $request)) {
$url = "config.php?type=$type&display=$display&action=$action&ext=$extension&updated=true";
needreload();
redirect($url);
Expand Down Expand Up @@ -680,7 +681,8 @@
*/
$scope = voicemail_get_scope($extension);
if ($need_update) {
voicemail_update_usage($vmail_info, $context, $extension, $_REQUEST);
$request = freepbxGetSanitizedRequest(FILTER_UNSAFE_RAW);
voicemail_update_usage($vmail_info, $context, $extension, $request);
if (!empty($extension)) {
$url = "config.php?display=$display&ext=$extension&action=$action&updated=true";
} else {
Expand Down
4 changes: 2 additions & 2 deletions views/ssettings.php
Expand Up @@ -39,10 +39,10 @@
<div class="col-md-9">
<?php switch($items['type']) {
case "number": ?>
<input type="number" class="form-control" id="<?php echo $id_prefix?>__<?php echo $key?>" name="<?php echo $id_prefix?>__<?php echo $key?>" value="<?php echo !empty($settings[$key]) ? $settings[$key] : $items['default'] ?>" <?php if(!empty($items['options'])) {?>min="<?php echo $items['options'][0]?>" max="<?php echo $items['options'][1]?>"<?php } ?>>
<input type="number" class="form-control" id="<?php echo $id_prefix?>__<?php echo $key?>" name="<?php echo $id_prefix?>__<?php echo $key?>" value="<?php echo !empty($settings[$key]) ? htmlentities($settings[$key], ENT_COMPAT, 'UTF-8') : $items['default'] ?>" <?php if(!empty($items['options'])) {?>min="<?php echo $items['options'][0]?>" max="<?php echo $items['options'][1]?>"<?php } ?>>
<?php break;
case "text": ?>
<input type="text" class="form-control" id="<?php echo $id_prefix?>__<?php echo $key?>" name="<?php echo $id_prefix?>__<?php echo $key?>" value="<?php echo !empty($settings[$key]) ? $settings[$key] : $items['default'] ?>">
<input type="text" class="form-control" id="<?php echo $id_prefix?>__<?php echo $key?>" name="<?php echo $id_prefix?>__<?php echo $key?>" value="<?php echo !empty($settings[$key]) ? htmlentities($settings[$key], ENT_COMPAT, 'UTF-8') : $items['default'] ?>">
<?php break;
case "textbox":
$value = !empty($settings[$key]) ? $settings[$key] : $items['default'];
Expand Down

0 comments on commit ffce488

Please sign in to comment.