Skip to content

Commit 79f06c7

Browse files
callcenter-magnuscallcenter-magnus
committed
CHtml::encode
1 parent f896f88 commit 79f06c7

File tree

5 files changed

+56
-53
lines changed

5 files changed

+56
-53
lines changed

build/MagnusBilling-current.tar.gz

880 Bytes
Binary file not shown.

protected/components/AsteriskAccess.php

Lines changed: 18 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
<?php
2+
23
/**
34
* Classe de com funcionalidades globais
45
*
@@ -85,14 +86,14 @@ public function generateQueueFile()
8586
$model = Queue::model()->findAll(
8687
[
8788
'select' => $select,
88-
]);
89+
]
90+
);
8991

9092
if (count($model)) {
9193
AsteriskAccess::instance()->writeAsteriskFile($model, '/etc/asterisk/queues_magnus.conf', 'name');
9294
}
9395

9496
AsteriskAccess::instance()->mohReload();
95-
9697
}
9798

9899
public function mohReload()
@@ -105,7 +106,6 @@ public function hangupRequest($channel, $server = 'localhost')
105106

106107
AsteriskAccess::instance($server, 'magnus', 'magnussolution');
107108
$this->asmanager->Command("hangup request " . $channel);
108-
109109
}
110110

111111
public function dialPlanReload()
@@ -210,7 +210,7 @@ public function writeAsteriskFile($model, $file, $head_field = 'name')
210210
$fr = fopen($registerFile, "w");
211211
}
212212

213-
if ( ! $fd) {
213+
if (! $fd) {
214214
echo "</br><center><b><font color=red>" . gettext("Could not open buddy file") . $file . "</font></b></center>";
215215
} else {
216216
foreach ($rows as $key => $data) {
@@ -254,9 +254,7 @@ public function writeAsteriskFile($model, $file, $head_field = 'name')
254254
foreach ($modelMember as $member) {
255255
$line .= 'member=' . $member['interface'] . "\n";
256256
}
257-
258257
}
259-
260258
}
261259

262260
if (isset($fr)) {
@@ -315,7 +313,6 @@ public function writeAsteriskFile($model, $file, $head_field = 'name')
315313
break;
316314
}
317315
}
318-
319316
}
320317

321318
fclose($fd);
@@ -327,7 +324,6 @@ public function writeAsteriskFile($model, $file, $head_field = 'name')
327324
} else {
328325
AsteriskAccess::instance()->queueReload();
329326
}
330-
331327
}
332328
}
333329
//call file , time in seconds to create the file
@@ -349,7 +345,6 @@ public static function generateCallFile($callFile, $time = 0)
349345
$destination_file = '/var/spool/asterisk/outgoing/' . $aleatorio . '.call'; // Assuming $aleatorio is defined
350346

351347
rename($arquivo_call, $destination_file);
352-
353348
}
354349

355350
public function getCallsPerDid($did, $agi = null)
@@ -412,7 +407,6 @@ public function groupTrunk($agi, $ipaddress, $maxuse)
412407
if (preg_match("/Up |Ring /", $channel['State'])) {
413408
$count++;
414409
}
415-
416410
}
417411
}
418412
}
@@ -441,7 +435,7 @@ public static function getSipShowPeers()
441435
foreach ($modelServers as $key => $server) {
442436
$data = AsteriskAccess::instance($server['host'], $server['username'], $server['password'])->sipShowPeers();
443437

444-
if ( ! isset($data['data']) || strlen($data['data']) < 10) {
438+
if (! isset($data['data']) || strlen($data['data']) < 10) {
445439
continue;
446440
}
447441

@@ -487,19 +481,24 @@ public static function getCoreShowCdrChannels()
487481

488482
$data = AsteriskAccess::instance($server['host'], $server['username'], $server['password'])->cdrShowActive();
489483

490-
if ( ! isset($data) || ! isset($data['data'])) {
484+
if (! isset($data) || ! isset($data['data'])) {
491485
Servers::model()->updateByPk($server['id'], ['status' => 2]);
492486
continue;
493487
}
494488

495-
if ( ! isset($data) || ! isset($data['data'])) {
489+
if (! isset($data) || ! isset($data['data'])) {
496490
continue;
497491
}
498492

499493
$linesCallsResult = explode("\n", $data['data']);
500494

501-
for ($i = 5; $i < count($linesCallsResult) - 1; $i++) {
495+
for ($i = 0; $i < count($linesCallsResult) - 1; $i++) {
502496
$call = explode("|", $linesCallsResult[$i]);
497+
498+
if (!preg_match('/^SIP|^IAX|^PJSIP/', $call[0])) {
499+
continue;
500+
}
501+
503502
if ($call[4] == 'Down') {
504503
continue;
505504
}
@@ -532,7 +531,7 @@ public static function getCoreShowChannels()
532531
$columns = ['Channel', 'Context', 'Exten', 'Priority', 'Stats', 'Application', 'Data', 'CallerID', 'Accountcode', 'Amaflags', 'Duration', 'Bridged'];
533532
$data = AsteriskAccess::instance($server['host'], $server['username'], $server['password'])->coreShowChannelsConcise();
534533

535-
if ( ! isset($data) || ! isset($data['data'])) {
534+
if (! isset($data) || ! isset($data['data'])) {
536535
return;
537536
}
538537

@@ -544,14 +543,12 @@ public static function getCoreShowChannels()
544543

545544
for ($i = 0; $i < count($linesCallsResult); $i++) {
546545
$call = explode("!", $linesCallsResult[$i]);
547-
if ( ! preg_match("/\//", $call[0])) {
546+
if (! preg_match("/\//", $call[0])) {
548547
continue;
549548
}
550549
$call['server'] = $server['host'];
551550
$channels[] = $call;
552-
553551
}
554-
555552
}
556553
return $channels;
557554
}
@@ -573,7 +570,7 @@ public static function getCoreShowChannelsVerbose()
573570
$columns = ['Channel', 'Context', 'Extension', 'Prio', 'State', 'Application', 'Data', 'CallerID', 'Duration', 'Accountcode', 'PeerAccount', 'BridgedTo'];
574571
$data = AsteriskAccess::instance($server['host'], $server['username'], $server['password'])->coreShowChannelsVerbose();
575572

576-
if ( ! isset($data) || ! isset($data['data'])) {
573+
if (! isset($data) || ! isset($data['data'])) {
577574
return;
578575
}
579576

@@ -589,14 +586,12 @@ public static function getCoreShowChannelsVerbose()
589586
continue;
590587
}
591588
$call = preg_split("/\s+/", $linesCallsResult[$i]);
592-
if ( ! preg_match("/\//", $call[0])) {
589+
if (! preg_match("/\//", $call[0])) {
593590
continue;
594591
}
595592
$call['server'] = $server['host'];
596593
$channels[] = $call;
597-
598594
}
599-
600595
}
601596
return $channels;
602597
}
@@ -624,13 +619,12 @@ public static function getCoreShowChannel($channel, $agi = null, $server = null)
624619
'username' => 'magnus',
625620
'password' => 'magnussolution',
626621
]);
627-
628622
}
629623

630624
$channels = [];
631625
foreach ($modelServers as $key => $server) {
632626
$data = AsteriskAccess::instance($server['host'], $server['username'], $server['password'])->coreShowChannel($channel);
633-
if ( ! isset($data['data']) || strlen($data['data']) < 10 || preg_match("/is not a known channe/", $data['data'])) {
627+
if (! isset($data['data']) || strlen($data['data']) < 10 || preg_match("/is not a known channe/", $data['data'])) {
634628
continue;
635629
}
636630
$linesCallResult = explode("\n", $data['data']);
@@ -653,17 +647,14 @@ public static function getCoreShowChannel($channel, $agi = null, $server = null)
653647

654648
if ($key == 'SIPCALLID') {
655649
$result[trim($key)] = AsteriskAccess::instance($server['host'], $server['username'], $server['password'])->sipShowChannel(trim($value));
656-
657650
} else {
658651
$result[trim($key)] = trim($value);
659652
}
660-
661653
}
662654
break;
663655
}
664656

665657
return $result;
666-
667658
}
668659

669660
public function generateSipPeers()
@@ -730,7 +721,6 @@ public function generateSipPeers()
730721
if ($sip->host != 'dynamic') {
731722
$line .= 'deny=0.0.0.0/0.0.0.0' . "\n";
732723
$line .= 'permit=' . $sip->host . "/255.255.255.0\n";
733-
734724
} else {
735725
if (strlen($sip->deny) > 1) {
736726
$line .= 'deny=' . $sip->deny . "\n";
@@ -846,20 +836,17 @@ public function generateSipPeers()
846836
if (strlen($sip->defaultuser) > 1) {
847837
$subscriber .= 'exten => ' . $sip->defaultuser . ',hint,SIP/' . $sip->defaultuser . "\n";
848838
}
849-
850839
}
851840

852841
fclose($fd);
853842
}
854-
855843
}
856844
if (fwrite($fr_voicemail, $voicemail) === false) {
857845
echo "Impossible to write to the file ($fr_voicemail)";
858846
}
859847
AsteriskAccess::instance()->VoiceMailReload();
860848

861849
AsteriskAccess::instance()->sipReload();
862-
863850
}
864851
public function generateIaxPeers()
865852
{
@@ -968,7 +955,6 @@ public function generateIaxPeers()
968955
}
969956

970957
AsteriskAccess::instance()->iaxReload();
971-
972958
}
973959

974960
public function writeDidContext()
@@ -988,7 +974,5 @@ public function writeDidContext()
988974
}
989975

990976
AsteriskAccess::instance()->dialPlanReload();
991-
992977
}
993-
994978
}

protected/components/MagnusLog.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ public static function insertLOG($action, $description)
1313
$id_user = isset(Yii::app()->session['id_user']) ? Yii::app()->session['id_user'] : null;
1414
$modelLogUsers = new LogUsers();
1515
$modelLogUsers->id_user = $id_user;
16-
$modelLogUsers->description = $description;
16+
$modelLogUsers->description = CHtml::encode($description);
1717
$modelLogUsers->id_log_actions = $action;
1818
$modelLogUsers->ip = $_SERVER['REMOTE_ADDR'];
1919
try {

protected/components/SqlInject.php

Lines changed: 21 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,10 @@ public static function sanitize($src)
6363
'pg_query',
6464
'sqlite_query',
6565
'prepare',
66-
66+
'alert',
67+
'src=',
68+
'<img',
69+
'console'
6770
];
6871

6972

@@ -75,14 +78,17 @@ public static function sanitize($src)
7578
foreach ($codes as $code) {
7679

7780
$code = strtolower($code);
81+
if (Util::isJson($value)) {
82+
$value = json_decode($value);
83+
}
7884

7985
if (is_array($value)) {
8086
foreach ($value as $key => $valuearray) {
8187

8288
if (is_array($valuearray)) {
8389
foreach ($valuearray as $key => $value) {
8490

85-
$value = strtolower($value);
91+
$value = @strtolower($value);
8692
if (strlen($value) > 250) {
8793
$info = 'Variable to long: ' . $value . '. Controller => ' . Yii::app()->controller->id;
8894
$id_user = isset(Yii::app()->session['id_user']) ? Yii::app()->session['id_user'] : 'NULL';
@@ -91,7 +97,7 @@ public static function sanitize($src)
9197
'rows' => [],
9298
'count' => 0,
9399
'sum' => [],
94-
'msg' => $info
100+
'msg' => CHtml::encode($info)
95101
]);
96102
exit;
97103
}
@@ -107,13 +113,13 @@ public static function sanitize($src)
107113
'rows' => [],
108114
'count' => 0,
109115
'sum' => [],
110-
'msg' => $info
116+
'msg' => CHtml::encode($info)
111117
]);
112118
exit;
113119
}
114120
}
115121
} else {
116-
$value = strtolower($valuearray);
122+
$value = @strtolower($valuearray);
117123
if (strlen($value) > 250) {
118124
$info = 'Variable to long: ' . $valuearray . '. Controller => ' . Yii::app()->controller->id;
119125
$id_user = isset(Yii::app()->session['id_user']) ? Yii::app()->session['id_user'] : 'NULL';
@@ -122,11 +128,16 @@ public static function sanitize($src)
122128
'rows' => [],
123129
'count' => 0,
124130
'sum' => [],
125-
'msg' => $info
131+
'msg' => CHtml::encode($info)
126132
]);
127133
exit;
128134
}
129135

136+
if (isset($valuearray->data->type) && $valuearray->data->type == 'list') {
137+
return;
138+
}
139+
140+
130141

131142
if (preg_match("/$code/", $valuearray)) {
132143

@@ -138,23 +149,23 @@ public static function sanitize($src)
138149
'rows' => [],
139150
'count' => 0,
140151
'sum' => [],
141-
'msg' => $info
152+
'msg' => CHtml::encode($info)
142153
]);
143154
exit;
144155
}
145156
}
146157
}
147158
} else {
148159

149-
if (strlen($value) > 250) {
160+
if (strlen($value) > 1000) {
150161
$info = 'Variable to long2: ' . $value . '. Controller => ' . Yii::app()->controller->id;
151162
$id_user = isset(Yii::app()->session['id_user']) ? Yii::app()->session['id_user'] : 'NULL';
152163
MagnusLog::insertLOG('EDIT', $id_user, $_SERVER['REMOTE_ADDR'], $info);
153164
echo json_encode([
154165
'rows' => [],
155166
'count' => 0,
156167
'sum' => [],
157-
'msg' => $info
168+
'msg' => CHtml::encode($info)
158169
]);
159170
exit;
160171
}
@@ -167,7 +178,7 @@ public static function sanitize($src)
167178
'rows' => [],
168179
'count' => 0,
169180
'sum' => [],
170-
'msg' => $info
181+
'msg' => CHtml::encode($info)
171182
]);
172183
exit;
173184
}

0 commit comments

Comments
 (0)