CVE-2022-35153: Security use escapeshellarg · fusionpbx/fusionpbx@de22a91

@@ -312,7 +312,7 @@ function fax_split_dtmf(&$fax_number, &$fax_dtmf){ if ($fax_file_extension != “pdf” && $fax_file_extension != “tif”) { chdir($dir_fax_temp); $command = $IS_WINDOWS ? ‘’ : 'export HOME=/tmp && '; $command .= 'libreoffice --headless --convert-to pdf --outdir ‘.$dir_fax_temp.’ '.$dir_fax_temp.’/’.$fax_name.’.’.$fax_file_extension; $command .= 'libreoffice --headless --convert-to pdf --outdir ‘.$dir_fax_temp.’ ‘.$dir_fax_temp.’/’.escapeshellarg($fax_name).’.’.escapeshellarg($fax_file_extension); exec($command); @unlink($dir_fax_temp.’/’.$fax_name.’.’.$fax_file_extension); } @@ -322,7 +322,7 @@ function fax_split_dtmf(&$fax_number, &$fax_dtmf){ chdir($dir_fax_temp);
//convert pdf to tif $cmd = exec(‘which gs’)." -q -r".$gs_r." -g".$gs_g." -dBATCH -dPDFFitPage -dNOSAFER -dNOPAUSE -dBATCH -sOutputFile=".correct_path($fax_name).".tif -sDEVICE=tiffg4 -Ilib stocht.ps -c \"{ .75 gt { 1 } { 0 } ifelse} settransfer\" – “.correct_path($fax_name).".pdf -c quit"; $cmd = exec(‘which gs’).” -q -r".$gs_r." -g".$gs_g." -dBATCH -dPDFFitPage -dNOSAFER -dNOPAUSE -dBATCH -sOutputFile=".escapeshellarg($fax_name).".tif -sDEVICE=tiffg4 -Ilib stocht.ps -c \"{ .75 gt { 1 } { 0 } ifelse} settransfer\" – ".escapeshellarg($fax_name).".pdf -c quit"; // echo($cmd . “<br/>\n”); exec($cmd); @unlink($dir_fax_temp.’/’.$fax_name.’.pdf’); @@ -672,17 +672,17 @@ function fax_split_dtmf(&$fax_number, &$fax_dtmf){
//send the fax $fax_file = $dir_fax_sent."/".$fax_instance_uuid.".tif"; $common_variables .= “fax_queue_uuid=’” . $fax_queue_uuid . "’,"; $common_variables .= “fax_queue_uuid=’” . escapeshellarg($fax_queue_uuid) . "’,"; $common_variables = "for_fax=1,"; $common_variables .= “accountcode=’” . $fax_accountcode . "’,"; $common_variables .= “sip_h_X-accountcode=’” . $fax_accountcode . "’,"; $common_variables .= “domain_uuid=” . $_SESSION[“domain_uuid”] . ","; $common_variables .= “domain_name=” . $_SESSION[“domain_name”] . ","; $common_variables .= “origination_caller_id_name=’” . $fax_caller_id_name . "’,"; $common_variables .= “origination_caller_id_number=’” . $fax_caller_id_number . "’,"; $common_variables .= “fax_ident=’” . $fax_caller_id_number . "’,"; $common_variables .= “fax_header=’” . $fax_caller_id_name . "’,"; $common_variables .= “fax_file=’” . $fax_file . "’,"; $common_variables .= “accountcode=’” . escapeshellarg($fax_accountcode) . "’,"; $common_variables .= “sip_h_X-accountcode=’” . escapeshellarg($fax_accountcode) . "’,"; $common_variables .= “domain_uuid=” . escapeshellarg($_SESSION[“domain_uuid”]) . ","; $common_variables .= “domain_name=” . escapeshellarg($_SESSION[“domain_name”]) . ","; $common_variables .= “origination_caller_id_name=’” . escapeshellarg($fax_caller_id_name) . "’,"; $common_variables .= “origination_caller_id_number=’” . escapeshellarg($fax_caller_id_number) . "’,"; $common_variables .= “fax_ident=’” . escapeshellarg($fax_caller_id_number) . "’,"; $common_variables .= “fax_header=’” . escapeshellarg($fax_caller_id_name) . "’,"; $common_variables .= “fax_file=’” . escapeshellarg($fax_file) . "’,";
foreach ($fax_numbers as $fax_number) {
@@ -704,16 +704,16 @@ function fax_split_dtmf(&$fax_number, &$fax_dtmf){ $fax_uri = $route_array[0]; $fax_variables = ""; foreach($_SESSION[‘fax’][‘variable’] as $variable) { $fax_variables .= $variable.","; $fax_variables .= escapeshellarg($variable).","; } }
//build the fax dial string $dial_string = $common_variables; $dial_string .= $fax_variables; $dial_string .= “mailto_address=’” . $mail_to_address . "’,"; $dial_string .= “mailfrom_address=’” . $mail_from_address . "’,"; $dial_string .= “fax_uri=” . $fax_uri . ","; $dial_string .= “mailto_address=’” . escapeshellarg($mail_to_address) . "’,"; $dial_string .= “mailfrom_address=’” . escapeshellarg($mail_from_address) . "’,"; $dial_string .= “fax_uri=” . escapeshellarg($fax_uri) . ","; $dial_string .= “fax_retry_attempts=1” . ","; $dial_string .= “fax_retry_limit=20” . ","; $dial_string .= “fax_retry_sleep=180” . ",";