diegods/homelabdspbx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security voicemail listen_to_recording add shell_esc

Browse Source
This commit is contained in:
FusionPBX
2026-03-22 15:27:13 +00:00
committed by GitHub
parent 3e2f60bc7e
commit 8920222cb7
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/switch/resources/scripts/app/voicemail/resources/functions/listen_to_recording.lua
+6 -3
View File
@@ -23,6 +23,9 @@
-- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-- POSSIBILITY OF SUCH DAMAGE.
--load the functions
require("resources.functions.shell_esc")
--define function to listen to the recording
function listen_to_recording(message_number, uuid, created_epoch, caller_id_name, caller_id_number, message_status, message_play)
@@ -115,7 +118,7 @@
end
--get the file type
command = "file -b --mime-type "..message_location;
command = "file -b --mime-type "..shell_esc(message_location);
local handle = io.popen(command);
local mime_type = trim(handle:read("*a"));
handle:close();
@@ -127,7 +130,7 @@
end
--rename the file
os.execute('mv '..message_location..' '..message_location..'.'..vm_message_ext);
os.execute('mv '..shell_esc(message_location)..' '..shell_esc(message_location..'.'..vm_message_ext));
end);
dbh:release()
elseif (storage_type == "http_cache") then
@@ -300,4 +303,4 @@
end
session:execute("sleep", "400");
end
end
end