Skip to content

Commit d693c1f

Browse files
callcenter-magnuscallcenter-magnus
committed
fix code to working with last php version
1 parent 04c6865 commit d693c1f

File tree

12 files changed

+71
-92
lines changed

12 files changed

+71
-92
lines changed

build/MagnusBilling-current.tar.gz

-438 Bytes
Binary file not shown.

protected/commands/UpdateMysqlCommand.php

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,12 +17,17 @@
1717
* Magnusbilling.com <[email protected]>
1818
*
1919
*/
20-
class UpdateMysqlCommand extends ConsoleCommand
20+
class UpdateMysqlCommand extends CConsoleCommand
2121
{
2222

23+
public $debug = 0;
24+
public $config;
25+
2326
public function run($args)
2427
{
2528

29+
$this->config = LoadConfig::getConfig();
30+
2631
if (file_exists('/var/spool/cron/root')) {
2732
$CRONPATH = '/var/spool/cron/root';
2833
} elseif (file_exists('/var/spool/cron/crontabs/root')) {

protected/commands/update.sh

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -54,10 +54,6 @@ wget --no-check-certificate https://raw.githubusercontent.com/magnussolution/mag
5454
tar xzf MagnusBilling-current.tar.gz
5555

5656

57-
58-
##update database
59-
php /var/www/html/mbilling/cron.php UpdateMysql
60-
6157
## remove unnecessary directories
6258
rm -rf /var/www/html/mbilling/doc
6359
rm -rf /var/www/html/mbilling/script
@@ -99,6 +95,10 @@ if [[ -e /var/www/html/mbilling/resources/images/lock-screen-background.jpg ]];
9995
done
10096
fi
10197

98+
##update database
99+
php /var/www/html/mbilling/cron.php UpdateMysql
100+
102101
if [[ -e /var/www/html/mbilling/protected/commands/update3.sh ]]; then
103102
/var/www/html/mbilling/protected/commands/update3.sh
104-
fi
103+
fi
104+

protected/components/BaseController.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -281,7 +281,7 @@ public function setStart($value)
281281
public function setLimit($value)
282282
{
283283
$limit = isset($value[$this->nameParamLimit]) ? $value[$this->nameParamLimit] : -1;
284-
$this->limit = (strlen($this->filter) < 2 && isset($this->limit)) ? $this->limit : $limit;
284+
$this->limit = ( ! is_null($this->limit) && strlen($this->filter) < 2 && isset($this->limit)) ? $this->limit : $limit;
285285
}
286286

287287
public function setSort()
@@ -1187,7 +1187,7 @@ public function setAttributesModels($attributes, $models)
11871187

11881188
public function getAttributesModels($models, $itemsExtras = [])
11891189
{
1190-
$attributes = false;
1190+
$attributes = [];
11911191
$namePk = $this->abstractModel->primaryKey();
11921192
foreach ($models as $key => $item) {
11931193
$attributes[$key] = $item->attributes;

protected/components/CCJSON.php

Lines changed: 22 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ public static function encode($var)
3636
*/
3737
for ($c = 0; $c < $strlen_var; ++$c) {
3838

39-
$ord_var_c = ord($var{$c});
39+
$ord_var_c = ord($var[$c]);
4040

4141
switch (true) {
4242
case $ord_var_c == 0x08:
@@ -59,18 +59,18 @@ public static function encode($var)
5959
case $ord_var_c == 0x2F:
6060
case $ord_var_c == 0x5C:
6161
// double quote, slash, slosh
62-
$ascii .= '\\' . $var{$c};
62+
$ascii .= '\\' . $var[$c];
6363
break;
6464

6565
case (($ord_var_c >= 0x20) && ($ord_var_c <= 0x7F)):
6666
// characters U-00000000 - U-0000007F (same as ASCII)
67-
$ascii .= $var{$c};
67+
$ascii .= $var[$c];
6868
break;
6969

7070
case (($ord_var_c & 0xE0) == 0xC0):
7171
// characters U-00000080 - U-000007FF, mask 110XXXXX
7272
// see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
73-
$char = pack('C*', $ord_var_c, ord($var{$c + 1}));
73+
$char = pack('C*', $ord_var_c, ord($var[$c + 1]));
7474
$c += 1;
7575
$utf16 = self::utf8ToUTF16BE($char);
7676
$ascii .= sprintf('\u%04s', bin2hex($utf16));
@@ -80,8 +80,8 @@ public static function encode($var)
8080
// characters U-00000800 - U-0000FFFF, mask 1110XXXX
8181
// see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
8282
$char = pack('C*', $ord_var_c,
83-
ord($var{$c + 1}),
84-
ord($var{$c + 2}));
83+
ord($var[$c + 1]),
84+
ord($var[$c + 2]));
8585
$c += 2;
8686
$utf16 = self::utf8ToUTF16BE($char);
8787
$ascii .= sprintf('\u%04s', bin2hex($utf16));
@@ -91,9 +91,9 @@ public static function encode($var)
9191
// characters U-00010000 - U-001FFFFF, mask 11110XXX
9292
// see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
9393
$char = pack('C*', $ord_var_c,
94-
ord($var{$c + 1}),
95-
ord($var{$c + 2}),
96-
ord($var{$c + 3}));
94+
ord($var[$c + 1]),
95+
ord($var[$c + 2]),
96+
ord($var[$c + 3]));
9797
$c += 3;
9898
$utf16 = self::utf8ToUTF16BE($char);
9999
$ascii .= sprintf('\u%04s', bin2hex($utf16));
@@ -103,10 +103,10 @@ public static function encode($var)
103103
// characters U-00200000 - U-03FFFFFF, mask 111110XX
104104
// see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
105105
$char = pack('C*', $ord_var_c,
106-
ord($var{$c + 1}),
107-
ord($var{$c + 2}),
108-
ord($var{$c + 3}),
109-
ord($var{$c + 4}));
106+
ord($var[$c + 1]),
107+
ord($var[$c + 2]),
108+
ord($var[$c + 3]),
109+
ord($var[$c + 4]));
110110
$c += 4;
111111
$utf16 = self::utf8ToUTF16BE($char);
112112
$ascii .= sprintf('\u%04s', bin2hex($utf16));
@@ -116,11 +116,11 @@ public static function encode($var)
116116
// characters U-04000000 - U-7FFFFFFF, mask 1111110X
117117
// see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
118118
$char = pack('C*', $ord_var_c,
119-
ord($var{$c + 1}),
120-
ord($var{$c + 2}),
121-
ord($var{$c + 3}),
122-
ord($var{$c + 4}),
123-
ord($var{$c + 5}));
119+
ord($var[$c + 1]),
120+
ord($var[$c + 2]),
121+
ord($var[$c + 3]),
122+
ord($var[$c + 4]),
123+
ord($var[$c + 5]));
124124
$c += 5;
125125
$utf16 = self::utf8ToUTF16BE($char);
126126
$ascii .= sprintf('\u%04s', bin2hex($utf16));
@@ -152,19 +152,19 @@ public static function encode($var)
152152
// treat as a JSON object
153153
if (is_array($var) && count($var) && (array_keys($var) !== range(0, sizeof($var) - 1))) {
154154
return '{' .
155-
join(',', array_map(array('CJSON', 'nameValue'),
155+
join(',', array_map(['CJSON', 'nameValue'],
156156
array_keys($var),
157157
array_values($var)))
158158
. '}';
159159
}
160160

161161
// treat it like a regular array
162-
return '[' . join(',', array_map(array('CJSON', 'encode'), $var)) . ']';
162+
return '[' . join(',', array_map(['CJSON', 'encode'], $var)) . ']';
163163

164164
case 'object':
165165
if ($var instanceof Traversable) {
166166
$var = get_parent_class($var) === 'Model' ? $var->getAttributes() : $var;
167-
$vars = array();
167+
$vars = [];
168168
foreach ($var as $k => $v) {
169169
$vars[$k] = $v;
170170
}
@@ -174,7 +174,7 @@ public static function encode($var)
174174
}
175175

176176
return '{' .
177-
join(',', array_map(array('CJSON', 'nameValue'),
177+
join(',', array_map(['CJSON', 'nameValue'],
178178
array_keys($vars),
179179
array_values($vars)))
180180
. '}';

protected/controllers/CallController.php

Lines changed: 19 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -183,7 +183,7 @@ public function actionDownloadRecord()
183183

184184
$host = $modelCall->idServer->public_ip > 0 ? $modelCall->idServer->public_ip : $modelCall->idServer->host;
185185
$url = 'http://' . $host . '/mbilling/record.php?id=' . $uniqueid . '&u=' . $modelCall->idUser->username;
186-
$output = LinuxAccess::exec("cd /var/www/html/mbilling/tmp/ && wget --quiet -O " . $uniqueid . ".gsm '$url'");
186+
$output = LinuxAccess::exec("cd /var/www/html/mbilling/tmp/ && wget --quiet -O " . trim($uniqueid) . ".gsm '$url'");
187187
header("Cache-Control: public");
188188
header("Content-Description: File Transfer");
189189
header("Content-Disposition: attachment; filename=" . $uniqueid);
@@ -194,7 +194,7 @@ public function actionDownloadRecord()
194194
exit;
195195
}
196196

197-
$output = LinuxAccess::exec("ls /var/spool/asterisk/monitor/" . $modelCall->idUser->username . '/*.' . $uniqueid . '* ');
197+
$output = LinuxAccess::exec("ls /var/spool/asterisk/monitor/" . $modelCall->idUser->username . '/*.' . trim($uniqueid) . '* ');
198198

199199
if (isset($output[0])) {
200200

@@ -258,7 +258,7 @@ public function actionDownloadRecord()
258258
$username = $records->idUser->username;
259259

260260
$mix_monitor_format = $this->config['global']['MixMonitor_format'];
261-
LinuxAccess::exec('cp -rf /var/spool/asterisk/monitor/' . $username . '/*.' . $uniqueid . '* ' . $folder . '/');
261+
LinuxAccess::exec('cp -rf /var/spool/asterisk/monitor/' . $username . '/*.' . trim($uniqueid) . '* ' . $folder . '/');
262262
}
263263

264264
LinuxAccess::exec("cd $folder && tar -czf records_" . Yii::app()->session['username'] . ".tar.gz *");
@@ -423,9 +423,25 @@ public function actionCsv()
423423
$this->convertRelationFilter();
424424
$header = '';
425425
foreach ($columns as $key => $value) {
426+
if (strlen($value['header']) > 40) {
427+
MagnusLog::insertLOG('EDIT', $id_user, $_SERVER['REMOTE_ADDR'], 'CDR export columns have more than 40 char.' . print_r($columns, true));
428+
exit;
429+
}
426430
$header .= "'" . ($value['header']) . "',";
427431
}
428432

433+
if (preg_match('/echo|system|exec|touch|pass|cd |rm |curl|wget|assets|resources|mbilling|protected/', $header)) {
434+
$info = 'Trying SQL inject, code: ' . $value . '. Controller => ' . Yii::app()->controller->id;
435+
$id_user = isset(Yii::app()->session['id_user']) ? Yii::app()->session['id_user'] : 'NULL';
436+
MagnusLog::insertLOG('EDIT', $id_user, $_SERVER['REMOTE_ADDR'], $info);
437+
echo json_encode([
438+
'rows' => [],
439+
'count' => 0,
440+
'sum' => [],
441+
'msg' => 'SQL INJECT FOUND',
442+
]);
443+
}
444+
429445
$fileName = 'cdr_' . time();
430446
LinuxAccess::exec("echo '" . substr($header, 0, -1) . "' > /var/www/html/mbilling/tmp/" . $fileName . ".csv ");
431447

protected/controllers/DidwwController.php

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,10 @@ public function actionAdd()
8686
public function confirmeDid($id_did)
8787
{
8888

89+
if ( ! is_numeric($id_did)) {
90+
exit;
91+
}
92+
8993
$result = LinuxAccess::exec("
9094
curl -H 'Accept: application/vnd.api+json' \
9195
-H 'Api-Key: " . $this->api_key . "' \
@@ -170,6 +174,9 @@ public function orderDid()
170174
public function getDids($id_city)
171175
{
172176

177+
if ( ! is_numeric($id_city)) {
178+
exit;
179+
}
173180
$result = LinuxAccess::exec("
174181
curl -H 'Accept: application/vnd.api+json' \
175182
-H 'Api-Key: " . $this->api_key . "' \

protected/controllers/FirewallController.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,9 @@ class FirewallController extends Controller
1414

1515
public function init()
1616
{
17+
if ( ! Yii::app()->session['isAdmin']) {
18+
exit;
19+
}
1720
$this->instanceModel = new Firewall;
1821
$this->abstractModel = Firewall::model();
1922
$this->titleReport = Yii::t('zii', 'Firewall');

protected/controllers/SipTraceController.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -402,7 +402,7 @@ public function actionRead($asJson = true, $condition = null)
402402
public function actionDestroy()
403403
{
404404
SipTrace::model()->deleteAll();
405-
LinuxAccess::exec("rm -rf " . $this->log_name);
405+
LinuxAccess::exec("rm -rf /var/www/html/mbilling/resources/reports/siptrace.log");
406406
}
407407

408408
public function actionExport()

protected/controllers/SmsInfoBipController.php

Lines changed: 1 addition & 55 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,5 @@
11
<?php
22

3-
/**
4-
* Url for http://localhost/mbilling/index.php/smsInfoBip/send?user=6964554610&pass=6964554610&number=57325064403&text=test_sms .
5-
*/
63
class SmsInfoBipController extends CController
74
{
85

@@ -14,57 +11,6 @@ public function init()
1411

1512
public function actionSend()
1613
{
17-
$UNIX_TIMESTAMP = "UNIX_TIMESTAMP(";
18-
19-
if (isset($_GET['text'])) {
20-
$text = $_GET['text'];
21-
} else {
22-
exit;
23-
}
24-
25-
if (isset($_GET['user'])) {
26-
$user = $_GET['user'];
27-
} else {
28-
exit;
29-
}
30-
31-
if (isset($_GET['pass'])) {
32-
$pass = $_GET['pass'];
33-
} else {
34-
exit;
35-
}
36-
37-
if (isset($_GET['number'])) {
38-
$number = $_GET['number'];
39-
} else {
40-
exit;
41-
}
42-
43-
if (isset($_GET['from'])) {
44-
$from = $_GET['from'];
45-
} else {
46-
$from = '55555555555';
47-
}
48-
49-
$authorization = base64_encode("$user:$pass");
50-
51-
$result = LinuxAccess::exec("
52-
curl -X POST \
53-
-H 'Content-Type: application/json' \
54-
-H 'Accept: application/json' \
55-
-H 'Authorization: Basic $authorization' \
56-
-d '{
57-
\"from\":\"$from\",
58-
\"to\":\"$number\",
59-
\"text\":\"$text\"
60-
}' https://api.infobip.com/sms/1/text/single");
61-
62-
$result = json_decode($result);
63-
64-
if (isset($result->messages[0]->status->groupName)) {
65-
echo 'ok';
66-
} else {
67-
echo 'error';
68-
}
14+
//
6915
}
7016
}

0 commit comments

Comments
 (0)