Skip to content

Commit

Permalink
Fix manual attributes sanitizing
Browse files Browse the repository at this point in the history 
Fix search extensions algoritm
  • Loading branch information
@jorikfon
jorikfon committed Sep 19, 2024
1 parent e991ebd commit 48b96ee
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 4 deletions.
6 changes: 3 additions & 3 deletions src/AdminCabinet/Controllers/ExtensionsController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,10 +133,10 @@ private function prepareConditionsForSearchPhrases(string $searchPhrase, array &
$parameters['conditions'] = 'Users.email LIKE :SearchEmail:';
$parameters['bind']['SearchEmail'] = "%{$email}%"; // Use partial matching for email
} elseif (strpos($searchPhrase, 'number:') === 0) {
// If the search phrase starts with 'number:', search by Extensions.number using a LIKE query
// If the search phrase starts with 'number:', search by Extensions.number using a query
$number = substr($searchPhrase, 7); // Remove 'number:' prefix
$parameters['conditions'] = 'Extensions.number LIKE :SearchNumber:';
$parameters['bind']['SearchNumber'] = "%{$number}%"; // Use partial matching for number
$parameters['conditions'] = 'Extensions.number = :SearchNumber:';
$parameters['bind']['SearchNumber'] = $number;
} elseif (strpos($searchPhrase, 'mobile:') === 0) {
// If the search phrase starts with 'mobile:', search by ExternalExtensions.mobile using a LIKE query$mobile = substr($searchPhrase, 7); // Remove 'mobile:' prefix
$mobile = substr($searchPhrase, 7); // Remove 'number:' prefix
Expand Down
1 change: 0 additions & 1 deletion src/PBXCoreREST/Controllers/BaseController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@
use MikoPBX\Common\Providers\BeanstalkConnectionWorkerApiProvider;
use MikoPBX\Core\System\BeanstalkClient;
use MikoPBX\PBXCoreREST\Http\Response;
use MikoPBX\PBXCoreREST\Lib\PBXApiResult;
use MikoPBX\PBXCoreREST\Lib\PbxExtensionsProcessor;
use Phalcon\Filter;
use Phalcon\Mvc\Controller;
Expand Down
11 changes: 11 additions & 0 deletions src/PBXCoreREST/Controllers/Extensions/PostController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@

use MikoPBX\PBXCoreREST\Controllers\BaseController;
use MikoPBX\PBXCoreREST\Lib\ExtensionsManagementProcessor;
use Phalcon\Filter;

/**
* Handles the POST requests for extensions data.
Expand Down Expand Up @@ -57,6 +58,16 @@ public function callAction(string $actionName): void
// Fetching parameters from POST request
$postData = self::sanitizeData($this->request->getPost(), $this->filter);

// Do not sanitize the sip_manualattributes field
if ($this->request->getPost('sip_manualattributes') !== '') {
$postData['sip_manualattributes'] = $this->request->getPost('sip_manualattributes', FILTER::FILTER_TRIM);
}

// Do not sanitize passwords
if ($this->request->getPost('sip_secret') !== '') {
$postData['sip_secret'] = $this->request->getPost('sip_secret');
}

$this->sendRequestToBackendWorker(ExtensionsManagementProcessor::class, $actionName, $postData);
}
}

0 comments on commit 48b96ee

Please sign in to comment.