Fix: Sanitize password to avoid to use the wrapper to inject malicious

paylod into asterisk
Dolibarr · Jun 3, 2024 · d325f2c · d325f2c
1 parent 918c5aa
commit d325f2c
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/htdocs/asterisk/wrapper.php b/htdocs/asterisk/wrapper.php
@@ -118,6 +118,9 @@ function llxFooter()
 $caller = GETPOST('caller', 'alphanohtml');
 $called = GETPOST('called', 'alphanohtml');
 
+// Sanitize password to avoid to use the wrapper to inject malicious paylod into asterisk
+$password = preg_replace('/[\n\r]/', '', $password);
+
 // IP address of Asterisk server
 $strHost = getDolGlobalString('ASTERISK_HOST');