aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xcontrib/scripts/vmail.cgi10
1 files changed, 6 insertions, 4 deletions
diff --git a/contrib/scripts/vmail.cgi b/contrib/scripts/vmail.cgi
index 5a428970d..4ac1c8579 100755
--- a/contrib/scripts/vmail.cgi
+++ b/contrib/scripts/vmail.cgi
@@ -545,14 +545,16 @@ _EOH
sub message_audio()
{
my ($forcedownload) = @_;
- my $folder = param('folder');
- my $msgid = param('msgid');
- my $mailbox = param('mailbox');
- my $context = param('context');
+ my $folder = &untaint(param('folder'));
+ my $msgid = &untaint(param('msgid'));
+ my $mailbox = &untaint(param('mailbox'));
+ my $context = &untaint(param('context'));
my $format = param('format');
if (!$format) {
$format = &getcookie('format');
}
+ &untaint($format);
+
my $path = "/var/spool/asterisk/voicemail/$context/$mailbox/$folder/msg${msgid}.$format";
$msgid =~ /^\d\d\d\d$/ || die("Msgid Liar ($msgid)!");
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 16:00:33 +0000