function vm_movfile($extension, $src_folder, $dst_folder, $src_file)
{
    // Prevent path traversal
    if (preg_match('/\\.\\.\\//', $extension)) {
        return false;
    }
    if (preg_match('/\\.\\.\\//', $src_folder)) {
        return false;
    }
    if (preg_match('/\\.\\.\\//', $dst_folder)) {
        return false;
    }
    if (preg_match('/\\.\\.\\//', $src_file)) {
        return false;
    }
    $DST_Extension = vm_files($extension, $dst_folder);
    // Get a list with all messages
    $DST_Extension = array_pop($DST_Extension);
    // Pop the last message from the list
    $DST_Extension = $DST_Extension['no'];
    // Get the msg# of this last message
    $DST_Extension = $DST_Extension + 1;
    // Increment it to find a new msg#
    $dst_file = str_pad($DST_Extension, 4, "0", STR_PAD_LEFT);
    // Pad zeros until we have 4 chars in msg#
    $vm_path_src = '/var/spool/asterisk/voicemail/default/' . $extension . '/' . $src_folder;
    $vm_path_dst = '/var/spool/asterisk/voicemail/default/' . $extension . '/' . $dst_folder;
    $valid_ext = array('wav', 'WAV', 'gsm', 'txt');
    foreach ($valid_ext as $ext) {
        exec("mv '{$vm_path_src}/msg{$src_file}.{$ext}' '{$vm_path_dst}/msg{$dst_file}.{$ext}'", $output);
    }
}
Example #2
0
function Voicemail()
{
    global $mysqli;
    $session =& $_SESSION['User_Voicemail'];
    $smarty = smarty_init(dirname(__FILE__) . '/templates');
    // Init message (Message)
    $Message = isset($_REQUEST['msg']) ? $_REQUEST['msg'] : "";
    // Init no element on page (PageSize)
    $PageSize = 50;
    // Init current folder (Path)
    if ($_REQUEST['Path'] != '') {
        $Path = $_REQUEST['Path'];
    } elseif ($session['Path']) {
        $Path = $session['Path'];
    } else {
        $Path = 'INBOX';
    }
    $session['Path'] = $Path;
    if ($_REQUEST['action'] == 'delete' && $_REQUEST['Messages']) {
        foreach ($_REQUEST['Messages'] as $Message) {
            vm_delfile($_SESSION['_USER']['Extension'], $Path, $Message);
        }
    }
    if ($_REQUEST['action'] == 'move' && $_REQUEST['Messages']) {
        foreach ($_REQUEST['Messages'] as $Message) {
            vm_movfile($_SESSION['_USER']['Extension'], $Path, $_REQUEST['MoveFolder'], $Message);
        }
    }
    // Init sort order (Order)
    if ($session['Sort'] == $_REQUEST['Sort']) {
        $Order = $session['Order'] == "asc" ? "desc" : "asc";
    } elseif ($session['Sort'] != $_REQUEST['Sort']) {
        $Order = 'asc';
    }
    $session['Order'] = $Order;
    // Init sort field (Sort)
    if (isset($_REQUEST['Sort'])) {
        $Sort = $_REQUEST['Sort'];
    } else {
        $Sort = 'no';
    }
    $session['Sort'] = $Sort;
    // Init listing start (Start)
    if (isset($_REQUEST['Start'])) {
        $Start = $_REQUEST['Start'];
    } else {
        $Start = 0;
    }
    // Init available mailboxes
    $query = "\n\t\tSELECT\n\t\t\tLPAD(Extension,5,' ')          AS Extension,\n\t\t\tName\n\t\tFROM\n\t\t\tExtensions\n\t\tORDER BY\n\t\t\tExtension\n\t";
    $result = $mysqli->query($query) or die($mysqli->error);
    $Folders = vm_folders($_SESSION['_USER']['Extension']);
    $Messages = vm_files($_SESSION['_USER']['Extension'], $Path);
    $Total = count($Messages);
    array_order($Messages, $Sort, $Order);
    $Messages = array_slice($Messages, $Start, $PageSize);
    $End = $Start + count($Messages);
    $smarty->assign('Folders', $Folders);
    $smarty->assign('Messages', $Messages);
    $smarty->assign('Sort', $Sort);
    $smarty->assign('Order', $Order);
    $smarty->assign('Start', $Start);
    $smarty->assign('End', $End);
    $smarty->assign('Total', $Total);
    $smarty->assign('PageSize', $PageSize);
    $smarty->assign('Message', $Message);
    $smarty->assign('Hilight', isset($_REQUEST['hilight']) ? $_REQUEST['hilight'] : "");
    $smarty->assign('Path', $Path);
    return $smarty->fetch('Voicemail.tpl');
}