Elastix MT ALPHA3 – Changelog

Elastix 3.0.0 ALPHA 3 – The trunk of svn until 29_05_2013 – SVN# 5046
——————————————————————————–
ELASTIX FRAMEWORK

– CHANGED: Framework: require paloSantoPDF.class.php inside the only method
that actually requires its class paloPDF, rather than every time
paloSantoGrid is required.
SVN Rev[5034]
– CHANGED: Framework: introduce new setting ‘uelastix’. This flag will be set
for uElastix images and absent/unset on ordinary systems. When set, the
framework will enable a number of optimizations to improve performance in the
ARM environment. Currently setting this flag disables tracking of menu
history and enables caching of authorized modules in the session variable
‘elastix_user_permission’.
FIXED: Framework: restore use of settings table in elastix.db, and fix the
functions get_key_settings and set_key_settings to use the changed column
name.
SVN Rev[5033]
– FIXED: Framework: do not use HTTP_HOST to build redirects and other URLs in
REST services, as it is attacker-controlled. Pointed out by Fortify report.
SVN Rev[5010]
– FIXED: Framework: do not echo back the invalid e-mail address to prevent XSS.
Pointed out by Fortify report.
SVN Rev[5008]
– FIXED: Framework: escape id_nodo, name_nodo in main help system. Pointed out
by Fortify report.
SVN Rev[5006]
– FIXED: Framework: fix incorrect validation of valid idUser in method
isUserAdministratorGroup.
SVN Rev[5001]
– CHANGED: Framework: replace unserialize with implode/explode in help system.
SVN Rev[4995]
– CHANGED: Framework: remove unneeded sudo chown from paloSantoConfig as was
done for Elastix 2.
SVN Rev[4987]
– FIXED: Framework: remove all dangerous commands from sudoers as was done for
Elastix 2. Conflicts with elastix-email_admin-3.0.0-2.
SVN Rev[4985]
– FIXED: Framework: remove several opportunities for command injection in
paloSantoOrganization, paloSantoAsterisk, paloSantoPBX. Pointed out by
Fortify report.
SVN Rev[4964]
– FIXED: Framework: remove XSS bug on module name in help system.
SVN Rev[4927]
– DELETED: Framework: remove several unused files and directories of examples
and documentation for various libraries shipped with Elastix Framework.
SVN Rev[4926]
– CHANGED: Themes: check that selected theme is a valid name that exists in the
themes directory.
SVN Rev[4911]
– CHANGED: Framework: change registration text to point out that registration
is now required for installation of all addons through the web interface.
Part of fix for Elastix bug #1543.
SVN Rev[4909]
– CHANGED: Framework: use strpos instead of dynamic regexp in module search
SVN Rev[4883]
– CHANGED: Framework: reimplement several widget helper methods to receive the
database connection used for authentication instead of opening a duplicate.
SVN Rev[4873]
– CHANGED: Framework: reimplement putMenuAsBookmark to receive additional
parameters of database connections, instead of opening duplicates.
SVN Rev[4872]
– CHANGED: Framework: reorganization of menu management and theme
encapsulation:
– The implementation of paloSantoNavigation has been rewritten and
considerably simplified. The previous implementation maintained the menu
items as a simple list with parents weakly linked through the IdParent
property, and every query of the children of such items required a walk of
the entire node list. This walk, as well as the walk required to choose the
module to display given the menu item, were open-coded through the
implementation and involved several node copies. The new implementation
builds references between parents and children in the constructor, and then
relies mainly on these references to select the module to display. This
allows the menu walk to be implemented once, to be shorter, and the overall
code to be considerably simplified.
– The menu walking code does not assume a maximum menu depth. This removes
several kludges (mainly in showContent) that stemmed from the previous
implementation assuming a two-level menu and then hurriedly adapted to
support three-level menus.
– The menu node assignment has been unified. Since the nodes have children
lists and the HasChild property is actively maintained, themes no longer
require a separate menu list for second-level menu decorations. This affects
the elastixneo and elastixwave themes.
– Second-level popup menu tables have been pushed into the themes where they
belong. This affects the following themes: al elastixwine giox slashdot.
– Theme-specific menu manipulation (elastixneo) has been abstracted out of
paloSantoNavigation and into a new per-theme library inside themesetup.php.
– Several widget-rendering operations that require database access have also
been abstracted out of paloSantoNavigation and index.php. Since the only
theme that makes use of these widgets is elastixneo, the calls have been
moved into its themesetup.php file.
– The modified index.php no longer assigns the selected menu item to a
session variable. This may break some addons that depend on this.
SVN Rev[4871]
– CHANGED: Framework: move implementation of loadShortcut out of
paloSantoNavigation and into misc.lib.php, thus making paloSantoNavigation
almost identical between 2.4.0 and trunk.
SVN Rev[4870]
– CHANGED: Framework: push out bookmark/history shortcut layout into a separate
template, moving this layout concern out of paloSantoNavigation.
SVN Rev[4869]
– CHANGED: Framework: move remainder of requests to elastixutils module. Handle
elastixutils before entering paloSantoNavigation to prevent assignment to
session variable.
SVN Rev[4868]
– CHANGED: Framework: the following requests now send the current module ID and
attempt to route to the elastixutils module: addBookmark, deleteBookmark,
save_sticky_note, get_sticky_note, saveNeoToggleTab.
SVN Rev[4867]
– FIXED: Framework: many legacy themes displayed help link incorrectly for
third level modules. Fixed.
ADDED: Framework: add hidden input tag elastix_framework_module_id that
contains the ID of the current module displayed.
SVN Rev[4866]
– FIXED: Framework: main theme needs to be explicitly queried, which broke help
navigation. Fixed. Also load default timezone on help scripts.
SVN Rev[4865]
– FIXED: Framework: giox theme displayed help link incorrectly for third-level
modules. Fixed.
SVN Rev[4864]
– CHANGED: Framework: move changeColorMenu functionality to elastixutils.
SVN Rev[4863]
– CHANGED: Framework: move search_module functionality to elastixutils.
SVN Rev[4862]
– CHANGED: Framework: unify paloSantoNavigation implementations as much as
possible between 2.4.0 and trunk for easier analysis.
SVN Rev[4861]
– CHANGED: Framework: move changePasswordElastix functionality to elastixutils.
SVN Rev[4859]
– ADDED: Framework: introduce hidden module _elastixutils. This module will
contain various utilities for widgets in the Elastix Web GUI. This allows a
cleanup of index.php, by removing functionality that does not belong in the
router and authorization code. As a proof of concept, the package version
query was moved to _elastixutils. In the process, the query was reimplemented
to issue a single rpm command instead of multiple ones, and achieving a 50%
speedup. This also makes /usr/bin/versionPaquetes.sh obsolete so it is now
removed.
SVN Rev[4858]
– CHANGED: Applet Admin: use supplied module_name instead of getting variable
from session. The package elastix-framework needs a Conflicts with previous
versions of elastix-system.
SVN Rev[4857]
– CHANGED: Framework: remove useless developerMode variable
SVN Rev[4856]
– CHANGED: Framework: make some variables of paloSantoNavigation private.
SVN Rev[4855]
– CHANGED: Framework: make some methods of paloSantoNavigation private.
SVN Rev[4854]
– CHANGED: Framework: (trivial) Make input widgets for blackmin rounded like
they are for elastixneo.
CHANGED: Framework: Display no-data placeholder on list template for
blackmin.
SVN Rev[4851]
– FIXED: Framework: Every single request to PHP code tried to access a file
/etc/asterisk/vm_email.inc from FreePBX that no longer exists in Elastix 3.
Removed offending code.
SVN Rev[4850]
– FIXED: Framework: SVN commit #4051 changed elastixneo theme to run with
updated menus, but blackmin/giox themes were forgotten. Fixed.
SVN Rev[4849]
– FIXED: Userlist: remove XSS bug through user-supplied
orgname/username/address.
SVN Rev[4848]
– CHANGED: Framework – Libs: Was made chaned in lib extension.class.php. Class
ext_return was added attribute return_value. Also was made changed in libs
paloSantoASteriskConfig in order to set nat=yes in the default configurations
at the moment to create a sip account
SVN Rev[4827]
ELASTIX ADDITIONALS

– FIXED: Framework: remove all dangerous commands from sudoers as was done for
Elastix 2. Conflicts with elastix-email_admin-3.0.0-2.
SVN Rev[4985]
– ADDED: Framework: introduce hidden module _elastixutils. This module will
contain various utilities for widgets in the Elastix Web GUI. This allows a
cleanup of index.php, by removing functionality that does not belong in the
router and authorization code. As a proof of concept, the package version
query was moved to _elastixutils. In the process, the query was reimplemented
to issue a single rpm command instead of multiple ones, and achieving a 50%
speedup. This also makes /usr/bin/versionPaquetes.sh obsolete so it is now
removed.
SVN Rev[4858]
– CHANGED: yum.repos.d – elastix-repo: The version of repo it has been
configured for Elx 3 correctly
SVN Rev[4800]
ADDONS MODULE

– FIXED: Addons: enforce single rpm per request. Fix potential limited command
injection on addon delete. Pointed out by Fortify report.
SVN Rev[4966]
– CHANGED: Addon spec file, added validation to remove postgresql repo for
architectures different to i386, i686 and x86_64
SVN Rev[4609]
AGENDA MODULE

– FIXED: Calendar: remove an useless sleep() call in the method to check
whether the Festival TTS service is up.
SVN Rev[5050]
– FIXED: Batch of Endpoints: remove unnecessary and risky copy of uploaded
file. Pointed out by Fortify report.
FIXED: Agenda: remove unnecessary and risky copy of uploaded file. Pointed
out by Fortify report.
SVN Rev[4998]
– CHANGED: Calendar: check that event ID is numeric before saving it. Pointed
out by Fortify report.
SVN Rev[4981]
– CHANGED: Calendar: check that event ID is numeric before saving it. Pointed
out by Fortify report.
SVN Rev[4975]
– FIXED: Calendar: check that notification phone is numeric, and disallow
newlines on TTS text. Fixes Elastix bug #1549.
SVN Rev[4912]
– FIXED: Address Book: check that phone number is numeric on contacts CSV
upload. Fixes Elastix bug #1548.
SVN Rev[4910]
– FIXED: Calendar: remove bogus compare of translated ajax response field to
hardcoded untranslated string. Apparently the check serves no purpose, and
breaks loading of event data in languages other than English.
SVN Rev[4884]
– FIXED: modules: calendar: Fixed CallerId in calendar event and resize of
calendar
SVN Rev[4611]
EMAIL_ADMIN MODULE

– CHANGED: Email Relay: port implementation from Elastix 2 into Elastix 3 to
get a base implementation free from sudo chown (which no longer works).
SVN Rev[4984]
– CHANGED: Remote SMTP: use SQL parameters for status update, and validate it.
SVN Rev[4983]
– CHANGED: Remote SMTP: port implementation from Elastix 2 into Elastix 3 to
get a base implementation free from sudo chown (which no longer works).
SVN Rev[4982]
– CHANGED: Vacations: add shell escaping to fix potential code injection
vulnerabilities in vacation script configuration. Pointed out by Fortify
report.
SVN Rev[4973]
– CHANGED: Antispam: port implementation from Elastix 2 into Elastix 3 to get a
base implementation free from sudo chown (which no longer works).
SVN Rev[4957]
– CHANGED: Apps – Modules/Email_Admin: Was made changing in libs
paloSantoEmail.class.php. Now function are implement using the provaliged
script email_account. This was made in order to eliminate the use of sudo in
code
SVN Rev[4601]
FAX MODULE

– FIXED: remove several instances of command injection vulnerabilities in
paloSantoFax and in privileged script. Use SQL parameters in privileged
script. Pointed out by Fortify report.
SVN Rev[4962]
– CHANGED: Apps – Modules/Fax: Was made changing in lib paloSantoFax.class.php
to add new funtions use at the moment to delete a organization
SVN Rev[4602]
PBX MODULE

– DELETED: pbxadmin: remove entire module folder. This module is a wrapper for
freePBX which was removed in Elastix 3.
SVN Rev[5003]
– FIXED: Endpoint Configurator: add missing check for IPv4 address format.
Pointed out by Fortify report.
SVN Rev[4999]
– FIXED: Batch of Endpoints: remove unnecessary and risky copy of uploaded
file. Pointed out by Fortify report.
FIXED: Agenda: remove unnecessary and risky copy of uploaded file. Pointed
out by Fortify report.
SVN Rev[4998]
– CHANGED: Asterisk CLI: rewrite to use escapeshellarg properly instead of
reimplementing special character filtering. Remove bogus unused library.
SVN Rev[4992]
– CHANGED: Asterisk CLI: rewrite to use escapeshellarg properly instead of
reimplementing special character filtering. Remove bogus unused library.
SVN Rev[4991]
– FIXED: Recordings: fix a number of command injection vulnerabilities. Replace
calls to exec with corresponding internal functions for mkdir(). Clean up
code indentation. Pointed out by Fortify report.
SVN Rev[4977]
– CHANGED: asteriskconfig: remove some unnecessary exec() calls for chmod. Fix
a potential arbitrary file deletion vulnerability through organization change
code.
SVN Rev[4965]
– CHANGED: Extensions Batch: rewrite the entire module to get rid of multiple
opportunities for SQL injection and code execution. Tighten up and centralize
validations on CSV fields. Improve readability and make the code smaller.
SVN Rev[4955]
– FIXED: Control Panel: validate several parameters before building AMI
requests with them. More of the same.
SVN Rev[4918]
– FIXED: Conference: validate several conference parameters before building AMI
requests with them. Fixes Elastix bug #1551.
SVN Rev[4915]
– CHANGED: Apps – PBX: Was made changes in spec file to include the creation of
file /etc/asterisk/vm_general_custom.conf in the post section
SVN Rev[4914]
– FIXED: Apps – PBX: Was fixed bug in file /etc/asterisk/iax.cof. This file
made include to a file doesn’t exist
SVN Rev[4913]
– ADDED: Added new file of sql commands for new phones models in endpoint
database.
SVN Rev[4905]
– ADDED: support for new vendor Voptech VI2006, VI2007, VI2008.
SVN Rev[4904]
– CHANGED: endpoint_configurator : support for new vendor Voptech VI2006,
VI2007, VI2008.
SVN Rev[4902]
– CHANGED: endpoint_configurator : support for new vendor Voptech VI2006,
VI2007, VI2008.
SVN Rev[4901]
– FIXED: Voicemail: check that voicemail password is numeric before writing
configuration. Fixes Elastix bug #1547.
SVN Rev[4886]
– FIXED: Voicemail: check that specified extension belongs to user before
deleting voicemail. Fixes Elastix bug #1546.
SVN Rev[4885]
– CHANGED: Apps – PBX: Fixed error in database schema elxpbx. Bad default value
to field saydurationm in table voicemail_general
SVN Rev[4833]
REPORTS MODULE

– FIXED: Billing Rates: remove unnecessary and risky copy of uploaded file, and
remove unnecessary load of same file via file() which was left unused.
Pointed out by Fortify report.
SVN Rev[4997]
– FIXED: Missed Calls: reimplement SQL query in order to substantially reduce
the number of records that must be examined by PHP code before generating the
report. This allows the report to work with much larger date ranges, or in
more busy systems, without hitting a PHP execution time timeout. Fixes
Elastix bug #1527.
SVN Rev[4908]
– FIXED: Summary by Extension: source extension must be queried in both src and
srcchannel. Ditto with dst and dstchannel. Also unify extension filtering on
paloSantoCDR to look up extension on channels. Fixes Elastix bug #1545. Might
also fix Elastix bugs #567, #707, #1322.
SVN Rev[4907]
– FIXED: Its no more necesary to resize the popups in certain windows of
elastix environment. Fixes Elastix BUG #1445 – item 8
SVN Rev[4587]
– CHANGED: Apps – Reports: Was made changes in libs paloSantoCDR.class.php to
add support to multitenant architecture
SVN Rev[4539]
– DELETED: Apps – Reports/asteriskcdrdb: was removed sql file
2.0.4-15.sql-3.0.0-0.sql added in commit 4537
SVN Rev[4538]
– ADD: Apps – Reports: Was add file 2_2.0.4-15_3.0.0-0.sql. This file add
columns orgation_domain toout fromout to cdr table
SVN Rev[4537]
– ADDED: Apps – Reports: Was added new implementation of cdrreports module.
This module implement support to query the cdr for calltype and organization.
Was remove support to soap until new implementations
SVN Rev[4535]
– DELETE: Apps – Reports: Was delete ,module cdrreport. This module will be
replace with a new implementation
SVN Rev[4534]
– FIXED: Summary by Extension: do not use or add number of calls on URL. Read
this number from the database instead. Fixes part 2 of Elastix bug #1416.
SVN Rev[4482]
SECURITY MODULE

– CHANGED: Weak Keys: expose database errors for later debugging.
SVN Rev[4882]
– CHANGED: Weak Keys: hardcode /etc instead of using missing ASTETCDIR.
SVN Rev[4881]
– CHANGED: Advanced Settings: remove bogus attempt to read nonexistent FreePBX
blocking status.
SVN Rev[4880]
– FIXED: Firewall Rules: change layout on New Rule form to be more compatible
across browsers. Fixes Elastix bug #1481.
SVN Rev[4683]
– CHANGED: modules – file_editor – sec_weak_keys: Fixed item 4 and 5 from bug
1416, keep search filter in file_editor and change Reason for Status in
sec_weak_keys
SVN Rev[4503]
SYSTEM MODULE

– FIXED: Backup/Restore: fix regression in restore functionality due to missing
quotation marks for string expression.
SVN Rev[5051]
– FIXED: Date/Time: fix incorrect formatting of date for ticking clock.
SVN Rev[5048]
– FIXED: Dashboard: fix overlapping text in System Resources applet on
blackmin.
SVN Rev[5046]
– CHANGED: Dashboard: to check whether a service is enabled, the code now runs
a glob and caches the results instead of spawning a ls and a grep. Also add
support for systemd services.
SVN Rev[5045]
– CHANGED: Dashboard: request several applets concurrently instead of
sequentially.
SVN Rev[5044]
– CHANGED: Dashboard: set up an HTML version of the gauges used in the Hard
Disks and System Resources applets, and use them if the uelastix flag is set.
This is required to skip generation of the corresponding graphic, which is
costly on ARM uElastix.
SVN Rev[5042]
– CHANGED: Dashboard: the Hard Disks applet does not call the method
getSysInfo() anymore, but uses popen() on two commands in an attempt to run
them in parallel. This saves some unnecessary file opens in /proc as well as
an unneeded usleep().
SVN Rev[5038]
– CHANGED: Dashboard: the System Resources applet does not call the method
getSysInfo() anymore, but discrete functions. This saves two unnecessary
process spawns and at least one disk hit for unused free space information.
SVN Rev[5036]
– CHANGED: Dashboard: synchronize as much as possible between 2.4 and trunk for
easier analysys.
SVN Rev[5035]
– CHANGED: Hardware Detector: move hardware_detector script to the directory
/usr/share/elastix/privileged/ as was done in Elastix 2.
SVN Rev[4986]
– FIXED: Backup/Restore: fix some potential code injection vulnerabilities.
Pointed out by Fortify report.
SVN Rev[4978]
– FIXED: Packages: fix several code injection and SQL injection
vulnerabilities. Pointed out by Fortify report.
SVN Rev[4971]
– CHANGED: Currency: remove dead code. Elastix 3 requires an reimplementation
using the organization properties table.
SVN Rev[4879]
– CHANGED: DHCP Client List: remove unnecessary call to filesize() on lease
list file. It causes problems on a zero size lease list.
SVN Rev[4877]
– CHANGED: DHCP Server: since DHCP server configuration is done entirely via
the privileged script, the database parameter for the constructor to
PaloSantoDHCP is unnecessary and has been removed.
SVN Rev[4876]
– CHANGED: Applet Admin: use supplied module_name instead of getting variable
from session. The package elastix-framework needs a Conflicts with previous
versions of elastix-system.
SVN Rev[4857]
– FIXED: Userlist: remove XSS bug through user-supplied
orgname/username/address.
SVN Rev[4848]
– FIXED: Backup/Restore: work around a jQueryUI Droppable bug in which a <ul>
list of initial height 0 will not trigger drop event if dragged element
triggers a resize of the list. Fixes Elastix bug #1526.
SVN Rev[4846]
– CHANGED: Backup/Restore: replace remote filelist filter implementation with a
more compact version using regexps, with note about assumed workaround in
previous implementation.
SVN Rev[4844]
– FIXED: Backup/Restore: some restore operations overwrite known passwords,
such as the root mysql password and the ami manager password. If passwords
are changed between a backup and a restore on the same system, or a backup is
restored on a system with different passwords, the freepbx interface will
break due to password mismatch. Fix by restoring passwords from elastix.conf.
Fixes Elastix bug #1462.
SVN Rev[4660]

0 comentarios

Dejar un comentario

¿Quieres unirte a la conversación?
Siéntete libre de contribuir

Leave a Reply

Your email address will not be published. Required fields are marked *