Filter the input fields to avoid XSS attacks #683

src/AdminCabinet/Controllers/IncomingRoutesController.php

@@ -23,6 +23,7 @@
 use MikoPBX\AdminCabinet\Forms\DefaultIncomingRouteForm;
 use MikoPBX\AdminCabinet\Forms\IncomingRouteEditForm;
 use MikoPBX\Common\Models\{Extensions, IncomingRoutingTable, OutWorkTimesRouts, Sip, SoundFiles};
+use Phalcon\Filter\Filter;
 
 class IncomingRoutesController extends BaseController
 {
@@ -123,7 +124,7 @@ public function modifyAction(string $ruleId = ''): void
         $idIsEmpty = false;
         if (empty($ruleId)) {
             $idIsEmpty = true;
-            $ruleId = (string)($_GET['copy-source'] ?? '');
+            $ruleId = $this->request->get('copy-source', Filter::FILTER_INT, '');
         }
         $rule = IncomingRoutingTable::findFirstByid($ruleId);
         if ($rule === null) {

src/AdminCabinet/Controllers/OutboundRoutesController.php

@@ -22,6 +22,7 @@
 
 use MikoPBX\AdminCabinet\Forms\OutgoingRouteEditForm;
 use MikoPBX\Common\Models\{OutgoingRoutingTable, Providers};
+use Phalcon\Filter\Filter;
 
 class OutboundRoutesController extends BaseController
 {
@@ -72,17 +73,17 @@ public function indexAction(): void
     /**
      * Shows the edit form for an outbound route
      *
-     * @param string $id
+     * @param string $ruleId The ID of the routing rule to edit.
      */
-    public function modifyAction(string $id = ''): void
+    public function modifyAction(string $ruleId = ''): void
     {
         $idIsEmpty = false;
-        if (empty($id)) {
+        if (empty($ruleId)) {
             $idIsEmpty = true;
-            $id = (string)($_GET['copy-source'] ?? '');
+            $ruleId = $this->request->get('copy-source', Filter::FILTER_INT, '');
         }
 
-        $rule = OutgoingRoutingTable::findFirstByid($id);
+        $rule = OutgoingRoutingTable::findFirstByid($ruleId);
         if ($rule === null) {
             $rule = new OutgoingRoutingTable();
             $rule->priority = (int)OutgoingRoutingTable::maximum(['column' => 'priority']) + 1;

src/AdminCabinet/Controllers/ProvidersController.php

@@ -22,6 +22,7 @@
 
 use MikoPBX\AdminCabinet\Forms\{IaxProviderEditForm, SipProviderEditForm};
 use MikoPBX\Common\Models\{Iax, Providers, Sip, SipHosts};
+use Phalcon\Filter\Filter;
 
 class ProvidersController extends BaseController
 {
@@ -60,7 +61,7 @@ public function modifysipAction(string $uniqId = ''): void
         $idIsEmpty = false;
         if (empty($uniqId)) {
             $idIsEmpty = true;
-            $uniqId = (string)($_GET['copy-source'] ?? '');
+            $uniqId = $this->request->get('copy-source', Filter::FILTER_STRING, '');
         }
         /** @var Providers $provider */
         $provider = Providers::findFirstByUniqid($uniqId);
@@ -123,7 +124,7 @@ public function modifyiaxAction(string $uniqId = ''): void
         $idIsEmpty = false;
         if (empty($uniqId)) {
             $idIsEmpty = true;
-            $uniqId = (string)($_GET['copy-source'] ?? '');
+            $uniqId = $this->request->get('copy-source', Filter::FILTER_STRING, '');
         }
 
         $provider = Providers::findFirstByUniqid($uniqId);