Checking voicemail in ARI

General Help
1

I have a strange issue with ARI when I try to check voicemail.

I have somewhat narrowed it down, but don’t know exactly. It appears the url to the voicemail is encoded and then gets decoded to be played back which would prevent security attacks. My problem seems to be that sometimes the encryption string gets “+” signs replaced with spaces and then the URL doesn’t get decoded properly and I end up with a “File Not Found” error and can’t get my voicemails. Often if I hit refresh enough times, I can get my voicemail once the encoded string doesn’t contain a “+”.

Has anybody else seen this issue?

2

Yes, this is a bug. I will put a patch in shorthly.

Dan
512.791.0137
www.littlejohnconsulting.com

On 6/14/06, tomatopi [email protected] wrote:

[quote] I have a strange issue with ARI when I try to check voicemail.

I have somewhat narrowed it down, but don’t know exactly. It appears the url to the voicemail is encoded and then gets decoded to be played back which would prevent security attacks. My problem seems to be that sometimes the encryption string gets “+” signs replaced with spaces and then the URL doesn’t get decoded properly and I end up with a “File Not Found” error and can’t get my voicemails. Often if I hit refresh enough times, I can get my voicemail once the encoded string doesn’t contain a “+”.

Has anybody else seen this issue?

Amportal-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amportal-users

[/quote]

Amportal-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amportal-users

Post generated using Mail2Forum (http://www.mail2forum.com)

3

I came up with a fix

in /var/www/html/recordings/misc/recording_popup.php

replace
$path = ($crypt->encrypt($_GET[‘recording’],$ARI_CRYPT_PASSWORD));

with
$path = urlencode($crypt->encrypt($_GET[‘recording’],$ARI_CRYPT_PASSWORD));

That seems to have done the trick.