[asterisk-users] OT - How to stream a A-Law/wav file to a browser ?
Philipp Kempgen
philipp.kempgen at amooma.de
Thu Sep 18 11:54:33 CDT 2008
Gordon Henderson schrieb:
> If the web server is running php, then this will work:
>
> <?
>
> $action = $HTTP_GET_VARS["action"] ;
> $file = $HTTP_GET_VARS["file"] ;
> $caller = $HTTP_GET_VARS["caller"] ;
>
> if (empty ($action) || empty ($file))
> die ("Something went wrong") ;
>
> // Open the file
>
> $fileName = "/prefix/" . $file ;
> $fd = @fopen ($fileName, "rb") ;
Without any validation of the filename?
It could be "../../secret/file".
Philipp Kempgen
--
http://www.das-asterisk-buch.de - http://www.the-asterisk-book.com
Amooma GmbH - Bachstr. 126 - 56566 Neuwied -> http://www.amooma.de
Geschäftsführer: Stefan Wintermeyer, Handelsregister: Neuwied B14998
--
More information about the asterisk-users
mailing list