Tracking issue for the smaller findings from the recent full-codebase review. Filing individually as the work begins.
Medium
ListCallForwards — use BMO Core->getAllUsers() instead of direct SELECTListExtensionRange — validate from/to are numeric and from <= toListBackupRuns — full filesystem paths in response at read-tierGetVoicemail — count(glob(...)) is a TypeError in PHP 8.1+ if glob returns falseDialplanFile — exec() fallback at lines 169-171 outside runFwconsole wrapperGetExternalIp — no exit code check, returns empty on failureDeleteSavedQuery — missing dry_run key in success responseGetTimeGroup — fragile positional array access $group[1]GetAllRingGroups — returns raw grplist string; inconsistent with GetRinggroupRunSavedQuery — no cURL timeoutQueuePauseAgent — string "false" is truthyMuteCall — direction parameter unvalidatedSetRecording — reflects $_SERVER['HTTP_HOST'] into response URLTraceCallFlow — dead branch at lines 168-186 misclassifies ext-local voicemailListBackupJobs / ListBackupRuns — duplicated helper methodsGetAdvancedSetting — typo CLOBERFREEPBXCONF should be CLOBBERFREEPBXCONFPm2Manage — dynamic method dispatch instead of explicit matchExportCsv, GetFailedCalls, GetPeakHours, GetBusiestExtensions, GetCdrStats — $limit concatenated into SQL via (int) cast (not exploitable but inconsistent)ExportCsv — no cleanup mechanism for generated CSVs; PII accumulates on disk
Low / housekeeping
~20 tools with single-line execute() bodies (diff/review friction)
Tools returning raw AMI/fwconsole strings instead of structured data (ListChannels, ListSipPeers, ListSounds)
Duplicate tools to consolidate: GetBackup/GetBackupDetails, GetVoicemail/GetMailbox, GetQueue/GetQueueDetails
Many tools missing explicit permissionLevel() (see also Multi-PBX fleet management #3
DisableExtension description says "Delete/disable" but hard-deletesLintTypeahead.php — dead extractKeyword() methodAuditSearch.php — dead $db variableLegacy requiredPermission() returns non-null strings that aren't enforced
Tracking issue for the smaller findings from the recent full-codebase review. Filing individually as the work begins.
Medium
ListCallForwards— use BMOCore->getAllUsers()instead of direct SELECTListExtensionRange— validate from/to are numeric and from <= toListBackupRuns— full filesystem paths in response at read-tierGetVoicemail—count(glob(...))is a TypeError in PHP 8.1+ if glob returns falseDialplanFile—exec()fallback at lines 169-171 outsiderunFwconsolewrapperGetExternalIp— no exit code check, returns empty on failureDeleteSavedQuery— missingdry_runkey in success responseGetTimeGroup— fragile positional array access$group[1]GetAllRingGroups— returns raw grplist string; inconsistent withGetRinggroupRunSavedQuery— no cURL timeoutQueuePauseAgent— string"false"is truthyMuteCall—directionparameter unvalidatedSetRecording— reflects$_SERVER['HTTP_HOST']into response URLTraceCallFlow— dead branch at lines 168-186 misclassifies ext-local voicemailListBackupJobs/ListBackupRuns— duplicated helper methodsGetAdvancedSetting— typoCLOBERFREEPBXCONFshould beCLOBBERFREEPBXCONFPm2Manage— dynamic method dispatch instead of explicit matchExportCsv,GetFailedCalls,GetPeakHours,GetBusiestExtensions,GetCdrStats—$limitconcatenated into SQL via(int)cast (not exploitable but inconsistent)ExportCsv— no cleanup mechanism for generated CSVs; PII accumulates on diskLow / housekeeping
execute()bodies (diff/review friction)ListChannels,ListSipPeers,ListSounds)GetBackup/GetBackupDetails,GetVoicemail/GetMailbox,GetQueue/GetQueueDetailspermissionLevel()(see also Multi-PBX fleet management #3)DisableExtensiondescription says "Delete/disable" but hard-deletesLintTypeahead.php— deadextractKeyword()methodAuditSearch.php— dead$dbvariablerequiredPermission()returns non-null strings that aren't enforced