API PON: added ability to validate ONU's MAC before putting it to caches for further use which is controlled by PON_ONU_MAC_VALIDATE alter.ini option. If MAC is invalid - ONU won't be added to the cache. But this behaviour can be overridden by PON_ONU_MAC_MAKE_RANDOM_IF_INVALID alter.ini option.

SendDog advanced: new API implementation for GradWell SMS.

При неистовом нажатии некоторых кнопок форма в админке может примениться несколько раз до перезагрузки страницы. Например, в модуле addcash это приводит к зачислению двойной суммы на счет пользователю.

Посмотрел сейчас в коде - не нашел защиты от этого. Нужно что-то вроде xsrf токена вешать.

New alter.ini non-mandatory options: ;ASTERISK_CALLRECS_PATH="/var/spool/asterisk/monitor/" ;ASTERISK_CALLRECS_CEL_TAB_NAME=""

Module Asterisk PBX: from now on can show and play and download call recordings. But that's not for sure yet(needs additional tests&reports). Module Dreamkas: fiscal operations displaying bugfixed

https://github.com/nightflyza/Ubilling/blob/10d9802bcca79a1a95f6e7194a27cff1bd9b7519/modules/general/remoteapi/index.php#L456

я не проверял, но что-то мне кажется что оно не работает. Так-же не мешало бы SQL запросы убрать с этого файла.

New alter.ini non-mandatory options: ;ASTERISK_CALLRECS_PATH="/var/spool/asterisk/monitor/" ;ASTERISK_CALLRECS_CEL_TAB_NAME="" ;ASTERISK_CALLRECS_FORMAT="" ;ONLINE_SHOW_LAST_FEECHARGE=0 ;ONLINE_SHOW_PHONES=0 ;TASKMAN_SHOW_DONE_EXTENDED=0 ;TASKMAN_DONE_EXTENDED_ALTERSTYLING=0

Module Asterisk PBX: from now on can show and play and download call recordings. But that's not for sure yet(needs additional tests&reports). Module Dreamkas: fiscal operations displaying bugfixed Module Online: from now on can display subscriber's phones(all phones, including ext mobiles). Only with HP_MODE=1. from now on has an extremely vsratuyu bullshitty ability to display "last fee charge". ONLY with HP_MODE=1. Can awfully slow down the rendering of "Online table" and GUI in general. to work correctly it demands SEPARATE(!) RemoteAPI call to fullfill it's cache with data from stargazer.log don't ask me "For what?"
don't ask me "Why?" just think twice, don't forgot or your system will cry

Module Taskman: from now on can display extended info for done task and to separate the displayin for different views. api.astral: from now on you can use HTML in events titles for a fullcalendar widget. This ability is controlled by 2 additional parameters.

It's so vsratyi gathered PR. I hope it won't blow anything up and no one would have the feeling of "BAMBANULO"...

Module migration2 update:     - added creation of contarct date     - added ability to create occupancy for newly created users if city, street, building and address are not exist     - new features minimally tested

• В функцию wf_TextInput добавлен параметр $pattern, по которому можно фильтровать ввод данных.
• Добавлена проверка ввода геоданных. Пробелы, не существующие координаты - ввести нельзя.
• Теперь принимаются координаты и с - градусами :)
• Исправлен error веб-консоли в файле modules/jsc/sorttable.js
• Небольшая косметика кода в файлах: api.selling.php, api.switches.php

Module banksta2: Update to payments notes: payment date and time from bank statement are now included to payment note, if they are present

SQL: note field for payments and paymentscorr tables extended from varchar(45) to varchar(200) - hope this won't be a trouble?

Если увеличение размера поля note до varchar(200) таки проблема - можем ли мы в принципе его увеличть хоть на сколько-то? Если нет - буду убирать изменения для таблиц payments и paymentscorr.

The Issue

Object Deserialization Injection attacks utilise overly trusted user-controlled input, passed to deserialisation functions. The deserialisation of objects can trigger certain methods within the object, allowing the attacker to perform unauthorised actions like execution of code, disclosure of information, etc.

Where the Issue Occurred

Displayed below is the code where the user input is passed into the deserialisation function:

https://github.com/nightflyza/Ubilling/blob/2c1b339d3ea562f8a352139f41a88e71a5d9115a/modules/general/userreg/index.php#L64

MTSIGMON update: now shows RX/TX signal values if they exist on a polled device. RX stands for signal level with which the AP sees the Client and TX stands for a signal level with which the Client sees AP.

В классах Asterisk and ADcomments - решена проблема передачи времени кэширования системе кэширования. Так-же введена новая система хранилица кэша - REDIS Позже выложу результаты тестирования скорости на рабочей системе.

FreeBSD 13 have new line promt:

Are you sure you want to continue connecting (yes/no/[fingerprint])? expect waits for a timeout to continue typing the password.