Merged revisions 314628 via svnmerge from
[asterisk/asterisk.git] / main / manager.c
index da0523b..784b379 100644 (file)
@@ -3891,6 +3891,27 @@ static int action_originate(struct mansession *s, const struct message *m)
                ast_format_cap_remove_all(cap);
                ast_parse_allow_disallow(NULL, cap, codecs, 1);
        }
+
+       if (!ast_strlen_zero(app)) {
+               /* To run the System application (or anything else that goes to
+                * shell), you must have the additional System privilege */
+               if (!(s->session->writeperm & EVENT_FLAG_SYSTEM)
+                       && (
+                               strcasestr(app, "system") ||      /* System(rm -rf /)
+                                                                    TrySystem(rm -rf /)       */
+                               strcasestr(app, "exec") ||        /* Exec(System(rm -rf /))
+                                                                    TryExec(System(rm -rf /)) */
+                               strcasestr(app, "agi") ||         /* AGI(/bin/rm,-rf /)
+                                                                    EAGI(/bin/rm,-rf /)       */
+                               strstr(appdata, "SHELL") ||       /* NoOp(${SHELL(rm -rf /)})  */
+                               strstr(appdata, "EVAL")           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
+                               )) {
+                       astman_send_error(s, m, "Originate with certain 'Application' arguments requires the additional System privilege, which you do not have.");
+                       res = 0;
+                       goto fast_orig_cleanup;
+               }
+       }
+
        /* Allocate requested channel variables */
        vars = astman_get_variables(m);
 
@@ -3928,22 +3949,6 @@ static int action_originate(struct mansession *s, const struct message *m)
                        }
                }
        } else if (!ast_strlen_zero(app)) {
-               /* To run the System application (or anything else that goes to shell), you must have the additional System privilege */
-               if (!(s->session->writeperm & EVENT_FLAG_SYSTEM)
-                       && (
-                               strcasestr(app, "system") ||      /* System(rm -rf /)
-                                                                    TrySystem(rm -rf /)       */
-                               strcasestr(app, "exec") ||        /* Exec(System(rm -rf /))
-                                                                    TryExec(System(rm -rf /)) */
-                               strcasestr(app, "agi") ||         /* AGI(/bin/rm,-rf /)
-                                                                    EAGI(/bin/rm,-rf /)       */
-                               strstr(appdata, "SHELL") ||       /* NoOp(${SHELL(rm -rf /)})  */
-                               strstr(appdata, "EVAL")           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
-                               )) {
-                       astman_send_error(s, m, "Originate with certain 'Application' arguments requires the additional System privilege, which you do not have.");
-                       res = 0;
-                       goto fast_orig_cleanup;
-               }
                res = ast_pbx_outgoing_app(tech, cap, data, to, app, appdata, &reason, 1, l, n, vars, account, NULL);
        } else {
                if (exten && context && pi) {