Add additional security improvements to the dev branch.

includes/captcha/img.php

@@ -95,7 +95,6 @@ function imagettfbbox_custom($size, $angle, $font, $text) {
   return $bbox;
 }
 
-
 // Create the image
 $size = imagettfbbox_custom($fontsize, 0, $font, $text);
 $width = $size[2] + $size[0] + 8;
@@ -120,4 +119,4 @@ header("Content-type: image/png");
 // Using imagepng() results in clearer text compared with
 imagepng($im);
 imagedestroy($im);
-?>
+?>

includes/checkauth.php

@@ -100,7 +100,7 @@ session_start();
 			if ($auth_failed) {
 				//log the failed auth attempt to the system, to be available for fail2ban.
 					openlog('FusionPBX', LOG_NDELAY, LOG_AUTH);
-					syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] authentication failed for ".$_REQUEST["username"]);
+					syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] authentication failed for ".check_str($_REQUEST["username"]));
 					closelog();
 				//redirect the user to the login page
 					$php_self = $_SERVER["PHP_SELF"];

includes/classes/switch_modules.php

@@ -142,8 +142,8 @@ echo $mod->dir."\n";
 						$mod['module_label'] = 'CID Lookup';
 						$mod['module_category'] = 'Applications';
 						$mod['module_description'] = 'Lookup caller id info.';
-						$mod['module_enabled'] = 'true';
-						$mod['module_default_enabled'] = 'true';
+						$mod['module_enabled'] = 'false';
+						$mod['module_default_enabled'] = 'false';
 						break;
 					case "mod_cluechoo":
 						$mod['module_label'] = 'Cluechoo';
@@ -645,8 +645,8 @@ echo $mod->dir."\n";
 						$mod['module_label'] = 'XML RPC';
 						$mod['module_category'] = 'XML Interfaces';
 						$mod['module_description'] = 'XML Remote Procedure Calls. Issue commands from your web application.';
-						$mod['module_enabled'] = 'true';
-						$mod['module_default_enabled'] = 'true';
+						$mod['module_enabled'] = 'false';
+						$mod['module_default_enabled'] = 'false';
 						break;
 					default:
 						$mod['module_category'] = 'Auto';