[asterisk-bugs] [JIRA] (ASTERISK-25996) Remove "live_dangerously" requirement on DB(read)
Andrew Nagy (JIRA)
noreply at issues.asterisk.org
Wed Jul 27 19:05:56 CDT 2016
[ https://issues.asterisk.org/jira/browse/ASTERISK-25996?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=231598#comment-231598 ]
Andrew Nagy commented on ASTERISK-25996:
----------------------------------------
Hey Richard,
That's actually how I originally ran into the issue :-)
Just letting you know :-)
> Remove "live_dangerously" requirement on DB(read)
> -------------------------------------------------
>
> Key: ASTERISK-25996
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-25996
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Core/General, Core/SQLite3
> Affects Versions: 11.21.2, 13.8.2
> Reporter: Andrew Nagy
> Assignee: Richard Mudgett
> Severity: Minor
>
> Please Remove the "live_dangerously" requirement on DB(read). This unintentionally breaks AMI commands like extensionState when calling dynamic hints based on DB values.
> EG:
> {code}
> exten => _*992*3*X.,1,Hangup
> exten => _*992*3*X.,hint,${DB(restapps/hints/conference/${EXTEN:7})}
> {code}
> {code}
> freepbxdev1*CLI> database show restapps/hints/conference
> /restapps/hints/conference/1000 : confbridge:81000&confbridge:81001
> {code}
> When I run extensionState over the AMI against "*992*3*1000" the DB read command is blocked because it's "dangerous"
> {code}
> dangerous DB read operation blocked
> {code}
> I don't think a DB read at a hint level should be blocked. Furthermore requiring "live_dangerously" to make this even work is even scarier (and something I don't want to entertain :-) )
> Some history:
> {quote}
> 1:34 PM <tm1000> if a phone subscribes to said hint instead it works.
> 1:35 PM <tm1000> its just if I asked for the hint through extensionState first before the phone ever did the hint is effectively broken forever
> 1:35 PM <gtjoseph> so you're getting the “dangerous DB read operation blocked" when calling ExtensionState??
> 1:36 PM <gtjoseph> maybe i need to test again with a pattern match.
> 1:36 PM <gtjoseph> because i get no attempt to even call the DB function
> 1:37 PM <@file> for pattern matches the act of requesting or subscribing will in and of itself create a specific hint and evaluate the passed variables/contents
> 1:37 PM <gtjoseph> yeah, i dimly remember that
> 1:40 PM <gtjoseph> ok, it works with DB(read) allowed in AMI.
> 1:41 PM <gtjoseph> tm1000: can you open a separate issue to remove the "live_dangerously" restriction on DB(read)?
> 1:45 PM <tm1000> gtjoseph: sure
> 1:45 PM <tm1000> anything you want me to put in the ticket specifically?
> 1:46 PM <gtjoseph> just the requirement. not sure how to do it securely.
> {quote}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list