[asterisk-bugs] [JIRA] (ASTERISK-25996) Remove "live_dangerously" requirement on DB(read)

Andrew Nagy (JIRA) noreply at issues.asterisk.org
Wed May 4 15:52:56 CDT 2016 

Andrew Nagy created ASTERISK-25996:
--------------------------------------

             Summary: Remove "live_dangerously" requirement on DB(read)
                 Key: ASTERISK-25996
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25996
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
    Affects Versions: 13.8.2, 11.21.2
            Reporter: Andrew Nagy
            Severity: Minor


Please Remove the "live_dangerously" requirement on DB(read). This unintentionally breaks AMI commands like extensionState when calling dynamic hints based on DB values.

EG:
{code}
exten => _*992*3*X.,1,Hangup
exten => _*992*3*X.,hint,${DB(restapps/hints/conference/${EXTEN:7})}
{code}

{code}
freepbxdev1*CLI> database show restapps/hints/conference
/restapps/hints/conference/1000                   : confbridge:81000&confbridge:81001
{code}

When I run extensionState over the AMI against "*992*3*1000" the DB read command is blocked because it's "dangerous" 

{code}
dangerous DB read operation blocked
{code}

I don't think a DB read at a hint level should be blocked. Furthermore requiring "live_dangerously" to make this even work is even scarier (and something I don't want to entertain :-) )

Some history:

{quote}
1:34 PM <tm1000> if a phone subscribes to said hint instead it works.
1:35 PM <tm1000> its just if I asked for the hint through extensionState first before the phone ever did the hint is effectively broken forever
1:35 PM <gtjoseph> so you're getting the  “dangerous DB read operation blocked" when calling ExtensionState??
1:36 PM <gtjoseph> maybe i need to test again with a pattern match.
1:36 PM <gtjoseph> because i get no attempt to even call the DB function
1:37 PM <@file> for pattern matches the act of requesting or subscribing will in and of itself create a specific hint and evaluate the passed variables/contents
1:37 PM <gtjoseph> yeah, i dimly remember that
1:40 PM <gtjoseph> ok, it works with DB(read) allowed in AMI.
1:41 PM <gtjoseph> tm1000: can you open a separate issue to remove the "live_dangerously" restriction on DB(read)?
1:45 PM <tm1000> gtjoseph: sure
1:45 PM <tm1000> anything you want me to put in the ticket specifically?
1:46 PM <gtjoseph> just the requirement.  not sure how to do it securely.
{quote}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list