[asterisk-bugs] [JIRA] (ASTERISK-25996) Remove "live_dangerously" requirement on DB(read)

George Joseph (JIRA) noreply at issues.asterisk.org
Wed May 4 15:54:56 CDT 2016


     [ https://issues.asterisk.org/jira/browse/ASTERISK-25996?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

George Joseph updated ASTERISK-25996:
-------------------------------------

    Status: Open  (was: Triage)

> Remove "live_dangerously" requirement on DB(read)
> -------------------------------------------------
>
>                 Key: ASTERISK-25996
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25996
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/General, Core/SQLite3
>    Affects Versions: 11.21.2, 13.8.2
>            Reporter: Andrew Nagy
>            Severity: Minor
>
> Please Remove the "live_dangerously" requirement on DB(read). This unintentionally breaks AMI commands like extensionState when calling dynamic hints based on DB values.
> EG:
> {code}
> exten => _*992*3*X.,1,Hangup
> exten => _*992*3*X.,hint,${DB(restapps/hints/conference/${EXTEN:7})}
> {code}
> {code}
> freepbxdev1*CLI> database show restapps/hints/conference
> /restapps/hints/conference/1000                   : confbridge:81000&confbridge:81001
> {code}
> When I run extensionState over the AMI against "*992*3*1000" the DB read command is blocked because it's "dangerous" 
> {code}
> dangerous DB read operation blocked
> {code}
> I don't think a DB read at a hint level should be blocked. Furthermore requiring "live_dangerously" to make this even work is even scarier (and something I don't want to entertain :-) )
> Some history:
> {quote}
> 1:34 PM <tm1000> if a phone subscribes to said hint instead it works.
> 1:35 PM <tm1000> its just if I asked for the hint through extensionState first before the phone ever did the hint is effectively broken forever
> 1:35 PM <gtjoseph> so you're getting the  “dangerous DB read operation blocked" when calling ExtensionState??
> 1:36 PM <gtjoseph> maybe i need to test again with a pattern match.
> 1:36 PM <gtjoseph> because i get no attempt to even call the DB function
> 1:37 PM <@file> for pattern matches the act of requesting or subscribing will in and of itself create a specific hint and evaluate the passed variables/contents
> 1:37 PM <gtjoseph> yeah, i dimly remember that
> 1:40 PM <gtjoseph> ok, it works with DB(read) allowed in AMI.
> 1:41 PM <gtjoseph> tm1000: can you open a separate issue to remove the "live_dangerously" restriction on DB(read)?
> 1:45 PM <tm1000> gtjoseph: sure
> 1:45 PM <tm1000> anything you want me to put in the ticket specifically?
> 1:46 PM <gtjoseph> just the requirement.  not sure how to do it securely.
> {quote}



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list