[asterisk-dev] [Code Review] New application JabberReceive, implement SendText in chan_gtalk and chan_jingle
Jeff Gehlbach
jeffg at jeffg.org
Thu Dec 11 16:13:19 CST 2008
On Dec 11, 2008, at 1:25 PM, Philippe Sultan wrote:
> JabberReceive is a dialplan application that makes Asterisk wait for
> an XMPP message from a given user (identified with his JID), and
> store the content in a dialplan variable.
I don't have Review Board access yet (just requested it), but I think
this enhancement is very cool. No issues spotted in a quick read
through the diff, but I'm not at all familiar with the XMPP code.
The only thing I would add is that text received via JabberReceive
should be treated skeptically as it is, after all, user input. For
instance, could a user interacting with Asterisk via this mechanism
craft a reply that would perform a dialplan Goto to get access to
another user's voicemail box? Some of the burden for input validation
surely rests with the person writing the dialplan, but perhaps there
are some basic checks that should be done before the input is handed
off. I have no idea what those would be -- just throwing pebbles
here :)
-jeff
More information about the asterisk-dev
mailing list