[asterisk-dev] New wildcards for pattern matching
Nick Lewis
Nick.Lewis at atltelecom.com
Tue Feb 23 06:10:10 CST 2010
>> This was already suggested by several
>> other people, but not yet
>> implemented :-(
The underlying cause of the dialstring injection problem has been stated
by Kevin and Russell so I do not think that new wildcards for pattern
matching should be implemented under the guise of improving security but
rather new functionality
>In addition to previous mail: IMO we need
>a wildcard which matches 0 or more of the
>previously pattern. (see older discussion)
I think the "zero or more times previous char" proposal would adequately
cover all the other cases. There is no need for a specific zero or more
numeric wildcard or zero or more alphanumeric wildcard. I am
uncomfortable with wildcards for repeating chars and wildcards for char
value ranges being combined as this will lead to a proliferation of
wildcards to cover two orthogonal variables.
In the previous discussion it was regarded as too hard to implement the
full "zero or more times previous char" wildcard proposal but perhaps
the wildcard could be limited to the end of the pattern match in the
same way as the ! wildcard is.
For example using ~ as a wildcard to mean "zero or more times last char"
it would be possible to limit trailing chars to numeric, alphanumeric or
almost anything
_123[0-9]~
_123[0-9a-zA-Z]~
_123[!-~]~
-- N_L
_____________________________________________________________________
This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Control Centre.
_____________________________________________________________________
Disclaimer of Liability
ATL Telecom Ltd shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyones use of the information. In no event shall ATL Telecom Ltd be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement or substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this system, even if advised of the possibility of such damage.
Registered Office: ATL Telecom Ltd, Fountain Lane, St. Mellons Cardiff, CF3 0FB
Registered in Wales Number 4335781
All goods and services supplied by ATL Telecom Ltd are supplied subject to ATL Telecom Ltd standard terms and conditions, available upon request.
More information about the asterisk-dev
mailing list