[Asterisk-Users] callerid send to shell script with system command

[duncan]

>then create a file called shell.agi in the /var/lib/asterisk/agi-bin/ 
>directory (make sure it has the right permissions - chmod 774 shell.agi i 
>think) containing this (again i think - not tested code):
>
>#!/usr/bin/perl
>use Asterisk::AGI;
>$AGI = new Asterisk::AGI;
>my %input = $AGI->ReadParse();
>my $callerid = $input{'callerid'};
>
>system(/bin/script $callerid);

ok let me modify this script to take into account malicious input on 
$input{'callerid'} - which up until now i thought could only contain 
numerical characters (or at least thats all its returned when ive used 
it).  can anyone clarify this point for me?  callerid has always been set 
from the switch connected to my asterisk server, and i wasnt aware that it 
could contain characters rather than digits.  so i've just added a regex to 
only allow digits.  i guess you could escape all non-aphabetical characters 
but im not sure how that would output... which would be $callerid =~ 
s/(W)/\$1/g; (i think)

#!/usr/bin/perl
use Asterisk::AGI;
$AGI = new Asterisk::AGI;
my %input = $AGI->ReadParse();
my $callerid = $input{'callerid'};
$callerid =~ s/[^0-9]//g;

system(/bin/script $callerid);

and let me add to my disclaimer, this is not tested code - it hasnt been 
run on an asterisk system and has only been written within this email 
client, so may not even be formatted correctly.  use at your own risk, and 
in probability this is way overkill for what you want to do as exten => 
s,2,System(/bin/script ${CALLERIDNUM}) works just as well and doesnt mean 
you have to load up an AGI instance.


duncan