[asterisk-users] Important security alert: update your dialplans now!

Rob Hillis rob at hillis.dyndns.org
Mon Feb 15 03:37:24 CST 2010


On 02/15/10 20:00, Randy R wrote:
>
> Olle, this may be a stupid question, but shouldn't a native santitize
> function be urgently added to the code base in all versions or change
> the dialplan compîler to ignore dangerous characters?

Whilst I agree with this, the unfortunate attitude we seem to get from
Digium on most of these issues is "you can already do this in dialplan,
therefore we don't need to invest any effort in it."  The fact that a
workaround may be quite difficult to implement properly doesn't come in
to it.  The most obvious example of this one is the deprecation and
removal of chan_agent without any sort of replacement being introduced
because "it's already possible to do in the dialplan".



More information about the asterisk-users mailing list