[asterisk-users] Important security alert: update your dialplans now!

Warren Selby wcselby at selbytech.com
Tue Feb 16 17:41:44 CST 2010


On Tue, Feb 16, 2010 at 4:38 PM, meetmecall <info at meetmecall.nl> wrote:

> I have read the posts about the security issue and from what I
> understand there should be a check to make sure that the characters
> used are actually allowed. I wrote a very straightforward and not so
> rocket science kind of macro that will do the job I guess. Just two
> parameters, one with the allowed characters and one with the string to
> check. The allowed characters can be stored in a global variable if
> this set has a global character. It is just one extra line in the
> dialplan and a little bit extra cpu load.
>

Doesn't the built-in function FILTER() already do this?

*CLI> core show function FILTER
*CLI>

  -= Info about function 'FILTER' =-

[Synopsis]
Filter the string to include only the allowed characters

[Description]
Permits all characters listed in <allowed-chars>,  filtering all others
outs.
In addition to literally listing the characters,  you may also use ranges
of characters (delimited by a '-'
Hexadecimal characters started with a '\x'(i.e. \x20)
Octal characters started with a '\0' (i.e. \040)
Also '\t','\n' and '\r' are recognized.
NOTE: If you want the '-' character it needs to be prefixed with a  '\'

[Syntax]
FILTER(allowed-chars,string)

[Arguments]
Not available

[See Also]
Not available



-- 
Thanks,
--Warren Selby
http://www.selbytech.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100216/41321795/attachment.htm 


More information about the asterisk-users mailing list