[asterisk-users] Important security alert: update your dialplans now!
wcselby at selbytech.com
Tue Feb 16 17:41:44 CST 2010
On Tue, Feb 16, 2010 at 4:38 PM, meetmecall <info at meetmecall.nl> wrote:
> I have read the posts about the security issue and from what I
> understand there should be a check to make sure that the characters
> used are actually allowed. I wrote a very straightforward and not so
> rocket science kind of macro that will do the job I guess. Just two
> parameters, one with the allowed characters and one with the string to
> check. The allowed characters can be stored in a global variable if
> this set has a global character. It is just one extra line in the
> dialplan and a little bit extra cpu load.
Doesn't the built-in function FILTER() already do this?
*CLI> core show function FILTER
-= Info about function 'FILTER' =-
Filter the string to include only the allowed characters
Permits all characters listed in <allowed-chars>, filtering all others
In addition to literally listing the characters, you may also use ranges
of characters (delimited by a '-'
Hexadecimal characters started with a '\x'(i.e. \x20)
Octal characters started with a '\0' (i.e. \040)
Also '\t','\n' and '\r' are recognized.
NOTE: If you want the '-' character it needs to be prefixed with a '\'
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the asterisk-users