[asterisk-users] Important security alert: update your dialplans now!

Warren Selby wcselby at selbytech.com
Tue Feb 16 21:19:10 CST 2010


On Tue, Feb 16, 2010 at 6:28 PM, meetmecall <info at meetmecall.nl> wrote:

> I didn't know about the function but from what I understand from the "show
> function FILTER"  output it doesn't validate a string but it cleans the
> string from not allowed characters. So TRIM(1234567890,01243567&505) results
> in  01243567505. If the length of the output string is shorter then the
> input string the call setup should stop because not allowed characters were
> stripped.  With some extra lines TRIM() will do as good as the macro I
> guess.  You can add some lines so someone trying to perform  number
> injection will be connected with an answering machine and be  requested to
> leave name and phone number ;-)
>
>
> Erik
>
>
One thing FILTER() will allow though is variable length dial strings, which
are needed in some parts of the world (as evidenced by earlier posts in this
thread).


-- 
Thanks,
--Warren Selby
http://www.selbytech.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100216/67ab79a7/attachment.htm 


More information about the asterisk-users mailing list