[asterisk-users] Important security alert: update your dialplans now!
Warren Selby
wcselby at selbytech.com
Tue Feb 16 21:19:10 CST 2010
On Tue, Feb 16, 2010 at 6:28 PM, meetmecall <info at meetmecall.nl> wrote:
> I didn't know about the function but from what I understand from the "show
> function FILTER" output it doesn't validate a string but it cleans the
> string from not allowed characters. So TRIM(1234567890,01243567&505) results
> in 01243567505. If the length of the output string is shorter then the
> input string the call setup should stop because not allowed characters were
> stripped. With some extra lines TRIM() will do as good as the macro I
> guess. You can add some lines so someone trying to perform number
> injection will be connected with an answering machine and be requested to
> leave name and phone number ;-)
>
>
> Erik
>
>
One thing FILTER() will allow though is variable length dial strings, which
are needed in some parts of the world (as evidenced by earlier posts in this
thread).
--
Thanks,
--Warren Selby
http://www.selbytech.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100216/67ab79a7/attachment.htm
More information about the asterisk-users
mailing list