[sr-dev] Re: [kamailio/kamailio] Secfilter : Allow single quotes in From name (Issue #3984)

26 Sep 2024

Right now it is possible to check only some of the headers you are interested in using:
secf_check_sqli_hdr($ua);

The function secf_check_sqli_all(); checks all the headers and, it is true that in the
From Name header check, the double quotes are omitted, but I forgot to omit the single
quotes, maybe because in my country it is not common to use it in the name. 

I think it would be enough to omit the single quote in the From Name header. Also, we
usually find SQL injections in the User, Domain fields and in the URI.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3984#issuecomment-2376494517
You are receiving this because you are subscribed to this thread.

Message ID: &lt;kamailio/kamailio/issues/3984/2376494517(a)github.com&gt;

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

[sr-dev] Re: [kamailio/kamailio] Secfilter : Allow single quotes in From name (Issue #3984)