Hi Alex Thanks again for walking the extra mile and bringing this to my attention, I did apply your fix. You are a Kamailio gold mine. Thanks again
On Thu, Sep 6, 2012 at 5:08 PM, Alex Balashov abalashov@evaristesys.comwrote:
No problem!
As always, be mindful of security; some of the parameters can be easily spoofed or manipulated by someone who knows what they're doing. If you're taking their values and throwing them straight into a SQL statement unsanitised, these values can form the basis of a SQL injection attack.
This is why the Kamailio route script also offers something called transformations, which you can think of essentially as string functions/methods that can be applied to any variable.
They are listed here:
http://www.kamailio.org/**dokuwiki/doku.php/**transformations:3.1.xhttp://www.kamailio.org/dokuwiki/doku.php/transformations:3.1.x
In particular, the transformation that I had in mind for you was:
http://www.kamailio.org/**dokuwiki/doku.php/**transformations:3.1.x#** sescapecommonhttp://www.kamailio.org/dokuwiki/doku.php/transformations:3.1.x#sescapecommon
So, when putting, for instance, $ua into the DB, you might consider applying the {s.escape.common} transformation to it. Instead of $ua, use $(ua{s.escape.common}).
-- Alex
On 09/06/2012 10:04 AM, Ali Jawad wrote:
Thank you Alex, I got where I need to. Appreciated.
Regards
On Thu, Sep 6, 2012 at 4:30 PM, Alex Balashov <abalashov@evaristesys.com <mailto:abalashov@evaristesys.**com abalashov@evaristesys.com>> wrote:
On 09/06/2012 09:25 AM, Ali Jawad wrote: How do I get the variables for username,agent and IP. This information comes from pseudovariables ("PVs"), which are basically parts of the SIP message that are parsed by Kamailio and exposed inside the config script environment as read-only (and in a cases, mutable) variables. Take a look at the full list here: http://www.kamailio.org/__**dokuwiki/doku.php/__**pseudovariables:3.1.xhttp://www.kamailio.org/__dokuwiki/doku.php/__pseudovariables:3.1.x
<http://www.kamailio.org/**dokuwiki/doku.php/**pseudovariables:3.1.x<http://www.kamailio.org/dokuwiki/doku.php/pseudovariables:3.1.x>The ones you are looking for are: (1) $au - for authentication username, or $fU for From URI user part. (2) $ua - user agent identifier, if present. A good way to check if it is present is to check for the existence of the User-Agent header, which is not a mandatory header: $var(ua) = ''; if(is_present_hf("User-Agent")**__) $var(ua) = $ua; # Log $var(ua)... (3) $si - source IP of the request being processed. -- Alex -- Alex Balashov - Principal Evariste Systems LLC 235 E Ponce de Leon Ave Suite 106 Decatur, GA 30030 Tel: +1-678-954-0670 Fax: +1-404-961-1892 Web: http://www.evaristesys.com/, http://www.alexbalashov.com/ ______________________________**___________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailinglist sr-users@lists.sip-router.org <mailto:sr-users@lists.sip-**router.orgsr-users@lists.sip-router.org
http://lists.sip-router.org/__**cgi-bin/mailman/listinfo/sr-__**users<http://lists.sip-router.org/__cgi-bin/mailman/listinfo/sr-__users> <http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**users<http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users>______________________________**_________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**usershttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Alex Balashov - Principal Evariste Systems LLC 235 E Ponce de Leon Ave Suite 106 Decatur, GA 30030 Tel: +1-678-954-0670 Fax: +1-404-961-1892 Web: http://www.evaristesys.com/, http://www.alexbalashov.com/
______________________________**_________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**usershttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users