[OpenSER-Users] Illegal characteres in SIP URI?
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Nov 15 16:05:40 CET 2007
1. You want to take a look at pseudo variable transformations and its
escape features.
http://www.openser.org/dokuwiki/doku.php/transformations:1.2.x
2. Try to avoid raw SQL queries.
regards
klaus
Iñaki Baz Castillo schrieb:
> Hi, could somebody tell me which characteres are allowd in a SIP URI? which
> RFC defines it?
>
> I ask it because I do a DB query with $ru so a SQL injection it's possible if
> RURI contains single or double '
>
> So at the begining of the script I'd like to reject a message if the RURI
> contains illegal symbols.
>
> Could be useful a core function for this?
>
> Regards.
>
>
More information about the sr-users
mailing list