Hi Alex Thanks again for walking the extra mile and bringing this to my attention, I did apply your fix. You are a Kamailio gold mine. Thanks again
On Thu, Sep 6, 2012 at 5:08 PM, Alex Balashov <abalas...@evaristesys.com>wrote: > No problem! > > As always, be mindful of security; some of the parameters can be easily > spoofed or manipulated by someone who knows what they're doing. If you're > taking their values and throwing them straight into a SQL statement > unsanitised, these values can form the basis of a SQL injection attack. > > This is why the Kamailio route script also offers something called > transformations, which you can think of essentially as string > functions/methods that can be applied to any variable. > > They are listed here: > > > http://www.kamailio.org/**dokuwiki/doku.php/**transformations:3.1.x<http://www.kamailio.org/dokuwiki/doku.php/transformations:3.1.x> > > In particular, the transformation that I had in mind for you was: > > http://www.kamailio.org/**dokuwiki/doku.php/**transformations:3.1.x#** > sescapecommon<http://www.kamailio.org/dokuwiki/doku.php/transformations:3.1.x#sescapecommon> > > So, when putting, for instance, $ua into the DB, you might consider > applying the {s.escape.common} transformation to it. Instead of $ua, use > $(ua{s.escape.common}). > > -- Alex > > > On 09/06/2012 10:04 AM, Ali Jawad wrote: > > Thank you Alex, I got where I need to. Appreciated. >> Regards >> >> On Thu, Sep 6, 2012 at 4:30 PM, Alex Balashov <abalas...@evaristesys.com >> <mailto:abalashov@evaristesys.**com <abalas...@evaristesys.com>>> wrote: >> >> On 09/06/2012 09:25 AM, Ali Jawad wrote: >> >> How do I get the variables for username,agent and IP. >> >> >> This information comes from pseudovariables ("PVs"), which are >> basically parts of the SIP message that are parsed by Kamailio and >> exposed inside the config script environment as read-only (and in a >> cases, mutable) variables. >> >> Take a look at the full list here: >> >> http://www.kamailio.org/__**dokuwiki/doku.php/__** >> pseudovariables:3.1.x<http://www.kamailio.org/__dokuwiki/doku.php/__pseudovariables:3.1.x> >> >> >> <http://www.kamailio.org/**dokuwiki/doku.php/**pseudovariables:3.1.x<http://www.kamailio.org/dokuwiki/doku.php/pseudovariables:3.1.x> >> > >> >> The ones you are looking for are: >> >> (1) $au - for authentication username, or $fU for From URI user part. >> >> (2) $ua - user agent identifier, if present. A good way to check if >> it is present is to check for the existence of the User-Agent >> header, which is not a mandatory header: >> >> $var(ua) = ''; >> >> if(is_present_hf("User-Agent")**__) >> >> $var(ua) = $ua; >> >> # Log $var(ua)... >> >> (3) $si - source IP of the request being processed. >> >> >> -- Alex >> >> -- >> Alex Balashov - Principal >> Evariste Systems LLC >> 235 E Ponce de Leon Ave >> Suite 106 >> Decatur, GA 30030 >> Tel: +1-678-954-0670 >> Fax: +1-404-961-1892 >> Web: http://www.evaristesys.com/, http://www.alexbalashov.com/ >> >> ______________________________**___________________ >> >> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing >> list >> sr-users@lists.sip-router.org >> <mailto:sr-us...@lists.sip-**router.org<sr-users@lists.sip-router.org> >> > >> >> http://lists.sip-router.org/__**cgi-bin/mailman/listinfo/sr-__**users<http://lists.sip-router.org/__cgi-bin/mailman/listinfo/sr-__users> >> >> <http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**users<http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users> >> > >> >> >> >> >> >> >> >> ______________________________**_________________ >> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >> sr-users@lists.sip-router.org >> http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**users<http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users> >> >> > > -- > Alex Balashov - Principal > Evariste Systems LLC > 235 E Ponce de Leon Ave > Suite 106 > Decatur, GA 30030 > Tel: +1-678-954-0670 > Fax: +1-404-961-1892 > Web: http://www.evaristesys.com/, http://www.alexbalashov.com/ > > ______________________________**_________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**users<http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users> > -- *Ali Jawad * *Information Systems Manager CISSP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA * *Splendor Telecom (www.splendor.net) Beirut, Lebanon Phone: +9611373725/ext 116 FAX: +9611375554 *
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
