Hi Bill,
Sorry for my late answer, I was on holiday. If you can attach a patch I
can take a look over it and if it is good for the project I can submit
the code.
Regards,
Alex
On 14.08.2015 10:32, Bill Shirley wrote:
Sorry Alex; I didn't mean to rile you. Remember I DID say I was
grateful for all
the work that has gone into free software development. That includes
OpenSIPS CP.
There are a few places where assumptions are made about the PHP
configuration:
1) not all shops allow the shortcut <? to turn PHP on; why not just
code it <?php
http://php.net/manual/en/ini.core.php#ini.short-open-tag
2) not all shops run with "display_errors = Off"; there are a lot of
uninitialized
variables
Set these in your php.ini and then run the CP:
short_open_tag = Off
display_errors = On
No, it's not hard for me to give a helping hand. I have been editing
the code extensively
and would like to share my changes. Any suggestions on how to do this?
Bill
On 8/10/2015 1:35 AM, Alex Ionescu wrote:
Hi,
There are many using CP 6.1 with success. It may not be the best
piece of software in the world but it does its job.
You say it's full of security holes and exposed to sql injection. I
invite you to try making some sql injections and come back
here with the proof.
Also, there are lots of security holes everywhere. If you think
you've spotted some big ones in CP please point them out so we
can fix them. That's the whole idea with open source software and the
user community, right ?
It's easy to point fingers but hard to give a helping hand, right ?
Regards,
Alex Ionescu
On August 10, 2015 4:47:25 AM Bill Shirley
<b...@philly.polymerindustries.biz> wrote:
Is anyone running the 6.1 CP? It's full of bugs and security
holes. Whoever thought it wise to code:
extract($_POST);
Also, the input stored in the database is not sanitized plus a whole
lot more errors.
https://xkcd.com/327/
We had a 'professional' company write a web portal for us that
didn't sanitize their input. I actually
did do a "'; DROP TABLE `customer`;" on the database. I even
emailed them before hand pointing out
the problem.
I don't want to sound harsh or ungrateful. I run a lot of free
software that enables me to earn a living.
I'm thankful for all the people that labored to produce the software.
I'm also guessing that CP 6.1 not meant to be run with the Fedora 22
version of OpenSIPS:
[0:root@jabba lib]$ rpm -q php httpd opensips
php-5.5.20-2.fc19.x86_64
httpd-2.4.9-1.fc19.x86_64
opensips-1.10.1-1.fc19.x86_64
I'm trying to set up a SIP proxy to route calls from my network to
Cisco CUCM on another network.
Any pointers are appreciated.
Bill
_______________________________________________
Users mailing list
Users@lists.opensips.org <mailto:Users%40lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users