Hi,
I think I’ve found an error in the escape transformations for parameters. The
{s.escape.param} transformation is escaping many characters it shouldn’t.
For example, the following code:
$var(test) = "MYH 713";
xlog("L_ALERT", "test: $(var(test){s.escape.param})\n");
produces this output:
test: %4d%59%48%20%37%31%33
Only the space character should have been converted, not all characters.
In looking through the source code, I think the problem is that the alphanum
group of allowed characters is completely missed during the transformation in
the escape_param function in strcommon.c. For comparison, the escape_user
function has the following code allowing alphanum characters to copied without
conversion:
if (isdigit((int)*p) || ((*p >= 'A') && (*p <= 'Z')) || ((*p >= 'a') && (*p <=
'z')))
{
*at = *p;
} else {
switch(*p) {
…
I think similar logic is supposed to be in escape_param but is absent,
resulting in all alphanum characters being converted to hex.
Thanks,
Ben Newlin
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
