Hi All, My config integrates with an external routing API such that the call ID, source and URI data (etc) are all provided to a service in URL parameters via rest_get. The service returns some routing information such as revised target URI and other options.
To improve this service and protect against injection attacks I wish to URL encode the individual parameters in accordance with https://www.ietf.org/rfc/rfc3986.txt I'm sure this question will have been asked before but I can't find a relevant discussion. The core OpenSIPs transformations (i.e. {s.escape.user}) performs SIP specific replacements which is not suitable. Specifically I'd like to see & and + being replaced. My current approach will be to perform a series of specific replacements using transformation {re.subst,reg_exp} however this seems overkill for this purpose as multiple replacements will be required for each parameter. So, before I get too far into this is anyone able to offer an alternative approach? We have considered using JSON POST requests to circumvent the issue however we'd like to keep the changes to the OpenSIPs side if possible. I suppose it would be convenient to have an exported "encode()" function in the rest_client module however this might be a longer term option. Many thanks, Callum -- <https://www.generalpracticeawards.com/supplier-awards-voting> *0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk> | ** <https://www.linkedin.com/company/x-on> <https://www.facebook.com/XonTel> <https://twitter.com/xonuk> * X-on is a trading name of Storacall Technology Ltd a limited company registered in England and Wales. Registered Office : Avaland House, 110 London Road, Apsley, Hemel Hempstead, Herts, HP3 9SD. Company Registration No. 2578478. The information in this e-mail is confidential and for use by the addressee(s) only. If you are not the intended recipient, please notify X-on immediately on +44(0)333 332 0000 and delete the message from your computer. If you are not a named addressee you must not use, disclose, disseminate, distribute, copy, print or reply to this email. Views or opinions expressed by an individual within this email may not necessarily reflect the views of X-on or its associated companies. Although X-on routinely screens for viruses, addressees should scan this email and any attachments for viruses. X-on makes no representation or warranty as to the absence of viruses in this email or any attachments.
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
