[OpenSIPS-Users] OpenSIPS Control Panel 6.1

Bill Shirley bill at philly.polymerindustries.biz
Fri Aug 14 09:32:10 CEST 2015 

Sorry Alex; I didn't mean to rile you.  Remember I DID say I was grateful for all
the work that has gone into free software development.  That includes OpenSIPS CP.

There are a few places where assumptions are made about the PHP configuration:
1) not all shops allow the shortcut <? to turn PHP on; why not just code it <?php
	http://php.net/manual/en/ini.core.php#ini.short-open-tag
2) not all shops run with "display_errors = Off"; there are a lot of uninitialized
	variables

Set these in your php.ini and then run the CP:
short_open_tag = Off
display_errors = On

No, it's not hard for me to give a helping hand.  I have been editing the code extensively
and would like to share my changes.  Any suggestions on how to do this?

Bill

On 8/10/2015 1:35 AM, Alex Ionescu wrote:
> Hi,
>
> There are many using CP 6.1 with success. It may not be the best piece of software in the world but it does its job.
>
> You say it's full of security holes and exposed to sql injection. I invite you to try making some sql injections and come back
> here with the proof.
>
> Also, there are lots of security holes everywhere. If you think you've spotted some big ones in CP please point them out so we
> can fix them. That's the whole idea with open source software and the user community, right ?
>
> It's easy to point fingers but hard to give a helping hand, right ?
>
> Regards,
> Alex Ionescu
>
> On August 10, 2015 4:47:25 AM Bill Shirley <bill at philly.polymerindustries.biz> wrote:
>
>> Is anyone running the 6.1 CP?  It's full of bugs and security holes.  Whoever thought it wise to code:
>>     extract($_POST);
>> Also, the input stored in the database is not sanitized plus a whole lot more errors.
>>
>> https://xkcd.com/327/
>> We had a 'professional' company write a web portal for us that didn't sanitize their input.  I actually
>> did do a "'; DROP TABLE `customer`;" on the database.  I even emailed them before hand pointing out
>> the problem.
>>
>> I don't want to sound harsh or ungrateful.  I run a lot of free software that enables me to earn a living.
>> I'm thankful for all the people that labored to produce the software.
>>
>> I'm also guessing that CP 6.1 not meant to be run with the Fedora 22 version of OpenSIPS:
>> [0:root at jabba lib]$ rpm -q php httpd opensips
>> php-5.5.20-2.fc19.x86_64
>> httpd-2.4.9-1.fc19.x86_64
>> opensips-1.10.1-1.fc19.x86_64
>>
>> I'm trying to set up a SIP proxy to route calls from my network to Cisco CUCM on another network.
>> Any pointers are appreciated.
>>
>> Bill
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org <mailto:Users%40lists.opensips.org>
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>

More information about the Users mailing list