[OpenSIPS-Users] OpenSIPS Control Panel 6.1

Alex Ionescu alex at opensips.org
Mon Aug 31 11:52:06 CEST 2015 

Hi Bill,

Sorry for my late answer, I was on holiday. If you can attach a patch I 
can take a look over it and if it is good for the project I can submit 
the code.

Regards,
Alex

On 14.08.2015 10:32, Bill Shirley wrote:
> Sorry Alex; I didn't mean to rile you.  Remember I DID say I was 
> grateful for all
> the work that has gone into free software development.  That includes 
> OpenSIPS CP.
>
> There are a few places where assumptions are made about the PHP 
> configuration:
> 1) not all shops allow the shortcut <? to turn PHP on; why not just 
> code it <?php
>     http://php.net/manual/en/ini.core.php#ini.short-open-tag
> 2) not all shops run with "display_errors = Off"; there are a lot of 
> uninitialized
>     variables
>
> Set these in your php.ini and then run the CP:
> short_open_tag = Off
> display_errors = On
>
> No, it's not hard for me to give a helping hand.  I have been editing 
> the code extensively
> and would like to share my changes.  Any suggestions on how to do this?
>
> Bill
>
> On 8/10/2015 1:35 AM, Alex Ionescu wrote:
>> Hi,
>>
>> There are many using CP 6.1 with success. It may not be the best 
>> piece of software in the world but it does its job.
>>
>> You say it's full of security holes and exposed to sql injection. I 
>> invite you to try making some sql injections and come back
>> here with the proof.
>>
>> Also, there are lots of security holes everywhere. If you think 
>> you've spotted some big ones in CP please point them out so we
>> can fix them. That's the whole idea with open source software and the 
>> user community, right ?
>>
>> It's easy to point fingers but hard to give a helping hand, right ?
>>
>> Regards,
>> Alex Ionescu
>>
>> On August 10, 2015 4:47:25 AM Bill Shirley 
>> <bill at philly.polymerindustries.biz> wrote:
>>
>>> Is anyone running the 6.1 CP?  It's full of bugs and security 
>>> holes.  Whoever thought it wise to code:
>>>     extract($_POST);
>>> Also, the input stored in the database is not sanitized plus a whole 
>>> lot more errors.
>>>
>>> https://xkcd.com/327/
>>> We had a 'professional' company write a web portal for us that 
>>> didn't sanitize their input.  I actually
>>> did do a "'; DROP TABLE `customer`;" on the database.  I even 
>>> emailed them before hand pointing out
>>> the problem.
>>>
>>> I don't want to sound harsh or ungrateful.  I run a lot of free 
>>> software that enables me to earn a living.
>>> I'm thankful for all the people that labored to produce the software.
>>>
>>> I'm also guessing that CP 6.1 not meant to be run with the Fedora 22 
>>> version of OpenSIPS:
>>> [0:root at jabba lib]$ rpm -q php httpd opensips
>>> php-5.5.20-2.fc19.x86_64
>>> httpd-2.4.9-1.fc19.x86_64
>>> opensips-1.10.1-1.fc19.x86_64
>>>
>>> I'm trying to set up a SIP proxy to route calls from my network to 
>>> Cisco CUCM on another network.
>>> Any pointers are appreciated.
>>>
>>> Bill
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org <mailto:Users%40lists.opensips.org>
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>

More information about the Users mailing list