[OpenSIPS-Users] s.escape.param transformation
Ben Newlin
Ben.Newlin at genesys.com
Mon Oct 16 14:12:37 EDT 2017
Hi,
I think I’ve found an error in the escape transformations for parameters. The {s.escape.param} transformation is escaping many characters it shouldn’t.
For example, the following code:
$var(test) = "MYH 713";
xlog("L_ALERT", "test: $(var(test){s.escape.param})\n");
produces this output:
test: %4d%59%48%20%37%31%33
Only the space character should have been converted, not all characters.
In looking through the source code, I think the problem is that the alphanum group of allowed characters is completely missed during the transformation in the escape_param function in strcommon.c. For comparison, the escape_user function has the following code allowing alphanum characters to copied without conversion:
if (isdigit((int)*p) || ((*p >= 'A') && (*p <= 'Z')) || ((*p >= 'a') && (*p <= 'z')))
{
*at = *p;
} else {
switch(*p) {
…
I think similar logic is supposed to be in escape_param but is absent, resulting in all alphanum characters being converted to hex.
Thanks,
Ben Newlin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20171016/462ffc35/attachment-0001.html>
More information about the Users
mailing list