kenmirrors/freeswitch
1
0
Fork 0
mirror of https://github.com/signalwire/freeswitch.git synced 2025-08-14 01:49:05 +00:00
Code Issues Projects Releases Wiki Activity

use "%s" format specifier for uses of switch_event_add_header that just pass a string to avoid potential issues/exploits"

Browse Source 
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@4226 d0543943-73ff-0310-b7d9-9358b9ac24b2
This commit is contained in:
Michael Jerris
2007-02-13 04:43:49 +00:00
parent f08d0e89c1
commit 07d6f12018
11 changed files with 80 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/switch_ivr.c
View File

@@ -2531,7 +2531,7 @@ SWITCH_DECLARE(switch_status_t) switch_ivr_originate(switch_core_session_t *sess
if ((inner_var_count =
switch_separate_string(var_array[x], '=', inner_var_array, (sizeof(inner_var_array) / sizeof(inner_var_array[0])))) == 2) {
switch_event_add_header(var_event, SWITCH_STACK_BOTTOM, inner_var_array[0], inner_var_array[1]);
switch_event_add_header(var_event, SWITCH_STACK_BOTTOM, inner_var_array[0], "%s", inner_var_array[1]);
if (caller_channel) {
switch_channel_set_variable(caller_channel, inner_var_array[0], inner_var_array[1]);
}
@@ -3186,7 +3186,7 @@ SWITCH_DECLARE(switch_status_t) switch_ivr_broadcast(char *uuid, char *path, swi
&& (other_session = switch_core_session_locate(other_uuid))) {
if (switch_event_create(&event, SWITCH_EVENT_MESSAGE) == SWITCH_STATUS_SUCCESS) {
switch_event_add_header(event, SWITCH_STACK_BOTTOM, "call-command", "execute");
switch_event_add_header(event, SWITCH_STACK_BOTTOM, "execute-app-name", app);
switch_event_add_header(event, SWITCH_STACK_BOTTOM, "execute-app-name", "%s", app);
switch_event_add_header(event, SWITCH_STACK_BOTTOM, "execute-app-arg", "%s", path);
switch_core_session_queue_private_event(other_session, &event);
}
@@ -3198,7 +3198,7 @@ SWITCH_DECLARE(switch_status_t) switch_ivr_broadcast(char *uuid, char *path, swi
if ((flags & SMF_ECHO_ALEG)) {
if (switch_event_create(&event, SWITCH_EVENT_MESSAGE) == SWITCH_STATUS_SUCCESS) {
switch_event_add_header(event, SWITCH_STACK_BOTTOM, "call-command", "execute");
switch_event_add_header(event, SWITCH_STACK_BOTTOM, "execute-app-name", app);
switch_event_add_header(event, SWITCH_STACK_BOTTOM, "execute-app-name", "%s", app);
switch_event_add_header(event, SWITCH_STACK_BOTTOM, "execute-app-arg", "%s", path);
switch_core_session_queue_private_event(session, &event);
}