Avoid SQL injection!
$ sed -e '2{/^case/!i case ${1#+} in *[^0-9]*|\o47\o47) exit 1;;esac' \
-e\} -i.bak /usr/share/asterisk/agi-bin/ntfy.sh
$ diff /usr/share/asterisk/agi-bin/ntfy.sh{.bak,}
1a2
> case ${1#+} in *[^0-9]*|'') exit 1;;esac
Le Wed, Apr 02, 2025 at 11:01:01AM +0200, Félix Hauri via gull a écrit :
> root@asterisk# cat >/usr/share/asterisk/agi-bin/ntfy.sh <<eof
> #!/bin/bash
> ntfyUrl=https://ntfyServ.exemple.com
> ntfyTopic=mesnotif
> ntfyToken=tk_dux12ceci3st7otalement6idon34
> IFS=\| read -r nom < <(
> printf -v req 'SELECT name FROM tel WHERE nr ~ \47%s\47;' "${1:2}"
> psql -h pgDbHost -U asterisk -Atc "$req" files )
> printf -v msg '\U260e\Ufe0f Appel de %s\n %s\n %s' "$*" "$nom"
> curl -u ":$ntfyToken" -d "$msg" "$ntfyUrl/$ntfyTopic" >/dev/null 2>&1
> <<<'' &
> exit 0
> eof
--
Félix Hauri - <[email protected]> - http://www.f-hauri.ch
_______________________________________________
gull mailing list
[email protected]
https://forum.linux-gull.ch/mailman/listinfo/gull
