I used base64 encoding transformations to deal with these kinds of problems.
— Sent from mobile, apologies for brevity and errors. > On Jan 12, 2024, at 6:11 AM, Benoît Panizzon via sr-users > <sr-users@lists.kamailio.org> wrote: > > Hi Daniel > >> comma is not allowed in an unquoted value for SIP parameters because >> it is separator for header bodies that are set on the same header >> name. Practically the comma is the end of parameters list. > > Thank you for your confirmation I was on the right track. > >> It should work with: >> >> xavp_params_explode("a=foo;c=\"hello,world\";e=baar", "x"); > > Any recipe on how to solve if the value is the 'authentication' > password taken from the database? As far as I understood the SIP RFC a > comma is permitted in the SIP password itself, as it is never present > cleartext in a sip header. > > Quick example of what I do when receiving a REGISTER with credentials to pull > the password: > > $var(query) = "select user,password,language from sometable where auth_user = > '" + $var(auth_user) + "' limit 1"; > $var(qresult) = sql_xquery("database", "$var(query)", "userdata"); > xavp_params_implode("userdata","$var(xuserdata)"); > > $var(xuserdata) is "user=JohnDoe;password=secret,password;language=de_CH" > > This is the stored in an $sht to be cached and available for a while and > reducde SQL queries. > > I guess there is no way to have sql_xquery automatically quote result fields > that need quoting. > > I could probably do select user,concat('"',password,'"'),language from > sometable? > > This could also be a potential issue with variable injections via SQL. > Immagine some use sets a password ";var=value" this would lead to this var > being overwritten I guess. > > We are moving towards storing ha1 hashed passwords, so that would solve my > issue I guess. > > -- > Mit freundlichen Grüssen > > -Benoît Panizzon- @ HomeOffice und normal erreichbar > -- > I m p r o W a r e A G - Leiter Commerce Kunden > ______________________________________________________ > > Zurlindenstrasse 29 Tel +41 61 826 93 00 > CH-4133 Pratteln Fax +41 61 826 93 01 > Schweiz Web http://www.imp.ch > ______________________________________________________ > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to sr-users-le...@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to the > sender! > Edit mailing list options or unsubscribe: __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: