Sorry Alex; I didn't mean to rile you. Remember I DID say I was grateful for
all
the work that has gone into free software development. That includes OpenSIPS
CP.
There are a few places where assumptions are made about the PHP configuration:
1) not all shops allow the shortcut <? to turn PHP on; why not just code it
<?php
http://php.net/manual/en/ini.core.php#ini.short-open-tag
2) not all shops run with "display_errors = Off"; there are a lot of
uninitialized
variables
Set these in your php.ini and then run the CP:
short_open_tag = Off
display_errors = On
No, it's not hard for me to give a helping hand. I have been editing the code
extensively
and would like to share my changes. Any suggestions on how to do this?
Bill
On 8/10/2015 1:35 AM, Alex Ionescu wrote:
Hi,
There are many using CP 6.1 with success. It may not be the best piece of
software in the world but it does its job.
You say it's full of security holes and exposed to sql injection. I invite you
to try making some sql injections and come back
here with the proof.
Also, there are lots of security holes everywhere. If you think you've spotted
some big ones in CP please point them out so we
can fix them. That's the whole idea with open source software and the user
community, right ?
It's easy to point fingers but hard to give a helping hand, right ?
Regards,
Alex Ionescu
On August 10, 2015 4:47:25 AM Bill Shirley <b...@philly.polymerindustries.biz>
wrote:
Is anyone running the 6.1 CP? It's full of bugs and security holes. Whoever
thought it wise to code:
extract($_POST);
Also, the input stored in the database is not sanitized plus a whole lot more
errors.
https://xkcd.com/327/
We had a 'professional' company write a web portal for us that didn't sanitize
their input. I actually
did do a "'; DROP TABLE `customer`;" on the database. I even emailed them
before hand pointing out
the problem.
I don't want to sound harsh or ungrateful. I run a lot of free software that
enables me to earn a living.
I'm thankful for all the people that labored to produce the software.
I'm also guessing that CP 6.1 not meant to be run with the Fedora 22 version of
OpenSIPS:
[0:root@jabba lib]$ rpm -q php httpd opensips
php-5.5.20-2.fc19.x86_64
httpd-2.4.9-1.fc19.x86_64
opensips-1.10.1-1.fc19.x86_64
I'm trying to set up a SIP proxy to route calls from my network to Cisco CUCM
on another network.
Any pointers are appreciated.
Bill
_______________________________________________
Users mailing list
Users@lists.opensips.org <mailto:Users%40lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
