Hi Bill,

Sorry for my late answer, I was on holiday. If you can attach a patch I can take a look over it and if it is good for the project I can submit the code.

Regards,
Alex

On 14.08.2015 10:32, Bill Shirley wrote:
Sorry Alex; I didn't mean to rile you. Remember I DID say I was grateful for all the work that has gone into free software development. That includes OpenSIPS CP.

There are a few places where assumptions are made about the PHP configuration: 1) not all shops allow the shortcut <? to turn PHP on; why not just code it <?php
    http://php.net/manual/en/ini.core.php#ini.short-open-tag
2) not all shops run with "display_errors = Off"; there are a lot of uninitialized
    variables

Set these in your php.ini and then run the CP:
short_open_tag = Off
display_errors = On

No, it's not hard for me to give a helping hand. I have been editing the code extensively
and would like to share my changes.  Any suggestions on how to do this?

Bill

On 8/10/2015 1:35 AM, Alex Ionescu wrote:
Hi,

There are many using CP 6.1 with success. It may not be the best piece of software in the world but it does its job.

You say it's full of security holes and exposed to sql injection. I invite you to try making some sql injections and come back
here with the proof.

Also, there are lots of security holes everywhere. If you think you've spotted some big ones in CP please point them out so we can fix them. That's the whole idea with open source software and the user community, right ?

It's easy to point fingers but hard to give a helping hand, right ?

Regards,
Alex Ionescu

On August 10, 2015 4:47:25 AM Bill Shirley <b...@philly.polymerindustries.biz> wrote:

Is anyone running the 6.1 CP? It's full of bugs and security holes. Whoever thought it wise to code:
    extract($_POST);
Also, the input stored in the database is not sanitized plus a whole lot more errors.

https://xkcd.com/327/
We had a 'professional' company write a web portal for us that didn't sanitize their input. I actually did do a "'; DROP TABLE `customer`;" on the database. I even emailed them before hand pointing out
the problem.

I don't want to sound harsh or ungrateful. I run a lot of free software that enables me to earn a living.
I'm thankful for all the people that labored to produce the software.

I'm also guessing that CP 6.1 not meant to be run with the Fedora 22 version of OpenSIPS:
[0:root@jabba lib]$ rpm -q php httpd opensips
php-5.5.20-2.fc19.x86_64
httpd-2.4.9-1.fc19.x86_64
opensips-1.10.1-1.fc19.x86_64

I'm trying to set up a SIP proxy to route calls from my network to Cisco CUCM on another network.
Any pointers are appreciated.

Bill

_______________________________________________
Users mailing list
Users@lists.opensips.org <mailto:Users%40lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Reply via email to