Hi Ben,
Thank you for the report. I double checked with the RFC3261 and you are
right.
I made the fix on head, 2.3 and 2.2 versions, see:
https://github.com/OpenSIPS/opensips/commit/b5094f0dc6a4f52555f9cca1ea9df7c846749482
Best regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 10/16/2017 09:12 PM, Ben Newlin wrote:
Hi,
I think I’ve found an error in the escape transformations for
parameters. The {s.escape.param} transformation is escaping many
characters it shouldn’t.
For example, the following code:
$var(test) = "MYH 713";
xlog("L_ALERT", "test: $(var(test){s.escape.param})\n");
produces this output:
test: %4d%59%48%20%37%31%33
Only the space character should have been converted, not all characters.
In looking through the source code, I think the problem is that the
alphanum group of allowed characters is completely missed during the
transformation in the escape_param function in strcommon.c. For
comparison, the escape_user function has the following code allowing
alphanum characters to copied without conversion:
if (isdigit((int)*p) || ((*p >= 'A') && (*p <= 'Z')) || ((*p >= 'a')
&& (*p <= 'z')))
{
*at = *p;
} else {
switch(*p) {
…
I think similar logic is supposed to be in escape_param but is absent,
resulting in all alphanum characters being converted to hex.
Thanks,
Ben Newlin
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
