<div dir="ltr">Hi Alex<div>Thanks again for walking the extra mile and bringing this to my attention, I did apply your fix. You are a Kamailio gold mine.</div><div>Thanks again<br><br><div class="gmail_quote">On Thu, Sep 6, 2012 at 5:08 PM, Alex Balashov <span dir="ltr"><<a href="mailto:abalashov@evaristesys.com" target="_blank">abalashov@evaristesys.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">No problem!<br>
<br>
As always, be mindful of security; some of the parameters can be easily spoofed or manipulated by someone who knows what they're doing. If you're taking their values and throwing them straight into a SQL statement unsanitised, these values can form the basis of a SQL injection attack.<br>
<br>
This is why the Kamailio route script also offers something called transformations, which you can think of essentially as string functions/methods that can be applied to any variable.<br>
<br>
They are listed here:<br>
<br>
<a href="http://www.kamailio.org/dokuwiki/doku.php/transformations:3.1.x" target="_blank">http://www.kamailio.org/<u></u>dokuwiki/doku.php/<u></u>transformations:3.1.x</a><br>
<br>
In particular, the transformation that I had in mind for you was:<br>
<br>
<a href="http://www.kamailio.org/dokuwiki/doku.php/transformations:3.1.x#sescapecommon" target="_blank">http://www.kamailio.org/<u></u>dokuwiki/doku.php/<u></u>transformations:3.1.x#<u></u>sescapecommon</a><br>
<br>
So, when putting, for instance, $ua into the DB, you might consider applying the {s.escape.common} transformation to it. Instead of $ua, use $(ua{s.escape.common}).<br>
<br>
-- Alex<div class="im"><br>
<br>
On 09/06/2012 10:04 AM, Ali Jawad wrote:<br>
<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
Thank you Alex, I got where I need to. Appreciated.<br>
Regards<br>
<br>
On Thu, Sep 6, 2012 at 4:30 PM, Alex Balashov <<a href="mailto:abalashov@evaristesys.com" target="_blank">abalashov@evaristesys.com</a><br></div><div class="im">
<mailto:<a href="mailto:abalashov@evaristesys.com" target="_blank">abalashov@evaristesys.<u></u>com</a>>> wrote:<br>
<br>
On 09/06/2012 09:25 AM, Ali Jawad wrote:<br>
<br>
How do I get the variables for username,agent and IP.<br>
<br>
<br>
This information comes from pseudovariables ("PVs"), which are<br>
basically parts of the SIP message that are parsed by Kamailio and<br>
exposed inside the config script environment as read-only (and in a<br>
cases, mutable) variables.<br>
<br>
Take a look at the full list here:<br>
<br></div>
<a href="http://www.kamailio.org/__dokuwiki/doku.php/__pseudovariables:3.1.x" target="_blank">http://www.kamailio.org/__<u></u>dokuwiki/doku.php/__<u></u>pseudovariables:3.1.x</a><div class="im"><br>
<<a href="http://www.kamailio.org/dokuwiki/doku.php/pseudovariables:3.1.x" target="_blank">http://www.kamailio.org/<u></u>dokuwiki/doku.php/<u></u>pseudovariables:3.1.x</a>><br>
<br>
The ones you are looking for are:<br>
<br>
(1) $au - for authentication username, or $fU for From URI user part.<br>
<br>
(2) $ua - user agent identifier, if present. A good way to check if<br>
it is present is to check for the existence of the User-Agent<br>
header, which is not a mandatory header:<br>
<br>
$var(ua) = '';<br>
<br></div>
if(is_present_hf("User-Agent")<u></u>__)<div class="im"><br>
$var(ua) = $ua;<br>
<br>
# Log $var(ua)...<br>
<br>
(3) $si - source IP of the request being processed.<br>
<br>
<br>
-- Alex<br>
<br>
--<br>
Alex Balashov - Principal<br>
Evariste Systems LLC<br>
235 E Ponce de Leon Ave<br>
Suite 106<br>
Decatur, GA 30030<br>
Tel: +1-678-954-0670<br>
Fax: +1-404-961-1892<br>
Web: <a href="http://www.evaristesys.com/" target="_blank">http://www.evaristesys.com/</a>, <a href="http://www.alexbalashov.com/" target="_blank">http://www.alexbalashov.com/</a><br>
<br></div>
______________________________<u></u>___________________<div class="im"><br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br></div><div class="im">
<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a> <mailto:<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-<u></u>router.org</a>><br>
<a href="http://lists.sip-router.org/__cgi-bin/mailman/listinfo/sr-__users" target="_blank">http://lists.sip-router.org/__<u></u>cgi-bin/mailman/listinfo/sr-__<u></u>users</a><br>
<<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/<u></u>cgi-bin/mailman/listinfo/sr-<u></u>users</a>><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br></div><div class="im">
______________________________<u></u>_________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/<u></u>cgi-bin/mailman/listinfo/sr-<u></u>users</a><br>
<br>
</div></blockquote><div class="HOEnZb"><div class="h5">
<br>
<br>
-- <br>
Alex Balashov - Principal<br>
Evariste Systems LLC<br>
235 E Ponce de Leon Ave<br>
Suite 106<br>
Decatur, GA 30030<br>
Tel: +1-678-954-0670<br>
Fax: +1-404-961-1892<br>
Web: <a href="http://www.evaristesys.com/" target="_blank">http://www.evaristesys.com/</a>, <a href="http://www.alexbalashov.com/" target="_blank">http://www.alexbalashov.com/</a><br>
<br>
______________________________<u></u>_________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/<u></u>cgi-bin/mailman/listinfo/sr-<u></u>users</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><font><font color="#888888"><b>Ali Jawad <br></b></font></font><div><div><font><font color="#888888"><b>Information Systems Manager<br>
<font size="1">CISSP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA</font><br></b></font></font></div><div><font><font color="#888888"><b>Splendor Telecom <span style="background-color:rgb(255,255,255)">(</span><span style="background-color:rgb(51,51,255);color:rgb(51,102,255)"><a href="http://www.splendor.net/" target="_blank"><span style="background-color:rgb(255,255,255)"><font color="#3366ff">www.splendor.net</font></span></a></span><span style="background-color:rgb(255,255,255)">)</span><br>
Beirut, Lebanon<br>Phone: +9611373725/ext 116<br>FAX: +9611375554<br><br></b></font></font><div><div></div></div></div></div></div><br>
</div></div>