Hi,
currently the SETVAR option for SIP friends (VoIP Settings/edit dialog) is broken.
the value must contain a = sign (e.g. VAR=foobar) in order to be usefull. But at various points in the code the = sign is stripped (sanitized), apparently for security reasons.
Is this sanitizing code (especially for the = sign) still needed or is the underlying code properly fixed by now to prevent exploits?
Hi,
currently the SETVAR option for SIP friends (VoIP Settings/edit dialog) is broken.
the value must contain a = sign (e.g.
VAR=foobar) in order to be usefull. But at various points in the code the = sign is stripped (sanitized), apparently for security reasons.Is this sanitizing code (especially for the = sign) still needed or is the underlying code properly fixed by now to prevent exploits?