A2Billing is a telecom switch and billing system capable of providing and billing a range of telecom products and services to customers such as calling card products, residential and wholesale VoIP termination, DID resale and callback services.
currently the SETVAR option for SIP friends (VoIP Settings/edit dialog) is broken.
the value must contain a = sign (e.g. VAR=foobar) in order to be usefull. But at various points in the code the = sign is stripped (sanitized), apparently for security reasons.
Is this sanitizing code (especially for the = sign) still needed or is the underlying code properly fixed by now to prevent exploits?
Hi,
currently the SETVAR option for SIP friends (VoIP Settings/edit dialog) is broken. the value must contain a = sign (e.g.
VAR=foobar) in order to be usefull. But at various points in the code the = sign is stripped (sanitized), apparently for security reasons.Is this sanitizing code (especially for the = sign) still needed or is the underlying code properly fixed by now to prevent exploits?