[sr-dev] Re: [kamailio/kamailio] Secfilter : Allow single quotes in From name (Issue #3984)

Jose Luis Verdeguer via sr-dev Thu, 26 Sep 2024 02:59:35 -0700

Right now it is possible to check only some of the headers you are interested 
in using: secf_check_sqli_hdr($ua);


The function secf_check_sqli_all(); checks all the headers and, it is true that 
in the From Name header check, the double quotes are omitted, but I forgot to 
omit the single quotes, maybe because in my country it is not common to use it 
in the name. 

I think it would be enough to omit the single quote in the From Name header. 
Also, we usually find SQL injections in the User, Domain fields and in the URI.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3984#issuecomment-2376494517
You are receiving this because you are subscribed to this thread.

Message ID: <kamailio/kamailio/issues/3984/2376494...@github.com>

_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Secfilter : Allow single quotes in From name (Issue #3984)

Reply via email to