> The function secf_check_sqli_all(); checks all the headers and, it is true
> that in the From Name header check, the double quotes are omitted, but I
> forgot to omit the single quotes, maybe because in my country it is not
> common to use it in the name.
Double quotes are ignored in From Name by the function `secf_get_from` only if
they are located at the first or last position of the string. Appart from first
and last chars, From Name is is checked with `sf_check_sqli` as other fields.
Here I suggest to completly remove single quote check in From Name.
Are still OK to remove single quote check in From Name ? And maybe in To Name?
Or do we need flags as proposed by @henningw earlier ?
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3984#issuecomment-2392939595
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3984/2392939...@github.com>
_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
