12 Dec
2019
12 Dec
'19
5:47 p.m.
On Thu, Dec 12, 2019 at 02:39:03PM +0000, Ali Taher wrote:
Thanks Alex for drawing my attention regarding
escaping $rU before
using it in sql queries. But I'm not sure where to use sql.val in this
case ? Do you mean I can use either {s.escape.common} or {sql.val} ?
I think either one works for this case, and I use {s.escape.common}
myself and am comfortable with that, but {sql.val} is the one that is
_specifically_ contemplated for SQL injection prevention.
Regarding the 100 trying , should I put
modparam("tm",
"auto_inv_100_reason", "Trying") in the beginning of if
(is_method("INVITE")) block ?
Well, let's take a step back. Are you creating any transactions? If not,
TM settings are irrelevant.
In more typical uses of Kamailio, a "100 Trying" is sent when a TM
transaction is created, which is most typically upon t_relay().
However, with a redirect server, you're not doing any relaying, and most
likely not creating any transactions anyway; simple data query replies
via redirect are usually--and prudently--stateless.
So, a simple
sl_send_reply("100", "Trying");
will do.
-- Alex
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/