sysmocom/asterisk
11
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
asterisk/res/res_pjsip_pidf_digium_body_supplement.c
Mark Michelson 065bd7d703 Improve XML sanitization in NOTIFYs, especially for presence subtypes and messages. 
Embedded carriage return line feed combinations may appear in presence subtypes
and messages since they may be derived from user input in an instant messenger
client. As such, they need to be properly escaped so that XML parsers do not
vomit when the messages are received.
........

Merged revisions 413372 from http://svn.asterisk.org/svn/asterisk/branches/12


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@413381 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2014-05-07 15:29:18 +00:00

115 lines
3.1 KiB
C
Raw Blame History

/*
* asterisk -- An open source telephony toolkit.
*
* Copyright (C) 2014, Digium, Inc.
*
* Kevin Harwell <kharwell@digium.com>
*
* See http://www.asterisk.org for more information about
* the Asterisk project. Please do not directly contact
* any of the maintainers of this project for assistance;
* the project provides a web site, mailing lists and IRC
* channels for your use.
*
* This program is free software, distributed under the terms of
* the GNU General Public License Version 2. See the LICENSE file
* at the top of the source tree.
*/
/*** MODULEINFO
<depend>pjproject</depend>
<depend>res_pjsip</depend>
<depend>res_pjsip_pubsub</depend>
<support_level>core</support_level>
***/
#include "asterisk.h"
#include <pjsip.h>
#include <pjsip_simple.h>
#include <pjlib.h>
#include "asterisk/module.h"
#include "asterisk/presencestate.h"
#include "asterisk/res_pjsip.h"
#include "asterisk/res_pjsip_pubsub.h"
#include "asterisk/res_pjsip_presence_xml.h"
#include "asterisk/res_pjsip_body_generator_types.h"
static int pidf_supplement_body(void *body, void *data)
{
struct ast_sip_exten_state_data *state_data = data;
pj_xml_node *node;
char sanitized[256];
if (ast_strlen_zero(state_data->user_agent) ||
!strstr(state_data->user_agent, "digium")) {
/* not a digium phone */
return 0;
}
if (!(node = ast_sip_presence_xml_create_node(
state_data->pool, body, "tuple"))) {
ast_log(LOG_WARNING, "Unable to create PIDF tuple\n");
return -1;
}
ast_sip_presence_xml_create_attr(
state_data->pool, node, "id", "digium-presence");
if (!(node = ast_sip_presence_xml_create_node(
state_data->pool, node, "status"))) {
ast_log(LOG_WARNING, "Unable to create PIDF tuple status\n");
return -1;
}
if (!(node = ast_sip_presence_xml_create_node(
state_data->pool, node, "digium_presence"))) {
ast_log(LOG_WARNING, "Unable to create digium presence\n");
return -1;
}
if (!ast_strlen_zero(state_data->presence_message)) {
ast_sip_sanitize_xml(state_data->presence_message, sanitized, sizeof(sanitized));
pj_strdup2(state_data->pool, &node->content, sanitized);
}
ast_sip_presence_xml_create_attr(
state_data->pool, node, "type", ast_presence_state2str(
state_data->presence_state));
if (!ast_strlen_zero(state_data->presence_subtype)) {
ast_sip_sanitize_xml(state_data->presence_subtype, sanitized, sizeof(sanitized));
ast_sip_presence_xml_create_attr(
state_data->pool, node, "subtype", sanitized);
}
return 0;
}
static struct ast_sip_pubsub_body_supplement pidf_supplement = {
.type = "application",
.subtype = "pidf+xml",
.supplement_body = pidf_supplement_body,
};
static int load_module(void)
{
if (ast_sip_pubsub_register_body_supplement(&pidf_supplement)) {
return AST_MODULE_LOAD_DECLINE;
}
return AST_MODULE_LOAD_SUCCESS;
}
static int unload_module(void)
{
ast_sip_pubsub_unregister_body_supplement(&pidf_supplement);
return 0;
}
AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_LOAD_ORDER, "PJSIP PIDF Digium presence supplement",
.load = load_module,
.unload = unload_module,
.load_pri = AST_MODPRI_CHANNEL_DEPEND,
);
Reference in a new issue View git blame Copy permalink