use "%s" format specifier for uses of switch_event_add_header that just pass a string to avoid potential issues/exploits"

git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@4226 d0543943-73ff-0310-b7d9-9358b9ac24b2
This commit is contained in:
Michael Jerris
2007-02-13 04:43:49 +00:00
parent f08d0e89c1
commit 07d6f12018
11 changed files with 80 additions and 80 deletions

View File

@@ -834,10 +834,10 @@ SWITCH_DECLARE(switch_status_t) switch_api_execute(char *cmd, char *arg, switch_
if (stream->event) {
if (cmd) {
switch_event_add_header(stream->event, SWITCH_STACK_BOTTOM, "API-Command", cmd);
switch_event_add_header(stream->event, SWITCH_STACK_BOTTOM, "API-Command", "%s", cmd);
}
if (arg) {
switch_event_add_header(stream->event, SWITCH_STACK_BOTTOM, "API-Command-Argument", arg);
switch_event_add_header(stream->event, SWITCH_STACK_BOTTOM, "API-Command-Argument", "%s", arg);
}
}