Merged revisions 219023 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.4

........
  r219023 | tilghman | 2009-09-16 18:21:53 -0500 (Wed, 16 Sep 2009) | 8 lines

  Properly deal with quotes in the arguments of '#exec' includes.
  (closes issue #15583)
   Reported by: pkempgen
   Patches:
         20090726__issue15583.diff.txt uploaded by tilghman (license 14)
         20090726__issue15583-1.4-4.diff.txt uploaded by pkempgen (license 169)
   Tested by: pkempgen
........

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@219061 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/configs/extensions.conf.sample b/configs/extensions.conf.sample
index 997c97e..0cf8542 100644 (file)
--- a/configs/extensions.conf.sample
+++ b/configs/extensions.conf.sample
@@ -106,6 +106,8 @@ clearglobalvars=no
 ; that includes contexts within other contexts. The #include command works
 ; in all asterisk configuration files.
 ;#include "filename.conf"
+;#include <filename.conf>
+;#include filename.conf
 ;
 ; You can execute a program or script that produces config files, and they
 ; will be inserted where you insert the #exec command. The #exec command
@@ -113,6 +115,9 @@ clearglobalvars=no
 ; activate them within asterisk.conf with the "execincludes" option.  They
 ; are otherwise considered a security risk.
 ;#exec /opt/bin/build-extra-contexts.sh
+;#exec /opt/bin/build-extra-contexts.sh --foo="bar"
+;#exec </opt/bin/build-extra-contexts.sh --foo="bar">
+;#exec "/opt/bin/build-extra-contexts.sh --foo=\"bar\""
 ;
 
 ; The "Globals" category contains global variables that can be referenced

diff --git a/main/config.c b/main/config.c
index f726548..c17d22b 100644 (file)
--- a/main/config.c
+++ b/main/config.c
@@ -1062,18 +1062,28 @@ static int process_text_line(struct ast_config *cfg, struct ast_category **cat,
                        return 0;       /* XXX is this correct ? or we should return -1 ? */
                }
 
-               /* Strip off leading and trailing "'s and <>'s */
-               while ((*c == '<') || (*c == '>') || (*c == '\"')) c++;
-               /* Get rid of leading mess */
                cur = c;
-               cur2 = cur;
-               while (!ast_strlen_zero(cur)) {
-                       c = cur + strlen(cur) - 1;
-                       if ((*c == '>') || (*c == '<') || (*c == '\"'))
-                               *c = '\0';
-                       else
-                               break;
+               /* Strip off leading and trailing "'s and <>'s */
+               if (*c == '"') {
+                       /* Dequote */
+                       while (*c) {
+                               if (*c == '"') {
+                                       strcpy(c, c + 1); /* SAFE */
+                                       c--;
+                               } else if (*c == '\\') {
+                                       strcpy(c, c + 1); /* SAFE */
+                               }
+                               c++;
+                       }
+               } else if (*c == '<') {
+                       /* C-style include */
+                       if (*(c + strlen(c) - 1) == '>') {
+                               cur++;
+                               *(c + strlen(c) - 1) = '\0';
+                       }
                }
+               cur2 = cur;
+
                /* #exec </path/to/executable>
                   We create a tmp file, then we #include it, then we delete it. */
                if (!do_include) {