<?xml version="1.0"?>\r
<configuration>\r
<appSettings>\r
- <add key="connectionString" value="DSN=easyroute;User=root;Password=;" />\r
+ <add key="connectionString" value="DSN=easyroute;User=root;Pwd=;" />\r
<add key="defaultProfile" value="sofia/default"/>\r
<add key="defaultGateway" value="192.168.1.1"/>\r
- <!-- customQuery can be defined. Fields must be in the same order, and the number parameter must be %number% -->\r
- <!-- <add key="customQuery" value="SELECT gateways.gateway_ip, gateways.group, gateways.limit, gateways.techprofile, numbers.acctcode, numbers.translated from gateways, numbers where numbers.number = %number% and numbers.gateway_id = gateways.gateway_id;" /> -->\r
+ <!-- query can be changed, but fields must be in the same order, and the number parameter must be %number% -->\r
+ <add key="query" value="SELECT gateways.gateway_ip, gateways.group, gateways.limit, gateways.techprofile, numbers.acctcode, numbers.translated from gateways, numbers where numbers.number = %number% and numbers.gateway_id = gateways.gateway_id;" />\r
+ \r
+ <!-- MySQL and other DBs improperly consider \ to be an escape character. easyroute will remove all backslashes from queries to be safe. \r
+ if you can handle backlashes properly, set keepBackslashes to true. -->\r
+ <!-- <add key="keepBackslashes" value="false" -->\r
+ \r
+ <!-- To avoid other injections, the incoming number will remove characters matching this regex. Default [^0-9#\*] allows only digits, # and *.-->\r
+ <add key="numberRegexFilter" value="[^0-9#\*]" />\r
</appSettings>\r
</configuration>
\ No newline at end of file
<?xml version="1.0"?>\r
<configuration>\r
<appSettings>\r
- <add key="connectionString" value="DSN=easyroute;User=root;Password=;" />\r
+ <add key="connectionString" value="DSN=easyroute;User=root;Pwd=;" />\r
<add key="defaultProfile" value="sofia/default"/>\r
<add key="defaultGateway" value="192.168.1.1"/>\r
- <!-- customQuery can be defined. Fields must be in the same order, and the number parameter must be %number% -->\r
- <!-- <add key="customQuery" value="SELECT gateways.gateway_ip, gateways.group, gateways.limit, gateways.techprofile, numbers.acctcode, numbers.translated from gateways, numbers where numbers.number = %number% and numbers.gateway_id = gateways.gateway_id;" /> -->\r
+ <!-- query can be changed, but fields must be in the same order, and the number parameter must be %number% -->\r
+ <add key="query" value="SELECT gateways.gateway_ip, gateways.group, gateways.limit, gateways.techprofile, numbers.acctcode, numbers.translated from gateways, numbers where numbers.number = %number% and numbers.gateway_id = gateways.gateway_id;" />\r
+ \r
+ <!-- MySQL and other DBs improperly consider \ to be an escape character. easyroute will remove all backslashes from queries to be safe. \r
+ if you can handle backlashes properly, set keepBackslashes to true. -->\r
+ <!-- <add key="keepBackslashes" value="false" -->\r
+ \r
+ <!-- To avoid other injections, the incoming number will remove characters matching this regex. Default [^0-9#\*] allows only digits, # and *.-->\r
+ <add key="numberRegexFilter" value="[^0-9#\*]" />\r
</appSettings>\r
</configuration>
\ No newline at end of file
type QueryResult = { dialstring: string; group: string; acctcode: string; limit: int; translated: string }\r
\r
module easyroute =\r
+ let defaultStr def = function null | "" -> def | s -> s\r
let getAppSetting (name:string) = match Configuration.ConfigurationManager.AppSettings.Get name with null -> "" | x -> x\r
let connString = getAppSetting "connectionString"\r
let defaultProfile = getAppSetting "defaultProfile"\r
let defaultGateway = getAppSetting "defaultGateway"\r
- let query = match getAppSetting "customQuery" with\r
- | "" -> "SELECT gateways.gateway_ip, gateways.group, gateways.limit, gateways.techprofile, numbers.acctcode, numbers.translated from gateways, numbers where numbers.number = %number% and numbers.gateway_id = gateways.gateway_id;"\r
- | x -> x \r
+ let query = getAppSetting "query"\r
let configOk = [ connString; defaultProfile; defaultGateway; query; ] |> List.forall (String.IsNullOrEmpty >> not)\r
+ let keepBackslashes = defaultStr "false" (getAppSetting "keepBackslashes") = "true"\r
+ let numberRegexFilter = defaultStr "[^0-9#]" (getAppSetting "numberRegexFilter")\r
\r
let formatDialstring number gateway profile separator = \r
match separator with \r
limit = 9999; group = ""; acctcode = ""; translated = number; }\r
\r
let readResult (r: IDataReader) number sep =\r
- let defString def = function null | "" -> def | s -> s\r
- let gw = defString defaultGateway <| r.GetString(0)\r
+ let gw = defaultStr defaultGateway <| r.GetString(0)\r
let group = r.GetString(1)\r
let limit = match r.GetInt32(2) with 0 -> 9999 | x -> x\r
- let profile = defString defaultProfile <| r.GetString(3)\r
+ let profile = defaultStr defaultProfile <| r.GetString(3)\r
let acctcode = r.GetString(4)\r
let translated = r.GetString(5)\r
let dialstring = formatDialstring number gw profile sep\r
{ dialstring = dialstring; limit = limit; group = group; acctcode = acctcode; translated = translated; }\r
\r
+ let regexOpts = Text.RegularExpressions.RegexOptions.Compiled ||| Text.RegularExpressions.RegexOptions.CultureInvariant\r
let lookup (number: string) sep =\r
try\r
- let query = query.Replace("%number%", sprintf "'%s'" (number.Replace(@"\'", "'").Replace("'", "''"))) // Don't use params cause some odbc drivers are awesome\r
+ let number = if numberRegexFilter = "" then number else Text.RegularExpressions.Regex.Replace(number, numberRegexFilter, "", regexOpts)\r
+ let number = if keepBackslashes then number else number.Replace("\\", "") \r
+ let query = query.Replace("%number%", sprintf "'%s'" (number.Replace("'", "''"))) // Don't use params cause some odbc drivers are awesome\r
Log.WriteLine(LogLevel.Debug, "EasyRoute query prepared: {0}", query)\r
use conn = new Odbc.OdbcConnection(connString)\r
use comm = new Odbc.OdbcCommand(query, conn)\r