summaryrefslogtreecommitdiff
path: root/apps/app_system.c
diff options
context:
space:
mode:
Diffstat (limited to 'apps/app_system.c')
-rw-r--r--apps/app_system.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/apps/app_system.c b/apps/app_system.c
index 09179f7f7..64d529798 100644
--- a/apps/app_system.c
+++ b/apps/app_system.c
@@ -46,6 +46,11 @@
<syntax>
<parameter name="command" required="true">
<para>Command to execute</para>
+ <warning><para>Do not use untrusted strings such as <variable>CALLERID(num)</variable>
+ or <variable>CALLERID(name)</variable> as part of the command parameters. You
+ risk a command injection attack executing arbitrary commands if the untrusted
+ strings aren't filtered to remove dangerous characters. See function
+ <variable>FILTER()</variable>.</para></warning>
</parameter>
</syntax>
<description>
@@ -71,6 +76,11 @@
<syntax>
<parameter name="command" required="true">
<para>Command to execute</para>
+ <warning><para>Do not use untrusted strings such as <variable>CALLERID(num)</variable>
+ or <variable>CALLERID(name)</variable> as part of the command parameters. You
+ risk a command injection attack executing arbitrary commands if the untrusted
+ strings aren't filtered to remove dangerous characters. See function
+ <variable>FILTER()</variable>.</para></warning>
</parameter>
</syntax>
<description>
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-27 17:51:55 +0000