diff options
Diffstat (limited to 'funcs/func_shell.c')
-rw-r--r-- | funcs/func_shell.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/funcs/func_shell.c b/funcs/func_shell.c index 0398cd839..fe1debe88 100644 --- a/funcs/func_shell.c +++ b/funcs/func_shell.c @@ -82,6 +82,11 @@ static int shell_helper(struct ast_channel *chan, const char *cmd, char *data, <syntax> <parameter name="command" required="true"> <para>The command that the shell should execute.</para> + <warning><para>Do not use untrusted strings such as <variable>CALLERID(num)</variable> + or <variable>CALLERID(name)</variable> as part of the command parameters. You + risk a command injection attack executing arbitrary commands if the untrusted + strings aren't filtered to remove dangerous characters. See function + <variable>FILTER()</variable>.</para></warning> </parameter> </syntax> <description> |