From 89b133dfb011ed453a6444b2f2d54eeba82a0216 Mon Sep 17 00:00:00 2001
From: "B. Watson" <urchlay@slackware.uk>
Date: Sun, 14 Apr 2024 03:56:08 -0400
Subject: soxdial: sanitize dial string in --verbose output.

---
 soxdial | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/soxdial b/soxdial
index 6036e2b..5e6c808 100755
--- a/soxdial
+++ b/soxdial
@@ -770,10 +770,15 @@ for ($argc = 0; $argc < @ARGV; $argc++) {
 		warn "$SELF: bluebox mode disabled (touchtone enabled).\n" if $verbose;
 	} else {
 		$_ = lc $_;
+
+		# paranoia: in case we get non-printable characters, we don't want
+		# to print them in verbose mode (yes, I use /dev/urandom for testing).
+		($printable = $_) =~ s,[^\x20-\x7e],.,g;
+
 		if($verbose && (/^--?[a-z]/i)) {
-			warn "$SELF: treating '$_' as a dial string (might be a typo?)\n";
+			warn "$SELF: treating '$printable' as a dial string (might be a typo?)\n";
 		}
-		warn "$SELF: start dial string '$_'\n" if $verbose;
+		warn "$SELF: start dial string '$printable'\n" if $verbose;
 
 		my $time_override;
 		if($bluebox) {
@@ -802,7 +807,7 @@ for ($argc = 0; $argc < @ARGV; $argc++) {
 			warn "$SELF: no valid digits in dial string.\n" if $verbose;
 		}
 
-		warn "$SELF: end dial string '$_'\n" if $verbose;
+		warn "$SELF: end dial string '$printable'\n" if $verbose;
 	}
 }
 
-- 
cgit v1.2.3