From 89b133dfb011ed453a6444b2f2d54eeba82a0216 Mon Sep 17 00:00:00 2001 From: "B. Watson" Date: Sun, 14 Apr 2024 03:56:08 -0400 Subject: soxdial: sanitize dial string in --verbose output. --- soxdial | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/soxdial b/soxdial index 6036e2b..5e6c808 100755 --- a/soxdial +++ b/soxdial @@ -770,10 +770,15 @@ for ($argc = 0; $argc < @ARGV; $argc++) { warn "$SELF: bluebox mode disabled (touchtone enabled).\n" if $verbose; } else { $_ = lc $_; + + # paranoia: in case we get non-printable characters, we don't want + # to print them in verbose mode (yes, I use /dev/urandom for testing). + ($printable = $_) =~ s,[^\x20-\x7e],.,g; + if($verbose && (/^--?[a-z]/i)) { - warn "$SELF: treating '$_' as a dial string (might be a typo?)\n"; + warn "$SELF: treating '$printable' as a dial string (might be a typo?)\n"; } - warn "$SELF: start dial string '$_'\n" if $verbose; + warn "$SELF: start dial string '$printable'\n" if $verbose; my $time_override; if($bluebox) { @@ -802,7 +807,7 @@ for ($argc = 0; $argc < @ARGV; $argc++) { warn "$SELF: no valid digits in dial string.\n" if $verbose; } - warn "$SELF: end dial string '$_'\n" if $verbose; + warn "$SELF: end dial string '$printable'\n" if $verbose; } } -- cgit v1.2.3