| Summary: | ASTERISK-11415: Usage of Goto() in an included context can cause unexpected behaviour | ||
| Reporter: | Leif Madsen (lmadsen) | Labels: | |
| Date Opened: | 2008-02-11 08:49:29.000-0600 | Date Closed: | 2008-02-27 14:19:39.000-0600 |
| Priority: | Minor | Regression? | No |
| Status: | Closed/Complete | Components: | PBX/pbx_config |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | I found this interesting little tidbit of usage behaviour yesterday when writing some dialplan. Here is a simplified example of what I ran into: [phones] include => callControl include => checkVoicemail [callControl] exten => preAuth,1,NoOp(well hello there) ; <-- this is what gets matched when you do the Goto() from the checkVoicemail context. [checkVoicemail] exten => 8500,1,Goto(preAuth,1) exten => preAuth,1,NoOp(this does not get hit as you might expect) ****** ADDITIONAL INFORMATION ****** You would expect the Goto() to jump to the preAuth,1 inside the [checkVoicemail] context, but Asterisk actually tries to execute the Goto() in the [phones] context, and thus delivers the call to [callControl]'s preAuth and not that in [checkVoicemail]. This could inadvertently cause some security issues within the dialplan. The work around is to specify the whole context,exten,priority triplet inside the Goto(). | ||
| Comments: | By: Leif Madsen (lmadsen) 2008-02-11 08:56:42.000-0600 Yes I realize all of this is normal because the included context is not where dialplan execution jumps to, but I still think it'd be nice if we could pop up a notice or something in these situations. By: Jared Smith (jsmith) 2008-02-11 08:57:59.000-0600 I don't think this is a bug, simply a feature that could use a little more documentation. In and of itself it poses no security risk -- it is only a security risk if users expect some other behavior from include statements. By: Leif Madsen (lmadsen) 2008-02-11 09:02:07.000-0600 I disagree with the usage of the word "feature" because I can't think of any practical reason why this would ever be expected or useful in sane dialplan practice (i.e. why you would ever intentionally do the Goto() to some other part of the dialplan by *not* specifying the context). I do agree this is not exactly a *bug* but Asterisk dialplan is already daunting enough that very subtle things like this cause all sorts of grief for users. Documentation is good, but I'm in favour of making some of these kinds of issues a little more obvious to the user. By: Tilghman Lesher (tilghman) 2008-02-11 11:36:58.000-0600 Well, this is working the way it is designed, and I can't think of any steps we could take that won't massively slow down the dialplan. The best way to approach this is with a "Best Practices" document that describes this situation and how to avoid it. By: Leif Madsen (lmadsen) 2008-02-11 11:39:47.000-0600 Or how about a note in 'core show application Goto() and GotoIf()' as I haven't really found a good place in the doc/ folder to add a section about includes (since a best practices document is a larger scope than what we're talking aboot here)? By: Tilghman Lesher (tilghman) 2008-02-27 14:19:39.000-0600 It's interesting, but I don't think it belongs in the application help text, since it's more likely to confuse than assist. Somewhere in external documentation is fine. | ||