From 68b7d35dc38423657a1c0e0a11829b9281fa5d94 Mon Sep 17 00:00:00 2001
From: Rupa Schomaker <rupa@rupa.com>
Date: Fri, 22 Jan 2010 18:38:30 +0000
Subject: [PATCH] do not allow vars in looked up CIDs

git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@16464 d0543943-73ff-0310-b7d9-9358b9ac24b2
---
 src/mod/applications/mod_cidlookup/mod_cidlookup.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/mod/applications/mod_cidlookup/mod_cidlookup.c b/src/mod/applications/mod_cidlookup/mod_cidlookup.c
index c1b908d1e8..ed3061a02d 100755
--- a/src/mod/applications/mod_cidlookup/mod_cidlookup.c
+++ b/src/mod/applications/mod_cidlookup/mod_cidlookup.c
@@ -696,6 +696,11 @@ SWITCH_STANDARD_APP(cidlookup_app_function)
 		cid = do_lookup(pool, event, number, skipurl, skipcitystate);
 	}
 	
+	if (switch_string_var_check_const(cid->name)) {
+		switch_log_printf(SWITCH_CHANNEL_CHANNEL_LOG(channel), SWITCH_LOG_CRIT, "Invalid CID data {%s} contains a variable\n", cid->name);	
+		switch_goto_status(SWITCH_STATUS_GENERR, done);
+	}
+	
 	if (cid && channel) {
 		switch_channel_set_variable(channel, "original_caller_id_name", switch_core_strdup(pool, profile->caller_id_name));
 		if (!zstr(cid->src)) {
@@ -778,6 +783,11 @@ SWITCH_STANDARD_API(cidlookup_function)
 
 		cid = do_lookup(pool, event, argv[0], skipurl, skipcitystate);
 		if (cid) {
+			if (switch_string_var_check_const(cid->name)) {
+				switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_CRIT, "Invalid CID data {%s} contains a variable\n", cid->name);	
+				stream->write_function(stream, "-ERR Invalid CID data {%s} contains a variable\n", cid->name);
+				switch_goto_status(SWITCH_STATUS_SUCCESS, done);
+			}
 			stream->write_function(stream, cid->name);
 			if (verbose) {
 				stream->write_function(stream, " (%s) [%s]", cid->area, cid->src);