Closed
Bug 845361
Opened 12 years ago
Closed 12 years ago
Dialer does not correctly validate input to the dial activity handler
Categories
(Firefox OS Graveyard :: Gaia::Dialer, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 836215
People
(Reporter: st3fan, Assigned: kgrandon)
References
Details
(This is related to bug 845045 but not the same. This requires more extensive changes.)
The dial activity handler does not correctly reject invalid phone numbers.
I am able to ask it to dial for example the following numbers:
"<h1>Cheese</h1>"
"!@#$%^&*()_+=-"
"hello \u2673 foo"
All these are invalid and should be rejected. Instead the dialer currently simply shows the above strings as the entered number and lets me dial it.
Instead the activity should return an appropriate error code when an invalid number is passed to it and the the dialer should simply never appear.
Assignee | ||
Comment 1•12 years ago
|
||
I should be able to take this one as well as I just implemented the sanitize function. I think along with truncation if we simple strip out all non-valid characters we should be fine here.
I think that the regex would be something like: number.replace(/[^0-9+*#]/g, '')
Assignee: nobody → kgrandon
Reporter | ||
Comment 2•12 years ago
|
||
Isn't the + optional and only at the beginning of the number?
Also, we probably do want to support dialing 800-FIR-EFOX from activities?
Maybe that warrants a second bug :-)
Comment 3•12 years ago
|
||
Again, this should have been fixed on 835750 and/or 836215.
Comment 4•12 years ago
|
||
(clearing tef? for now. doesn't sound like a security issue or critical failure for v1.0.1)
blocking-b2g: tef? → ---
Assignee | ||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•