[cisco-voip] UDS Searches not sanitizing the Plus Symbol

Anthony Holloway avholloway+cisco-voip at gmail.com
Wed Apr 12 11:57:53 EDT 2017


Plus signs (+) in URL query parameters (the part after the question mark
[?]) are treated as spaces.  E.g., ?name=anthony+holloway == "anthony
holloway"  So, you're effectively asking UDS for " 61400111111" (note the
leading space, and omission of the plus sign [+]).

The work around is to use some sort of URL encoding library, which will
build your URL with the plus sign (+) encoded with it's percent sign (%)
equivelent, which happens to be %2B.

So, your submitted UDS request would actually look like:

https://172.20.2.21:8443/cucm-uds/users?number=%2B61400111111

Finally, this is not a function of UDS at all, and something you'll need to
know, now that you are explorely RESTful APIs which rely on URL structures
to work with data.

On Wed, Apr 12, 2017 at 10:46 AM Nathan Reeves <nathan.a.reeves at gmail.com>
wrote:

> Taking a look around at what options we have to drive additional
> directories for our IP phones and decided to take a quick look at using UDS
> as the data source, accessing it via the published API.
>
> One thing I'm finding (which I can't see any bug report on), is that
> number searches, where the number in UDS contains a plus, does not return
> search results based on the query submitted.
>
> I have a user configured with a mobile number in PlusE164 (+61400111111
> <+61%20400%20111%20111> for example) which is pulled into the CUCM
> directory via LDAP sync.
>
> The API docs note that brackets, plus symbols etc are all ignored in the
> search.  When I access the UDS API and construct a query string in a URL
> along the lines of 'https://172.20.2.21:8443/cucm-uds/users?number=61400',
> the returned response is 0 results.  If I update the Mobile number to
> remove just the plus (and resync LDAP), the same search now returns my user
> with the mobile number correctly searched.
>
> Running 11.5(1)SU1 (haven't yet checked this against SU2), attempted to
> use native UDS but also tried searching while UDS Proxy is enabled.  Same
> results either way.
>
> Anyone seen this issue or am I missing something?  I can only assume that
> the sanitized query doesn't correctly ignore the plus symbol.
>
> Cheers
>
> Nathan
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20170412/a087837c/attachment.html>


More information about the cisco-voip mailing list