[cisco-voip] UDS Searches not sanitizing the Plus Symbol

Anthony Holloway avholloway+cisco-voip at gmail.com
Thu Apr 13 00:16:47 EDT 2017


No worries.  Transitioning to app dev will be a bumpy road for a lot of UC
Engineers, we might as well help each other progress forward.

On Wed, Apr 12, 2017 at 9:37 PM Nathan Reeves <nathan.a.reeves at gmail.com>
wrote:

> lol, cheers for that, should have picked that up earlier.  Quick test
> shows that works perfectly.
>
> When the docs mention that it ignores the plus symbol, I was working on
> the assumption that it therefore would ignore the plus symbol in the actual
> number.  Wrong assumption.
>
> Thanks again
>
>
> On Wed, Apr 12, 2017 at 11:57 PM, Anthony Holloway <
> avholloway+cisco-voip at gmail.com> wrote:
>
>> Plus signs (+) in URL query parameters (the part after the question mark
>> [?]) are treated as spaces.  E.g., ?name=anthony+holloway == "anthony
>> holloway"  So, you're effectively asking UDS for " 61400111111" (note the
>> leading space, and omission of the plus sign [+]).
>>
>> The work around is to use some sort of URL encoding library, which will
>> build your URL with the plus sign (+) encoded with it's percent sign (%)
>> equivelent, which happens to be %2B.
>>
>> So, your submitted UDS request would actually look like:
>>
>> https://172.20.2.21:8443/cucm-uds/users?number=%2B61400111111
>>
>> Finally, this is not a function of UDS at all, and something you'll need
>> to know, now that you are explorely RESTful APIs which rely on URL
>> structures to work with data.
>>
>> On Wed, Apr 12, 2017 at 10:46 AM Nathan Reeves <nathan.a.reeves at gmail.com>
>> wrote:
>>
>>> Taking a look around at what options we have to drive additional
>>> directories for our IP phones and decided to take a quick look at using UDS
>>> as the data source, accessing it via the published API.
>>>
>>> One thing I'm finding (which I can't see any bug report on), is that
>>> number searches, where the number in UDS contains a plus, does not return
>>> search results based on the query submitted.
>>>
>>> I have a user configured with a mobile number in PlusE164 (+61400111111
>>> <+61%20400%20111%20111> for example) which is pulled into the CUCM
>>> directory via LDAP sync.
>>>
>>> The API docs note that brackets, plus symbols etc are all ignored in the
>>> search.  When I access the UDS API and construct a query string in a URL
>>> along the lines of 'https://172.20.2.21:8443/cucm-uds/users?number=61400',
>>> the returned response is 0 results.  If I update the Mobile number to
>>> remove just the plus (and resync LDAP), the same search now returns my user
>>> with the mobile number correctly searched.
>>>
>>> Running 11.5(1)SU1 (haven't yet checked this against SU2), attempted to
>>> use native UDS but also tried searching while UDS Proxy is enabled.  Same
>>> results either way.
>>>
>>> Anyone seen this issue or am I missing something?  I can only assume
>>> that the sanitized query doesn't correctly ignore the plus symbol.
>>>
>>> Cheers
>>>
>>> Nathan
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20170413/188d997a/attachment.html>


More information about the cisco-voip mailing list