From karvan at users.callweaver.org  Wed Jan  5 13:50:25 2011
From: karvan at users.callweaver.org (karvan at users.callweaver.org)
Date: Wed,  5 Jan 2011 13:50:25 +0100
Subject: [Callweaver-svn] r5717 -
	callweaver/branches/rel/1.2/include/callweaver
Message-ID: <20110105125025.98BC911C5ED@bigloom.callweaver.org>

Author: karvan
Date: 2011-01-05 13:50:25 +0100 (Wed, 05 Jan 2011)
New Revision: 5717

Modified:
   callweaver/branches/rel/1.2/include/callweaver/cwobj.h
Log:
Fixed unsecure code.

When dumping the object, use '%s' and pass the string, don't use it as a format element.


Modified: callweaver/branches/rel/1.2/include/callweaver/cwobj.h
===================================================================
--- callweaver/branches/rel/1.2/include/callweaver/cwobj.h	2010-07-15 15:58:13 UTC (rev 5716)
+++ callweaver/branches/rel/1.2/include/callweaver/cwobj.h	2011-01-05 12:50:25 UTC (rev 5717)
@@ -743,7 +743,7 @@
  * descriptor.
  */
 #define CWOBJ_CONTAINER_DUMP(fd,s,slen,container) \
-	CWOBJ_CONTAINER_TRAVERSE(container, 1, do { CWOBJ_DUMP(s,slen,iterator); cw_cli(fd, s); } while(0))
+	CWOBJ_CONTAINER_TRAVERSE(container, 1, do { CWOBJ_DUMP(s,slen,iterator); cw_cli(fd, "%s", s); } while(0))
 
 #if defined(__cplusplus) || defined(c_plusplus)
 }