invalid variable

Matthew Newton mcn4 at leicester.ac.uk
Tue Jun 11 17:22:21 CEST 2013


On Tue, Jun 11, 2013 at 05:02:33PM +0200, Stelian Ionescu wrote:
> then the SQL fragment
> 
> «COALESCE(NULLIF('%{Event-Timestamp}', ''), '%S')::timestamp with time zone,'%{SQL-User-Name}'»
> 
> gets translated into
> 
> «COALESCE(NULLIF('Jun  7 2013 18:02:09 CEST=27=2C =27=27=29=2C =271970-01-01 01:00:00=27=29::timestamp with time zone=2C=27test'»
> 
> Notice how the apostrophes and commas are getting hex-encoded, thereby
> making the resulting query invalid.

Check out 'safe-characters' in sql/*/dialup.conf

But be careful in what you permit, as it's there to protect you...

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Devel mailing list