invalid variable

Stelian Ionescu sionescu at cddr.org
Tue Jun 11 17:36:30 CEST 2013


On Tue, 2013-06-11 at 11:10 -0400, Alan DeKok wrote:
> Stelian Ionescu wrote:
> > It's true that copy_request_to_tunnel wasn't set to "yes", but the
> > problem still remains in that radius_axlat() didn't output a literal '?'
> > but its hex-encoding, and that's caused by the way sql escaping is
> > currently done.
> 
>   The escaping is controlled by the "safe-characters" configuration in
> SQL.  If you want to allow '?', edit that configuration item.
> 
> > Give these request VPs:
> > 
> > Event-Timestamp = 'Jun  7 2013 18:02:09 CEST'
> > SQL-User-Name = 'test'
> > 
> > then the SQL fragment
> > 
> > «COALESCE(NULLIF('%{Event-Timestamp}', ''), '%S')::timestamp with time zone,'%{SQL-User-Name}'»
> > 
> > gets translated into
> > 
> > «COALESCE(NULLIF('Jun  7 2013 18:02:09 CEST=27=2C =27=27=29=2C =271970-01-01 01:00:00=27=29::timestamp with time zone=2C=27test'»
> > 
> > Notice how the apostrophes and commas are getting hex-encoded, thereby
> > making the resulting query invalid.
> 
>   Because that's how the SQL escaping function works.  See?

No, it's a regression. On 2.* commas and apostrophes part of the literal
query as embedded in dialup.conf didn't get escaped, only the various
expansions; but now the whole query gets escaped	.

-- 
Stelian Ionescu a.k.a. fe[nl]ix
Quidquid latine dictum sit, altum videtur.
http://common-lisp.net/project/iolib

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20130611/54214fab/attachment.pgp>


More information about the Freeradius-Devel mailing list