> The string (RFC type 'text') should be escaped before being added to the concatenation buffer. I'll take
a look and see if it's fixed in later versions.
maybe the entire attribute value data is copied
but when sql_escape_func from rlm_sql module is called it stops on the first NUL byte in it, so maybe the escaping fails?