On 2 Nov 2014, at 17:40, Alan DeKok <aland@deployingradius.com> wrote:
Arran Cudbard-Bell wrote:
I've pushed a fix to process UTF8 chars correctly for the %{escape:} and %{unescape:} xlats.
OK.
I'm guessing the decision to pass through UTF8 chars here is more a matter of convenience for the administrator than not wanting to write the code :)
O(N^2) string comparisons are bad.
Well, yes.
The problematic SQL characters are ASCII. They need to be escaped. The rest can be passed through to SQL.
It might be a good idea add an additional (optional) callback for the drivers, to call driver specific escape functions. If one of those functions is registered for a driver, we don't call sql_escape_func. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2