Problem when trying to store NAS-Port-ID into radpostauth table

Antônio Modesto modesto at
Fri Sep 17 16:23:12 CEST 2021

On 17/09/2021 10:51, Alan DeKok wrote:
> On Sep 17, 2021, at 9:14 AM, Antônio Modesto <modesto at> wrote:
>> That's really a problem. I did some tests and I don't think it is possible to do sql injection without allowing a single quote in safe_characters. Am I missing something?
>    Backslashes?  Various other things?  You'll have to investigate your particular database in detail to see what's possible.
>    We've listed what we know is safe.  Anything else is potentially dangerous.
>    Alan DeKok.

That's true. I will need to replace every ";" in the NAS-Port-Id 
attribute with another character, "/" for example. Do you know how can I 
do that without using the "%{sub:" function? (Not all my servers have 
the proper version to use that already)

> -
> List info/subscribe/unsubscribe? See
Att, *Antônio Modesto*

More information about the Freeradius-Users mailing list