[EMAIL PROTECTED] (Paul Hampson) wrote: > Hmm. Now I think about it, we could solve this problem finally by adding > a 'safe-chars' configuration variable to rlm_sql, and trust the local > admin to only have characters in the list that are locally safe...
That's the best thing. The 'sql_escape_string' function doesn't take an "inst" parameter. That can be fixed by making the list of escaped characters a global. It's ugly, but it will work. For that, I'd recommend something like "int allowed[256]", and then in sql_instantiate, set the allowed entries to one. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
