only set safe_for if the data was escaped

this shouldn't have any practical difference, as the argument
parser sets t_rules->literals_safe_for = arg->safe_for.  So literals
are already marked up as safe.

Arguably that function shouldn't do that, either.

diff --git a/src/lib/unlang/xlat_eval.c b/src/lib/unlang/xlat_eval.c
index 64638caa21283e282fc35c60817bf30d45a7f0a0..ae2e32c602019fa905065e51a385a53356f1e70a 100644 (file)
--- a/src/lib/unlang/xlat_eval.c
+++ b/src/lib/unlang/xlat_eval.c
@@ -304,7 +304,11 @@ static int xlat_arg_stringify(request_t *request, xlat_arg_parser_t const *arg,
                        return -1;
                }
 
-               fr_value_box_mark_safe_for(vb, arg->safe_for);
+               /*
+                *      Do NOT mark this as safe for anything.  The inputs could have come from anywhere.
+                *
+                *      The arg->safe_for value is set ONLY after the data has been escaped.
+                */
                return 0;
        }