From: Nick Porter <nick@portercomputing.co.uk>
Date: Tue, 22 Oct 2024 06:36:09 +0000 (+0100)
Subject: Set safe_for child xlats inside a redundant xlat
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b3beb311ca855bc0de56c9f5aa25a80008035c9;p=thirdparty%2Ffreeradius-server.git

Set safe_for child xlats inside a redundant xlat
---

diff --git a/src/lib/unlang/xlat_redundant.c b/src/lib/unlang/xlat_redundant.c
index 27d85eb6dea..bd9b8aa1e5e 100644
--- a/src/lib/unlang/xlat_redundant.c
+++ b/src/lib/unlang/xlat_redundant.c
@@ -218,6 +218,25 @@ static xlat_exp_t *xlat_exp_func_alloc(TALLOC_CTX *ctx, xlat_t const *func, xlat
 	node->flags.impure_func = !func->flags.pure;
 	xlat_flags_merge(&node->flags, &args->flags);
 
+	if (func->input_type == XLAT_INPUT_ARGS) {
+		xlat_arg_parser_t const	*arg_p;
+		xlat_exp_t		*arg = xlat_exp_head(node->call.args);
+
+		/*
+		 *      The original tokenizing is done using the redundant xlat argument parser
+		 *      so the boxes haven't been marked up with the appropriate "safe for".
+		 */
+		for (arg_p = node->call.func->args; arg_p->type != FR_TYPE_NULL; arg_p++) {
+		        if (!arg) break;
+
+		        xlat_exp_foreach(arg->group, child) {
+		                if (child->type == XLAT_BOX) fr_value_box_mark_safe_for(&child->data, arg_p->safe_for);
+		        }
+
+		        arg = xlat_exp_next(node->call.args, arg);
+		}
+	}
+
 	/*
 	 *	If the function is pure, AND it's arguments are pure,
 	 *	then remember that we need to call a pure function.