From: Alan T. DeKok <aland@freeradius.org>
Date: Sun, 11 May 2025 22:07:32 +0000 (-0400)
Subject: only set safe_for if the data was escaped
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=598207da797fce136d93bfb0314f628e6d2e9f7f;p=thirdparty%2Ffreeradius-server.git

only set safe_for if the data was escaped

this shouldn't have any practical difference, as the argument
parser sets t_rules->literals_safe_for = arg->safe_for.  So literals
are already marked up as safe.

Arguably that function shouldn't do that, either.
---

diff --git a/src/lib/unlang/xlat_eval.c b/src/lib/unlang/xlat_eval.c
index 64638caa212..ae2e32c6020 100644
--- a/src/lib/unlang/xlat_eval.c
+++ b/src/lib/unlang/xlat_eval.c
@@ -304,7 +304,11 @@ static int xlat_arg_stringify(request_t *request, xlat_arg_parser_t const *arg,
 			return -1;
 		}
 
-		fr_value_box_mark_safe_for(vb, arg->safe_for);
+		/*
+		 *	Do NOT mark this as safe for anything.  The inputs could have come from anywhere.
+		 *
+		 *	The arg->safe_for value is set ONLY after the data has been escaped.
+		 */
 		return 0;
 	}