From: Alan T. DeKok <aland@freeradius.org>
Date: Sun, 15 Oct 2023 13:35:37 +0000 (-0400)
Subject: start of cleaning up escaping rules
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b29533b23a77cc108b26ed35310c50663a67d997;p=thirdparty%2Ffreeradius-server.git

start of cleaning up escaping rules

note that fr_value_box_print() does NOT respect tainting

fix a few callers to just re-implement print_quoted()
---

diff --git a/src/lib/unlang/xlat_tokenize.c b/src/lib/unlang/xlat_tokenize.c
index f49de2ef836..256dc4ae9e8 100644
--- a/src/lib/unlang/xlat_tokenize.c
+++ b/src/lib/unlang/xlat_tokenize.c
@@ -1460,9 +1460,7 @@ ssize_t xlat_print_node(fr_sbuff_t *out, xlat_exp_head_t const *head, xlat_exp_t
 		if (node->quote == T_BARE_WORD) {
 			FR_SBUFF_RETURN(fr_value_box_print, out, &node->data, e_rules);
 		} else {
-			FR_SBUFF_IN_CHAR_RETURN(out, fr_token_quote[node->quote]);
-			FR_SBUFF_RETURN(fr_value_box_print, out, &node->data, fr_value_escape_by_quote[node->quote]);
-			FR_SBUFF_IN_CHAR_RETURN(out, fr_token_quote[node->quote]);
+			FR_SBUFF_RETURN(fr_value_box_print_quoted, out, &node->data, node->quote);
 		}
 		goto done;
 
diff --git a/src/lib/util/pair_print.c b/src/lib/util/pair_print.c
index db6ec888cc7..b7877b5d8cb 100644
--- a/src/lib/util/pair_print.c
+++ b/src/lib/util/pair_print.c
@@ -167,9 +167,7 @@ ssize_t fr_pair_print_secure(fr_sbuff_t *out, fr_dict_attr_t const *parent, fr_p
 			FALL_THROUGH;
 
 		case FR_TYPE_DATE:
-			FR_SBUFF_IN_CHAR_RETURN(&our_out, '"');
-			FR_SBUFF_RETURN(fr_value_box_print, &our_out, &vp->data, &fr_value_escape_double);
-			FR_SBUFF_IN_CHAR_RETURN(&our_out, '"');
+			FR_SBUFF_RETURN(fr_value_box_print_quoted, &our_out, &vp->data, T_DOUBLE_QUOTED_STRING);
 			break;
 
 		case FR_TYPE_OCTETS:
diff --git a/src/lib/util/value.c b/src/lib/util/value.c
index b2836df3da6..5eefaeb1288 100644
--- a/src/lib/util/value.c
+++ b/src/lib/util/value.c
@@ -5113,9 +5113,12 @@ ssize_t fr_value_box_from_str(TALLOC_CTX *ctx, fr_value_box_t *dst,
  * in a database, in all other instances it's better to use
  * #fr_value_box_print_quoted.
  *
+ * @note - this function does NOT respect tainting!  The escaping rules
+ * are ONLY for escaping quotation characters, CR, LF, etc.
+ *
  * @param[in] out	Where to write the printed string.
  * @param[in] data	Value box to print.
- * @param[in] e_rules	To apply to FR_TYPE_STRING types.
+ * @param[in] e_rules	To apply to FR_TYPE_STRING types, for escaping quotation characters _only_.
  *			Is not currently applied to any other box type.
  */
 ssize_t fr_value_box_print(fr_sbuff_t *out, fr_value_box_t const *data, fr_sbuff_escape_rules_t const *e_rules)