From: Nick Porter <nick@portercomputing.co.uk>
Date: Thu, 18 Jul 2024 09:58:28 +0000 (+0100)
Subject: Use attribute with non SQL safe characters in SQL map query
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f0f170adde9d0578e764d86da0bdb55ee2b5b0f5;p=thirdparty%2Ffreeradius-server.git

Use attribute with non SQL safe characters in SQL map query
---

diff --git a/src/tests/modules/sql/map.attrs b/src/tests/modules/sql/map.attrs
index 10e11660cc7..1555c2419b7 100644
--- a/src/tests/modules/sql/map.attrs
+++ b/src/tests/modules/sql/map.attrs
@@ -3,6 +3,7 @@
 #
 Packet-Type = Access-Request
 User-Name = 'bob'
+NAS-Identifier = un'sa"fe;
 
 #
 #  Expected answer
diff --git a/src/tests/modules/sql/map.unlang b/src/tests/modules/sql/map.unlang
index 210b33de6be..341256d15ec 100644
--- a/src/tests/modules/sql/map.unlang
+++ b/src/tests/modules/sql/map.unlang
@@ -286,4 +286,13 @@ if !(&control.NAS-Port == 0) {
 	test_fail
 }
 
+# NAS-Identifier has un-safe SQL characters - check escaping works
+map sql "SELECT attribute FROM radcheck WHERE username = '%{NAS-Identifier}'" {
+	&control.Filter-Id	= 'attribute'
+}
+
+if (!notfound) {
+	test_fail
+}
+
 test_pass