+++ /dev/null
-diff -dur freeradius-1.0.1.orig/src/modules/rlm_sql/drivers/rlm_sql_mysql/configure.in freeradius-1.0.1/src/modules/rlm_sql/drivers/rlm_sql_mysql/configure.in
---- freeradius-1.0.1.orig/src/modules/rlm_sql/drivers/rlm_sql_mysql/configure.in 2004-01-22 19:23:19.000000000 +0100
-+++ freeradius-1.0.1/src/modules/rlm_sql/drivers/rlm_sql_mysql/configure.in 2004-09-30 14:24:40.165438814 +0200
-@@ -32,7 +32,7 @@
- then
- sql_mysql_ldflags=`mysql_config --libs`
- sql_mysql_cflags=`mysql_config --cflags`
-- AC_DEFINE(HAVE_MYSQL_H)
-+ AC_DEFINE([HAVE_MYSQL_H], [], [Define if mysql.h is available])
- else
- AC_CHECK_LIB(z, compress, LIBS="$LIBS -lz")
-
-@@ -55,7 +55,7 @@
- MYSQL_INCLUDE=
- )
- if test "x$MYSQL_INCLUDE" != "x"; then
-- AC_DEFINE(HAVE_MYSQL_MYSQL_H)
-+ AC_DEFINE([HAVE_MYSQL_H], [], [Define if mysql.h is available])
- break;
- fi
- done
-@@ -69,7 +69,7 @@
- else
- sql_mysql_cflags="${sql_mysql_cflags} ${MYSQL_INCLUDE}"
- AC_MSG_RESULT(yes)
-- AC_DEFINE(HAVE_MYSQL_H)
-+ AC_DEFINE([HAVE_MYSQL_H], [], [Define if mysql.h is available])
-
- AC_MSG_CHECKING([for mysql_init in -lmysqlclient])
-
+++ /dev/null
-===================================================================
-RCS file: /web/pages/us.freeradius.org/cvs/radiusd/src/modules/rlm_sql/rlm_sql.c,v
-retrieving revision 1.131.2.1
-retrieving revision 1.131.2.3
-diff -u -p -r1.131.2.1 -r1.131.2.3
---- radiusd/src/modules/rlm_sql/rlm_sql.c 2004/09/30 14:54:22 1.131.2.1
-+++ radiusd/src/modules/rlm_sql/rlm_sql.c 2005/05/18 13:22:18 1.131.2.3
-@@ -2,7 +2,7 @@
- * rlm_sql.c SQL Module
- * Main SQL module file. Most ICRADIUS code is located in sql.c
- *
-- * Version: $Id$
-+ * Version: $Id$
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
-@@ -24,7 +24,7 @@
- */
-
- static const char rcsid[] =
-- "$Id$";
-+ "$Id$";
-
- #include "autoconf.h"
-
-@@ -158,6 +158,7 @@ static int rlm_sql_init(void) {
- */
- static int sql_set_user(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username);
- static int generate_sql_clients(SQL_INST *inst);
-+static int sql_escape_func(char *out, int outlen, const char *in);
-
- /*
- * sql xlat function. Right now only SELECTs are supported. Only
-@@ -184,7 +185,7 @@ static int sql_xlat(void *instance, REQU
- /*
- * Do an xlat on the provided string (nice recursive operation).
- */
-- if (!radius_xlat(querystr, sizeof(querystr), fmt, request, func)) {
-+ if (!radius_xlat(querystr, sizeof(querystr), fmt, request, sql_escape_func)) {
- radlog(L_ERR, "rlm_sql (%s): xlat failed.",
- inst->config->xlat_name);
- return 0;
-@@ -409,18 +410,18 @@ static int sql_escape_func(char *out, in
-
- while (in[0]) {
- /*
-- * Only one byte left.
-- */
-- if (outlen <= 1) {
-- break;
-- }
--
-- /*
- * Non-printable characters get replaced with their
- * mime-encoded equivalents.
- */
- if ((in[0] < 32) ||
- strchr(allowed_chars, *in) == NULL) {
-+ /*
-+ * Only 3 or less bytes available.
-+ */
-+ if (outlen <= 3) {
-+ break;
-+ }
-+
- snprintf(out, outlen, "=%02X", (unsigned char) in[0]);
- in++;
- out += 3;
-@@ -430,7 +431,14 @@ static int sql_escape_func(char *out, in
- }
-
- /*
-- * Else it's a nice character.
-+ * Only one byte left.
-+ */
-+ if (outlen <= 1) {
-+ break;
-+ }
-+
-+ /*
-+ * Allowed character.
- */
- *out = *in;
- out++;
-@@ -517,7 +525,7 @@ static int sql_groupcmp(void *instance,
- */
- if (sql_set_user(inst, req, sqlusername, 0) < 0)
- return 1;
-- if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, NULL)){
-+ if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, sql_escape_func)){
- radlog(L_ERR, "rlm_sql (%s): xlat failed.",
- inst->config->xlat_name);
- /* Remove the username we (maybe) added above */
-@@ -1149,7 +1157,7 @@ static int rlm_sql_checksimul(void *inst
- if(sql_set_user(inst, request, sqlusername, 0) <0)
- return RLM_MODULE_FAIL;
-
-- radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, NULL);
-+ radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, sql_escape_func);
-
- /* initialize the sql socket */
- sqlsocket = sql_get_socket(inst);
-@@ -1193,7 +1201,7 @@ static int rlm_sql_checksimul(void *inst
- return RLM_MODULE_OK;
- }
-
-- radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, NULL);
-+ radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, sql_escape_func);
- if(rlm_sql_select_query(sqlsocket, inst, querystr)) {
- radlog(L_ERR, "rlm_sql (%s): sql_checksimul: Database query error", inst->config->xlat_name);
- sql_release_socket(inst, sqlsocket);