[EMAIL PROTECTED] wrote: > Digest URI contains "sip:[EMAIL PROTECTED]" which is value typed by user. > But few lines below sql statement is called but this time Digest URI has > incorrect value:
See "sql.conf", "safe_characters". By default, "+" is escaped before being inserted into sql. Otherwise, you may be vulnerable to SQL injection attacks. > Do you know why this conversion happen? And how to switch off this > conversion. Switch it off with care. If you do that, users may log in with SQL commands, and do strange things to your DB. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
