pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162019-03-10T16:59:41ZpfSense bugtracker
Redmine pfSense - Bug #9390 (Resolved): diag_backup.php: Backup output generation failure with CSRF scrip...https://redmine.pfsense.org/issues/93902019-03-10T16:59:41ZSam Likinssam.likins@wsi-services.com
<p>Since the last update (ie: <strong>2.4.4_2</strong>), backups fail to restore; previously generated backups will restore, but new backups will fail restoration with the following message:<br /><pre>
The following input errors were detected:
- The configuration could not be restored.
</pre></p>
<p>When creating a backup XML file, regardless of the options (Backup area, Skip packages, Skip RRD data, Encryption) the generated file has an erroneous line at the end, outside the pfSense closing tag. you erroneous line is the following:<br /><pre><code class="xml syntaxhl"><span class="nt"><script</span> <span class="na">type=</span><span class="s">"text/javascript"</span><span class="nt">></span>CsrfMagic.end();<span class="nt"></script></span></code></pre></p>
<p>This CSRF line is added by the output buffer function <strong>csrf_ob_handler</strong> in the file <strong>/usr/local/www/csrf/csrf-magic.php</strong>. The generation of the backup file occurs in file <strong>/usr/local/www/diag_backup.php</strong> on line 228. Due to the CSRF output buffer flag <strong>js-rewrite</strong> being enabled when the backup is output, the erroneous line is added.<br /><pre><code class="php syntaxhl"><span class="nv">$GLOBALS</span><span class="p">[</span><span class="s1">'csrf'</span><span class="p">][</span><span class="s1">'rewrite-js'</span><span class="p">]</span></code></pre></p>
<p>This global value needs to be set to false prior to outputting the backup.</p>
<p>BUG FIX to be submitted shortly.</p>