Project

General

Profile

Bug #10442

ACME: special characters in descriptions trigger silent error and rollback

Added by Jens Groh about 2 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Low
Category:
ACME
Target version:
-
Start date:
04/07/2020
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.4.x
Affected Architecture:

Description

pfSense: 2.4.5
Acme: 0.6.6

Re-create:

1) ACME > Certificates: create new certificate
2) enter any settings for domain etc.
3) enter any name as "Name"
4) enter a "Description" with a special character like german Umlauts "öäü" or anything alike
5) hit save

Result:

There'll be no error while saving, it just brings you to the certificate list screen without any entry (the newly created one isn't saved) and the error-bell shows one notification:

pfSense is restoring the configuration /cf/conf/backup/config-1586268777.xml @ 2020-04-07 16:13:31

Supposedly some kind of missing character encoding in the description field I suppose :)

History

#1 Updated by Jens Groh about 2 months ago

small addition:

is related to Acme 0.6.6 (still happens on 2.5.x snapshots)

There are special chars that work (e.g. !, ) and special chars that aren't correclty translated back from HTML entities (like x%x and ") but if you enter some others like a § sign, the same thing as with äöü will happen (config rollback). So I'm thinking some problem with htmlentities() back and forth?

#2 Updated by Jim Pingle about 2 months ago

  • Priority changed from Normal to Low

No, it's not from htmlentities. It's that those characters are not valid in XML. So the field probably needs to have its value CDATA escaped (either by adding this field name to the base system CDATA list or by changing the field name to one that's already escaped).

#3 Updated by Jens Groh about 2 months ago

Ah I see. Would just filtering out those characters via an error message before trying to save it be a better approach?

I know, it's no serious bug at all, but it really cost me 30min to hunt it down while trying to setup an LE certificate via ACME package on a customer's system and not understanding why it happened. After falling back to english descriptions instead of local (german) text, of course it worked immediately ;) but as quite a few customers switch their base language of pfSense to german (besides me recommending they do not) special chars like Umlaute can happen easily when writing a quick description for rules or certificates :)

#4 Updated by Viktor Gurov about 2 months ago

this fix uses descr field name instead of desc,
it's included in the $cdata_fields of xmlparser.inc:
https://github.com/pfsense/FreeBSD-ports/pull/837

#5 Updated by Jim Pingle about 2 months ago

  • Status changed from New to Pull Request Review

#6 Updated by Renato Botelho about 1 month ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

#7 Updated by Viktor Gurov about 1 month ago

  • Status changed from Feedback to Resolved

tested acme 0.6.7 - now you can use any characters in the Description field

Also available in: Atom PDF