/usr/local/www/system_camanager.php - Diff - pfSense - pfSense bugtracker

« Previous | Next »

Revision 362ddda1

Added by Jim Pingle almost 10 years ago

ID 362ddda19060ca54c18b43c3b758b00dd253937d
Parent 97fdd83d
Child 71ffb7bb

Encode ca descr in system_camanager.php

     	$name = $a_ca[$id]['descr'];
     	unset($a_ca[$id]);
     	write_config();
     	$savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted"), $name) . "<br />";
     	$savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted"), htmlspecialchars($name)) . "<br />";
     	pfSenseHeader("system_camanager.php");
     	exit;
+    }
-...
     	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
     	if ($pconfig['method'] != "existing") {
     		/* Make sure we do not have invalid characters in the fields for the certificate */
     		if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
     			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
+    		}
     		for ($i = 0; $i < count($reqdfields); $i++) {
     			if ($reqdfields[$i] == 'dn_email'){
     				if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_email"]))
-...
                                                                             if ($pconfig['caref'] == $ca['refid'])
                                                                                     $selected = " selected=\"selected\"";
                                                                     ?>
                                                                             <option value="<?=$ca['refid'];?>"<?=$selected;?>><?=$ca['descr'];?></option>
                                                                             <option value="<?=$ca['refid'];?>"<?=$selected;?>><?=htmlspecialchars($ca['descr']);?></option>
                                                                     <?php endforeach; ?>
                                                                     </select>
     							</td>
-...
     							$issuer_ca = lookup_ca($ca['caref']);
     							if ($issuer_ca)
     								$issuer_name = $issuer_ca['descr'];
     								$issuer_name = htmlspecialchars($issuer_ca['descr']);
     							// TODO : Need gray certificate icon
-...
     								<tr>
     									<td width="10%">&nbsp;</td>
     									<td width="20%"><?=gettext("Valid From")?>:</td>
     									<td width="70%"><?= $startdate ?></td>
     									<td width="70%"><?= htmlspecialchars($startdate) ?></td>
     								</tr>
     								<tr>
     									<td>&nbsp;</td>
     									<td><?=gettext("Valid Until")?>:</td>
     									<td><?= $enddate ?></td>
     									<td><?= htmlspecialchars($enddate) ?></td>
     								</tr>
     							</table>
     						</td>

Also available in: Unified diff

Project

General

Profile

pfSense

Revision 362ddda1

Added by Jim Pingle almost 10 years ago