/ - Diff - pfSense - pfSense bugtracker

« Previous | Next »

Revision 7c54d26e

Added by Jim Pingle almost 3 years ago

ID 7c54d26e60fe524df63277da77c07e995bc3b351
Parent 970a364f
Child 22f7276c

CA/Cert descr validation fixes. Fixes #13387

Validate description on save when editing and in other situations that
were not yet covered.

While here, ensure that errors when editing a cert leave the user on the
cert edit screen properly, but successful cases return to the cert list.

Also encode some output just in case a bad value was already present
before the validation was fixed.

(cherry picked from commit 2fe0e0fab528be3e297ed14ddd9d9e73c99cc1c4)

     			$reqdfieldsn = array(
     				gettext("Descriptive name"),
     				gettext("Certificate data"));
     			/* Make sure we do not have invalid characters in the fields for the certificate */
     			if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
     				array_push($input_errors, gettext("The field 'Descriptive Name' contains invalid characters."));
+    			}
     			if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))) {
     				$input_errors[] = gettext("This certificate does not appear to be valid.");
+    			}
-...
     	$issuer_ca = lookup_ca($ca['caref']);
     	if ($issuer_ca) {
     		$issuer_name = $issuer_ca['descr'];
     		$issuer_name = htmlspecialchars($issuer_ca['descr']);
+    	}
     	foreach ($a_cert as $cert) {

     			break;
     		case 'edit':
     		case 'import':
     			/* Make sure we do not have invalid characters in the fields for the certificate */
     			if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
     				$input_errors[] = gettext("The field 'Descriptive Name' contains invalid characters.");
+    			}
     			$pkcs12_data = '';
     			if ($_POST['import_type'] == 'x509') {
     				$reqdfields = explode(" ",
-...
     				$ucert = lookup_cert($pconfig['certref']);
     				if ($ucert && $a_user) {
     					$a_user[$userid]['cert'][] = $ucert['refid'];
     					$savemsg = sprintf(gettext("Added certificate %s to user %s"), $ucert['descr'], $a_user[$userid]['name']);
     					$savemsg = sprintf(gettext("Added certificate %s to user %s"), htmlspecialchars($ucert['descr']), $a_user[$userid]['name']);
+    				}
     				unset($cert);
     				break;
-...
+    					}
     					// Add it to the config file
     					$config['cert'][] = $newcert;
     					$savemsg = sprintf(gettext("Signed certificate %s"), $newcert['descr']);
     					$savemsg = sprintf(gettext("Signed certificate %s"), htmlspecialchars($newcert['descr']));
     					unset($act);
+    				}
     				unset($cert);
     				break;
     			case 'edit':
     				cert_import($cert, $pconfig['cert'], $pconfig['key']);
     				$savemsg = sprintf(gettext("Edited certificate %s"), $cert['descr']);
     				$savemsg = sprintf(gettext("Edited certificate %s"), htmlspecialchars($cert['descr']));
     				unset($act);
     				break;
     			case 'import':
     				/* Import an external certificate+key */
-...
+    					}
+    				}
     				cert_import($cert, $pconfig['cert'], $pconfig['key']);
     				$savemsg = sprintf(gettext("Imported certificate %s"), $cert['descr']);
     				$savemsg = sprintf(gettext("Imported certificate %s"), htmlspecialchars($cert['descr']));
     				unset($act);
     				break;
     			case 'internal':
     				/* Create an internal certificate */
-...
+    						}
+    					}
+    				}
     				$savemsg = sprintf(gettext("Created internal certificate %s"), $cert['descr']);
     				$savemsg = sprintf(gettext("Created internal certificate %s"), htmlspecialchars($cert['descr']));
     				unset($act);
     				break;
     			case 'external':
     				/* Create a certificate signing request */
-...
+    						}
+    					}
+    				}
     				$savemsg = sprintf(gettext("Created certificate signing request %s"), $cert['descr']);
     				$savemsg = sprintf(gettext("Created certificate signing request %s"), htmlspecialchars($cert['descr']));
     				unset($act);
     				break;
     			default:
     				break;
-...
     		$cert['descr'] = $pconfig['descr'];
     		csr_complete($cert, $pconfig['cert']);
     		$thiscert = $cert;
     		$savemsg = sprintf(gettext("Updated certificate signing request %s"), $pconfig['descr']);
     		$savemsg = sprintf(gettext("Updated certificate signing request %s"), htmlspecialchars($pconfig['descr']));
     		write_config($savemsg);
     		pfSenseHeader("system_certmanager.php");
+    	}
-...
     		));
+    	}
     	if ($act) {
     		$form->addGlobal(new Form_Input(
     			'act',
     			null,
     			'hidden',
     			$act
     		));
+    	}
     	switch ($act) {
     		case 'edit':
     			$maintitle = gettext('Edit an Existing Certificate');
-...
     	$ca = lookup_ca($cert['caref']);
     	if ($ca) {
     		$caname = $ca['descr'];
     		$caname = htmlspecialchars($ca['descr']);
+    	}
     ?>
     				<tr>

Also available in: Unified diff

Project

General

Profile

pfSense

Revision 7c54d26e

Added by Jim Pingle almost 3 years ago

Project

General

Profile

pfSense

Revision 7c54d26e

Added by Jim Pingle almost 3 years ago

Related issues