summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorErmal LUÇI <eri@pfsense.org>2015-01-10 22:17:28 +0100
committerErmal LUÇI <eri@pfsense.org>2015-01-11 16:38:25 +0100
commit30656f66407ab42c6f42e9552371090ca84165bb (patch)
tree9c18b37b926836a454432fefea65d83f64b44921 /etc
parentfc03ca011259d829a42ce47353cb5ced84c3b345 (diff)
downloadpfsense-30656f66407ab42c6f42e9552371090ca84165bb.zip
pfsense-30656f66407ab42c6f42e9552371090ca84165bb.tar.gz
Fixes #4177 convert password to base64 to be submitted to avoid issues with special chars in shell and HTTP GET parameter passing. Probably should add POST support to fcgicli.
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/openvpn.auth-user.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/inc/openvpn.auth-user.php b/etc/inc/openvpn.auth-user.php
index b7be6ac..3f199e3 100644
--- a/etc/inc/openvpn.auth-user.php
+++ b/etc/inc/openvpn.auth-user.php
@@ -85,7 +85,7 @@ openlog("openvpn", LOG_ODELAY, LOG_AUTH);
if (isset($_GET)) {
$authmodes = explode(",", $_GET['authcfg']);
$username = $_GET['username'];
- $password = urldecode($_GET['password']);
+ $password = base64_decode(str_replace('%3D', '=', $_GET['password']));
$common_name = $_GET['cn'];
$modeid = $_GET['modeid'];
$strictusercn = $_GET['strictcn'] == "false" ? false : true;
OpenPOWER on IntegriCloud