Fix #4605

After base64 encoding username/password, properly escape characters =,+,/ before submitting auth details
author: Edin Sarajlic <edin@saronline.net> 2016-01-27 13:33:29 -0200
committer: Renato Botelho <renato@netgate.com> 2016-01-27 13:34:59 -0200
commit: a3d88018522c0cb30501cb5e4a18ea881230bbc9 (patch)
tree: a6bcb023bea722ae7dc259fc1715f063a90eeba8 /src/etc/inc/openvpn.auth-user.php
parent: eaf03b3d61f885ea64933dcd8e1964c676c4bf58 (diff)
download: pfsense-a3d88018522c0cb30501cb5e4a18ea881230bbc9.zip
pfsense-a3d88018522c0cb30501cb5e4a18ea881230bbc9.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/src/etc/inc/openvpn.auth-user.php b/src/etc/inc/openvpn.auth-user.php
index 6e81d75..9c6c5ac 100644
--- a/src/etc/inc/openvpn.auth-user.php
+++ b/src/etc/inc/openvpn.auth-user.php
@@ -101,8 +101,9 @@ openlog("openvpn", LOG_ODELAY, LOG_AUTH);
 
 if (isset($_GET['username'])) {
 	$authmodes = explode(",", $_GET['authcfg']);
-	$username = base64_decode(str_replace('%3D', '=', $_GET['username']));
-	$password = base64_decode(str_replace('%3D', '=', $_GET['password']));
+	/* Any string retrieved through $_GET is automatically urlDecoded */
+	$username = base64_decode($_GET['username']);
+	$password = base64_decode($_GET['password']);
 	$common_name = $_GET['cn'];
 	$modeid = $_GET['modeid'];
 	$strictusercn = $_GET['strictcn'] == "false" ? false : true;
author	Edin Sarajlic <edin@saronline.net>	2016-01-27 13:33:29 -0200
committer	Renato Botelho <renato@netgate.com>	2016-01-27 13:34:59 -0200
commit	a3d88018522c0cb30501cb5e4a18ea881230bbc9 (patch)
tree	a6bcb023bea722ae7dc259fc1715f063a90eeba8 /src/etc/inc/openvpn.auth-user.php
parent	eaf03b3d61f885ea64933dcd8e1964c676c4bf58 (diff)
download	pfsense-a3d88018522c0cb30501cb5e4a18ea881230bbc9.zip pfsense-a3d88018522c0cb30501cb5e4a18ea881230bbc9.tar.gz