diff options
author | Edin Sarajlic <edin@saronline.net> | 2016-01-27 13:33:29 -0200 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2016-01-27 13:34:59 -0200 |
commit | a3d88018522c0cb30501cb5e4a18ea881230bbc9 (patch) | |
tree | a6bcb023bea722ae7dc259fc1715f063a90eeba8 /src/etc | |
parent | eaf03b3d61f885ea64933dcd8e1964c676c4bf58 (diff) | |
download | pfsense-a3d88018522c0cb30501cb5e4a18ea881230bbc9.zip pfsense-a3d88018522c0cb30501cb5e4a18ea881230bbc9.tar.gz |
Fix #4605
After base64 encoding username/password, properly escape characters =,+,/
before submitting auth details
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/openvpn.auth-user.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/etc/inc/openvpn.auth-user.php b/src/etc/inc/openvpn.auth-user.php index 6e81d75..9c6c5ac 100644 --- a/src/etc/inc/openvpn.auth-user.php +++ b/src/etc/inc/openvpn.auth-user.php @@ -101,8 +101,9 @@ openlog("openvpn", LOG_ODELAY, LOG_AUTH); if (isset($_GET['username'])) { $authmodes = explode(",", $_GET['authcfg']); - $username = base64_decode(str_replace('%3D', '=', $_GET['username'])); - $password = base64_decode(str_replace('%3D', '=', $_GET['password'])); + /* Any string retrieved through $_GET is automatically urlDecoded */ + $username = base64_decode($_GET['username']); + $password = base64_decode($_GET['password']); $common_name = $_GET['cn']; $modeid = $_GET['modeid']; $strictusercn = $_GET['strictcn'] == "false" ? false : true; |