diff options
author | jim-p <jimp@pfsense.org> | 2017-05-11 16:38:53 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2017-05-11 16:38:53 -0400 |
commit | 83d2b83af9953ecbcc5917d935f077e7dabe8e10 (patch) | |
tree | 54cfc0103463e2b99ad785e56316216ba0ce686c /src/usr/local/www/system_camanager.php | |
parent | d777679c95532ec66994e074b62dd4ea34dff150 (diff) | |
download | pfsense-83d2b83af9953ecbcc5917d935f077e7dabe8e10.zip pfsense-83d2b83af9953ecbcc5917d935f077e7dabe8e10.tar.gz |
Allow a wider range of characters to be used in certificate fields, as laid out by RFC 4514. Fixes #7540
Diffstat (limited to 'src/usr/local/www/system_camanager.php')
-rw-r--r-- | src/usr/local/www/system_camanager.php | 32 |
1 files changed, 13 insertions, 19 deletions
diff --git a/src/usr/local/www/system_camanager.php b/src/usr/local/www/system_camanager.php index 550de3e..460d58e 100644 --- a/src/usr/local/www/system_camanager.php +++ b/src/usr/local/www/system_camanager.php @@ -220,12 +220,6 @@ if ($_POST['save']) { if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_email"])) { array_push($input_errors, gettext("The field 'Distinguished name Email Address' contains invalid characters.")); } - } else if ($reqdfields[$i] == 'dn_commonname') { - if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_commonname"])) { - array_push($input_errors, gettext("The field 'Distinguished name Common Name' contains invalid characters.")); - } - } else if (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"])) { - array_push($input_errors, sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i])); } } if (!in_array($_POST["keylen"], $ca_keylens)) { @@ -266,13 +260,13 @@ if ($_POST['save']) { } else if ($pconfig['method'] == "internal") { $dn = array( 'countryName' => $pconfig['dn_country'], - 'stateOrProvinceName' => $pconfig['dn_state'], - 'localityName' => $pconfig['dn_city'], - 'organizationName' => $pconfig['dn_organization'], - 'emailAddress' => $pconfig['dn_email'], - 'commonName' => $pconfig['dn_commonname']); + 'stateOrProvinceName' => cert_escape_x509_chars($pconfig['dn_state']), + 'localityName' => cert_escape_x509_chars($pconfig['dn_city']), + 'organizationName' => cert_escape_x509_chars($pconfig['dn_organization']), + 'emailAddress' => cert_escape_x509_chars($pconfig['dn_email']), + 'commonName' => cert_escape_x509_chars($pconfig['dn_commonname'])); if (!empty($pconfig['dn_organizationalunit'])) { - $dn['organizationalUnitName'] = $pconfig['dn_organizationalunit']; + $dn['organizationalUnitName'] = cert_escape_x509_chars($pconfig['dn_organizationalunit']); } if (!ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['digest_alg'])) { $input_errors = array(); @@ -285,13 +279,13 @@ if ($_POST['save']) { } else if ($pconfig['method'] == "intermediate") { $dn = array( 'countryName' => $pconfig['dn_country'], - 'stateOrProvinceName' => $pconfig['dn_state'], - 'localityName' => $pconfig['dn_city'], - 'organizationName' => $pconfig['dn_organization'], - 'emailAddress' => $pconfig['dn_email'], - 'commonName' => $pconfig['dn_commonname']); + 'stateOrProvinceName' => cert_escape_x509_chars($pconfig['dn_state']), + 'localityName' => cert_escape_x509_chars($pconfig['dn_city']), + 'organizationName' => cert_escape_x509_chars($pconfig['dn_organization']), + 'emailAddress' => cert_escape_x509_chars($pconfig['dn_email']), + 'commonName' => cert_escape_x509_chars($pconfig['dn_commonname'])); if (!empty($pconfig['dn_organizationalunit'])) { - $dn['organizationalUnitName'] = $pconfig['dn_organizationalunit']; + $dn['organizationalUnitName'] = cert_escape_x509_chars($pconfig['dn_organizationalunit']); } if (!ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref'], $pconfig['digest_alg'])) { $input_errors = array(); @@ -387,7 +381,7 @@ foreach ($a_ca as $i => $ca): } else { $issuer_name = gettext("external"); } - $subj = htmlspecialchars($subj); + $subj = htmlspecialchars(cert_escape_x509_chars($subj, true)); $issuer = htmlspecialchars($issuer); $certcount = 0; |