Bug #1437. Check for invalid characters in the fields for ca, cert and csr.

1 files changed, 13 insertions, 1 deletions

diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php
index 052e2e4..a4b60af 100644
--- a/usr/local/www/system_camanager.php
+++ b/usr/local/www/system_camanager.php
@@ -154,7 +154,7 @@ if ($act == "expkey") {
 
 if ($_POST) {
 
-	unset($input_errors);
+	$input_errors = array();
 	$pconfig = $_POST;
 
 	/* input validation */
@@ -185,6 +185,18 @@ if ($_POST) {
 	}
 
 	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+	if ($pconfig['method'] != "existing")
+		/* Make sure we do not have invalid characters in the fields for the certificate */
+		for ($i = 0; $i < count($reqdfields); $i++) {
+			if ($reqdfields[$i] == 'dn_email'){
+				if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_email"]))
+					array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters.");
+			}else if ($reqdfields[$i] == 'dn_commonname'){
+				if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_commonname"]))
+					array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters.");
+			}else if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"]))
+				array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters.");
+		}
 
 	/* if this is an AJAX caller then handle via JSON */
 	if (isAjax() && is_array($input_errors)) {