Encode ca/cert info in openvpn_wizard.inc

author: jim-p <jimp@pfsense.org> 2015-07-01 11:06:25 -0400
committer: jim-p <jimp@pfsense.org> 2015-07-01 11:07:02 -0400
commit: 636dfa95287b088d17a53bf2e82de63ed54a625e (patch)
tree: bdb41e394c82402ad13889448db9de4aa3543715 /usr/local/www
parent: 3d3e30b3a5531b435133cd9025e2962813d825e3 (diff)
download: pfsense-636dfa95287b088d17a53bf2e82de63ed54a625e.zip
pfsense-636dfa95287b088d17a53bf2e82de63ed54a625e.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc
index 4603aa7..ee530a2 100644
--- a/usr/local/www/wizards/openvpn_wizard.inc
+++ b/usr/local/www/wizards/openvpn_wizard.inc
@@ -198,6 +198,10 @@ function step7_submitphpaction() {
 		}
 	}
 
+	if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
+		$input_errors[] = "The field 'Descriptive Name' contains invalid characters.";
+	}
+
 	if (empty($_POST['descr']) || empty($_POST['keylength']) || empty($_POST['lifetime']) ||
 	    empty($_POST['country']) || empty($_POST['state']) || empty($_POST['city']) ||
 	    empty($_POST['organization']) || empty($_POST['email'])) {
@@ -297,6 +301,10 @@ function step9_submitphpaction() {
 		}	
 	}
 
+	if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
+		$input_errors[] = "The field 'Descriptive Name' contains invalid characters.";
+	}
+
 	if (empty($_POST['descr']) || empty($_POST['keylength']) || empty($_POST['lifetime']) ||
 	    empty($_POST['country']) || empty($_POST['state']) || empty($_POST['city']) ||
 	    empty($_POST['organization']) || empty($_POST['email'])) {
author	jim-p <jimp@pfsense.org>	2015-07-01 11:06:25 -0400
committer	jim-p <jimp@pfsense.org>	2015-07-01 11:07:02 -0400
commit	636dfa95287b088d17a53bf2e82de63ed54a625e (patch)
tree	bdb41e394c82402ad13889448db9de4aa3543715 /usr/local/www
parent	3d3e30b3a5531b435133cd9025e2962813d825e3 (diff)
download	pfsense-636dfa95287b088d17a53bf2e82de63ed54a625e.zip pfsense-636dfa95287b088d17a53bf2e82de63ed54a625e.tar.gz