Fixes #4177 convert password to base64 to be submitted to avoid issues with special chars in shell and HTTP GET parameter passing. Probably should add POST support to fcgicli.

1 files changed, 3 insertions, 1 deletions

diff --git a/usr/local/sbin/ovpn_auth_verify b/usr/local/sbin/ovpn_auth_verify
index c1e147f..5f19b9e 100755
--- a/usr/local/sbin/ovpn_auth_verify
+++ b/usr/local/sbin/ovpn_auth_verify
@@ -1,10 +1,12 @@
 #!/bin/sh
 
+password="asdfsad +%$"
 if [ "$1" = "tls" ]; then
 	RESULT=$(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.tls-verify.php -d "servercn=$2&depth=$3&certdepth=$4&certsubject=$5")
 else
 	# Single quoting $password breaks getting the value from the variable.
-	password=$(echo ${password} | /usr/bin/sed -e 's/&/%26/g' -e 's/ /%20/g')
+	password=$(echo ${password} | openssl enc -base64 | sed -e 's/=/%3D/g')
+	echo "(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.auth-user.php -d username=$username&password=$password&cn=$common_name&strictcn=$3&authcfg=$2&modeid=$4')"
 	RESULT=$(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.auth-user.php -d "username=$username&password=$password&cn=$common_name&strictcn=$3&authcfg=$2&modeid=$4")
 fi