Encode ca/cert info in openvpn_wizard.inc

1 files changed, 8 insertions, 0 deletions

diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc
index 4603aa7..ee530a2 100644
--- a/usr/local/www/wizards/openvpn_wizard.inc
+++ b/usr/local/www/wizards/openvpn_wizard.inc
@@ -198,6 +198,10 @@ function step7_submitphpaction() {
 		}
 	}
 
+	if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
+		$input_errors[] = "The field 'Descriptive Name' contains invalid characters.";
+	}
+
 	if (empty($_POST['descr']) || empty($_POST['keylength']) || empty($_POST['lifetime']) ||
 	    empty($_POST['country']) || empty($_POST['state']) || empty($_POST['city']) ||
 	    empty($_POST['organization']) || empty($_POST['email'])) {
@@ -297,6 +301,10 @@ function step9_submitphpaction() {
 		}	
 	}
 
+	if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
+		$input_errors[] = "The field 'Descriptive Name' contains invalid characters.";
+	}
+
 	if (empty($_POST['descr']) || empty($_POST['keylength']) || empty($_POST['lifetime']) ||
 	    empty($_POST['country']) || empty($_POST['state']) || empty($_POST['city']) ||
 	    empty($_POST['organization']) || empty($_POST['email'])) {