summaryrefslogtreecommitdiffstats
path: root/usr/local/www
diff options
context:
space:
mode:
Diffstat (limited to 'usr/local/www')
-rw-r--r--usr/local/www/system_camanager.php14
-rw-r--r--usr/local/www/system_certmanager.php14
2 files changed, 26 insertions, 2 deletions
diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php
index 052e2e4..a4b60af 100644
--- a/usr/local/www/system_camanager.php
+++ b/usr/local/www/system_camanager.php
@@ -154,7 +154,7 @@ if ($act == "expkey") {
if ($_POST) {
- unset($input_errors);
+ $input_errors = array();
$pconfig = $_POST;
/* input validation */
@@ -185,6 +185,18 @@ if ($_POST) {
}
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+ if ($pconfig['method'] != "existing")
+ /* Make sure we do not have invalid characters in the fields for the certificate */
+ for ($i = 0; $i < count($reqdfields); $i++) {
+ if ($reqdfields[$i] == 'dn_email'){
+ if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_email"]))
+ array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters.");
+ }else if ($reqdfields[$i] == 'dn_commonname'){
+ if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_commonname"]))
+ array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters.");
+ }else if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"]))
+ array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters.");
+ }
/* if this is an AJAX caller then handle via JSON */
if (isAjax() && is_array($input_errors)) {
diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php
index 470f0cd..439969d 100644
--- a/usr/local/www/system_certmanager.php
+++ b/usr/local/www/system_certmanager.php
@@ -153,7 +153,7 @@ if ($act == "csr") {
if ($_POST) {
if ($_POST['save'] == gettext("Save")) {
- unset($input_errors);
+ $input_errors = array();
$pconfig = $_POST;
/* input validation */
@@ -206,6 +206,18 @@ if ($_POST) {
}
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+ if ($pconfig['method'] != "import")
+ /* Make sure we do not have invalid characters in the fields for the certificate */
+ for ($i = 0; $i < count($reqdfields); $i++) {
+ if (preg_match('/email/', $reqdfields[$i])){ /* dn_email or csr_dn_name */
+ if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"]))
+ array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters.");
+ }else if (preg_match('/commonname/', $reqdfields[$i])){ /* dn_commonname or csr_dn_commonname */
+ if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"]))
+ array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters.");
+ }else if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"]))
+ array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters.");
+ }
/* if this is an AJAX caller then handle via JSON */
if (isAjax() && is_array($input_errors)) {
OpenPOWER on IntegriCloud