diff options
Diffstat (limited to 'usr/local/www')
-rw-r--r-- | usr/local/www/system_camanager.php | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index cc73b51..4532b27 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -95,7 +95,7 @@ if ($act == "del") { $name = $a_ca[$id]['descr']; unset($a_ca[$id]); write_config(); - $savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted"), $name) . "<br />"; + $savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted"), htmlspecialchars($name)) . "<br />"; pfSenseHeader("system_camanager.php"); exit; } @@ -209,6 +209,10 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($pconfig['method'] != "existing") { /* Make sure we do not have invalid characters in the fields for the certificate */ + if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) { + array_push($input_errors, "The field 'Descriptive Name' contains invalid characters."); + } + for ($i = 0; $i < count($reqdfields); $i++) { if ($reqdfields[$i] == 'dn_email'){ if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_email"])) @@ -455,7 +459,7 @@ function method_change() { if ($pconfig['caref'] == $ca['refid']) $selected = " selected=\"selected\""; ?> - <option value="<?=$ca['refid'];?>"<?=$selected;?>><?=$ca['descr'];?></option> + <option value="<?=$ca['refid'];?>"<?=$selected;?>><?=htmlspecialchars($ca['descr']);?></option> <?php endforeach; ?> </select> </td> @@ -614,7 +618,7 @@ function method_change() { $issuer_ca = lookup_ca($ca['caref']); if ($issuer_ca) - $issuer_name = $issuer_ca['descr']; + $issuer_name = htmlspecialchars($issuer_ca['descr']); // TODO : Need gray certificate icon @@ -654,12 +658,12 @@ function method_change() { <tr> <td width="10%"> </td> <td width="20%"><?=gettext("Valid From")?>:</td> - <td width="70%"><?= $startdate ?></td> + <td width="70%"><?= htmlspecialchars($startdate) ?></td> </tr> <tr> <td> </td> <td><?=gettext("Valid Until")?>:</td> - <td><?= $enddate ?></td> + <td><?= htmlspecialchars($enddate) ?></td> </tr> </table> </td> |