From ae142a104910ac810102abb69e24adf7b8811784 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Wed, 1 Jul 2015 11:06:25 -0400
Subject: Encode ca/cert info in openvpn_wizard.inc

---
 usr/local/www/wizards/openvpn_wizard.inc | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'usr/local')

diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc
index 4603aa7..ee530a2 100644
--- a/usr/local/www/wizards/openvpn_wizard.inc
+++ b/usr/local/www/wizards/openvpn_wizard.inc
@@ -198,6 +198,10 @@ function step7_submitphpaction() {
 		}
 	}
 
+	if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
+		$input_errors[] = "The field 'Descriptive Name' contains invalid characters.";
+	}
+
 	if (empty($_POST['descr']) || empty($_POST['keylength']) || empty($_POST['lifetime']) ||
 	    empty($_POST['country']) || empty($_POST['state']) || empty($_POST['city']) ||
 	    empty($_POST['organization']) || empty($_POST['email'])) {
@@ -297,6 +301,10 @@ function step9_submitphpaction() {
 		}	
 	}
 
+	if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
+		$input_errors[] = "The field 'Descriptive Name' contains invalid characters.";
+	}
+
 	if (empty($_POST['descr']) || empty($_POST['keylength']) || empty($_POST['lifetime']) ||
 	    empty($_POST['country']) || empty($_POST['state']) || empty($_POST['city']) ||
 	    empty($_POST['organization']) || empty($_POST['email'])) {
-- 
cgit v1.1