diff options
author | jim-p <jimp@pfsense.org> | 2011-03-14 16:47:46 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-03-14 16:48:52 -0400 |
commit | fd982ebd4de3e10dc83fbb713ef1c6d7e2a23c82 (patch) | |
tree | ed7691ebbc95facf0af247cc3ac9922ee9f3aff6 | |
parent | 962c3f572905f3266b77b414eeb86880899ea03a (diff) | |
download | pfsense-packages-fd982ebd4de3e10dc83fbb713ef1c6d7e2a23c82.tar.gz pfsense-packages-fd982ebd4de3e10dc83fbb713ef1c6d7e2a23c82.tar.bz2 pfsense-packages-fd982ebd4de3e10dc83fbb713ef1c6d7e2a23c82.zip |
Escape values so special characters don't fail (and also helps prevent shell command injection)
-rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.inc | 14 | ||||
-rwxr-xr-x | config/openvpn-client-export/vpn_openvpn_export.php | 22 |
2 files changed, 20 insertions, 16 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 49ed4ca6..c58a6c53 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -79,11 +79,15 @@ function openvpn_client_export_prefix($srvid) { } function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $capath = false) { - - if ($capath) - exec("/usr/bin/openssl pkcs12 -export -in {$crtpath} -inkey {$keypath} -certfile {$capath} -out {$outpath} -passout pass:{$outpass}"); - else - exec("/usr/bin/openssl pkcs12 -export -in {$crtpath} -inkey {$keypath} -out {$outpath} -passout pass:{$outpass}"); + $eoutpath = escapeshellarg($outpath); + $eoutpass = escapeshellarg($outpass); + $ecrtpath = escapeshellarg($crtpath); + $ekeypath = escapeshellarg($keypath); + if ($capath) { + $ecapath = escapeshellarg($capath); + exec("/usr/bin/openssl pkcs12 -export -in {$ecrtpath} -inkey {$ekeypath} -certfile {$ecapath} -out {$eoutpath} -passout pass:{$eoutpass}"); + } else + exec("/usr/bin/openssl pkcs12 -export -in {$ecrtpath} -inkey {$ekeypath} -out {$eoutpath} -passout pass:{$eoutpass}"); unlink($crtpath); unlink($keypath); diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index 01a0507a..5c84ac80 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -425,22 +425,22 @@ function download_begin(act, i) { var dlurl; dlurl = "/vpn_openvpn_export.php?act=" + act; - dlurl += "&srvid=" + servers[index][0]; + dlurl += "&srvid=" + escape(servers[index][0]); if (users[i]) { - dlurl += "&usrid=" + users[i][0]; - dlurl += "&crtid=" + users[i][1]; + dlurl += "&usrid=" + escape(users[i][0]); + dlurl += "&crtid=" + escape(users[i][1]); } - dlurl += "&useaddr=" + useaddr; - dlurl += "&usetoken=" + usetoken; + dlurl += "&useaddr=" + escape(useaddr); + dlurl += "&usetoken=" + escape(usetoken); if (usepass) - dlurl += "&password=" + pass; + dlurl += "&password=" + escape(pass); if (useproxy) { - dlurl += "&proxy_addr=" + proxyaddr; - dlurl += "&proxy_port=" + proxyport; - dlurl += "&proxy_authtype=" + proxyauth; + dlurl += "&proxy_addr=" + escape(proxyaddr); + dlurl += "&proxy_port=" + escape(proxyport); + dlurl += "&proxy_authtype=" + escape(proxyauth); if (useproxypass) { - dlurl += "&proxy_user=" + proxyuser; - dlurl += "&proxy_password=" + proxypass; + dlurl += "&proxy_user=" + escape(proxyuser); + dlurl += "&proxy_password=" + escape(proxypass); } } |