aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2011-10-11 15:35:33 -0400
committerjim-p <jimp@pfsense.org>2011-10-11 15:37:00 -0400
commite696bc409f773579808ebf0e2e9bd03ae17d1f1a (patch)
tree027a22f54500f0cfb1e0667ba76ab0693817a746 /config
parent77fd0fadbb154fd07ccf8b44a7ab59f519abff8e (diff)
downloadpfsense-packages-e696bc409f773579808ebf0e2e9bd03ae17d1f1a.tar.gz
pfsense-packages-e696bc409f773579808ebf0e2e9bd03ae17d1f1a.tar.bz2
pfsense-packages-e696bc409f773579808ebf0e2e9bd03ae17d1f1a.zip
Run the decrypted backup through htmlentities, otherwise things like &amp; in the actual config get turned into their decoded counterparts (&, ", etc) and if that result is copy/pasted, saved, and restored, it is invalid XML and gets tossed out.
Diffstat (limited to 'config')
-rw-r--r--config/autoconfigbackup/autoconfigbackup.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/config/autoconfigbackup/autoconfigbackup.php b/config/autoconfigbackup/autoconfigbackup.php
index e43620c4..5ebe8e20 100644
--- a/config/autoconfigbackup/autoconfigbackup.php
+++ b/config/autoconfigbackup/autoconfigbackup.php
@@ -267,7 +267,7 @@ EOF;
$configtype = "Encrypted";
if (!tagfile_deformat($data, $data, "config.xml"))
$input_errors[] = "The downloaded file does not appear to contain an encrypted pfSense configuration.";
- $data = decrypt_data($data, $decrypt_password);
+ $data = htmlentities(decrypt_data($data, $decrypt_password));
if(!strstr($data, "pfsense")) {
$data = "Could not decrypt. Different encryption key?";
$input_errors[] = "Could not decrypt config.xml";