From e696bc409f773579808ebf0e2e9bd03ae17d1f1a Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 11 Oct 2011 15:35:33 -0400 Subject: Run the decrypted backup through htmlentities, otherwise things like & in the actual config get turned into their decoded counterparts (&, ", etc) and if that result is copy/pasted, saved, and restored, it is invalid XML and gets tossed out. --- config/autoconfigbackup/autoconfigbackup.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/autoconfigbackup/autoconfigbackup.php b/config/autoconfigbackup/autoconfigbackup.php index e43620c4..5ebe8e20 100644 --- a/config/autoconfigbackup/autoconfigbackup.php +++ b/config/autoconfigbackup/autoconfigbackup.php @@ -267,7 +267,7 @@ EOF; $configtype = "Encrypted"; if (!tagfile_deformat($data, $data, "config.xml")) $input_errors[] = "The downloaded file does not appear to contain an encrypted pfSense configuration."; - $data = decrypt_data($data, $decrypt_password); + $data = htmlentities(decrypt_data($data, $decrypt_password)); if(!strstr($data, "pfsense")) { $data = "Could not decrypt. Different encryption key?"; $input_errors[] = "Could not decrypt config.xml"; -- cgit v1.2.3