lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-13 00:07:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Captive portal, vouchers, both the voucher server and group can contain spaces, which we need to decode before processing. closes https://github.com/opnsense/core/issues/2597

Browse Source 
In theory it should be possible to escape before handling the endpoint, but I can't seem to find out how. in the time being let's make sure we accept the right data
This commit is contained in:
Ad Schellevis 2018-08-03 10:53:14 +02:00
parent 24e0a308ff
commit 61fd53ee7b
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/VoucherController.php
View File

@ -61,7 +61,7 @@ class VoucherController extends ApiControllerBase
public function listVoucherGroupsAction($provider)
{
$authFactory = new AuthenticationFactory();
$auth = $authFactory->get($provider);
$auth = $authFactory->get(urldecode($provider));
if ($auth != null && method_exists($auth, 'listVoucherGroups')) {
return $auth->listVoucherGroups();
} else {
@ -78,9 +78,9 @@ class VoucherController extends ApiControllerBase
public function listVouchersAction($provider, $group)
{
$authFactory = new AuthenticationFactory();
$auth = $authFactory->get($provider);
$auth = $authFactory->get(urldecode($provider));
if ($auth != null && method_exists($auth, 'listVouchers')) {
return $auth->listVouchers($group);
return $auth->listVouchers(urldecode($group));
} else {
return array();
}
@ -96,9 +96,9 @@ class VoucherController extends ApiControllerBase
{
if ($this->request->isPost()) {
$authFactory = new AuthenticationFactory();
$auth = $authFactory->get($provider);
$auth = $authFactory->get(urldecode($provider));
if ($auth != null && method_exists($auth, 'dropVoucherGroup')) {
$auth->dropVoucherGroup($group);
$auth->dropVoucherGroup(urldecode($group));
return array("status" => "drop");
}
}
@ -115,9 +115,9 @@ class VoucherController extends ApiControllerBase
{
if ($this->request->isPost()) {
$authFactory = new AuthenticationFactory();
$auth = $authFactory->get($provider);
$auth = $authFactory->get(urldecode($provider));
if ($auth != null && method_exists($auth, 'dropExpired')) {
return array("status" => "drop", "count" => $auth->dropExpired($group));
return array("status" => "drop", "count" => $auth->dropExpired(urldecode($group)));
}
}
return array("status" => "error");
@ -134,7 +134,7 @@ class VoucherController extends ApiControllerBase
$response = array("status" => "error");
if ($this->request->isPost()) {
$authFactory = new AuthenticationFactory();
$auth = $authFactory->get($provider);
$auth = $authFactory->get(urldecode($provider));
if ($auth != null && method_exists($auth, 'generateVouchers')) {
$count = $this->request->getPost('count', 'int', 0);
$validity = $this->request->getPost('validity', 'int', 0);
@ -164,7 +164,7 @@ class VoucherController extends ApiControllerBase
$username = $this->request->getPost('username', 'string', null);
if ($this->request->isPost() && $username != null) {
$authFactory = new AuthenticationFactory();
$auth = $authFactory->get($provider);
$auth = $authFactory->get(urldecode($provider));
if ($auth != null && method_exists($auth, 'expireVoucher')) {
$auth->expireVoucher($username);
$response['status'] = 'ok';