(captive portal) cleanse groupname, closes https://github.com/opnsense/core/issues/730

(cherry picked from commit 08663618)

(captive portal) cleanse groupname, closes https://github.com/opnsense/core/issues/730
(cherry picked from commit 08663618)
08d56e23 · Ad Schellevis · Franco Fichtner · c403ee51 · 08d56e23 · 08d56e23
Commit 08d56e23 authored Feb 01, 2016 by Ad Schellevis Committed by Franco Fichtner Feb 01, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 2 deletions

VoucherController.php ...trollers/OPNsense/CaptivePortal/Api/VoucherController.php +4 -1

vouchers.volt ...nsense/mvc/app/views/OPNsense/CaptivePortal/vouchers.volt +3 -1

No files found.
--- a/src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/VoucherController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/VoucherController.php
@@ -121,8 +121,11 @@ class VoucherController extends ApiControllerBase
                $count = $this->request->getPost('count', 'int', 0);
                $validity = $this->request->getPost('validity', 'int', 0);
                $vouchergroup = $this->request->getPost('vouchergroup', 'striptags', '---');
+                // remove characters which are known to provide issues when using in the url
+                foreach (array("&", "#") as $skip_chars) {
+                    $vouchergroup = str_replace($skip_chars, "", $vouchergroup);
+                }
                if ($count > 0 && $count <= 10000 && $validity > 0) {
-                    $response['status'] = 'created';
                    return $auth->generateVouchers($vouchergroup, $count, $validity);
                }
            }

--- a/src/opnsense/mvc/app/views/OPNsense/CaptivePortal/vouchers.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/CaptivePortal/vouchers.volt
@@ -199,6 +199,7 @@ POSSIBILITY OF SUCH DAMAGE.
                            // remove previous link
                            $('#downloadFile').remove();
                        }
                        $('<a></a>')
                                .attr('id','downloadFile')
                                .attr('href','data:text/csv;charset=utf8,' + encodeURIComponent(output_data))
@@ -209,10 +210,11 @@ POSSIBILITY OF SUCH DAMAGE.
                            $('#downloadFile').get(0).click();
                        });
-                        $("#generateVouchers").modal('hide')
+                        $("#generateVouchers").modal('hide');
                        // reload grid after creating new vouchers
                        updateVoucherGroupList();
                    });
        });