You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 6, 2023. It is now read-only.
At the moment, the config XML cannot be written / read as-is because some fields are HTML-escaped before being written into a CDATA tag.
The most noticeable result is that calling this plugin breaks my LDAP config.
I have already opened an issue upstream but I doubt they are going to work on it since it's an edge case.
I also made a PR which was rejected because it breaks existing configs: pfsense/pfsense#4432.
I don't really know how we could work around this issue. I have looked at pfSense's code, specifically xml_set_character_data_handler which calls this cData function and it isn't able to parse double-escaped attributes such as <ldap_extended_query>memberOf=CN=Some Group,OU=One &amp; Two,DC=blah,DC=local</ldap_extended_query> which is what this module produces.
The problem is that, to pfSense, parsing both of these returns &:
Maybe we could process all special fields and enclose them in CDATA. However, we must also call html.escape when reading them. There are many corner cases to be aware of. I think a good test value is &ü because the former will be escaped by Python while the latter will only be escaped by PHP's htmlentities.
The text was updated successfully, but these errors were encountered:
Hi,
At the moment, the config XML cannot be written / read as-is because some fields are HTML-escaped before being written into a CDATA tag.
The most noticeable result is that calling this plugin breaks my LDAP config.
I have already opened an issue upstream but I doubt they are going to work on it since it's an edge case.
I also made a PR which was rejected because it breaks existing configs: pfsense/pfsense#4432.
I don't really know how we could work around this issue. I have looked at pfSense's code, specifically
xml_set_character_data_handler
which calls thiscData
function and it isn't able to parse double-escaped attributes such as<ldap_extended_query>memberOf=CN=Some Group,OU=One &amp; Two,DC=blah,DC=local</ldap_extended_query>
which is what this module produces.The problem is that, to pfSense, parsing both of these returns
&
:<ldap_extended_query>&</ldap_extended_query>
<ldap_extended_query><![CDATA[&]]></ldap_extended_query>
Maybe we could process all special fields and enclose them in
CDATA
. However, we must also callhtml.escape
when reading them. There are many corner cases to be aware of. I think a good test value is&ü
because the former will be escaped by Python while the latter will only be escaped by PHP'shtmlentities
.The text was updated successfully, but these errors were encountered: