ACME 0.5.8

* Fix encoding for cert/key fields in output. Fixes #9554 * Fix tab links for non-admin users. Fixes #9553
pfsense · May 28, 2019 · 5049095 · 5049095
1 parent b7342d7
commit 5049095
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 11 deletions.
diff --git a/security/pfSense-pkg-acme/Makefile b/security/pfSense-pkg-acme/Makefile
@@ -1,8 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	pfSense-pkg-acme
-PORTVERSION=	0.5.7
+PORTVERSION=	0.5.8
-PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	# empty
 DISTFILES=	# empty

diff --git a/security/pfSense-pkg-acme/files/usr/local/pkg/acme/pkg_acme_tabs.inc b/security/pfSense-pkg-acme/files/usr/local/pkg/acme/pkg_acme_tabs.inc
@@ -11,9 +11,9 @@ namespace pfsense_pkg\acme;
 global $acme_tab_array;
 
 $acme_tab_array['acme'] = array();
-$acme_tab_array['acme']['settings'] = Array('name' => "General settings", 'url' => "acme_generalsettings.php");
+$acme_tab_array['acme']['settings'] = Array('name' => "General settings", 'url' => "/acme/acme_generalsettings.php");
-$acme_tab_array['acme']['certificates'] = Array('name' => "Certificates", 'url' => "acme_certificates.php");
+$acme_tab_array['acme']['certificates'] = Array('name' => "Certificates", 'url' => "/acme/acme_certificates.php");
-$acme_tab_array['acme']['accountkeys'] = Array('name' => "Account keys", 'url' => "acme_accountkeys.php");
+$acme_tab_array['acme']['accountkeys'] = Array('name' => "Account keys", 'url' => "/acme/acme_accountkeys.php");
 
 function display_top_tabs_active($top_tabs, $activetab) {
 	$tab_array = array();

diff --git a/security/pfSense-pkg-acme/files/usr/local/www/acme/acme_accountkeys.php b/security/pfSense-pkg-acme/files/usr/local/www/acme/acme_accountkeys.php
@@ -158,21 +158,21 @@
 				<tbody class="user-entries">
 <?php
 		foreach ($a_accountkeys as $accountkey) {
-			$accountname = $accountkey['name'];
+			$accountname = htmlspecialchars($accountkey['name']);
 			?>
 			<tr id="fr<?=$accountname;?>" <?=$display?> onClick="fr_toggle('<?=$accountname;?>')" ondblclick="document.location='acme_accountkeys_edit.php?id=<?=$accountname;?>';">
 				<td>
 					<input type="checkbox" id="frc<?=$accountname;?>" onClick="fr_toggle('<?=$accountname;?>')" name="rule[]" value="<?=$accountname;?>"/>
 					<a class="fa fa-anchor" id="Xmove_<?=$accountname?>" title="<?=gettext("Move checked entries to here")?>"></a>
 				</td>
 			  <td>
-				<?=$accountkey['name'];?>
+				<?=$accountname;?>
 			  </td>
 			  <td>
-				<?=$accountkey['desc'];?>
+				<?=htmlspecialchars($accountkey['desc']);?>
 			  </td>
 			  <td>
-				<?=$accountkey['acmeserver'];?>
+				<?=htmlspecialchars($accountkey['acmeserver']);?>
 			  </td>
 			  <td class="action-icons">
 				<button style="display: none;" class="btn btn-default btn-xs" type="submit" id="move_<?=$accountname?>" name="move_<?=$accountname?>" value="move_<?=$accountname?>"></button>

diff --git a/security/pfSense-pkg-acme/files/usr/local/www/acme/acme_certificates.php b/security/pfSense-pkg-acme/files/usr/local/www/acme/acme_certificates.php
@@ -242,10 +242,10 @@
 				<?=$certificate['name'];?>
 			  </td>
 			  <td>
-				<?=$certificate['desc'];?>
+				<?=htmlspecialchars($certificate['desc']);?>
 			  </td>
 			  <td>
-				<?=$certificate['acmeaccount'];?>
+				<?=htmlspecialchars($certificate['acmeaccount']);?>
 			  </td>
 			  <td style="white-space: nowrap">
 				<?=date('r', $certificate['lastrenewal']);?>