OpenVPN: Added a check for empty 'CERT_NAME' field.
authorErik Kapfer <erik.kapfer@ipfire.org>
Thu, 31 Jul 2014 06:43:24 +0000 (08:43 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 4 Aug 2014 19:18:45 +0000 (21:18 +0200)
Fixes: #10581

html/cgi-bin/ovpnmain.cgi

index 927616a..14308e5 100644 (file)
@@ -3968,10 +3968,8 @@ if ($cgiparams{'TYPE'} eq 'net') {
                $errormessage = $Lang::tr{'name too long'};
                goto VPNCONF_ERROR;
            }
-           if ($cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
+           if ($cgiparams{'CERT_NAME'} eq '' || $cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
                $errormessage = $Lang::tr{'invalid input for name'};
-               unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
-               rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
                goto VPNCONF_ERROR;
            }
            if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) {