search

Jackysi / advancedtomato

AdvancedTomato firmware repository (Tomato by Shibby fork)
https://advancedtomato.com/
Other
280 stars 71 forks source link

Parsing error of ampersand symbol in RADIUS shared secret #371

Closed maurice-w closed 6 years ago

maurice-w commented 6 years ago

In Advanced Settings / Virtual Wireless, configure WPA2 Enterprise security for one of the Virtual Wireless Interfaces and enter a Shared Key containg an ampersand symbol (&). When saving, the string gets truncated at the ampersand symbol.

I didn't test whether this also happens for other input fields in the GUI, but I wouldn't be surprised.

This is a new issue in 3.5-140; it worked fine in 3.4-140!

Router: Linksys E4200

Jackysi commented 6 years ago

That sounds the opposite of what we did in last release. Can you show example?https://github.com/Jackysi/advancedtomato-gui/pull/31

If that's the case this is a big problem.

maurice-w commented 6 years ago

I agree that this IS a big problem. Here are two more things I tried:

  1. Navigate to Basic Settings / Network.
  2. Enable WPA2 Personal security with AES encryption, enter the shared key 12345&67890, click Save.
  3. An error message will be displayed: _The field "wl_wpapsk" is invalid. Please report this problem.
  4. This is bad because, by definition, a WPA2-PSK may contain any printable ASCII character.
  5. Now switch security to WPA2 Enterprise, enter the same shared key and click Save again.
  6. No error message is displayed, it looks like everything is OK.
  7. Navigate to another page, then go back to Basic Settings / Network and click into the Shared Key field.
  8. Only the string 12345 is displayed, &67890 has been truncated.
  9. This is even worse because the GUI saves a modified value without displaying an error message.
Jackysi commented 6 years ago

I will revert this commit and re-compile images. I am not sure why I merged this, I was sure it will bring issues... Some one just liked to have their unicode characters on wifi names lolz and they changed global function that messed up every thing. And I was stupid enough to merge it.

noplanman commented 6 years ago

@Jackysi The ampersand and semicolon is also an issue when saving the custom script in Administration -> Buttons/LED for the Netgear R7000. It isn't correctly url encoded, so everything after the first & or ; (and possibly other characters too) is lost.