From a90e31be4f9cbd39d86b12657dbf1a2dc221f498 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Gonz=C3=A1lez?= <jose.gonzalez@pandorafms.com>
Date: Fri, 18 Mar 2022 14:03:36 +0100
Subject: [PATCH 1/2] Fix credential storing with spaces

---
 .../include/class/CredentialStore.class.php         | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/pandora_console/include/class/CredentialStore.class.php b/pandora_console/include/class/CredentialStore.class.php
index 82ab94ee97..5919eef8f0 100644
--- a/pandora_console/include/class/CredentialStore.class.php
+++ b/pandora_console/include/class/CredentialStore.class.php
@@ -14,7 +14,7 @@
  * |___|   |___._|__|__|_____||_____|__| |___._| |___|   |__|_|__|_______|
  *
  * ============================================================================
- * Copyright (c) 2005-2021 Artica Soluciones Tecnologicas
+ * Copyright (c) 2005-2022 Artica Soluciones Tecnologicas
  * Please see http://pandorafms.org for full contribution list
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -644,8 +644,15 @@ class CredentialStore extends Wizard
         ];
 
         // Spaces  are not allowed.
-        $values['identifier'] = preg_replace('/\s+/', '-', trim($identifier));
-
+        $values['identifier'] = \io_safe_input(
+            preg_replace(
+                '/\s+/',
+                '-',
+                trim(
+                    \io_safe_output($identifier)
+                )
+            )
+        );
         return $values;
     }
 

From 61713b453a0ad96f2e685264a751f806b504862a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Gonz=C3=A1lez?= <jose.gonzalez@pandorafms.com>
Date: Thu, 24 Mar 2022 13:53:22 +0100
Subject: [PATCH 2/2] Added control for ascii characters

---
 .../include/class/CredentialStore.class.php   |  8 ++--
 .../include/graphs/functions_utils.php        | 40 +++++++++++++++++++
 2 files changed, 45 insertions(+), 3 deletions(-)

diff --git a/pandora_console/include/class/CredentialStore.class.php b/pandora_console/include/class/CredentialStore.class.php
index 5919eef8f0..27486433ee 100644
--- a/pandora_console/include/class/CredentialStore.class.php
+++ b/pandora_console/include/class/CredentialStore.class.php
@@ -623,11 +623,13 @@ class CredentialStore extends Wizard
             $error = __('You must select a group where store this key!');
         } else if (empty($product) === true) {
             $error = __('You must specify a product type');
-        } else if (empty($username) === true && (empty($password) === true)) {
+        } else if (empty($username) === true || (empty($password) === true)) {
             $error = __('You must specify a username and/or password');
+        } else if (evaluate_ascii_valid_string(io_safe_output($identifier)) === false) {
+            $error = __('Identifier with forbidden characters. Check the documentation.');
         }
 
-        if (isset($error)) {
+        if (isset($error) === true) {
             $this->ajaxMsg('error', $error);
             exit;
         }
@@ -1277,7 +1279,7 @@ class CredentialStore extends Wizard
             });
 
         }
-    
+
         /**
          * Delete selected key
          */
diff --git a/pandora_console/include/graphs/functions_utils.php b/pandora_console/include/graphs/functions_utils.php
index 11737099a8..e68a11a9f1 100644
--- a/pandora_console/include/graphs/functions_utils.php
+++ b/pandora_console/include/graphs/functions_utils.php
@@ -328,3 +328,43 @@ function convert_array_multi($array, $glue)
     $result = substr($result, 0, (0 - strlen($glue)));
     return $result;
 }
+
+
+/**
+ * Evaluate if the chars of coming variable has in the range stablished.
+ *
+ * @param string $string String for be evaluated.
+ * @param array  $ranges Ranges for valid chars. Min: [ x <= Y ] Max: [ Y > x ].
+ * Example of valid ranges: [ '32:126', '150:188' ].
+ *
+ * @return boolean.
+ */
+function evaluate_ascii_valid_string(string $string='', array $ranges=[ '33:38', '40:126' ])
+{
+    if (empty($string) === true) {
+        return false;
+    }
+
+    $countChars = strlen($string);
+    // Let's explore all the chars.
+    for ($i = 0; $i < $countChars; $i++) {
+        // Get ascii number of the char.
+        $asciiNumber = ord($string[$i]);
+        // Check in all ranges.
+        $rangeValidation = false;
+        foreach ($ranges as $range) {
+            list($minRangeValue, $maxRangeValue) = explode(':', $range, 2);
+            // Check if is in range.
+            if ($asciiNumber > (int) $minRangeValue && $asciiNumber < (int) $maxRangeValue) {
+                $rangeValidation = true;
+            }
+        }
+
+        // None of the ranges was validated.
+        if ($rangeValidation === false) {
+            return false;
+        }
+    }
+
+    return true;
+}