When you want to use complex password for encrypted device, result password can be different that the one you fill to web interface. It is because special characters are not escaped before it is send to shell.
How to reproduce:
Scenario 1
- Go to Disks/Encryption
- Add new encrypted device with password "A&B"
- Detach the device and attach it with password "A" - It works. Which is NOT OK. It should accept only the password "A&B"
Scenario 2
- log to box via SSH
- create encrypted device with command "geli init /dev/da1"
- use password "A&B"
- log to FreeNAS web interface and try to add encrypted device da1 with password "A&B" - You will be unsuccessful which is NOT OK. It should accept the right password.
Suggestion:
Maybe escapeshellcmd() would help.
Of course that currently is possible to send any command to box via passphrase eg. passphrase ";mkdir /etc/hello;"
Thanks for fix
Use of PHP function escapeshellarg() would be better solution then escapeshellcmd().