diff options
| author | Michael Tänzer <neo@nhng.de> | 2013-08-07 02:43:02 +0200 |
|---|---|---|
| committer | Michael Tänzer <neo@nhng.de> | 2013-08-07 02:43:02 +0200 |
| commit | 359e6dac12f900ffecb74230f671951cf054101a (patch) | |
| tree | e15fae3239b182ab3718196459172857839b0bea | |
| parent | 79a582ee1a478fc5b1858d9752226640f63af55d (diff) | |
| download | cacert-devel-359e6dac12f900ffecb74230f671951cf054101a.tar.gz cacert-devel-359e6dac12f900ffecb74230f671951cf054101a.tar.xz cacert-devel-359e6dac12f900ffecb74230f671951cf054101a.zip | |
bug 1200: Use a freshly created temporary directory as gpg homedir
Signed-off-by: Michael Tänzer <neo@nhng.de>
| -rw-r--r-- | www/gpg.php | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/www/gpg.php b/www/gpg.php index 813ee31..241df30 100644 --- a/www/gpg.php +++ b/www/gpg.php @@ -83,9 +83,17 @@ function verifyEmail($email) $state=0; if($oldid == "0" && $CSR != "") { - if (runCommand('gpg --with-colons --homedir /tmp 2>&1', - clean_gpgcsr($CSR), - $gpg)) + $err = runCommand('mktemp --directory /tmp/cacert_gpg.XXXXXXXXXX', $tmpdir); + if (!err && $tmpdir) + { + $err = runCommand("gpg --with-colons --homedir $tmpdir 2>&1", + clean_gpgcsr($CSR), + $gpg); + + `rm -r $tmpdir`; + } + + if ($err) { showheader(_("Welcome to CAcert.org")); |