diff options
author | Michael Tänzer <neo@nhng.de> | 2014-04-30 23:36:56 +0200 |
---|---|---|
committer | Michael Tänzer <neo@nhng.de> | 2014-05-01 02:11:07 +0200 |
commit | cff85b0ea8cdd4d7249d23206339a85d06e24419 (patch) | |
tree | f066735aea51ab5ecf3b1a0d57da5a4e60d1fcfd | |
parent | 70b829a7d195f8dbd0c26f2928d623f83caf5a58 (diff) | |
download | cacert-devel-cff85b0ea8cdd4d7249d23206339a85d06e24419.tar.gz cacert-devel-cff85b0ea8cdd4d7249d23206339a85d06e24419.tar.xz cacert-devel-cff85b0ea8cdd4d7249d23206339a85d06e24419.zip |
bug 1138: Avoid double escaping in `description` which was stored into the
session mysql_real_escaped
Signed-off-by: Michael Tänzer <neo@nhng.de>
-rw-r--r-- | includes/account.php | 32 |
1 files changed, 6 insertions, 26 deletions
diff --git a/includes/account.php b/includes/account.php index ab30813..b9ee7d1 100644 --- a/includes/account.php +++ b/includes/account.php @@ -298,11 +298,8 @@ function buildSubjectFromSession() { $_REQUEST['keytype'] = "MS"; $csr = clean_csr($_REQUEST['optionalCSR']); } - if(trim($_REQUEST['description']) != ""){ - $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); - }else{ - $_SESSION['_config']['description']= ""; - } + + $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description'])); } if($oldid == 4) @@ -731,11 +728,7 @@ function buildSubjectFromSession() { exit; } - if(trim($_REQUEST['description']) != ""){ - $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); - }else{ - $_SESSION['_config']['description']= ""; - } + $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description'])); $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR"); $fp = fopen($_SESSION['_config']['tmpfname'], "w"); @@ -1445,12 +1438,7 @@ function buildSubjectFromSession() { $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name']))); $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU']))); - - if(trim($_REQUEST['description']) != ""){ - $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); - }else{ - $_SESSION['_config']['description']= ""; - } + $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description'])); } if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0) @@ -1479,11 +1467,7 @@ function buildSubjectFromSession() { if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; - if(trim($_REQUEST['description']) != ""){ - $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); - }else{ - $_SESSION['_config']['description']= ""; - } + $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description'])); if(@count($_SESSION['_config']['emails']) > 0) $id = 17; @@ -1863,11 +1847,7 @@ function buildSubjectFromSession() { exit; } - if(trim($_REQUEST['description']) != ""){ - $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); - }else{ - $_SESSION['_config']['description']= ""; - } + $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description'])); $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR"); $fp = fopen($_SESSION['_config']['tmpfname'], "w"); |