patch from Phillip (Mantis #778)

https://bugs.cacert.org/view.php?id=778

2 files changed, 6 insertions, 2 deletions

diff --git a/includes/general.php b/includes/general.php
index 80b16a0..938df4e 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -826,6 +826,10 @@
 		$newcsr = str_replace("\n\n","\n",$newcsr);
 		return(preg_replace("/[^A-Za-z0-9\n\r\-\:\=\+\/ ]/","",$newcsr));
 	}
+	function clean_gpgcsr($CSR)
+	{
+		return(preg_replace("/[^A-Za-z0-9\n\r\-\:\=\+\/ ]/","",trim($CSR)));
+	}
 
 	function sanitizeFilename($text)
 	{
diff --git a/www/gpg.php b/www/gpg.php
index 38e5426..f97966f 100644
--- a/www/gpg.php
+++ b/www/gpg.php
@@ -82,7 +82,7 @@ function verifyEmail($email)
 	$state=0;
 	if($oldid == "0" && $CSR != "")
 	{
-		$debugkey = $gpgkey = clean_csr($CSR);
+		$debugkey = $gpgkey = clean_gpgcsr($CSR);
 		$debugpg = $gpg = trim(`echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1`);
 		$lines = "";
 		$gpgarr = explode("\n", $gpg);
@@ -268,7 +268,7 @@ function verifyEmail($email)
 		mkdir($cwd,0755);
 
 		$fp = fopen("$cwd/gpg.csr", "w");
-		fputs($fp, clean_csr($CSR));
+		fputs($fp, clean_gpgcsr($CSR));
 		fclose($fp);