summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2014-06-19 16:33:54 +0200
committerBenny Baumann <BenBE@geshi.org>2014-06-19 16:33:54 +0200
commit1f3eddaf696f3d7563b761b7c9bf537710d55c31 (patch)
treec251a68375ee0ee8e3c506553546add05338e3f1
parent7f332a32fff1e45afc939220effe042ad7b3f4b8 (diff)
parent92f5ddf1858215806fff49047459ce86ca38180f (diff)
downloadcacert-devel-1f3eddaf696f3d7563b761b7c9bf537710d55c31.tar.gz
cacert-devel-1f3eddaf696f3d7563b761b7c9bf537710d55c31.tar.xz
cacert-devel-1f3eddaf696f3d7563b761b7c9bf537710d55c31.zip
Merge branch 'bug-1212' into testserver-stable
-rw-r--r--includes/general.php36
1 files changed, 34 insertions, 2 deletions
diff --git a/includes/general.php b/includes/general.php
index 8846f4b..cd39f1b 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -272,6 +272,16 @@
}
}
+ function isValidWildcard($name){
+ if(substr($name,0,2) == "*."){
+ $name = substr($name, 2);
+ }
+ if(!preg_match("/[a-zA-Z0-9_]([a-zA-Z0-9\\-_]*[a-zA-Z0-9])?/",$name)){
+ return false;
+ }
+ return strpos($name, "*") === false;
+ }
+
function getcn()
{
unset($_SESSION['_config']['rows']);
@@ -285,6 +295,12 @@
$bits = explode(".", $CN);
$dom = "";
$cnok = 0;
+
+ if(!isValidWildcard($CN)){
+ $_SESSION['_config']['rejected'][] = $CN;
+ continue;
+ }
+
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
@@ -293,7 +309,7 @@
$dom = $bits[$i];
$_SESSION['_config']['row'] = "";
$dom = mysql_real_escape_string($dom);
- $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
+ $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` = '$dom' and `deleted`=0 and `hash`=''";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
@@ -334,6 +350,11 @@
else
continue;
+ if(!isValidWildcard($alt)){
+ $_SESSION['_config']['rejected'][] = $alt;
+ continue;
+ }
+
$bits = explode(".", $alt);
$dom = "";
$altok = 0;
@@ -345,7 +366,7 @@
$dom = $bits[$i];
$_SESSION['_config']['altrow'] = "";
$dom = mysql_real_escape_string($dom);
- $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
+ $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` = '$dom' and `deleted`=0 and `hash`=''";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
@@ -375,6 +396,12 @@
$CN = $_SESSION['_config']["$cnc.CN"];
$bits = explode(".", $CN);
$dom = "";
+
+ if(!isValidWildcard($CN)){
+ $_SESSION['_config']['rejected'][] = $CN;
+ continue;
+ }
+
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
@@ -421,6 +448,11 @@
else
continue;
+ if(!isValidWildcard($alt)){
+ $_SESSION['_config']['rejected'][] = $alt;
+ continue;
+ }
+
$bits = explode(".", $alt);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)