summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFelix Dörre <felix@dogcraft.de>2014-06-13 22:30:54 +0200
committerBenny Baumann <BenBE@geshi.org>2014-06-15 18:19:54 +0200
commit53c84b22d3449f0f233b02d650f1ed3bb58a04bc (patch)
tree5f1bdeb67e6bf9edd82ab8d8dea67863f1413f0b
parentb463d175196b5e8abbfbc5e00e161d5c69113565 (diff)
downloadcacert-devel-53c84b22d3449f0f233b02d650f1ed3bb58a04bc.tar.gz
cacert-devel-53c84b22d3449f0f233b02d650f1ed3bb58a04bc.tar.xz
cacert-devel-53c84b22d3449f0f233b02d650f1ed3bb58a04bc.zip
bug 807: escaping value from the database.bug-807
-rw-r--r--includes/account.php8
1 files changed, 4 insertions, 4 deletions
diff --git a/includes/account.php b/includes/account.php
index 6de1e68..163ca04 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -906,7 +906,7 @@ function buildSubjectFromSession() {
`type`='".intval($row['type'])."',
`pkhash`='".mysql_real_escape_string($row['pkhash'])."',
`description`='".mysql_real_escape_string($row['description'])."',
- `md`='".$row['md']."'";
+ `md`='".HashAlgorithms::clean($row['md'])."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","server",$newid);
@@ -1087,7 +1087,7 @@ function buildSubjectFromSession() {
`codesign`='".intval($row['codesign'])."',
`rootcert`='".intval($row['rootcert'])."',
`description`='".mysql_real_escape_string($row['description'])."',
- `md`='".$row['md']."'";
+ `md`='".HashAlgorithms::clean($row['md'])."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","client",$newid);
@@ -1722,7 +1722,7 @@ function buildSubjectFromSession() {
`codesign`='".intval($row['codesign'])."',
`rootcert`='".intval($row['rootcert'])."',
`description`='".mysql_real_escape_string($row['description'])."',
- `md`='".$row['md']."'";
+ `md`='".HashAlgorithms::clean($row['md'])."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","orgclient",$newid);
@@ -2075,7 +2075,7 @@ function buildSubjectFromSession() {
`type`='".intval($row['type'])."',
`rootcert`='".intval($row['rootcert'])."',
`description`='".mysql_real_escape_string($row['description'])."',
- `md`='".$row['md']."'";
+ `md`='".HashAlgorithms::clean($row['md'])."'";
mysql_query($query);
$newid = mysql_insert_id();
//echo "NewID: $newid<br/>\n";