summaryrefslogtreecommitdiff
path: root/www/api/ccsr.php
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2014-04-21 20:07:00 +0200
committerMichael Tänzer <neo@nhng.de>2014-04-21 20:07:00 +0200
commitc7c4d077688807bcbec21e11d0aeb0af9ebfbd30 (patch)
tree74ee152df3b0d09497252bbc98453e8fc280a6b4 /www/api/ccsr.php
parent29cc1c30533de1f6caa6fa163b95970eee5ab8ef (diff)
downloadcacert-devel-c7c4d077688807bcbec21e11d0aeb0af9ebfbd30.tar.gz
cacert-devel-c7c4d077688807bcbec21e11d0aeb0af9ebfbd30.tar.xz
cacert-devel-c7c4d077688807bcbec21e11d0aeb0af9ebfbd30.zip
Source code taken from cacert-20140419.tar.bz2
Diffstat (limited to 'www/api/ccsr.php')
-rw-r--r--www/api/ccsr.php4
1 files changed, 3 insertions, 1 deletions
diff --git a/www/api/ccsr.php b/www/api/ccsr.php
index 7efdf8d..403882f 100644
--- a/www/api/ccsr.php
+++ b/www/api/ccsr.php
@@ -73,7 +73,9 @@ require_once '../../includes/lib/check_weak_key.php';
$fp = fopen($incsr, "w");
fputs($fp, $CSR);
fclose($fp);
- $do = `/usr/bin/openssl req -in $incsr -out $checkedcsr`;
+ $incsr_esc = escapeshellarg($incsr);
+ $checkedcsr_esc = escapeshellarg($checkedcsr);
+ $do = `/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc`;
@unlink($incsr);
if(filesize($checkedcsr) <= 0)
die("404,Invalid or missing CSR");