bug 1273: replace backtick operators with shell_exec

+ fix 1 missing escapeshellarg
Commands used to locate:
1.
find includes -type f -name '*.php' -exec cat {} \; \
| tr '\n' '?' | sed 's/\(\$query .\?= \|\
mysql_query(\|query_init (\)"\([^"]\|".\(\(intval\|mysql_real_escape_string\)\
(\$[^\$)]\+)\|\$_SESSION\(\['_config'\]\['user'\]\['Q[1-5]'\]\
\|['_config']['disablelogin']\)\)[ ?]*."\)*"/mysql-substitute/g'\
| tr '?' '\n' |  grep --color=always "\`"|less -r

and reviewing the queries by hand.

This command replaces out strings obviously looking
like sql_queries and then outputting al remaining backticks:

starting with "$query = ,mysql_query, ..."
and are only interrupted by "safe" calls:
- mysql_real_escape_string
- intval
- pre_escaped session variables

(This command may also be used for locating
 bad escaped sql_queries)

2. grep -r "\`\(grep\|/\|echo\|dig\|openssl\|gpg\|rm\|../\)" www includes pages \
| grep -v '\(from\|update\|into\) `gpg'

1 files changed, 2 insertions, 2 deletions

diff --git a/www/api/ccsr.php b/www/api/ccsr.php
index b223168..3bfe55a 100644
--- a/www/api/ccsr.php
+++ b/www/api/ccsr.php
@@ -75,7 +75,7 @@ require_once '../../includes/lib/check_weak_key.php';
 	fclose($fp);
 	$incsr_esc = escapeshellarg($incsr);
 	$checkedcsr_esc = escapeshellarg($checkedcsr);
-	$do = `/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc`;
+	$do = shell_exec("/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc");
 	@unlink($incsr);
 	if(filesize($checkedcsr) <= 0)
 		die("404,Invalid or missing CSR");
@@ -97,7 +97,7 @@ require_once '../../includes/lib/check_weak_key.php';
 	foreach($emails as $emailid => $email)
 		mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='".intval($emailid)."'");
 
-	$do = `../../scripts/runclient`;
+	$do = shell_exec("../../scripts/runclient");
 	sleep(10); // THIS IS BROKEN AND SHOULD BE FIXED
 	$query = "select * from `emailcerts` where `id`='$certid' and `crt_name` != ''";
 	$res = mysql_query($query);