summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2014-05-01 00:17:08 +0200
committerBenny Baumann <BenBE@geshi.org>2014-05-01 00:17:08 +0200
commita11cfcccaad26310d539c9dd70857d1eae72badd (patch)
tree73f3c8f268f69fc091e5b02d9aebba18cad00948 /www
parent7e6053f91c8be4f2b2d1a6a3e93c62fbf8f8c156 (diff)
parent24d8235f875f9ecff3198e3f0cf8d450beae1989 (diff)
downloadcacert-devel-a11cfcccaad26310d539c9dd70857d1eae72badd.tar.gz
cacert-devel-a11cfcccaad26310d539c9dd70857d1eae72badd.tar.xz
cacert-devel-a11cfcccaad26310d539c9dd70857d1eae72badd.zip
Merge branch 'release' into bug-1138
Diffstat (limited to 'www')
-rw-r--r--www/api/ccsr.php4
-rw-r--r--www/gpg.php16
2 files changed, 11 insertions, 9 deletions
diff --git a/www/api/ccsr.php b/www/api/ccsr.php
index 54d7dc9..b223168 100644
--- a/www/api/ccsr.php
+++ b/www/api/ccsr.php
@@ -73,7 +73,9 @@ require_once '../../includes/lib/check_weak_key.php';
$fp = fopen($incsr, "w");
fputs($fp, $CSR);
fclose($fp);
- $do = `/usr/bin/openssl req -in $incsr -out $checkedcsr`;
+ $incsr_esc = escapeshellarg($incsr);
+ $checkedcsr_esc = escapeshellarg($checkedcsr);
+ $do = `/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc`;
@unlink($incsr);
if(filesize($checkedcsr) <= 0)
die("404,Invalid or missing CSR");
diff --git a/www/gpg.php b/www/gpg.php
index 829bbcf..263c1d3 100644
--- a/www/gpg.php
+++ b/www/gpg.php
@@ -187,18 +187,18 @@ function verifyEmail($email)
// Name (Comment) <Email>
if(preg_match("/^([^\(\)\[@<>]+) \(([^\(\)@<>]*)\) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches))
{
- $name=trim(hex2bin($matches[1]));
+ $name=trim(gpg_hex2bin($matches[1]));
$nocomment=0;
- $comm=trim(hex2bin($matches[2]));
- $mail=trim(hex2bin($matches[3]));
+ $comm=trim(gpg_hex2bin($matches[2]));
+ $mail=trim(gpg_hex2bin($matches[3]));
}
// Name <EMail>
elseif(preg_match("/^([^\(\)\[@<>]+) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches))
{
- $name=trim(hex2bin($matches[1]));
+ $name=trim(gpg_hex2bin($matches[1]));
$nocomment=1;
$comm="";
- $mail=trim(hex2bin($matches[2]));
+ $mail=trim(gpg_hex2bin($matches[2]));
}
// Unrecognized format
else
@@ -357,13 +357,13 @@ function verifyEmail($email)
$pos = strlen($bits[9]);
}
- $name = trim(hex2bin(trim(substr($bits[9], 0, $pos))));
+ $name = trim(gpg_hex2bin(trim(substr($bits[9], 0, $pos))));
$nameok=verifyName($name);
if($nocomment == 0)
{
$pos += 2;
$pos2 = strpos($bits[9], ")");
- $comm = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
+ $comm = trim(gpg_hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
if($comm != "")
$comment[] = $comm;
$pos = $pos2 + 3;
@@ -374,7 +374,7 @@ function verifyEmail($email)
$mail="";
if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) {
//echo "Found: ".$match[1];
- $mail = trim(hex2bin($match[1]));
+ $mail = trim(gpg_hex2bin($match[1]));
}
else
{