diff options
| author | Benny Baumann <BenBE@geshi.org> | 2014-05-01 00:17:08 +0200 |
|---|---|---|
| committer | Benny Baumann <BenBE@geshi.org> | 2014-05-01 00:17:08 +0200 |
| commit | a11cfcccaad26310d539c9dd70857d1eae72badd (patch) | |
| tree | 73f3c8f268f69fc091e5b02d9aebba18cad00948 /www | |
| parent | 7e6053f91c8be4f2b2d1a6a3e93c62fbf8f8c156 (diff) | |
| parent | 24d8235f875f9ecff3198e3f0cf8d450beae1989 (diff) | |
| download | cacert-devel-a11cfcccaad26310d539c9dd70857d1eae72badd.tar.gz cacert-devel-a11cfcccaad26310d539c9dd70857d1eae72badd.tar.xz cacert-devel-a11cfcccaad26310d539c9dd70857d1eae72badd.zip | |
Merge branch 'release' into bug-1138
Diffstat (limited to 'www')
| -rw-r--r-- | www/api/ccsr.php | 4 | ||||
| -rw-r--r-- | www/gpg.php | 16 |
2 files changed, 11 insertions, 9 deletions
diff --git a/www/api/ccsr.php b/www/api/ccsr.php index 54d7dc9..b223168 100644 --- a/www/api/ccsr.php +++ b/www/api/ccsr.php @@ -73,7 +73,9 @@ require_once '../../includes/lib/check_weak_key.php'; $fp = fopen($incsr, "w"); fputs($fp, $CSR); fclose($fp); - $do = `/usr/bin/openssl req -in $incsr -out $checkedcsr`; + $incsr_esc = escapeshellarg($incsr); + $checkedcsr_esc = escapeshellarg($checkedcsr); + $do = `/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc`; @unlink($incsr); if(filesize($checkedcsr) <= 0) die("404,Invalid or missing CSR"); diff --git a/www/gpg.php b/www/gpg.php index 829bbcf..263c1d3 100644 --- a/www/gpg.php +++ b/www/gpg.php @@ -187,18 +187,18 @@ function verifyEmail($email) // Name (Comment) <Email> if(preg_match("/^([^\(\)\[@<>]+) \(([^\(\)@<>]*)\) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches)) { - $name=trim(hex2bin($matches[1])); + $name=trim(gpg_hex2bin($matches[1])); $nocomment=0; - $comm=trim(hex2bin($matches[2])); - $mail=trim(hex2bin($matches[3])); + $comm=trim(gpg_hex2bin($matches[2])); + $mail=trim(gpg_hex2bin($matches[3])); } // Name <EMail> elseif(preg_match("/^([^\(\)\[@<>]+) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches)) { - $name=trim(hex2bin($matches[1])); + $name=trim(gpg_hex2bin($matches[1])); $nocomment=1; $comm=""; - $mail=trim(hex2bin($matches[2])); + $mail=trim(gpg_hex2bin($matches[2])); } // Unrecognized format else @@ -357,13 +357,13 @@ function verifyEmail($email) $pos = strlen($bits[9]); } - $name = trim(hex2bin(trim(substr($bits[9], 0, $pos)))); + $name = trim(gpg_hex2bin(trim(substr($bits[9], 0, $pos)))); $nameok=verifyName($name); if($nocomment == 0) { $pos += 2; $pos2 = strpos($bits[9], ")"); - $comm = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos)))); + $comm = trim(gpg_hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos)))); if($comm != "") $comment[] = $comm; $pos = $pos2 + 3; @@ -374,7 +374,7 @@ function verifyEmail($email) $mail=""; if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) { //echo "Found: ".$match[1]; - $mail = trim(hex2bin($match[1])); + $mail = trim(gpg_hex2bin($match[1])); } else { |