summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2014-06-13 09:19:57 +0200
committerBenny Baumann <BenBE@geshi.org>2014-06-13 09:19:57 +0200
commitf25f8af03c96cfcd4dd83a9f3b6ee4181eb3e2c9 (patch)
tree7162d1c77760fad5c53474d9bf0a0c7e122b2f66 /www
parent57ba86ff84eb3dcc15f8122b29efeae54434652e (diff)
parent2affa9c6e9a1f2a7f68ab5fa306374cd037d6227 (diff)
downloadcacert-devel-f25f8af03c96cfcd4dd83a9f3b6ee4181eb3e2c9.tar.gz
cacert-devel-f25f8af03c96cfcd4dd83a9f3b6ee4181eb3e2c9.tar.xz
cacert-devel-f25f8af03c96cfcd4dd83a9f3b6ee4181eb3e2c9.zip
Merge branch 'release' into bug-807
Conflicts: includes/account.php includes/lib/account.php pages/account/16.php
Diffstat (limited to 'www')
-rw-r--r--www/api/ccsr.php22
-rw-r--r--www/api/cemails.php9
-rw-r--r--www/gpg.php16
-rw-r--r--www/index.php24
-rw-r--r--www/stats.php5
-rw-r--r--www/styles/default.css24
-rw-r--r--www/wot.php57
7 files changed, 89 insertions, 68 deletions
diff --git a/www/api/ccsr.php b/www/api/ccsr.php
index 7efdf8d..b223168 100644
--- a/www/api/ccsr.php
+++ b/www/api/ccsr.php
@@ -31,7 +31,7 @@ require_once '../../includes/lib/check_weak_key.php';
foreach($_REQUEST['email'] as $email)
{
$email = mysql_real_escape_string(trim($email));
- $query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0 and `email`='$email'";
+ $query = "select * from `email` where `memid`='".intval($memid)."' and `hash`='' and `deleted`=0 and `email`='$email'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
@@ -42,7 +42,7 @@ require_once '../../includes/lib/check_weak_key.php';
}
if(count($emails) <= 0)
die("404,Wasn't able to match any emails sent against your account");
- $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`";
+ $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `notary`.`deleted`=0 group by `to`";
$row = mysql_fetch_assoc(mysql_query($query));
$points = $row['points'];
@@ -62,18 +62,20 @@ require_once '../../includes/lib/check_weak_key.php';
$codesign = 1;
$CSR = trim($_REQUEST['optionalCSR']);
-
+
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
{
die("403, $weakKey");
}
-
+
$incsr = tempnam("/tmp", "ccsrIn");
$checkedcsr = tempnam("/tmp", "ccsrOut");
$fp = fopen($incsr, "w");
fputs($fp, $CSR);
fclose($fp);
- $do = `/usr/bin/openssl req -in $incsr -out $checkedcsr`;
+ $incsr_esc = escapeshellarg($incsr);
+ $checkedcsr_esc = escapeshellarg($checkedcsr);
+ $do = `/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc`;
@unlink($incsr);
if(filesize($checkedcsr) <= 0)
die("404,Invalid or missing CSR");
@@ -82,9 +84,9 @@ require_once '../../includes/lib/check_weak_key.php';
foreach($emails as $id => $email)
$csrsubject .= "/emailAddress=".$email;
- $query = "insert into `emailcerts` set `CN`='".$user['email']."', `keytype`='MS',
- `memid`='".$user['id']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
- `subject`='$csrsubject', `codesign`='$codesign'";
+ $query = "insert into `emailcerts` set `CN`='".mysql_real_escape_string($user['email'])."', `keytype`='MS',
+ `memid`='".intval($user['id'])."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
+ `subject`='".mysql_real_escape_string($csrsubject)."', `codesign`='".intval($codesign)."'";
mysql_query($query);
$certid = mysql_insert_id();
$CSRname = generatecertpath("csr","client",$certid);
@@ -93,14 +95,14 @@ require_once '../../includes/lib/check_weak_key.php';
mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$certid'");
foreach($emails as $emailid => $email)
- mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='$emailid'");
+ mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='".intval($emailid)."'");
$do = `../../scripts/runclient`;
sleep(10); // THIS IS BROKEN AND SHOULD BE FIXED
$query = "select * from `emailcerts` where `id`='$certid' and `crt_name` != ''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
- die("404,Your certificate request has failed. ID: $certid");
+ die("404,Your certificate request has failed. ID: ".intval($certid));
$cert = mysql_fetch_assoc($res);
echo "200,Authentication Ok\n";
readfile("../".$cert['crt_name']);
diff --git a/www/api/cemails.php b/www/api/cemails.php
index 0d067ea..f937069 100644
--- a/www/api/cemails.php
+++ b/www/api/cemails.php
@@ -25,7 +25,7 @@
echo "200,Authentication Ok\n";
$user = mysql_fetch_assoc($res);
$memid = $user['id'];
- $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`";
+ $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `notary`.`deleted`=0 group by `to`";
$row = mysql_fetch_assoc(mysql_query($query));
$points = $row['points'];
echo "CS=".intval($user['codesign'])."\n";
@@ -40,8 +40,9 @@
if($user['mname'] != "" && $user['suffix'] != "")
echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n";
}
- $query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0";
+ $query = "select * from `email` where `memid`='".intval($memid)."' and `hash`='' and `deleted`=0";
$res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- echo "EMAIL=".$row['email']."\n";
+ while($row = mysql_fetch_assoc($res)) {
+ echo "EMAIL=".sanitizeHTML($row['email'])."\n";
+ }
?>
diff --git a/www/gpg.php b/www/gpg.php
index 829bbcf..263c1d3 100644
--- a/www/gpg.php
+++ b/www/gpg.php
@@ -187,18 +187,18 @@ function verifyEmail($email)
// Name (Comment) <Email>
if(preg_match("/^([^\(\)\[@<>]+) \(([^\(\)@<>]*)\) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches))
{
- $name=trim(hex2bin($matches[1]));
+ $name=trim(gpg_hex2bin($matches[1]));
$nocomment=0;
- $comm=trim(hex2bin($matches[2]));
- $mail=trim(hex2bin($matches[3]));
+ $comm=trim(gpg_hex2bin($matches[2]));
+ $mail=trim(gpg_hex2bin($matches[3]));
}
// Name <EMail>
elseif(preg_match("/^([^\(\)\[@<>]+) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches))
{
- $name=trim(hex2bin($matches[1]));
+ $name=trim(gpg_hex2bin($matches[1]));
$nocomment=1;
$comm="";
- $mail=trim(hex2bin($matches[2]));
+ $mail=trim(gpg_hex2bin($matches[2]));
}
// Unrecognized format
else
@@ -357,13 +357,13 @@ function verifyEmail($email)
$pos = strlen($bits[9]);
}
- $name = trim(hex2bin(trim(substr($bits[9], 0, $pos))));
+ $name = trim(gpg_hex2bin(trim(substr($bits[9], 0, $pos))));
$nameok=verifyName($name);
if($nocomment == 0)
{
$pos += 2;
$pos2 = strpos($bits[9], ")");
- $comm = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
+ $comm = trim(gpg_hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
if($comm != "")
$comment[] = $comm;
$pos = $pos2 + 3;
@@ -374,7 +374,7 @@ function verifyEmail($email)
$mail="";
if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) {
//echo "Found: ".$match[1];
- $mail = trim(hex2bin($match[1]));
+ $mail = trim(gpg_hex2bin($match[1]));
}
else
{
diff --git a/www/index.php b/www/index.php
index c7cc03e..40a8e86 100644
--- a/www/index.php
+++ b/www/index.php
@@ -125,7 +125,7 @@ require_once('../includes/lib/l10n.php');
showfooter();
exit;
}
- }
+ }
}
if($oldid == 5 && $process != "")
@@ -153,13 +153,13 @@ require_once('../includes/lib/l10n.php');
include_once("../includes/lib/general.php");
$user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
$_SERVER['SSL_CLIENT_I_DN_CN']);
-
+
if($user_id >= 0)
{
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
- "select * from `users` where
+ "select * from `users` where
`id`='$user_id' and `deleted`=0 and `locked`=0"));
-
+
if($_SESSION['profile']['id'] != 0)
{
$_SESSION['profile']['loggedin'] = 1;
@@ -307,19 +307,19 @@ require_once('../includes/lib/l10n.php');
$_SESSION['profile'] = "";
unset($_SESSION['profile']);
$_SESSION['profile'] = mysql_fetch_assoc($res);
- $query = "update `users` set `modified`=NOW(), `password`=sha1('$pword') where `id`='".$_SESSION['profile']['id']."'";
+ $query = "update `users` set `modified`=NOW(), `password`=sha1('$pword') where `id`='".intval($_SESSION['profile']['id'])."'";
mysql_query($query);
if($_SESSION['profile']['language'] == "")
{
$query = "update `users` set `language`='".L10n::get_translation()."'
- where `id`='".$_SESSION['profile']['id']."'";
+ where `id`='".intval($_SESSION['profile']['id'])."'";
mysql_query($query);
} else {
L10n::set_translation($_SESSION['profile']['language']);
L10n::init_gettext();
}
- $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+ $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
@@ -499,7 +499,7 @@ require_once('../includes/lib/l10n.php');
if($checkemail != "OK")
{
$id = 1;
- if (substr($checkemail, 0, 1) == "4")
+ if (substr($checkemail, 0, 1) == "4")
{
$_SESSION['_config']['errmsg'] .= _("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.");
} else {
@@ -566,9 +566,9 @@ require_once('../includes/lib/l10n.php');
$subject = stripslashes($_REQUEST['subject']);
$message = stripslashes($_REQUEST['message']);
$secrethash = $_REQUEST['secrethash2'];
-
+
//check for spam via honeypot
- if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){
+ if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){
echo _("Form could not be sent.");
showfooter();
exit;
@@ -641,7 +641,7 @@ require_once('../includes/lib/l10n.php');
$newUrl = $protocol . '://wiki.cacert.org/FAQ/AboutUs';
header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
}
-
+
if ($id == 19)
{
$protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
@@ -655,7 +655,7 @@ require_once('../includes/lib/l10n.php');
$newUrl = $protocol . '://wiki.cacert.org/Board';
header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
}
-
+
showheader(_("Welcome to CAcert.org"));
includeit($id);
showfooter();
diff --git a/www/stats.php b/www/stats.php
index 1599e17..d4d892d 100644
--- a/www/stats.php
+++ b/www/stats.php
@@ -32,7 +32,7 @@
$stats['timestamp'] = $ar['timestamp'];
return $stats;
}
-
+
return null;
}
@@ -40,7 +40,7 @@
if ($stats === null) {
echo '<p>', _("Error while retrieving the statistics!"), '</p>';
showfooter();
- die();
+ die();
}
?>
<h1>CAcert.org <?=_("Statistics")?></h1>
@@ -157,4 +157,3 @@
</div>
<? showfooter(); ?>
-
diff --git a/www/styles/default.css b/www/styles/default.css
index b8d9182..4ddfbba 100644
--- a/www/styles/default.css
+++ b/www/styles/default.css
@@ -14,7 +14,7 @@ body {
margin: 0px;
padding: 0px;
background: #cccccc;
-/* url("/siteimages/bg_grad.jpg") fixed; */
+/* url("/siteimages/bg_grad.jpg") fixed; */
}
@@ -227,7 +227,7 @@ ul.no_indent {
}
#globalNav img {
- margin-bottom: -4px;
+ margin-bottom: -4px;
}
#gnl {
@@ -562,6 +562,19 @@ td.storyLeft {
border-right: 1px #cfcfcf solid;
}
+.DataTDError {
+ border-style: inset;
+ border-width: 1px;
+ font-size: 8pt;
+ color: #ff0000;
+ font-family: Arial, Tahoma, Verdana, Helvetica, sans-serif;
+
+ background: #ffffff;
+ padding: 1px 5px 1px 5px;
+ border: 1px #cfcfcf solid;
+ border-left: 1px #cfcfcf dotted;
+ border-right: 1px #cfcfcf dotted;
+}
.wrapper {
border-collapse: collapse;
font-family: verdana, sans-serif;
@@ -575,7 +588,12 @@ td.greytxt {
text-align: right;
vertical-align: bottom;
}
-
+.bold, .primaryemailaddress {
+ font-weight:bold;
+}
+.italic, .deletedemailaddress {
+ font-style:italic;
+}
.title {
background: #e2e2e2;
font-weight: bold;
diff --git a/www/wot.php b/www/wot.php
index 7200517..faa8339 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -133,9 +133,9 @@ function send_reminder()
//This mail does not need to be translated
$body = "Hi TTP adminstrators,\n\n";
$body .= "User ".$_SESSION['profile']['fname']." ".
- $_SESSION['profile']['lname']." with email address '".
- $_SESSION['profile']['email']."' is requesting a TTP assurances for ".
- mysql_escape_string(stripslashes($_POST['country'])).".\n\n";
+ $_SESSION['profile']['lname']." with email address '".
+ $_SESSION['profile']['email']."' is requesting a TTP assurances for ".
+ mysql_escape_string(stripslashes($_POST['country'])).".\n\n";
if ($_POST['ttptopup']=='1') {
$body .= "The user is also requesting TTP TOPUP.\n\n";
}else{
@@ -224,8 +224,8 @@ function send_reminder()
exit;
}
- $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
- `to`='".$_SESSION['_config']['notarise']['id']."'";
+ $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and
+ `to`='".intval($_SESSION['_config']['notarise']['id'])."' and `deleted` = 0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
@@ -310,7 +310,7 @@ $iecho= "c";
exit;
}
- $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
+ $query = "select * from `users` where `id`='".intval($_SESSION['_config']['notarise']['id'])."'";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
@@ -332,7 +332,7 @@ $iecho= "c";
if($newpoints < 0)
$newpoints = $awarded = 0;
- $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
+ $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['_config']['notarise']['id'])."' and `deleted` = 0 group by `to`";
$res = mysql_query($query);
$drow = mysql_fetch_assoc($res);
@@ -345,14 +345,15 @@ $iecho= "c";
if($newpoints < 0)
$newpoints = 0;
- if(mysql_escape_string(stripslashes($_POST['date'])) == "")
+ if(mysql_real_escape_string(stripslashes($_POST['date'])) == "")
$_POST['date'] = date("Y-m-d H:i:s");
- $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
- `to`='".$_SESSION['_config']['notarise']['id']."' AND
- `awarded`='$awarded' AND
- `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
- `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
+ $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' AND
+ `to`='".intval($_SESSION['_config']['notarise']['id'])."' AND
+ `awarded`='".intval($awarded)."' AND
+ `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."' AND
+ `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."' AND
+ `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
@@ -363,11 +364,11 @@ $iecho= "c";
if($oldid == 6)
{
- $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
- `to`='".$_SESSION['_config']['notarise']['id']."',
- `points`='$newpoints', `awarded`='$awarded',
- `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
- `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
+ $query = "insert into `notary` set `from`='".intval($_SESSION['profile']['id'])."',
+ `to`='".intval($_SESSION['_config']['notarise']['id'])."',
+ `points`='".intval($newpoints)."', `awarded`='".intval($awarded)."',
+ `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."',
+ `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."',
`when`=NOW()";
//record active acceptance by Assurer
if (check_date_format(trim($_REQUEST['date']),2010)) {
@@ -388,11 +389,11 @@ $iecho= "c";
$addpoints = 2;
else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100)
$addpoints = 1;
- $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
- `to`='".$_SESSION['profile']['id']."',
- `points`='$addpoints', `awarded`='$addpoints',
- `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
- `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
+ $query = "insert into `notary` set `from`='".intval($_SESSION['profile']['id'])."',
+ `to`='".intval($_SESSION['profile']['id'])."',
+ `points`='".intval($addpoints)."', `awarded`='".intval($addpoints)."',
+ `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."',
+ `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."',
`method`='Administrative Increase',
`when`=NOW()";
mysql_query($query);
@@ -478,7 +479,7 @@ $iecho= "c";
{
csrf_check("chgcontact");
- $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
+ $info = mysql_real_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
$listme = intval($_POST['listme']);
if($listme < 0 || $listme > 1)
$listme = 0;
@@ -486,7 +487,7 @@ $iecho= "c";
$_SESSION['profile']['listme'] = $listme;
$_SESSION['profile']['contactinfo'] = $info;
- $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
+ $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".intval($_SESSION['profile']['id'])."'";
mysql_query($query);
showheader(_("My CAcert.org Account!"));
@@ -507,9 +508,9 @@ $iecho= "c";
$body = $_REQUEST['message'];
$subject = $_REQUEST['subject'];
$userid = intval($_REQUEST['userid']);
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
+ $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($userid)."' and `listme`=1"));
$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
- where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
+ where `to`='".intval($user['id'])."' and `deleted` = 0 group by `to` HAVING SUM(`points`) > 0"));
if($points > 0)
{
$my_translation = L10n::get_translation();
@@ -545,7 +546,7 @@ $iecho= "c";
showheader(_("My CAcert.org Account!"));?>
<p>
- <? printf(_("Your email has been sent to %s."), $user['fname']); ?>
+ <? printf(_("Your email has been sent to %s."), sanitizeHTML($user['fname'])); ?>
</p>
<p>[ <a href='javascript:history.go(-2)'><?= _("Go Back") ?></a> ]</p>
<?