summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
authorFelix Dörre <felix@dogcraft.de>2014-06-15 10:39:04 +0200
committerFelix Dörre <felix@dogcraft.de>2014-06-15 10:59:31 +0200
commitb6ee5404b9dcc3df6ace5f640f522118d18b818d (patch)
treeeae5a40733cde853c993588bee9a1420bbbc9b3d /www
parent6d0f414854b2c1aa1da9ec49889ac9bb3b69b966 (diff)
downloadcacert-devel-b6ee5404b9dcc3df6ace5f640f522118d18b818d.tar.gz
cacert-devel-b6ee5404b9dcc3df6ace5f640f522118d18b818d.tar.xz
cacert-devel-b6ee5404b9dcc3df6ace5f640f522118d18b818d.zip
bug 1273: replace backtick operators with shell_exec
+ fix 1 missing escapeshellarg Commands used to locate: 1. find includes -type f -name '*.php' -exec cat {} \; \ | tr '\n' '?' | sed 's/\(\$query .\?= \|\ mysql_query(\|query_init (\)"\([^"]\|".\(\(intval\|mysql_real_escape_string\)\ (\$[^\$)]\+)\|\$_SESSION\(\['_config'\]\['user'\]\['Q[1-5]'\]\ \|['_config']['disablelogin']\)\)[ ?]*."\)*"/mysql-substitute/g'\ | tr '?' '\n' | grep --color=always "\`"|less -r and reviewing the queries by hand. This command replaces out strings obviously looking like sql_queries and then outputting al remaining backticks: starting with "$query = ,mysql_query, ..." and are only interrupted by "safe" calls: - mysql_real_escape_string - intval - pre_escaped session variables (This command may also be used for locating bad escaped sql_queries) 2. grep -r "\`\(grep\|/\|echo\|dig\|openssl\|gpg\|rm\|../\)" www includes pages \ | grep -v '\(from\|update\|into\) `gpg'
Diffstat (limited to 'www')
-rw-r--r--www/api/ccsr.php4
-rw-r--r--www/gpg.php6
2 files changed, 5 insertions, 5 deletions
diff --git a/www/api/ccsr.php b/www/api/ccsr.php
index b223168..3bfe55a 100644
--- a/www/api/ccsr.php
+++ b/www/api/ccsr.php
@@ -75,7 +75,7 @@ require_once '../../includes/lib/check_weak_key.php';
fclose($fp);
$incsr_esc = escapeshellarg($incsr);
$checkedcsr_esc = escapeshellarg($checkedcsr);
- $do = `/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc`;
+ $do = shell_exec("/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc");
@unlink($incsr);
if(filesize($checkedcsr) <= 0)
die("404,Invalid or missing CSR");
@@ -97,7 +97,7 @@ require_once '../../includes/lib/check_weak_key.php';
foreach($emails as $emailid => $email)
mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='".intval($emailid)."'");
- $do = `../../scripts/runclient`;
+ $do = shell_exec("../../scripts/runclient");
sleep(10); // THIS IS BROKEN AND SHOULD BE FIXED
$query = "select * from `emailcerts` where `id`='$certid' and `crt_name` != ''";
$res = mysql_query($query);
diff --git a/www/gpg.php b/www/gpg.php
index 263c1d3..72c28b8 100644
--- a/www/gpg.php
+++ b/www/gpg.php
@@ -106,7 +106,7 @@ function verifyEmail($email)
clean_gpgcsr($CSR),
$gpg);
- `rm -r $tmpdir`;
+ shell_exec("rm -r $tmpdir");
}
if ($err)
@@ -334,7 +334,7 @@ function verifyEmail($email)
$cmd_keyid = escapeshellarg($keyid);
- $gpg = trim(`gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $cmd_keyid 2>&1`);
+ $gpg = trim(shell_exec("gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $cmd_keyid 2>&1"));
$lines = "";
$gpgarr = explode("\n", $gpg);
foreach($gpgarr as $line)
@@ -519,7 +519,7 @@ function verifyEmail($email)
$csrname=generatecertpath("csr","gpg",$insert_id);
$cmd_keyid = escapeshellarg($keyid);
- $do=`gpg --homedir $cwd --batch --export-options export-minimal --export $cmd_keyid >$csrname`;
+ $do=shell_exec("gpg --homedir $cwd --batch --export-options export-minimal --export $cmd_keyid >$csrname");
mysql_query("update `gpg` set `csr`='$csrname' where `id`='$insert_id'");
waitForResult('gpg', $insert_id);