summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--includes/account.php85
-rw-r--r--includes/general.php2
-rw-r--r--pages/account/57.php22
-rw-r--r--pages/index/1.php46
4 files changed, 89 insertions, 66 deletions
diff --git a/includes/account.php b/includes/account.php
index 7c3748d..09c123b 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -886,16 +886,16 @@ function buildSubjectFromSession() {
mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
$query = "insert into `domaincerts` set
- `domid`='".$row['domid']."',
+ `domid`='".intval($row['domid'])."',
`CN`='".mysql_real_escape_string($row['CN'])."',
`subject`='".mysql_real_escape_string($row['subject'])."',".
//`csr_name`='".$row['csr_name']."', // RACE CONDITION
- "`created`='".$row['created']."',
+ "`created`='".mysql_real_escape_string($row['created'])."',
`modified`=NOW(),
- `rootcert`='".$row['rootcert']."',
- `type`='".$row['type']."',
- `pkhash`='".$row['pkhash']."',
- `description`='".$row['description']."'";
+ `rootcert`='".intval($row['rootcert'])."',
+ `type`='".intval($row['type'])."',
+ `pkhash`='".mysql_real_escape_string($row['pkhash'])."',
+ `description`='".mysql_real_escape_string($row['description'])."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","server",$newid);
@@ -972,8 +972,12 @@ function buildSubjectFromSession() {
continue;
}
mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
- printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
+ printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
+
+ // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
+ echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
+
}
else
{
@@ -1059,17 +1063,17 @@ function buildSubjectFromSession() {
mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
$query = "insert into emailcerts set
- `memid`='".$row['memid']."',
+ `memid`='".intval($row['memid'])."',
`CN`='".mysql_real_escape_string($row['CN'])."',
`subject`='".mysql_real_escape_string($row['subject'])."',
- `keytype`='".$row['keytype']."',
- `csr_name`='".$row['csr_name']."',
- `created`='".$row['created']."',
+ `keytype`='".mysql_real_escape_string($row['keytype'])."',
+ `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
+ `created`='".mysql_real_escape_string($row['created'])."',
`modified`=NOW(),
- `disablelogin`='".$row['disablelogin']."',
- `codesign`='".$row['codesign']."',
- `rootcert`='".$row['rootcert']."',
- `description`='".$row['description']."'";
+ `disablelogin`='".intval($row['disablelogin'])."',
+ `codesign`='".intval($row['codesign'])."',
+ `rootcert`='".intval($row['rootcert'])."',
+ `description`='".mysql_real_escape_string($row['description'])."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","client",$newid);
@@ -1128,8 +1132,11 @@ function buildSubjectFromSession() {
continue;
}
mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
- printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
+ printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
+
+ // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
+ echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
}
else
{
@@ -1692,17 +1699,17 @@ function buildSubjectFromSession() {
continue;
}
$query = "insert into `orgemailcerts` set
- `orgid`='".$row['orgid']."',
- `CN`='".$row['CN']."',
- `ou`='".$row['ou']."',
- `subject`='".$row['subject']."',
- `keytype`='".$row['keytype']."',
- `csr_name`='".$row['csr_name']."',
- `created`='".$row['created']."',
+ `orgid`='".intval($row['orgid'])."',
+ `CN`='".mysql_real_escape_string($row['CN'])."',
+ `ou`='".mysql_real_escape_string($row['ou'])."',
+ `subject`='".mysql_real_escape_string($row['subject'])."',
+ `keytype`='".mysql_real_escape_string($row['keytype'])."',
+ `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
+ `created`='".mysql_real_escape_string($row['created'])."',
`modified`=NOW(),
- `codesign`='".$row['codesign']."',
- `rootcert`='".$row['rootcert']."',
- `description`='".$row['description']."'";
+ `codesign`='".intval($row['codesign'])."',
+ `rootcert`='".intval($row['rootcert'])."',
+ `description`='".mysql_real_escape_string($row['description'])."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","orgclient",$newid);
@@ -1755,8 +1762,11 @@ function buildSubjectFromSession() {
continue;
}
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
- printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
+ printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
+
+ // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
+ echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
}
else
{
@@ -2043,15 +2053,15 @@ function buildSubjectFromSession() {
continue;
}
$query = "insert into `orgdomaincerts` set
- `orgid`='".$row['orgid']."',
- `CN`='".$row['CN']."',
- `csr_name`='".$row['csr_name']."',
- `created`='".$row['created']."',
+ `orgid`='".intval($row['orgid'])."',
+ `CN`='".mysql_real_escape_string($row['CN'])."',
+ `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
+ `created`='".mysql_real_escape_string($row['created'])."',
`modified`=NOW(),
- `subject`='".$row['subject']."',
- `type`='".$row['type']."',
- `rootcert`='".$row['rootcert']."',
- `description`='".$row['description']."'";
+ `subject`='".mysql_real_escape_string($row['subject'])."',
+ `type`='".intval($row['type'])."',
+ `rootcert`='".intval($row['rootcert'])."',
+ `description`='".mysql_real_escape_string($row['description'])."'";
mysql_query($query);
$newid = mysql_insert_id();
//echo "NewID: $newid<br/>\n";
@@ -2111,8 +2121,11 @@ function buildSubjectFromSession() {
continue;
}
mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
- printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
+ printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
+
+ // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
+ echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
}
else
{
diff --git a/includes/general.php b/includes/general.php
index 95ed64a..f36ccdf 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -219,7 +219,7 @@
//echo "Points due to name matches: $points<br/>";
$shellpwd = escapeshellarg($pwd);
- $do = `grep $shellpwd /usr/share/dict/american-english`;
+ $do = `grep -F -- $shellpwd /usr/share/dict/american-english`;
if($do)
$points--;
diff --git a/pages/account/57.php b/pages/account/57.php
index 76eee27..0356eeb 100644
--- a/pages/account/57.php
+++ b/pages/account/57.php
@@ -17,12 +17,12 @@
*/ ?>
<?
include_once($_SESSION['_config']['filepath'].'/includes/notary.inc.php');
-
+
if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
echo _('You do not have access to this page');
- } else {
+ } else {
$user_id = intval($_REQUEST['userid']);
$query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
$res = mysql_query($query);
@@ -38,7 +38,7 @@
</tr>
</table>
-
+
<br>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -57,8 +57,8 @@
?>
<tr>
<td class="DataTD"><?=_('First active CCA')?></td>
- <td class="DataTD"><?=$data['date']?></td>
- <td class="DataTD"><?=$data['method']?></td>
+ <td class="DataTD"><?=isset($data['date'])?$data['date']:''?></td>
+ <td class="DataTD"><?=isset($data['method'])?$data['method']:''?></td>
<td class="DataTD"><?=$type?></td>
</tr>
<?
@@ -71,8 +71,8 @@
?>
<tr>
<td class="DataTD"><?=_('First passive CCA')?></td>
- <td class="DataTD"><?=$data['date']?></td>
- <td class="DataTD"><?=$data['method']?></td>
+ <td class="DataTD"><?=isset($data['date'])?$data['date']:''?></td>
+ <td class="DataTD"><?=isset($data['method'])?$data['method']:''?></td>
<td class="DataTD"><?=$type?></td>
</tr>
<?
@@ -87,19 +87,19 @@
?>
<tr>
<td class="DataTD"><?=_('Last CCA')?></td>
- <td class="DataTD"><?=$data['date']?></td>
- <td class="DataTD"><?=$data['method']?></td>
+ <td class="DataTD"><?=isset($data['date'])?$data['date']:''?></td>
+ <td class="DataTD"><?=isset($data['method'])?$data['method']:''?></td>
<td class="DataTD"><?=$type?></td>
</tr>
</table>
<br>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
+ <tr>
<?
if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
?>
<tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=$user_id ?>">back</a></td></tr>
-<? }
+<? }
?> </table>
<?
}
diff --git a/pages/index/1.php b/pages/index/1.php
index 4f0ca83..3315d69 100644
--- a/pages/index/1.php
+++ b/pages/index/1.php
@@ -35,7 +35,7 @@
<tr>
<td class="DataTD" width="125"><?=_("First Name")?>: </td>
- <td class="DataTD" width="125"><input type="text" name="fname" value="<?=array_key_exists('fname',$_REQUEST)?sanitizeHTML($_REQUEST['fname']):""?>" autocomplete="off"></td>
+ <td class="DataTD" width="125"><input type="text" name="fname" size="30" value="<?=array_key_exists('fname',$_REQUEST)?sanitizeHTML($_REQUEST['fname']):""?>" autocomplete="off"></td>
<td rowspan="4" class="DataTD" width="125"><? printf(_("Help on Names %sin the wiki%s"),'<a href="//wiki.cacert.org/FAQ/HowToEnterNamesInJoinForm" target="_blank">','</a>')?></td>
</tr>
@@ -43,18 +43,18 @@
<td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br>
(<?=_("optional")?>)
</td>
- <td class="DataTD"><input type="text" name="mname" value="<?=array_key_exists('mname',$_REQUEST)?sanitizeHTML($_REQUEST['mname']):""?>" autocomplete="off"></td>
+ <td class="DataTD"><input type="text" name="mname" size="30" value="<?=array_key_exists('mname',$_REQUEST)?sanitizeHTML($_REQUEST['mname']):""?>" autocomplete="off"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Last Name")?>: </td>
- <td class="DataTD"><input type="text" name="lname" value="<?=array_key_exists('lname',$_REQUEST)?sanitizeHTML($_REQUEST['lname']):""?>" autocomplete="off"></td>
+ <td class="DataTD"><input type="text" name="lname" size="30" value="<?=array_key_exists('lname',$_REQUEST)?sanitizeHTML($_REQUEST['lname']):""?>" autocomplete="off"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Suffix")?><br>
(<?=_("optional")?>)</td>
- <td class="DataTD"><input type="text" name="suffix" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" autocomplete="off"><br><?=sprintf(_("Please only write Name Suffixes into this field."))?></td>
+ <td class="DataTD"><input type="text" name="suffix" size="30" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" autocomplete="off"><br><?=sprintf(_("Please only write Name Suffixes into this field."))?></td>
</tr>
<tr>
@@ -89,18 +89,18 @@
<tr>
<td class="DataTD"><?=_("Email Address")?>: </td>
- <td class="DataTD"><input type="text" name="email" value="<?=array_key_exists('email',$_REQUEST)?sanitizeHTML($_REQUEST['email']):""?>" autocomplete="off"></td>
+ <td class="DataTD"><input type="text" name="email" size="30" value="<?=array_key_exists('email',$_REQUEST)?sanitizeHTML($_REQUEST['email']):""?>" autocomplete="off"></td>
<td class="DataTD"><?=_("I own or am authorised to control this email address")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Pass Phrase")?><font color="red">*</font>: </td>
- <td class="DataTD"><input type="password" name="pword1" autocomplete="off"></td>
+ <td class="DataTD"><input type="password" name="pword1" size="30" autocomplete="off"></td>
<td class="DataTD" rowspan="2">&nbsp;</td>
</tr>
<tr>
<td class="DataTD"><?=_("Pass Phrase Again")?><font color="red">*</font>: </td>
- <td class="DataTD"><input type="password" name="pword2" autocomplete="off"></td>
+ <td class="DataTD"><input type="password" name="pword2" size="30" autocomplete="off"></td>
</tr>
<tr>
@@ -112,29 +112,39 @@
</tr>
<tr>
- <td class="DataTD">1)&nbsp;<input type="text" name="Q1" size="15" value="<?=array_key_exists('Q1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q1']):""?>"></td>
- <td class="DataTD"><input type="text" name="A1" value="<?=array_key_exists('A1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A1']):""?>" autocomplete="off"></td>
- <td class="DataTD" rowspan="5">&nbsp;</td>
+ <td class="DataTD">&nbsp;</td>
+ <td class="DataTD"><?=_("Question")?></td>
+ <td class="DataTD"><?=_("Answer")?></td>
+ </tr>
+
+ <tr>
+ <td class="DataTD">1)</td>
+ <td class="DataTD"><input type="text" name="Q1" size="30" value="<?=array_key_exists('Q1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q1']):""?>"></td>
+ <td class="DataTD"><input type="text" name="A1" size="30" value="<?=array_key_exists('A1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A1']):""?>" autocomplete="off"></td>
</tr>
<tr>
- <td class="DataTD">2)&nbsp;<input type="text" name="Q2" size="15" value="<?=array_key_exists('Q2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q2']):""?>"></td>
- <td class="DataTD"><input type="text" name="A2" value="<?=array_key_exists('A2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A2']):""?>" autocomplete="off"></td>
+ <td class="DataTD">2)</td>
+ <td class="DataTD"><input type="text" name="Q2" size="30" value="<?=array_key_exists('Q2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q2']):""?>"></td>
+ <td class="DataTD"><input type="text" name="A2" size="30" value="<?=array_key_exists('A2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A2']):""?>" autocomplete="off"></td>
</tr>
<tr>
- <td class="DataTD">3)&nbsp;<input type="text" name="Q3" size="15" value="<?=array_key_exists('Q3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q3']):""?>"></td>
- <td class="DataTD"><input type="text" name="A3" value="<?=array_key_exists('A3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A3']):""?>" autocomplete="off"></td>
+ <td class="DataTD">3)</td>
+ <td class="DataTD"><input type="text" name="Q3" size="30" value="<?=array_key_exists('Q3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q3']):""?>"></td>
+ <td class="DataTD"><input type="text" name="A3" size="30"value="<?=array_key_exists('A3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A3']):""?>" autocomplete="off"></td>
</tr>
<tr>
- <td class="DataTD">4)&nbsp;<input type="text" name="Q4" size="15" value="<?=array_key_exists('Q4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q4']):""?>"></td>
- <td class="DataTD"><input type="text" name="A4" value="<?=array_key_exists('A4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A4']):""?>" autcomplete="off"></td>
+ <td class="DataTD">4)</td>
+ <td class="DataTD"><input type="text" name="Q4" size="30"" value="<?=array_key_exists('Q4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q4']):""?>"></td>
+ <td class="DataTD"><input type="text" name="A4" size="30" value="<?=array_key_exists('A4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A4']):""?>" autcomplete="off"></td>
</tr>
<tr>
- <td class="DataTD">5)&nbsp;<input type="text" name="Q5" size="15" value="<?=array_key_exists('Q5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q5']):""?>"></td>
- <td class="DataTD"><input type="text" name="A5" value="<?=array_key_exists('A5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A5']):""?>" autocomplete="off"></td>
+ <td class="DataTD">5)</td>
+ <td class="DataTD"><input type="text" name="Q5" size="30" value="<?=array_key_exists('Q5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q5']):""?>"></td>
+ <td class="DataTD"><input type="text" name="A5" size="30" value="<?=array_key_exists('A5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A5']):""?>" autocomplete="off"></td>
</tr>
<tr>