From cdf42f7042d6c09beef786cad9bba79efdcbe6b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20T=C3=A4nzer?= Date: Thu, 26 Jan 2012 23:06:02 +0100 Subject: bug 440: Apply patch provided by Martin von Gagern MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michael Tänzer --- includes/account.php | 97 ++++++++++++++++++++++++---------------------------- 1 file changed, 45 insertions(+), 52 deletions(-) diff --git a/includes/account.php b/includes/account.php index 554713e..fd87020 100644 --- a/includes/account.php +++ b/includes/account.php @@ -20,6 +20,48 @@ loadem("account"); +function appendUnique($str, $suffix) { + if (!strstr($str, "$suffix/") && + substr($str, -strlen($suffix)) != $suffix) { + $str .= $suffix; + } + return $str; +} + +function appendSubjectAltName($subject, $name, $supress) { + if (!$supress) { + $subject = appendUnique($subject, "/subjectAltName=DNS:$name"); + $subject = appendUnique($subject, "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$name"); + } + return $subject; +} + +function buildSubject() { + $subject = ""; + $count = 0; + $supressSAN=0; + if($_SESSION["profile"]["id"] == 104074) $supressSAN=1; + + if(is_array($_SESSION['_config']['rows'])) + foreach($_SESSION['_config']['rows'] as $row) + { + $count++; + if($count <= 1) + $subject .= "/CN=$row"; + $subject = appendSubjectAltName($subject, $row, $supressSAN); + } + if(is_array($_SESSION['_config']['altrows'])) + foreach($_SESSION['_config']['altrows'] as $row) + { + if(substr($row, 0, 4) == "DNS:") + { + $row = substr($row, 4); + $subject = appendSubjectAltName($subject, $row, $supressSAN); + } + } + return $subject; +} + $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']); $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']); $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process']; @@ -716,35 +758,8 @@ exit; } - $subject = ""; - $count = 0; - $supressSAN=0; - if($_SESSION["profile"]["id"] == 104074) $supressSAN=1; - - if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) - { - $count++; - if($count <= 1) - { - $subject .= "/CN=$row"; - if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row"; - if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; - } else { - if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row"; - if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; - } - } - if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $row) - { - if(substr($row, 0, 4) == "DNS:") - { - $row = substr($row, 4); - if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row"; - if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; - } - } + $subject = buildSubject(); + if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; @@ -864,29 +879,7 @@ continue; } - $subject = ""; - $count = 0; - if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) - { - $count++; - if($count <= 1) - { - $subject .= "/CN=$row"; - if(!strstr($subject, "=$row/") && - substr($subject, -strlen("=$row")) != "=$row") - $subject .= "/subjectAltName=$row"; - } else { - if(!strstr($subject, "=$row/") && - substr($subject, -strlen("=$row")) != "=$row") - $subject .= "/subjectAltName=$row"; - } - } - if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $row) - if(!strstr($subject, "=$row/") && - substr($subject, -strlen("=$row")) != "=$row") - $subject .= "/subjectAltName=$row"; + $subject = buildSubject(); $subject = mysql_real_escape_string($subject); mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'"); -- cgit v1.2.1 From 7759e0d4e86fcca1ce7bc80716f8a2d1a2d8501b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20T=C3=A4nzer?= Date: Thu, 26 Jan 2012 23:18:29 +0100 Subject: bug 440: also apply fix to org server certs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michael Tänzer --- includes/account.php | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/includes/account.php b/includes/account.php index fd87020..b26be29 100644 --- a/includes/account.php +++ b/includes/account.php @@ -1828,20 +1828,7 @@ function buildSubject() { //if($org['contact']) // $csrsubject .= "/emailAddress=".trim($org['contact']); - if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) - $csrsubject .= "/commonName=$row"; - $SAN=""; - if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $subalt) - { - if($SAN != "") - $SAN .= ","; - $SAN .= "$subalt"; - } - - if($SAN != "") - $csrsubject .= "/subjectAltName=".$SAN; + $csrsubject .= buildSubject(); $type=""; if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8"; -- cgit v1.2.1 From 6a4fb405f3aafe18f417339f5ccd991ed7b1c73a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20T=C3=A4nzer?= Date: Thu, 26 Jan 2012 23:22:13 +0100 Subject: bug 440: get rid of the suppressSAN, it is most likely not needed any more MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michael Tänzer --- includes/account.php | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/includes/account.php b/includes/account.php index b26be29..78c1609 100644 --- a/includes/account.php +++ b/includes/account.php @@ -28,19 +28,16 @@ function appendUnique($str, $suffix) { return $str; } -function appendSubjectAltName($subject, $name, $supress) { - if (!$supress) { - $subject = appendUnique($subject, "/subjectAltName=DNS:$name"); - $subject = appendUnique($subject, "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$name"); - } +function appendSubjectAltName($subject, $name) { + $subject = appendUnique($subject, "/subjectAltName=DNS:$name"); + $subject = appendUnique($subject, "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$name"); + return $subject; } function buildSubject() { $subject = ""; $count = 0; - $supressSAN=0; - if($_SESSION["profile"]["id"] == 104074) $supressSAN=1; if(is_array($_SESSION['_config']['rows'])) foreach($_SESSION['_config']['rows'] as $row) @@ -48,7 +45,7 @@ function buildSubject() { $count++; if($count <= 1) $subject .= "/CN=$row"; - $subject = appendSubjectAltName($subject, $row, $supressSAN); + $subject = appendSubjectAltName($subject, $row); } if(is_array($_SESSION['_config']['altrows'])) foreach($_SESSION['_config']['altrows'] as $row) @@ -56,7 +53,7 @@ function buildSubject() { if(substr($row, 0, 4) == "DNS:") { $row = substr($row, 4); - $subject = appendSubjectAltName($subject, $row, $supressSAN); + $subject = appendSubjectAltName($subject, $row); } } return $subject; -- cgit v1.2.1 From c1d57f109656f5fe0f7a1ca84c1c69314d9d2c4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20T=C3=A4nzer?= Date: Wed, 17 Oct 2012 00:14:11 +0200 Subject: bug 440: get rid of complexity ;-) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michael Tänzer --- includes/account.php | 44 ++++++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/includes/account.php b/includes/account.php index 78c1609..c64810f 100644 --- a/includes/account.php +++ b/includes/account.php @@ -35,27 +35,31 @@ function appendSubjectAltName($subject, $name) { return $subject; } -function buildSubject() { - $subject = ""; - $count = 0; - - if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) - { - $count++; - if($count <= 1) - $subject .= "/CN=$row"; - $subject = appendSubjectAltName($subject, $row); - } - if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $row) - { - if(substr($row, 0, 4) == "DNS:") - { - $row = substr($row, 4); - $subject = appendSubjectAltName($subject, $row); - } +/** + * Build a subject string as needed by the signer + * + * @param array(string) $domains + * First domain is used as CN and repeated in subjectAltName. Duplicates + * should already been removed + * + * @param bool $include_xmpp_addr + * [default: true] Whether to include the XmppAddr in the subjectAltName. + * This is needed if the Jabber server is jabber.example.com but a Jabber ID + * on that server would be alice@example.com + * + * @return string + */ +function buildSubject(array $domains, $include_xmpp_addr = true) { + $subject = "/CN=${domains[0]}"; + + foreach ($domains as $domain) { + $subject .= "/subjectAltName=DNS:$domain"; + + if ($include_xmpp_addr) { + $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$domain"; } + } + return $subject; } -- cgit v1.2.1 From d660b1ed9e6a905ff20d2f3c73db521e4b642ae6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20T=C3=A4nzer?= Date: Wed, 17 Oct 2012 01:20:48 +0200 Subject: bug 440: clean up syntax of views. No functionality changes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michael Tänzer --- pages/account/11.php | 86 +++++++++++++++++++++++++++++++++------------------- pages/account/21.php | 74 ++++++++++++++++++++++++++------------------ 2 files changed, 99 insertions(+), 61 deletions(-) diff --git a/pages/account/11.php b/pages/account/11.php index 4e070cb..5f94122 100644 --- a/pages/account/11.php +++ b/pages/account/11.php @@ -15,39 +15,61 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> +

- +

- + +

\n"; + } +} + +if (is_array($_SESSION['_config']['altrows'])) { + foreach ($_SESSION['_config']['altrows'] as $row) { + echo _("subjectAltName"), ": $row
\n"; + } +} +?>

+

- -:
- - -:
- - -:
-:
-:
-:
-:
-:
- - - -


- -:
- - -

-"> - -
- -

- +

+ +

\n"; + + foreach ($_SESSION['_config']['rejected'] as $row) { + echo _("Rejected"); + echo ": $row
\n"; + } +} +?>

+ + +
+

+ "> + +

+
+ +

+ +

+ - -

- -

- -:
- - -:
- -:
-:
-:
-:
-:
+ +

+

\n"; + } +} -

-"> - +if (is_array($_SESSION['_config']['altrows'])) { + foreach ($_SESSION['_config']['altrows'] as $row) { + echo _("subjectAltName"), ": $row
\n"; + } +} +echo _("Organisation"), ": {$org['O']}
\n"; +echo _("Org. Unit"), ": {$_SESSION['_config']['OU']}
\n"; +echo _("Location"), ": {$org['L']}
\n"; +echo _("State/Province"), ": {$org['ST']}
\n"; +echo _("Country"), ": {$org['C']}
\n"; +?> - -







































- - + +

+ "> + +

+ + +

+












+












+












+ + +

+
-

-- cgit v1.2.1 From 1711156616d895174df28a6e2827cb0326ea9e84 Mon Sep 17 00:00:00 2001 From: Benny Baumann Date: Tue, 5 Nov 2013 23:18:52 +0100 Subject: bug 440: Whitespace fixup --- includes/account.php | 78 +++++++++++++++++++++++++--------------------------- 1 file changed, 38 insertions(+), 40 deletions(-) diff --git a/includes/account.php b/includes/account.php index c64810f..fe7ab73 100644 --- a/includes/account.php +++ b/includes/account.php @@ -31,7 +31,7 @@ function appendUnique($str, $suffix) { function appendSubjectAltName($subject, $name) { $subject = appendUnique($subject, "/subjectAltName=DNS:$name"); $subject = appendUnique($subject, "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$name"); - + return $subject; } @@ -51,15 +51,15 @@ function appendSubjectAltName($subject, $name) { */ function buildSubject(array $domains, $include_xmpp_addr = true) { $subject = "/CN=${domains[0]}"; - + foreach ($domains as $domain) { $subject .= "/subjectAltName=DNS:$domain"; - + if ($include_xmpp_addr) { $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$domain"; } } - + return $subject; } @@ -210,7 +210,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { $dres = mysql_query($query); while($drow = mysql_fetch_assoc($dres)) mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'"); - + $query = "update `email` set `deleted`=NOW() where `id`='$id'"; mysql_query($query); $delcount++; @@ -357,7 +357,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { showfooter(); exit; } - + $query = "insert into emailcerts set `CN`='$defaultemail', `keytype`='NS', @@ -389,7 +389,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") { if($csr == "") $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n"; - + if (($weakKey = checkWeakKeyCSR($csr)) !== "") { $id = 4; @@ -398,7 +398,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { showfooter(); exit; } - + $tmpfname = tempnam("/tmp", "id4CSR"); $fp = fopen($tmpfname, "w"); fputs($fp, $csr); @@ -687,7 +687,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { // In case the CSR is missing the ---BEGIN lines, add them automatically: $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n"; } - + if (($weakKey = checkWeakKeyCSR($CSR)) !== "") { showheader(_("My CAcert.org Account!")); @@ -695,7 +695,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { showfooter(); exit; } - + $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR"); $fp = fopen($_SESSION['_config']['tmpfname'], "w"); fputs($fp, $CSR); @@ -740,7 +740,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { showfooter(); exit; } - + if (($weakKey = checkWeakKeyCSR(file_get_contents( $_SESSION['_config']['tmpfname']))) !== "") { @@ -749,7 +749,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { showfooter(); exit; } - + $id = 11; if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "") { @@ -760,7 +760,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { } $subject = buildSubject(); - + if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; @@ -782,7 +782,6 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { echo _("Domain not verified."); showfooter(); exit; - } mysql_query($query); @@ -838,16 +837,16 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id); continue; } - + $row = mysql_fetch_assoc($res); - + if (($weakKey = checkWeakKeyX509(file_get_contents( $row['crt_name']))) !== "") { echo $weakKey, "
\n"; continue; } - + mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'"); $query = "insert into `domaincerts` set `domid`='".$row['domid']."', @@ -902,6 +901,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { { echo _("You did not select any certificates for renewal."); } + showfooter(); exit; } @@ -991,16 +991,16 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id); continue; } - + $row = mysql_fetch_assoc($res); - + if (($weakKey = checkWeakKeyX509(file_get_contents( $row['crt_name']))) !== "") { echo $weakKey, "
\n"; continue; } - + mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'"); $query = "insert into emailcerts set `memid`='".$row['memid']."', @@ -1200,7 +1200,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { $ddres = mysql_query($ddquery); $ddrow = mysql_fetch_assoc($ddres); $_SESSION['profile']['points'] = $ddrow['total']; - + if($_SESSION['profile']['points'] == 0) { $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname'])))); @@ -1378,7 +1378,6 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { if($oldid == 16 && $process != "") { - if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100)) { $_REQUEST['codesign'] = 1; @@ -1449,7 +1448,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { showfooter(); exit; } - + $query = "insert into `orgemailcerts` set `CN`='$defaultemail', `keytype`='NS', @@ -1480,7 +1479,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") { $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n"; - + if (($weakKey = checkWeakKeyCSR($csr)) !== "") { $id = 17; @@ -1489,7 +1488,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { showfooter(); exit; } - + $tmpfname = tempnam("/tmp", "id17CSR"); $fp = fopen($tmpfname, "w"); fputs($fp, $csr); @@ -1596,16 +1595,16 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id); continue; } - + $row = mysql_fetch_assoc($res); - + if (($weakKey = checkWeakKeyX509(file_get_contents( $row['crt_name']))) !== "") { echo $weakKey, "
\n"; continue; } - + mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'"); if($row['revoke'] > 0) { @@ -1716,7 +1715,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { if($process != "" && $oldid == 20) { $CSR = clean_csr($_REQUEST['CSR']); - + if (($weakKey = checkWeakKeyCSR($CSR)) !== "") { $id = 20; @@ -1725,7 +1724,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { showfooter(); exit; } - + $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR"); $fp = fopen($_SESSION['_config']['tmpfname'], "w"); fputs($fp, $CSR); @@ -1775,7 +1774,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { if($process != "" && $oldid == 21) { $id = 21; - + if(!file_exists($_SESSION['_config']['tmpfname'])) { showheader(_("My CAcert.org Account!")); @@ -1783,7 +1782,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { showfooter(); exit; } - + if (($weakKey = checkWeakKeyCSR(file_get_contents( $_SESSION['_config']['tmpfname']))) !== "") { @@ -1904,16 +1903,16 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id); continue; } - + $row = mysql_fetch_assoc($res); - + if (($weakKey = checkWeakKeyX509(file_get_contents( $row['crt_name']))) !== "") { echo $weakKey, "
\n"; continue; } - + mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'"); if($row['revoke'] > 0) { @@ -2547,7 +2546,6 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'")); printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email'])); - $body = sprintf(_("Hi %s,"),$row['fname'])."\n"; $body .= _("You are receiving this email because a CAcert administrator")."\n"; $body .= _("has changed the password on your account.")."\n"; @@ -2556,8 +2554,8 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body, "support@cacert.org", "", "", "CAcert Support"); - } + showfooter(); exit; } @@ -2611,7 +2609,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { showfooter(); exit; } - + if (($weakKey = checkWeakKeyCSR($CSR)) !== "") { showheader(_("My CAcert.org Account!")); @@ -2909,7 +2907,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { while($row = mysql_fetch_assoc($res)) $body .= $row['comment']."\n"; $body .= "\n"; - + $body .= _("Best regards")."\n"; $body .= _("CAcert Support Team"); sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify"); @@ -2930,7 +2928,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { $body .= "\n"; $body .= _("You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again.")."\n\n"; - + $body .= _("Best regards")."\n"; $body .= _("CAcert Support Team"); sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify"); -- cgit v1.2.1 From 3b2bd82ed84f3d2350be64f46c45acd7d40e4a60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20T=C3=A4nzer?= Date: Wed, 6 Nov 2013 02:36:43 +0100 Subject: bug 440: Use convenience function to extract the domains from the session variables MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michael Tänzer --- includes/account.php | 44 ++++++++++++++++++++++++++------------------ 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/includes/account.php b/includes/account.php index fe7ab73..9d48e73 100644 --- a/includes/account.php +++ b/includes/account.php @@ -20,21 +20,6 @@ loadem("account"); -function appendUnique($str, $suffix) { - if (!strstr($str, "$suffix/") && - substr($str, -strlen($suffix)) != $suffix) { - $str .= $suffix; - } - return $str; -} - -function appendSubjectAltName($subject, $name) { - $subject = appendUnique($subject, "/subjectAltName=DNS:$name"); - $subject = appendUnique($subject, "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$name"); - - return $subject; -} - /** * Build a subject string as needed by the signer * @@ -63,6 +48,29 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { return $subject; } +/** + * Builds the subject string from the session variables + * $_SESSION['_config']['rows'] and $_SESSION['_config']['altrows'] + * + * @return string + */ +function buildSubjectFromSession() { + $domains = array(); + + if (is_array($_SESSION['_config']['rows'])) { + $domains = array_merge($domains, $_SESSION['_config']['rows']); + } + + if (is_array($_SESSION['_config']['altrows'])) + foreach ($_SESSION['_config']['altrows'] as $row) { + if (substr($row, 0, 4) === "DNS:") { + $domains[] = substr($row, 4); + } + } + + return buildSubject(array_unique($domains)); +} + $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']); $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']); $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process']; @@ -759,7 +767,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { exit; } - $subject = buildSubject(); + $subject = buildSubjectFromSession(); if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; @@ -879,7 +887,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { continue; } - $subject = buildSubject(); + $subject = buildSubjectFromSession(); $subject = mysql_real_escape_string($subject); mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'"); @@ -1828,7 +1836,7 @@ function buildSubject(array $domains, $include_xmpp_addr = true) { //if($org['contact']) // $csrsubject .= "/emailAddress=".trim($org['contact']); - $csrsubject .= buildSubject(); + $csrsubject .= buildSubjectFromSession(); $type=""; if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8"; -- cgit v1.2.1 From 654e5db51486c4da9941ba2c3b02b037c1918533 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20T=C3=A4nzer?= Date: Wed, 6 Nov 2013 02:37:55 +0100 Subject: bug 440: Trailing whitespace MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michael Tänzer --- includes/account.php | 92 ++++++++++++++++++++++++++-------------------------- 1 file changed, 46 insertions(+), 46 deletions(-) diff --git a/includes/account.php b/includes/account.php index 9d48e73..c860263 100644 --- a/includes/account.php +++ b/includes/account.php @@ -10,7 +10,7 @@ but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA @@ -133,7 +133,7 @@ function buildSubjectFromSession() { if($checkemail != "OK") { showheader(_("My CAcert.org Account!")); - if (substr($checkemail, 0, 1) == "4") + if (substr($checkemail, 0, 1) == "4") { echo "

"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."

\n"; } else { @@ -210,7 +210,7 @@ function buildSubjectFromSession() { { $row = mysql_fetch_assoc($res); echo $row['email']."
\n"; - $query = "select `emailcerts`.`id` + $query = "select `emailcerts`.`id` from `emaillink`,`emailcerts` where `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0 @@ -367,7 +367,7 @@ function buildSubjectFromSession() { } $query = "insert into emailcerts set - `CN`='$defaultemail', + `CN`='$defaultemail', `keytype`='NS', `memid`='".intval($_SESSION['profile']['id'])."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), @@ -465,8 +465,8 @@ function buildSubjectFromSession() { showfooter(); exit; } - $query = "insert into emailcerts set - `CN`='$defaultemail', + $query = "insert into emailcerts set + `CN`='$defaultemail', `keytype`='".sanitizeHTML($_REQUEST['keytype'])."', `memid`='".$_SESSION['profile']['id']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), @@ -624,7 +624,7 @@ function buildSubjectFromSession() { { showheader(_("My CAcert.org Account!")); //echo "

"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."

\n"; - if (substr($checkemail, 0, 1) == "4") + if (substr($checkemail, 0, 1) == "4") { echo "

"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."

\n"; } else { @@ -774,13 +774,13 @@ function buildSubjectFromSession() { if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0) { - $query = "insert into `domaincerts` set + $query = "insert into `domaincerts` set `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."', `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."', `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."', `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'"; } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) { - $query = "insert into `domaincerts` set + $query = "insert into `domaincerts` set `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."', `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."', `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."', @@ -856,13 +856,13 @@ function buildSubjectFromSession() { } mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'"); - $query = "insert into `domaincerts` set - `domid`='".$row['domid']."', + $query = "insert into `domaincerts` set + `domid`='".$row['domid']."', `CN`='".mysql_real_escape_string($row['CN'])."', `subject`='".mysql_real_escape_string($row['subject'])."',". //`csr_name`='".$row['csr_name']."', // RACE CONDITION "`created`='".$row['created']."', - `modified`=NOW(), + `modified`=NOW(), `rootcert`='".$row['rootcert']."', `type`='".$row['type']."', `pkhash`='".$row['pkhash']."'"; @@ -925,7 +925,7 @@ function buildSubjectFromSession() { foreach($_REQUEST['revokeid'] as $id) { $id = intval($id); - $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains` + $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains` where `domaincerts`.`id`='$id' and `domaincerts`.`domid`=`domains`.`id` and `domains`.`memid`='".$_SESSION['profile']['id']."'"; @@ -956,7 +956,7 @@ function buildSubjectFromSession() { foreach($_REQUEST['delid'] as $id) { $id = intval($id); - $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains` + $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains` where `domaincerts`.`id`='$id' and `domaincerts`.`domid`=`domains`.`id` and `domains`.`memid`='".$_SESSION['profile']['id']."'"; @@ -991,7 +991,7 @@ function buildSubjectFromSession() { foreach($_REQUEST['revokeid'] as $id) { $id = intval($id); - $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` + $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -1010,13 +1010,13 @@ function buildSubjectFromSession() { } mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'"); - $query = "insert into emailcerts set - `memid`='".$row['memid']."', + $query = "insert into emailcerts set + `memid`='".$row['memid']."', `CN`='".mysql_real_escape_string($row['CN'])."', `subject`='".mysql_real_escape_string($row['subject'])."', - `keytype`='".$row['keytype']."', - `csr_name`='".$row['csr_name']."', - `created`='".$row['created']."', + `keytype`='".$row['keytype']."', + `csr_name`='".$row['csr_name']."', + `created`='".$row['created']."', `modified`=NOW(), `disablelogin`='".$row['disablelogin']."', `codesign`='".$row['codesign']."', @@ -1064,7 +1064,7 @@ function buildSubjectFromSession() { foreach($_REQUEST['revokeid'] as $id) { $id = intval($id); - $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` + $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -1093,7 +1093,7 @@ function buildSubjectFromSession() { foreach($_REQUEST['delid'] as $id) { $id = intval($id); - $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts` + $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -1260,7 +1260,7 @@ function buildSubjectFromSession() { where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); - //!!!Should be rewritten + //!!!Should be rewritten $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash'])))); $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin'])))); if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "") @@ -1457,8 +1457,8 @@ function buildSubjectFromSession() { exit; } - $query = "insert into `orgemailcerts` set - `CN`='$defaultemail', + $query = "insert into `orgemailcerts` set + `CN`='$defaultemail', `keytype`='NS', `orgid`='".$org['orgid']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), @@ -1546,8 +1546,8 @@ function buildSubjectFromSession() { if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; - $query = "insert into `orgemailcerts` set - `CN`='$defaultemail', + $query = "insert into `orgemailcerts` set + `CN`='$defaultemail', `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "', `orgid`='".$org['orgid']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), @@ -1619,13 +1619,13 @@ function buildSubjectFromSession() { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."
\n", $row['CN']); continue; } - $query = "insert into `orgemailcerts` set - `orgid`='".$row['orgid']."', + $query = "insert into `orgemailcerts` set + `orgid`='".$row['orgid']."', `CN`='".$row['CN']."', `subject`='".$row['subject']."', - `keytype`='".$row['keytype']."', - `csr_name`='".$row['csr_name']."', - `created`='".$row['created']."', + `keytype`='".$row['keytype']."', + `csr_name`='".$row['csr_name']."', + `created`='".$row['created']."', `modified`=NOW(), `codesign`='".$row['codesign']."', `rootcert`='".$row['rootcert']."'"; @@ -1845,7 +1845,7 @@ function buildSubjectFromSession() { if($_SESSION['_config']['rowid']['0'] > 0) { - $query = "insert into `orgdomaincerts` set + $query = "insert into `orgdomaincerts` set `CN`='".$_SESSION['_config']['rows']['0']."', `orgid`='".$org['id']."', `created`=NOW(), @@ -1853,7 +1853,7 @@ function buildSubjectFromSession() { `rootcert`='".$_SESSION['_config']['rootcert']."', `type`='$type'"; } else { - $query = "insert into `orgdomaincerts` set + $query = "insert into `orgdomaincerts` set `CN`='".$_SESSION['_config']['altrows']['0']."', `orgid`='".$org['id']."', `created`=NOW(), @@ -1927,13 +1927,13 @@ function buildSubjectFromSession() { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."
\n", $row['CN']); continue; } - $query = "insert into `orgdomaincerts` set - `orgid`='".$row['orgid']."', + $query = "insert into `orgdomaincerts` set + `orgid`='".$row['orgid']."', `CN`='".$row['CN']."', - `csr_name`='".$row['csr_name']."', + `csr_name`='".$row['csr_name']."', `created`='".$row['created']."', - `modified`=NOW(), - `subject`='".$row['subject']."', + `modified`=NOW(), + `subject`='".$row['subject']."', `type`='".$row['type']."', `rootcert`='".$row['rootcert']."'"; mysql_query($query); @@ -2147,7 +2147,7 @@ function buildSubjectFromSession() { if(($oldid == 29 || $oldid == 30) && $process != _("Cancel")) { - $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where + $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where `orgdomlink`.`orgdomid`=`orgdomains`.`id` and `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'"; @@ -2155,7 +2155,7 @@ function buildSubjectFromSession() { while($row = mysql_fetch_assoc($res)) mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'"); - $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where + $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where `orgemaillink`.`domid`=`orgdomains`.`id` and `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and `orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'"; @@ -2199,7 +2199,7 @@ function buildSubjectFromSession() { $dres = mysql_query($query); while($drow = mysql_fetch_assoc($dres)) { - $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where + $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where `orgdomlink`.`orgdomid`=`orgdomains`.`id` and `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomains`.`id`='".intval($drow['id'])."'"; @@ -2211,7 +2211,7 @@ function buildSubjectFromSession() { mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'"); } - $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where + $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where `orgemaillink`.`domid`=`orgdomains`.`id` and `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and `orgdomains`.`id`='".intval($drow['id'])."'"; @@ -2401,7 +2401,7 @@ function buildSubjectFromSession() { exit; } - if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") || + if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") || ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" && $_REQUEST['action'] != "aliases" && $_REQUEST['action'] != "edit" && $_REQUEST['action'] != "add")) { @@ -2626,7 +2626,7 @@ function buildSubjectFromSession() { exit; } - $query = "insert into `domaincerts` set + $query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['0.CN']."', `domid`='".$_SESSION['_config']['row']['id']."', `created`=NOW()"; @@ -2690,7 +2690,7 @@ function buildSubjectFromSession() { if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0) { - csrf_check('admactlock'); + csrf_check('admactlock'); $memid = $_REQUEST['userid'] = intval($_REQUEST['locked']); $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); -- cgit v1.2.1