From 53c84b22d3449f0f233b02d650f1ed3bb58a04bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20D=C3=B6rre?= Date: Fri, 13 Jun 2014 22:30:54 +0200 Subject: bug 807: escaping value from the database. --- includes/account.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/includes/account.php b/includes/account.php index 6de1e68..163ca04 100644 --- a/includes/account.php +++ b/includes/account.php @@ -906,7 +906,7 @@ function buildSubjectFromSession() { `type`='".intval($row['type'])."', `pkhash`='".mysql_real_escape_string($row['pkhash'])."', `description`='".mysql_real_escape_string($row['description'])."', - `md`='".$row['md']."'"; + `md`='".HashAlgorithms::clean($row['md'])."'"; mysql_query($query); $newid = mysql_insert_id(); $newfile=generatecertpath("csr","server",$newid); @@ -1087,7 +1087,7 @@ function buildSubjectFromSession() { `codesign`='".intval($row['codesign'])."', `rootcert`='".intval($row['rootcert'])."', `description`='".mysql_real_escape_string($row['description'])."', - `md`='".$row['md']."'"; + `md`='".HashAlgorithms::clean($row['md'])."'"; mysql_query($query); $newid = mysql_insert_id(); $newfile=generatecertpath("csr","client",$newid); @@ -1722,7 +1722,7 @@ function buildSubjectFromSession() { `codesign`='".intval($row['codesign'])."', `rootcert`='".intval($row['rootcert'])."', `description`='".mysql_real_escape_string($row['description'])."', - `md`='".$row['md']."'"; + `md`='".HashAlgorithms::clean($row['md'])."'"; mysql_query($query); $newid = mysql_insert_id(); $newfile=generatecertpath("csr","orgclient",$newid); @@ -2075,7 +2075,7 @@ function buildSubjectFromSession() { `type`='".intval($row['type'])."', `rootcert`='".intval($row['rootcert'])."', `description`='".mysql_real_escape_string($row['description'])."', - `md`='".$row['md']."'"; + `md`='".HashAlgorithms::clean($row['md'])."'"; mysql_query($query); $newid = mysql_insert_id(); //echo "NewID: $newid
\n"; -- cgit v1.2.1