From eab6644f0f372e5334ae4921f0e84cebbdca025d Mon Sep 17 00:00:00 2001 From: Markus Warg Date: Mon, 29 Mar 2010 11:13:48 +0200 Subject: patch from Phillip (Mantis #778) https://bugs.cacert.org/view.php?id=778 --- includes/general.php | 4 ++++ www/gpg.php | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/includes/general.php b/includes/general.php index 80b16a0..938df4e 100644 --- a/includes/general.php +++ b/includes/general.php @@ -826,6 +826,10 @@ $newcsr = str_replace("\n\n","\n",$newcsr); return(preg_replace("/[^A-Za-z0-9\n\r\-\:\=\+\/ ]/","",$newcsr)); } + function clean_gpgcsr($CSR) + { + return(preg_replace("/[^A-Za-z0-9\n\r\-\:\=\+\/ ]/","",trim($CSR))); + } function sanitizeFilename($text) { diff --git a/www/gpg.php b/www/gpg.php index 38e5426..f97966f 100644 --- a/www/gpg.php +++ b/www/gpg.php @@ -82,7 +82,7 @@ function verifyEmail($email) $state=0; if($oldid == "0" && $CSR != "") { - $debugkey = $gpgkey = clean_csr($CSR); + $debugkey = $gpgkey = clean_gpgcsr($CSR); $debugpg = $gpg = trim(`echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1`); $lines = ""; $gpgarr = explode("\n", $gpg); @@ -268,7 +268,7 @@ function verifyEmail($email) mkdir($cwd,0755); $fp = fopen("$cwd/gpg.csr", "w"); - fputs($fp, clean_csr($CSR)); + fputs($fp, clean_gpgcsr($CSR)); fclose($fp); -- cgit v1.2.1