summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2014-04-21 20:07:00 +0200
committerMichael Tänzer <neo@nhng.de>2014-04-21 20:07:00 +0200
commitc7c4d077688807bcbec21e11d0aeb0af9ebfbd30 (patch)
tree74ee152df3b0d09497252bbc98453e8fc280a6b4 /includes
parent29cc1c30533de1f6caa6fa163b95970eee5ab8ef (diff)
downloadcacert-c7c4d077688807bcbec21e11d0aeb0af9ebfbd30.tar.gz
cacert-c7c4d077688807bcbec21e11d0aeb0af9ebfbd30.tar.xz
cacert-c7c4d077688807bcbec21e11d0aeb0af9ebfbd30.zip
Source code taken from cacert-20140419.tar.bz2
Diffstat (limited to 'includes')
-rw-r--r--includes/account.php122
-rw-r--r--includes/general.php4
2 files changed, 74 insertions, 52 deletions
diff --git a/includes/account.php b/includes/account.php
index 7c3748d..7e9ee2a 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -395,7 +395,8 @@ function buildSubjectFromSession() {
fputs($fp, $emails);
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
- $res=`openssl spkac -verify -in $CSRname`;
+ $CSRname_esc = escapeshellarg($CSRname);
+ $res=`openssl spkac -verify -in $CSRname_esc`;
if(!strstr($res,"Challenge String: ".$challenge))
{
$id = $oldid;
@@ -457,7 +458,9 @@ function buildSubjectFromSession() {
$csrsubject .= "/emailAddress = ".$user['uniqueID'];
$tmpname = tempnam("/tmp", "id4csr");
- $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`; // -subj "$csr"`;
+ $tmpfname_esc = escapeshellarg($tmpfname);
+ $tmpname_esc = escapeshellarg($tmpname);
+ $do = `/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc`; // -subj "$csr"`;
@unlink($tmpfname);
$csr = "";
$fp = fopen($tmpname, "r");
@@ -733,9 +736,9 @@ function buildSubjectFromSession() {
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
fclose($fp);
- $CSR = $_SESSION['_config']['tmpfname'];
- $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
- $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+ $CSR = escapeshellarg($_SESSION['_config']['tmpfname']);
+ $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep "Subject:"`);
+ $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
foreach($bits as $val)
{
$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@@ -886,22 +889,23 @@ function buildSubjectFromSession() {
mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
$query = "insert into `domaincerts` set
- `domid`='".$row['domid']."',
+ `domid`='".intval($row['domid'])."',
`CN`='".mysql_real_escape_string($row['CN'])."',
`subject`='".mysql_real_escape_string($row['subject'])."',".
//`csr_name`='".$row['csr_name']."', // RACE CONDITION
- "`created`='".$row['created']."',
+ "`created`='".mysql_real_escape_string($row['created'])."',
`modified`=NOW(),
- `rootcert`='".$row['rootcert']."',
- `type`='".$row['type']."',
- `pkhash`='".$row['pkhash']."',
- `description`='".$row['description']."'";
+ `rootcert`='".intval($row['rootcert'])."',
+ `type`='".intval($row['type'])."',
+ `pkhash`='".mysql_real_escape_string($row['pkhash'])."',
+ `description`='".mysql_real_escape_string($row['description'])."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","server",$newid);
copy($row['csr_name'], $newfile);
- $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"`);
- $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+ $newfile_esc = escapeshellarg($newfile);
+ $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d "\\0"|grep "Subject:"`);
+ $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
foreach($bits as $val)
{
$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@@ -930,7 +934,8 @@ function buildSubjectFromSession() {
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
} else {
$drow = mysql_fetch_assoc($res);
- $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
+ $crt_name = escapeshellarg($drow['crt_name']);
+ $cert = `/usr/bin/openssl x509 -in $crt_name`;
echo "<pre>\n$cert\n</pre>\n";
}
}
@@ -972,8 +977,12 @@ function buildSubjectFromSession() {
continue;
}
mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
- printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
+ printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
+
+ // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
+ echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
+
}
else
{
@@ -1059,17 +1068,17 @@ function buildSubjectFromSession() {
mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
$query = "insert into emailcerts set
- `memid`='".$row['memid']."',
+ `memid`='".intval($row['memid'])."',
`CN`='".mysql_real_escape_string($row['CN'])."',
`subject`='".mysql_real_escape_string($row['subject'])."',
- `keytype`='".$row['keytype']."',
- `csr_name`='".$row['csr_name']."',
- `created`='".$row['created']."',
+ `keytype`='".mysql_real_escape_string($row['keytype'])."',
+ `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
+ `created`='".mysql_real_escape_string($row['created'])."',
`modified`=NOW(),
- `disablelogin`='".$row['disablelogin']."',
- `codesign`='".$row['codesign']."',
- `rootcert`='".$row['rootcert']."',
- `description`='".$row['description']."'";
+ `disablelogin`='".intval($row['disablelogin'])."',
+ `codesign`='".intval($row['codesign'])."',
+ `rootcert`='".intval($row['rootcert'])."',
+ `description`='".mysql_real_escape_string($row['description'])."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","client",$newid);
@@ -1128,8 +1137,11 @@ function buildSubjectFromSession() {
continue;
}
mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
- printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
+ printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
+
+ // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
+ echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
}
else
{
@@ -1545,7 +1557,8 @@ function buildSubjectFromSession() {
fputs($fp, $emails);
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
- $res=`openssl spkac -verify -in $CSRname`;
+ $CSRname_esc = escapeshellarg($CSRname);
+ $res=`openssl spkac -verify -in $CSRname_esc`;
if(!strstr($res,"Challenge String: ".$challenge))
{
$id = $oldid;
@@ -1597,7 +1610,9 @@ function buildSubjectFromSession() {
$csrsubject .= "/countryName=".$org['C'];
$tmpname = tempnam("/tmp", "id17csr");
- $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`;
+ $tmpfname_esc = escapeshellarg($tmpfname);
+ $tmpname_esc = escapeshellarg($tmpname);
+ $do = `/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc`;
@unlink($tmpfname);
$csr = "";
$fp = fopen($tmpname, "r");
@@ -1692,17 +1707,17 @@ function buildSubjectFromSession() {
continue;
}
$query = "insert into `orgemailcerts` set
- `orgid`='".$row['orgid']."',
- `CN`='".$row['CN']."',
- `ou`='".$row['ou']."',
- `subject`='".$row['subject']."',
- `keytype`='".$row['keytype']."',
- `csr_name`='".$row['csr_name']."',
- `created`='".$row['created']."',
+ `orgid`='".intval($row['orgid'])."',
+ `CN`='".mysql_real_escape_string($row['CN'])."',
+ `ou`='".mysql_real_escape_string($row['ou'])."',
+ `subject`='".mysql_real_escape_string($row['subject'])."',
+ `keytype`='".mysql_real_escape_string($row['keytype'])."',
+ `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
+ `created`='".mysql_real_escape_string($row['created'])."',
`modified`=NOW(),
- `codesign`='".$row['codesign']."',
- `rootcert`='".$row['rootcert']."',
- `description`='".$row['description']."'";
+ `codesign`='".intval($row['codesign'])."',
+ `rootcert`='".intval($row['rootcert'])."',
+ `description`='".mysql_real_escape_string($row['description'])."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","orgclient",$newid);
@@ -1755,8 +1770,11 @@ function buildSubjectFromSession() {
continue;
}
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
- printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
+ printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
+
+ // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
+ echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
}
else
{
@@ -1850,9 +1868,9 @@ function buildSubjectFromSession() {
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
fclose($fp);
- $CSR = $_SESSION['_config']['tmpfname'];
- $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
- $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+ $CSR = escapeshellarg($_SESSION['_config']['tmpfname']);
+ $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep "Subject:"`);
+ $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
foreach($bits as $val)
{
$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@@ -2043,15 +2061,15 @@ function buildSubjectFromSession() {
continue;
}
$query = "insert into `orgdomaincerts` set
- `orgid`='".$row['orgid']."',
- `CN`='".$row['CN']."',
- `csr_name`='".$row['csr_name']."',
- `created`='".$row['created']."',
+ `orgid`='".intval($row['orgid'])."',
+ `CN`='".mysql_real_escape_string($row['CN'])."',
+ `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
+ `created`='".mysql_real_escape_string($row['created'])."',
`modified`=NOW(),
- `subject`='".$row['subject']."',
- `type`='".$row['type']."',
- `rootcert`='".$row['rootcert']."',
- `description`='".$row['description']."'";
+ `subject`='".mysql_real_escape_string($row['subject'])."',
+ `type`='".intval($row['type'])."',
+ `rootcert`='".intval($row['rootcert'])."',
+ `description`='".mysql_real_escape_string($row['description'])."'";
mysql_query($query);
$newid = mysql_insert_id();
//echo "NewID: $newid<br/>\n";
@@ -2070,7 +2088,8 @@ function buildSubjectFromSession() {
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
} else {
$drow = mysql_fetch_assoc($res);
- $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
+ $crtname = escapeshellarg($drow['crt_name']);
+ $cert = `/usr/bin/openssl x509 -in $crtname`;
echo "<pre>\n$cert\n</pre>\n";
}
}
@@ -2111,8 +2130,11 @@ function buildSubjectFromSession() {
continue;
}
mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
- printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
+ printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
+
+ // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
+ echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
}
else
{
diff --git a/includes/general.php b/includes/general.php
index d89c0e6..f36ccdf 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -219,7 +219,7 @@
//echo "Points due to name matches: $points<br/>";
$shellpwd = escapeshellarg($pwd);
- $do = `grep $shellpwd /usr/share/dict/american-english`;
+ $do = `grep -F -- $shellpwd /usr/share/dict/american-english`;
if($do)
$points--;
@@ -506,7 +506,7 @@
return(0);
}
- function hex2bin($data)
+ function gpg_hex2bin($data)
{
while(strstr($data, "\\x"))
{