From b0904b2bda37b292fa5d29d5d3b7ec64d100ad16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20T=C3=A4nzer?= <neo@nhng.de>
Date: Thu, 4 Dec 2014 18:26:23 +0100
Subject: Source code taken from cacert-20141124.tar.bz2

---
 pages/wot/1.php  | 22 +++++++++++-----------
 pages/wot/10.php | 30 +++++++++++++++---------------
 pages/wot/15.php |  2 +-
 pages/wot/5.php  | 47 ++++++++++++++++++++++++++++++++++++++++++++---
 pages/wot/6.php  | 15 +++++++++------
 pages/wot/9.php  | 25 ++++++++++++-------------
 6 files changed, 92 insertions(+), 49 deletions(-)

(limited to 'pages/wot')

diff --git a/pages/wot/1.php b/pages/wot/1.php
index a45b5df..9047f27 100644
--- a/pages/wot/1.php
+++ b/pages/wot/1.php
@@ -14,9 +14,9 @@
     You should have received a copy of the GNU General Public License
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/ ?>
-<?
-        $res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries"));
+*/
+
+	$res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries"));
 	$total1 =$res['summe'];
 
 	$locid=array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
@@ -91,7 +91,7 @@
 	{
 	$query = "select *, `users`.`id` as `id` from `users`,`notary` where `listme`='1' and
 			`ccid`='".$ccid."' and `regid`='".$regid."' and
-			`locid`='".$locid."' and `users`.`id`=`notary`.`to`
+			`locid`='".$locid."' and `users`.`id`=`notary`.`to` and `notary`.`deleted`=0
 			group by `notary`.`to` HAVING SUM(`points`) >= 100 order by `points` desc";
 	$list = mysql_query($query);
 	if(mysql_num_rows($list) > 0)
@@ -104,19 +104,19 @@
     <td class="title"><?=_("Contact Details")?></td>
     <td class="title"><?=_("Email Assurer")?></td>
     <td class="title"><?=_("Assurer Challenge")?></td>
-
   </tr>
-<? while($row = mysql_fetch_assoc($list)) { ?>
+
+<?		while($row = mysql_fetch_assoc($list)) { ?>
   <tr>
-    <td class="DataTD" width="100"><nobr><?=$row['fname']?> <?=substr($row['lname'], 0, 1)?></nobr></td>
+    <td class="DataTD" width="100"><nobr><?=sanitizeHTML($row['fname'])?> <?=substr($row['lname'], 0, 1)?>.</nobr></td>
     <td class="DataTD"><?=maxpoints($row['id'])?></td>
-    <td class="DataTD"><?=$row['contactinfo']?></td>
+    <td class="DataTD"><?=sanitizeHTML($row['contactinfo'])?></td>
     <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['id'])?>"><?=_("Email Me")?></a></td>
     <td class="DataTD"><?=$row['assurer']?_("Yes"):("<font color=\"#ff0000\">"._("Not yet!")."</font>")?></td>
-
   </tr>
-<? } 
-        }
+<?
+		}
+	}
 ?>
 </table>
 <br>
diff --git a/pages/wot/10.php b/pages/wot/10.php
index bc76a86..b5e146c 100644
--- a/pages/wot/10.php
+++ b/pages/wot/10.php
@@ -24,7 +24,7 @@
     <td colspan="5" class="title"><?=_("Assurer Ranking")?></td>
   </tr>
   <tr>
-<?
+<?// the rank calculation is not adjusted to the new deletion method
 	$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
 			WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
 			AND `from`='".intval($_SESSION['profile']['id'])."' GROUP BY `notary`.`from`";
@@ -36,8 +36,8 @@
 			WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
 			GROUP BY `notary`.`from` HAVING count(*) > '$rc' ORDER BY `notary`.`when` DESC";
 */
-	$query = "SELECT count(*) AS `list` FROM `users` 
-			inner join `notary` on `users`.`id` = `notary`.`from` 
+	$query = "SELECT count(*) AS `list` FROM `users`
+			inner join `notary` on `users`.`id` = `notary`.`from`
 			GROUP BY `notary`.`from` HAVING count(*) > '$rc'";
 
 	$rank = mysql_num_rows(mysql_query($query)) + 1;
@@ -64,18 +64,18 @@
     <td class="DataTD"><b><?=_("Method")?></b></td>
   </tr>
 <?
-	$query = "select * from `notary` where `to`='".intval($_SESSION['profile']['id'])."'";
+	$query = "select `id`, `date`, `from`, `points`, `location`, `method` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
 	$res = mysql_query($query);
 	while($row = mysql_fetch_assoc($res))
 	{
-		$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['from'])."'"));
+		$fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['from'])."'"));
 ?>
   <tr>
-    <td class="DataTD"><?=$row['id']?></td>
+    <td class="DataTD"><?=intval($row['id'])?></td>
     <td class="DataTD"><?=$row['date']?></td>
-    <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['from'])?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
-    <td class="DataTD"><?=$row['points']?></td>
-    <td class="DataTD"><?=$row['location']?></td>
+    <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['from'])?>"><?=sanitizeHTML(trim($fromuser['fname']." ".$fromuser['lname']))?></td>
+    <td class="DataTD"><?=intval($row['points'])?></td>
+    <td class="DataTD"><?=sanitizeHTML($row['location'])?></td>
     <td class="DataTD"><?=_(sprintf("%s", $row['method']))?></td>
   </tr>
 <?
@@ -114,30 +114,30 @@ if ($thawte)
   </tr>
 <?
 	$points = 0;
-	$query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."'";
+	$query = "select `id`, `date`, `points`, `to`, `location`, `method` from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."'  and `deleted`=0" ;
 	$res = mysql_query($query);
 	while($row = mysql_fetch_assoc($res))
 	{
-		$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['to'])."'"));
-		$points += $row['points'];
+		$fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['to'])."'"));
+		$points += intval($row['points']);
 		$name = trim($fromuser['fname']." ".$fromuser['lname']);
 		if($name == "")
 			$name = _("Deleted before Verification");
 		else
-			$name = "<a href='wot.php?id=9&amp;userid=".intval($row['to'])."'>$name</a>";
+			$name = "<a href='wot.php?id=9&amp;userid=".intval($row['to'])."'>".sanitizeHTML($name)."</a>";
 ?>
   <tr>
     <td class="DataTD"><?=intval($row['id'])?></td>
     <td class="DataTD"><?=$row['date']?></td>
     <td class="DataTD"><?=$name?></td>
     <td class="DataTD"><?=intval($row['points'])?></td>
-    <td class="DataTD"><?=$row['location']?></td>
+    <td class="DataTD"><?=sanitizeHTML($row['location'])?></td>
     <td class="DataTD"><?=$row['method']==""?"":_(sprintf("%s", $row['method']))?></td>
   </tr>
 <? } ?>
   <tr>
     <td class="DataTD" colspan="3"><b><?=_("Total Points Issued")?>:</b></td>
-    <td class="DataTD"><?=$points?></td>
+    <td class="DataTD"><?=intval($points)?></td>
     <td class="DataTD" colspan="2">&nbsp;</td>
   </tr>
 </table>
diff --git a/pages/wot/15.php b/pages/wot/15.php
index cca2702..c1f3e0f 100644
--- a/pages/wot/15.php
+++ b/pages/wot/15.php
@@ -14,7 +14,7 @@
     You should have received a copy of the GNU General Public License
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/ 
+*/
 
 	require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
 
diff --git a/pages/wot/5.php b/pages/wot/5.php
index c1a6438..565dd6a 100644
--- a/pages/wot/5.php
+++ b/pages/wot/5.php
@@ -18,14 +18,24 @@
 	include_once("../includes/shutdown.php");
 	require_once("../includes/lib/l10n.php");
 ?>
-<? 
-  if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") 
+<?
+  if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "")
   {
     ?><font color="orange" size="+1">
       <? echo _("ERROR").": ".$_SESSION['_config']['error'] ?>
     </font>
     <?unset($_SESSION['_config']['error']);
-  } 
+  }
+
+  if (!isset($_SESSION['assuresomeone']['year'])) {
+      $_SESSION['assuresomeone']['year'] = 0;
+  }
+  if (!isset($_SESSION['assuresomeone']['month'])) {
+      $_SESSION['assuresomeone']['month'] = 0;
+  }
+  if (!isset($_SESSION['assuresomeone']['day'])) {
+      $_SESSION['assuresomeone']['day'] = 0;
+  }
 ?>
 <? if(array_key_exists('noemailfound',$_SESSION['_config']) && $_SESSION['_config']['noemailfound'] == 1) { ?>
 <form method="post" action="wot.php">
@@ -60,6 +70,37 @@
     <td class="DataTD"><input type="text" name="email" id="email" value="<?=array_key_exists('email',$_POST)?sanitizeHTML($_POST['email']):""?>"></td>
 <? } ?>
   </tr>
+    <tr>
+    <td class="DataTD">
+        <?=_("Date of Birth")?><br/>
+        (<?=_("yyyy/mm/dd")?>)</td>
+    <td class="DataTD">
+        <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['year']) >= 1900 ? intval($_SESSION['assuresomeone']['year']):''?>" size="4" autocomplete="off"></nobr>
+        <select name="month">
+<?
+for($i = 1; $i <= 12; $i++)
+{
+    echo "<option value='$i'";
+    if(array_key_exists('month',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['month']) === $i)
+        echo " selected=\"selected\"";
+    echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))." ($i)</option>\n";
+}
+?>
+        </select>
+        <select name="day">
+<?
+for($i = 1; $i <= 31; $i++)
+{
+    echo "<option";
+    if(array_key_exists('day',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['day']) === $i)
+        echo " selected=\"selected\"";
+    echo ">$i</option>";
+}
+?>
+        </select>
+    </td>
+  </tr>
+
   <tr>
     <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
   </tr>
diff --git a/pages/wot/6.php b/pages/wot/6.php
index a565aa7..4094a18 100644
--- a/pages/wot/6.php
+++ b/pages/wot/6.php
@@ -24,6 +24,9 @@
 	}
 
 	$row = $_SESSION['_config']['notarise'];
+	$_SESSION['assuresomeone']['year'] = 0;
+	$_SESSION['assuresomeone']['month'] = 0;
+	$_SESSION['assuresomeone']['day'] = 0;
 
 	if($_SESSION['profile']['ttpadmin'] == 1)
 //		$methods = array("Face to Face Meeting", "Trusted 3rd Parties", "TopUP");
@@ -47,10 +50,10 @@
 		'12' => _('December')
 		);
 
-	$fname = $row['fname'];
-	$mname = $row['mname'];
-	$lname = $row['lname'];
-	$suffix = $row['suffix'];
+	$fname = sanitizeHTML($row['fname']);
+	$mname = sanitizeHTML($row['mname']);
+	$lname = sanitizeHTML($row['lname']);
+	$suffix = sanitizeHTML($row['suffix']);
 	$dob = $row['dob'];
 
 	$dob_date = explode('-', $dob, 3);
@@ -74,8 +77,8 @@
 	AssureMethodLine(_("Method"),$methods,'');
 	AssureBoxLine("certify",sprintf(_("I certify that %s %s %s %s has appeared in person."), $fname, $mname, $lname, $suffix),array_key_exists('certify',$_POST) && $_POST['certify'] == 1);
 	AssureBoxLine("CCAAgreed",sprintf(_("I verify that %s %s %s %s has accepted the CAcert Community Agreement."), $fname, $mname, $lname, $suffix),array_key_exists('CCAAgreed',$_POST) && $_POST['CCAAgreed'] == 1);
-	AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"","");
-	AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD)."));
+	AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['location']):"","");
+	AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['date']):date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD)."));
 	AssureTextLine("",_("Only tick the next box if the Assurance was face to face."));
 	AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1);
 	AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1);
diff --git a/pages/wot/9.php b/pages/wot/9.php
index bfa7a98..20f2c6d 100644
--- a/pages/wot/9.php
+++ b/pages/wot/9.php
@@ -15,9 +15,9 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
-	
+
 	require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
-	
+
 
 	$res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'");
 	if(mysql_num_rows($res) <= 0)
@@ -26,11 +26,10 @@
 	} else {
 
 		$user = mysql_fetch_array($res);
-		$userlang = $user['language'];
+		$userlang = L10n::normalise_translation($user['language']);
 		$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
-				where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
-		if($points <= 0)
-		{
+				where `to`='".intval($user['id'])."' and `deleted`=0 group by `to` HAVING SUM(`points`) > 0"));
+		if($points <= 0) {
 			echo _("Sorry, I was unable to locate that user.");
 		} else {
 
@@ -38,31 +37,31 @@
 ?>
 <? if($_SESSION['_config']['error'] != "") { ?><font color="#ff0000" size="+1">ERROR: <?=$_SESSION['_config']['error']?></font><? unset($_SESSION['_config']['error']); } ?>
 <form method="post" action="wot.php">
-<input type="hidden" name="userid" value="<?=$user['id']?>">
+<input type="hidden" name="userid" value="<?=intval($user['id'])?>">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
   <tr>
     <td colspan="2" class="title"><?=_("Contact Assurer")?></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("To")?>:</td>
-    <td class="DataTD" align="left"><?=$user['fname']?> <?=substr($user['lname'], 0, 1)?></td>
+    <td class="DataTD" align="left"><?=sanitizeHTML(trim($user['fname'].' '.substr($user['lname'], 0, 1)))?></td>
   </tr>
 <? if($userlang != "") { ?>
   <tr>
     <td class="DataTD"><?=_("Language")?>:</td>
-    <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), $user['fname'], L10n::$translations[$userlang]) ?></td>
+    <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), sanitizeHTML($user['fname']), L10n::$translations[$userlang]) ?></td>
   </tr>
 <? } ?>
 <?
-	$query = "select * from `addlang` where `userid`='".$user['id']."'";
+	$query = "select * from `addlang` where `userid`='".intval($user['id'])."'";
 	$res = mysql_query($query);
 	while($row = mysql_fetch_assoc($res))
 	{
-		$lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='${row['lang']}'"));
+		$lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'"));
 ?>
   <tr>
     <td class="DataTD"><?=_("Additional Language")?>:</td>
-    <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), $user['fname'], $lang['lang'], $lang['country']) ?></td>
+    <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), sanitizeHTML($user['fname']), $lang['lang'], $lang['country']) ?></td>
   </tr>
 <? } ?>
   <tr>
@@ -79,7 +78,7 @@
 </table>
 <input type="hidden" name="pageid" value="<?=$_SESSION['_config']['pagehash']?>">
 <input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=intval($id)?>">
 </form>
 <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
 <? } } ?>
-- 
cgit v1.2.3