bug 1200: Use a freshly created temporary directory as gpg homedir
authorMichael Tänzer <neo@nhng.de>
Wed, 7 Aug 2013 00:43:02 +0000 (02:43 +0200)
committerMichael Tänzer <neo@nhng.de>
Wed, 7 Aug 2013 00:43:02 +0000 (02:43 +0200)
Signed-off-by: Michael Tänzer <neo@nhng.de>
www/gpg.php

index 813ee31..241df30 100644 (file)
@@ -83,9 +83,17 @@ function verifyEmail($email)
        $state=0;
        if($oldid == "0" && $CSR != "")
        {
-               if (runCommand('gpg --with-colons --homedir /tmp 2>&1',
-                               clean_gpgcsr($CSR),
-                               $gpg))
+               $err = runCommand('mktemp --directory /tmp/cacert_gpg.XXXXXXXXXX', $tmpdir);
+               if (!err && $tmpdir)
+               {
+                       $err = runCommand("gpg --with-colons --homedir $tmpdir 2>&1",
+                                       clean_gpgcsr($CSR),
+                                       $gpg);
+
+                       `rm -r $tmpdir`;
+               }
+
+               if ($err)
                {
                        showheader(_("Welcome to CAcert.org"));