Source code taken from cacert-20141124.tar.bz2
[cacert.git] / pages / account / 12.php
index 9058a07..f4428aa 100644 (file)
@@ -19,7 +19,7 @@
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
   <tr>
-    <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td>
+    <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=intval(!$viewall)?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
        $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
                        UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
                        UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
-                       `domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
-                       UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`,
+                       `domaincerts`.`expire`,
+                       `domaincerts`.`revoked` as `revoke`,
+                       UNIX_TIMESTAMP(`revoked`) as `revoked`,
+                       if (`domaincerts`.`expire`=0,CURRENT_TIMESTAMP(),`domaincerts`.`modified`) as `modified`,
+                       `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`,
                        `domaincerts`.`description`
                        from `domaincerts`,`domains`
                        where `memid`='".intval($_SESSION['profile']['id'])."' and `domaincerts`.`domid`=`domains`.`id` ";
        if($viewall != 1)
        {
                $query .= "AND `revoked`=0 AND `renewed`=0 ";
-               $query .= "HAVING `timeleft` > 0 ";
+               $query .= "HAVING `timeleft` > 0 or `expire` = 0 ";
        }
-       $query .= "ORDER BY `domaincerts`.`modified` desc";
+       $query .= "ORDER BY `modified` desc";
 //echo $query."<br>\n";
        $res = mysql_query($query);
        if(mysql_num_rows($res) <= 0)
 ?>
   <tr>
 <? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
-    <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"/></td>
+    <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"/></td>
 <? } else if($verified != _("Revoked")) { ?>
-    <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"/></td>
+    <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"/></td>
 <? } else { ?>
     <td class="DataTD">&nbsp;</td>
 <? } ?>
     <td class="DataTD"><?=$verified?></td>
-    <td class="DataTD"><a href="account.php?id=15&amp;cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
+    <td class="DataTD"><a href="account.php?id=15&amp;cert=<?=intval($row['id'])?>"><?=htmlspecialchars($row['CN'])?></a></td>
     <td class="DataTD"><?=$row['serial']?></td>
     <td class="DataTD"><?=$row['revoke']?></td>
-    <td class="DataTD"><?=$row['expires']?></td>
-    <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
-    <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
+    <td class="DataTD"><?=$row['expire']?></td>
+    <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+    <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td>
   </tr>
 <? } ?>
   <tr>
     <td class="DataTD" colspan="8">
-      <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
+      <a href="account.php?id=12&amp;viewall=<?=intval(!$viewall)?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
     </td>
   </tr>
   <tr>
     <td class="DataTD" colspan="8"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td>
   </tr>
 </table>
-<input type="hidden" name="oldid" value="<?=$id?>"/>
+<input type="hidden" name="oldid" value="<?=intval($id)?>"/>
 <input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>"/>
 </form>