Source code taken from cacert-20141124.tar.bz2
[cacert.git] / pages / account / 5.php
index 934ca0c..efed0ab 100644 (file)
@@ -19,7 +19,7 @@
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
   <tr>
-    <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td>
+    <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=intval(!$viewall)?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
        $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
                        UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
                        UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
-                       `emailcerts`.`expire` as `expires`,
+                       `emailcerts`.`expire`,
                        `emailcerts`.`revoked` as `revoke`,
                        UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
+                       if (`emailcerts`.`expire`=0,CURRENT_TIMESTAMP(),`emailcerts`.`modified`) as `modified` ,
                        `emailcerts`.`id`,
                        `emailcerts`.`CN`,
                        `emailcerts`.`serial`,
                        `emailcerts`.`disablelogin` as `disablelogin`,
                        `emailcerts`.`description`
                        from `emailcerts`
-                       where `emailcerts`.`memid`='".$_SESSION['profile']['id']."'
+                       where `emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."'
                        ";
        if($viewall != 1)
                $query .= " AND `revoked`=0 AND `renewed`=0 ";
        $query .= " GROUP BY `emailcerts`.`id` ";
        if($viewall != 1)
-                $query .= " HAVING `timeleft` > 0 ";
-       $query .= " ORDER BY `emailcerts`.`modified` desc";
+               $query .= " HAVING `timeleft` > 0 or `expire` = 0 ";
+       $query .= " ORDER BY `modified` desc";
 // echo $query."<br>\n";
        $res = mysql_query($query);
        if(mysql_num_rows($res) <= 0)
 ?>
   <tr>
 <? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
-    <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
+    <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"></td>
     <td class="DataTD"><?=$verified?></td>
-    <td class="DataTD"><a href="account.php?id=6&amp;cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td>
+    <td class="DataTD"><a href="account.php?id=6&amp;cert=<?=intval($row['id'])?>"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></a></td>
 <? } else if($verified != _("Revoked")) { ?>
-    <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
+    <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"></td>
     <td class="DataTD"><?=$verified?></td>
-    <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+    <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td>
 <? } else { ?>
     <td class="DataTD">&nbsp;</td>
     <td class="DataTD"><?=$verified?></td>
-    <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+    <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td>
 <? } ?>
-    <td class="DataTD"><?=$row['serial']?></td>
-    <td class="DataTD"><?=$row['revoke']?></td>
-    <td class="DataTD"><?=$row['expires']?></td>
+    <td class="DataTD"><?=sanitizeHTML($row['serial'])?></td>
+    <td class="DataTD"><?=sanitizeHTML($row['revoke'])?></td>
+    <td class="DataTD"><?=sanitizeHTML($row['expire'])?></td>
     <td class="DataTD">
-      <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":'checked="checked"'?>/>
-      <input type="hidden" name="cert_<?=$row['id']?>" value="1" />
+      <input type="checkbox" name="disablelogin_<?=intval($row['id'])?>" value="1" <?=$row['disablelogin']?"":'checked="checked"'?>/>
+      <input type="hidden" name="cert_<?=intval($row['id'])?>" value="1" />
     </td>
-    <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
-    <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
+    <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+    <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td>
   </tr>
     <? } ?>
   <tr>
     <td class="DataTD" colspan="9">
-      <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
+      <a href="account.php?id=5&amp;viewall=<?=intval(!$viewall)?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
     </td>
   </tr>
 
   </tr>
 <? } ?>
 </table>
-<input type="hidden" name="oldid" value="<?=$id?>" />
+<input type="hidden" name="oldid" value="<?=intval($id)?>" />
 <input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
 </form>
 <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>