Source code taken from cacert-20141124.tar.bz2
[cacert.git] / pages / gpg / 2.php
index cc8a872..84e11d2 100644 (file)
@@ -30,7 +30,7 @@
        $query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
                        UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
                        UNIX_TIMESTAMP(`expire`) as `expired`,
-                       `expire` as `expires`, `id`, `level`,
+                       `expire`, `id`, `level`,
                        `email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."'
                        ORDER BY `issued` desc";
        $res = mysql_query($query);
@@ -43,6 +43,7 @@
 <? } else {
        while($row = mysql_fetch_assoc($res))
        {
+               $verified = '';
                if($row['timeleft'] > 0)
                        $verified = _("Valid");
                if($row['timeleft'] < 0)
   <tr>
 <? if($verified == _("Valid")) { ?>
     <td class="DataTD"><?=$verified?></td>
-    <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
+    <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
 <? } else if($verified == _("Pending")) { ?>
     <td class="DataTD"><?=$verified?></td>
-    <td class="DataTD"><?=$row['email']?></td>
+    <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
 <? } else { ?>
     <td class="DataTD"><?=$verified?></td>
-    <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
+    <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
 <? } ?>
-    <td class="DataTD"><?=$row['expires']?></td>
-    <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['keyid']?></a></td>
-    <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
-    <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
+    <td class="DataTD"><?=$row['expire']?></td>
+    <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['keyid'])?></a></td>
+    <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+    <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td>
   </tr>
 <? } ?>
 <? } ?>
@@ -77,5 +78,5 @@
     <td class="DataTD" colspan="6"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
   </tr>
 </table>
-<input type="hidden" name="oldid" value="<?=$id?>" />
+<input type="hidden" name="oldid" value="<?=intval($id)?>" />
 </form>