Fixed a bug

Added Sanitizing to avoid XSS
16 years ago · 122cf1a704
parent 5499bf244e
commit 122cf1a704
2 changed files with 11 additions and 7 deletions
--- a/includes/account.php
+++ b/includes/account.php
@ -756,13 +756,14 @@
 				$query = "insert into `domaincerts` set 
 						`domid`='".$row['domid']."', 
 						`CN`='".mysql_real_escape_string($row['CN'])."',
-						`subject`='".mysql_real_escape_string($row['subject'])."',
-						`csr_name`='".$row['csr_name']."', 
-						`created`='".$row['created']."',
+						`subject`='".mysql_real_escape_string($row['subject'])."',".
+						//`csr_name`='".$row['csr_name']."', // RACE CONDITION
+						"`created`='".$row['created']."',
 						`modified`=NOW(), 
 						`rootcert`='".$row['rootcert']."'";
 				mysql_query($query);
 				$newid = mysql_insert_id();
+				//echo mysql_error();
 				$newfile = $_SESSION['_config']['filepath']."/csr/server-$newid.csr";
 				copy($row['csr_name'], $newfile);
 				$_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"`);
@ -808,7 +809,7 @@
 				$subject = mysql_real_escape_string($subject);
 				mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");

-				echo _("Renewing").": ".$_SESSION['_config']['0.CN']."<br>\n";
+				echo _("Renewing").": ".sanitizeHTML($_SESSION['_config']['0.CN'])."<br>\n";
 				waitForResult("domaincerts", $newid,$oldid,0);
 				$query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''";
 				$res = mysql_query($query);
--- a/includes/general.php
+++ b/includes/general.php
@ -698,7 +698,7 @@
 	function waitForResult($table, $certid, $id = 0, $show = 1)
 	{
 		$found = $trycount = 0;
-		while($trycount++ <= 30)
+		while($trycount++ <= 40)
 		{
 			if($table == "gpg")
 				$query = "select * from `$table` where `id`='".intval($certid)."' and `crt` != ''";
@ -719,20 +719,23 @@
 			$query = "select * from `$table` where `id`='".intval($certid)."' ";
 			$res = mysql_query($query);
 			$body="";
+			$subject="";
 			if(mysql_num_rows($res) > 0)
 			{
 				printf(_("Your certificate request is still queued and hasn't been processed yet. Please wait, and go to Certificates -> View to see it's status."));
+				$subject="[CAcert.org] Certificate TIMEOUT";
 				$body = "A certificate has timed out!\n\n";
 			}
 			else
 			{
 				printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." certid:$table:".intval($certid), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
-				$body = "A certificate has failed!\n\n";
+				$subject="[CAcert.org] Certificate FAILURE";
+				$body = "A certificate has failed: $table $certid $id $show\n\n";
 			}

 			$body .= _("Best regards")."\n"._("CAcert.org Support!");

-			sendmail("philipp@cacert.org", "[CAcert.org] Certificate TIMEOUT", $body, "philipp@cacert.org", "", "", "CAcert Support");
+			sendmail("philipp@cacert.org", $subject, $body, "philipp@cacert.org", "", "", "CAcert Support");

 			if($show) showfooter();
 			if($show) exit;