@ -74,7 +74,7 @@
sendmail($_REQUEST['email'], "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
sendmail($_REQUEST['email'], "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
showheader(_("My CAcert.org Account!"));
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_REQUEST['email']);
printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), sanitizeHTML( $_REQUEST['email']) );
showfooter();
showfooter();
exit;
exit;
}
}
@ -274,7 +274,7 @@
fputs($fp, $emails);
fputs($fp, $emails);
fclose($fp);
fclose($fp);
mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} else if($_REQUEST['keytype'] == "MS") {
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI" ) {
if($csr == "")
if($csr == "")
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."-----END CERTIFICATE REQUEST-----\n";
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."-----END CERTIFICATE REQUEST-----\n";
$tmpfname = tempnam("/tmp", "CSR");
$tmpfname = tempnam("/tmp", "CSR");
@ -332,7 +332,7 @@
showfooter();
showfooter();
exit;
exit;
}
}
$query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='MS',
$query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='".sanitizeHT ML($_REQUE ST['keytype'])." ',
`memid`='".$_SESSION['profile']['id']."',
`memid`='".$_SESSION['profile']['id']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='".mysql_real_escape_string($csrsubject)."',
`subject`='".mysql_real_escape_string($csrsubject)."',
@ -1232,7 +1232,7 @@
fputs($fp, $emails);
fputs($fp, $emails);
fclose($fp);
fclose($fp);
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} else if($_REQUEST['keytype'] == "MS") {
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI" ) {
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."-----END CERTIFICATE REQUEST-----\n";
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."-----END CERTIFICATE REQUEST-----\n";
$tmpfname = tempnam("/tmp", "CSR");
$tmpfname = tempnam("/tmp", "CSR");
$fp = fopen($tmpfname, "w");
$fp = fopen($tmpfname, "w");
@ -1279,7 +1279,7 @@
showfooter();
showfooter();
exit;
exit;
}
}
$query = "insert into `orgemailcerts` set `CN`='$defaultemail', `keytype`='MS',
$query = "insert into `orgemailcerts` set `CN`='$defaultemail', `keytype`='" . sanitizeHT ML($_REQUE ST['keytype']) . " ',
`orgid`='".$org['orgid']."',
`orgid`='".$org['orgid']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='$csrsubject',
`subject`='$csrsubject',