From 1cc679b01b17f5f3af74d752a68815cdd44c5b71 Mon Sep 17 00:00:00 2001
From: root <root@www.cacert.org>
Date: Sun, 30 Apr 2006 08:40:21 +0000
Subject: [PATCH] fix strip_tags for passwords

---
 includes/account.php | 6 +++---
 www/index.php        | 6 +++---
 www/src-lic.php      | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/includes/account.php b/includes/account.php
index dc9b8a4..7f60d4a 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -968,9 +968,9 @@
 
 	if($oldid == 14 && $_REQUEST['process'] != "")
 	{
-		$_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes(strip_tags($oldpassword))));
-		$_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($pword1))));
-		$_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($pword2))));
+		$_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($oldpassword)));
+		$_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($pword1)));
+		$_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($pword2)));
 
 		$id = 14;
 		showheader(_("My CAcert.org Account!"));
diff --git a/www/index.php b/www/index.php
index 4564c3c..b245999 100644
--- a/www/index.php
+++ b/www/index.php
@@ -175,7 +175,7 @@
 		$_SESSION['_config']['errmsg'] = "";
 
 		$email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
-		$pword = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['pword']))));
+		$pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword'])));
 		$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
 						`password`=password('$pword')) and `verified`=1 and `deleted`=0";
 		$res = mysql_query($query);
@@ -239,8 +239,8 @@
 		$_SESSION['signup']['day'] = intval($day);
 		$_SESSION['signup']['month'] = intval($month);
 		$_SESSION['signup']['year'] = intval($year);
-		$_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes(strip_tags($pword1))));
-		$_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes(strip_tags($pword2))));
+		$_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes($pword1)));
+		$_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes($pword2)));
 		$_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes(strip_tags($Q1))));
 		$_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes(strip_tags($Q2))));
 		$_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes(strip_tags($Q3))));
diff --git a/www/src-lic.php b/www/src-lic.php
index 9e2cae6..a98df62 100644
--- a/www/src-lic.php
+++ b/www/src-lic.php
@@ -1,7 +1,7 @@
 <?
 	if($process == "Confirm, I agree to these terms and conditions" && $iagree == "yes")
 	{
-		$output_file = $fname = "cacert-20060421.tar.bz2";
+		$output_file = $fname = "cacert-20060430.tar.bz2";
 
 		header('Pragma: public');