diff --git a/includes/account.php b/includes/account.php
index 68c0771..96d6213 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -29,7 +29,7 @@
showfooter();
exit;
}
- if(trim(mysql_escape_string(stripslashes($_REQUEST['newemail']))) == "")
+ if(trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))) == "")
{
showheader(_("My CAcert.org Account!"));
printf(_("Not a valid email address. Can't continue."), $_REQUEST['email']);
@@ -37,7 +37,7 @@
exit;
}
unset($oldid);
- $_REQUEST['email'] = trim(mysql_escape_string(stripslashes($_REQUEST['newemail'])));
+ $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
$query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
@@ -295,14 +295,14 @@
$query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='MS',
`memid`='".$_SESSION['profile']['id']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
- `subject`='$csrsubject',
+ `subject`='".mysql_real_escape_string($csrsubject)."',
`codesign`='".$_SESSION['_config']['codesign']."',
`rootcert`='".$_SESSION['_config']['rootcert']."'";
mysql_query($query);
$emailid = mysql_insert_id();
if(is_array($addys))
foreach($addys as $addy)
- mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
+ mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
$CSRname = $_SESSION['_config']['filepath']."/csr/client-$emailid.csr";
$fp = fopen($CSRname, "w");
fputs($fp, $csr);
@@ -336,7 +336,7 @@
}
$newdom = trim(escapeshellarg($newdomain));
- $newdomain = mysql_escape_string(trim($newdomain));
+ $newdomain = mysql_real_escape_string(trim($newdomain));
$res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
$query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0";
@@ -367,7 +367,7 @@
$bits = explode(":", $line, 2);
$line = trim($bits[1]);
if(!in_array($line, $addy) && $line != "")
- $addy[] = trim(mysql_escape_string(stripslashes($line)));
+ $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
}
} else {
if(is_array($adds))
@@ -384,7 +384,7 @@
$line = $bit;
}
if(!in_array($line, $addy) && $line != "")
- $addy[] = trim(mysql_escape_string(stripslashes($line)));
+ $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
}
}
@@ -393,7 +393,7 @@
if(!in_array($sub, $addy))
$addy[] = $sub;
$_SESSION['_config']['addy'] = $addy;
- $_SESSION['_config']['domain'] = mysql_escape_string($newdomain);
+ $_SESSION['_config']['domain'] = mysql_real_escape_string($newdomain);
}
if($_REQUEST['process'] != "" && $oldid == 8)
@@ -401,7 +401,7 @@
unset($oldid);
$id = 8;
- $authaddy = trim(mysql_escape_string(stripslashes($_POST['authaddy'])));
+ $authaddy = trim(mysql_real_escape_string(stripslashes($_POST['authaddy'])));
if($authaddy == "" || !is_array($_SESSION['_config']['addy']))
{
@@ -419,7 +419,7 @@
exit;
}
- $query = "select * from `domains` where `domain`='".$_SESSION['_config']['domain']."' and `deleted`=0";
+ $query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
@@ -442,7 +442,7 @@
$hash = md5(fgets($rnd, 64));
fclose($rnd);
- $query = "insert into `domains` set `domain`='".$_SESSION['_config']['domain']."',
+ $query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
mysql_query($query);
$domainid = mysql_insert_id();
@@ -563,15 +563,15 @@
if($_SESSION['_config']['rowid']['0'] > 0)
{
- $query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['rows']['0']."',
- `domid`='".$_SESSION['_config']['rowid']['0']."',
- `created`=NOW(),`subject`='$subject',
- `rootcert`='".$_SESSION['_config']['rootcert']."'";
+ $query = "insert into `domaincerts` set `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
+ `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
+ `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
+ `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
} else {
- $query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['altrows']['0']."',
- `domid`='".$_SESSION['_config']['altid']['0']."',
- `created`=NOW(),`subject`='$subject',
- `rootcert`='".$_SESSION['_config']['rootcert']."'";
+ $query = "insert into `domaincerts` set `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
+ `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
+ `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
+ `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
}
mysql_query($query);
$CSRid = mysql_insert_id();
@@ -630,7 +630,7 @@
}
mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
$row = mysql_fetch_assoc($res);
- $query = "insert into `domaincerts` set `domid`='".$row['domid']."', `CN`='".$row['CN']."',
+ $query = "insert into `domaincerts` set `domid`='".$row['domid']."', `CN`='".mysql_real_escape_string($row['CN'])."',
`csr_name`='".$row['csr_name']."', `created`='".$row['created']."',
`modified`=NOW(), `rootcert`='".$row['rootcert']."'";
mysql_query($query);
@@ -679,7 +679,7 @@
if(!strstr($subject, "=$row/") &&
substr($subject, -strlen("=$row")) != "=$row")
$subject .= "/subjectAltName=$row";
-
+ $subject = mysql_real_escape_string($subject);
mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
echo _("Renewing").": ".$_SESSION['_config']['0.CN']."
\n";
@@ -783,7 +783,7 @@
}
mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
$row = mysql_fetch_assoc($res);
- $query = "insert into `emailcerts` set `memid`='".$row['memid']."', `CN`='".$row['CN']."',
+ $query = "insert into `emailcerts` set `memid`='".$row['memid']."', `CN`='".mysql_real_escape_string($row['CN'])."',
`keytype`='".$row['keytype']."', `csr_name`='".$row['csr_name']."',
`created`='".$row['created']."', `modified`=NOW(),
`rootcert`='".$row['rootcert']."'";
@@ -883,23 +883,23 @@
if($oldid == 13 && $_REQUEST['process'] != "")
{
- $_SESSION['_config']['user']['fname'] = trim(mysql_escape_string(stripslashes($fname)));
- $_SESSION['_config']['user']['mname'] = trim(mysql_escape_string(stripslashes($mname)));
- $_SESSION['_config']['user']['lname'] = trim(mysql_escape_string(stripslashes($lname)));
- $_SESSION['_config']['user']['suffix'] = trim(mysql_escape_string(stripslashes($suffix)));
+ $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes($fname)));
+ $_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes($mname)));
+ $_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes($lname)));
+ $_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes($suffix)));
$_SESSION['_config']['user']['day'] = intval($day);
$_SESSION['_config']['user']['month'] = intval($month);
$_SESSION['_config']['user']['year'] = intval($year);
- $_SESSION['_config']['user']['Q1'] = trim(mysql_escape_string(stripslashes($Q1)));
- $_SESSION['_config']['user']['Q2'] = trim(mysql_escape_string(stripslashes($Q2)));
- $_SESSION['_config']['user']['Q3'] = trim(mysql_escape_string(stripslashes($Q3)));
- $_SESSION['_config']['user']['Q4'] = trim(mysql_escape_string(stripslashes($Q4)));
- $_SESSION['_config']['user']['Q5'] = trim(mysql_escape_string(stripslashes($Q5)));
- $_SESSION['_config']['user']['A1'] = trim(mysql_escape_string(stripslashes($A1)));
- $_SESSION['_config']['user']['A2'] = trim(mysql_escape_string(stripslashes($A2)));
- $_SESSION['_config']['user']['A3'] = trim(mysql_escape_string(stripslashes($A3)));
- $_SESSION['_config']['user']['A4'] = trim(mysql_escape_string(stripslashes($A4)));
- $_SESSION['_config']['user']['A5'] = trim(mysql_escape_string(stripslashes($A5)));
+ $_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes($Q1)));
+ $_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes($Q2)));
+ $_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes($Q3)));
+ $_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes($Q4)));
+ $_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes($Q5)));
+ $_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes($A1)));
+ $_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes($A2)));
+ $_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes($A3)));
+ $_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes($A4)));
+ $_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes($A5)));
if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
$_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
@@ -973,9 +973,9 @@
if($oldid == 14 && $_REQUEST['process'] != "")
{
- $_SESSION['_config']['user']['oldpass'] = trim(mysql_escape_string(stripslashes($oldpassword)));
- $_SESSION['_config']['user']['pword1'] = trim(mysql_escape_string(stripslashes($pword1)));
- $_SESSION['_config']['user']['pword2'] = trim(mysql_escape_string(stripslashes($pword2)));
+ $_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($oldpassword)));
+ $_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($pword1)));
+ $_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($pword2)));
$id = 14;
showheader(_("My CAcert.org Account!"));
@@ -1013,7 +1013,7 @@
foreach($_POST['emails'] as $val)
{
- $val = mysql_escape_string(stripslashes(trim($val)));
+ $val = mysql_real_escape_string(stripslashes(trim($val)));
$bits = explode("@", $val);
$count = count($bits);
if($count != 2)
@@ -1030,7 +1030,7 @@
if($val != "")
$_SESSION['_config']['emails'][] = $val;
}
- $_SESSION['_config']['name'] = mysql_escape_string(stripslashes(trim($name)));
+ $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($name)));
}
if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
@@ -1575,12 +1575,12 @@
if($oldid == 24 && $_REQUEST['process'] != "")
{
$id = intval($oldid);
- $_SESSION['_config']['O'] = trim(mysql_escape_string(stripslashes($O)));
- $_SESSION['_config']['contact'] = trim(mysql_escape_string(stripslashes($contact)));
- $_SESSION['_config']['L'] = trim(mysql_escape_string(stripslashes($L)));
- $_SESSION['_config']['ST'] = trim(mysql_escape_string(stripslashes($ST)));
- $_SESSION['_config']['C'] = trim(mysql_escape_string(stripslashes($C)));
- $_SESSION['_config']['comments'] = trim(mysql_escape_string(stripslashes($comments)));
+ $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($O)));
+ $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($contact)));
+ $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($L)));
+ $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($ST)));
+ $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($C)));
+ $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($comments)));
if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
{
@@ -1602,12 +1602,12 @@
if($oldid == 27 && $_REQUEST['process'] != "")
{
$id = intval($oldid);
- $_SESSION['_config']['O'] = trim(mysql_escape_string(stripslashes($O)));
- $_SESSION['_config']['contact'] = trim(mysql_escape_string(stripslashes($contact)));
- $_SESSION['_config']['L'] = trim(mysql_escape_string(stripslashes($L)));
- $_SESSION['_config']['ST'] = trim(mysql_escape_string(stripslashes($ST)));
- $_SESSION['_config']['C'] = trim(mysql_escape_string(stripslashes($C)));
- $_SESSION['_config']['comments'] = trim(mysql_escape_string(stripslashes($comments)));
+ $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($O)));
+ $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($contact)));
+ $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($L)));
+ $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($ST)));
+ $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($C)));
+ $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($comments)));
if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
{
@@ -1629,7 +1629,7 @@
if($oldid == 28 && $_REQUEST['process'] != "")
{
- $domain = $_SESSION['_config']['domain'] = trim(mysql_escape_string(stripslashes($domainname)));
+ $domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($domainname)));
$res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
if(mysql_num_rows($res1) > 0)
{
@@ -1657,7 +1657,7 @@
if($oldid == 29 && $_REQUEST['process'] != "")
{
- $domain = mysql_escape_string(stripslashes(trim($domainname)));
+ $domain = mysql_real_escape_string(stripslashes(trim($domainname)));
$res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".$_SESSION['_config']['domid']."'");
$res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
@@ -1806,9 +1806,9 @@
$masteracc = $_SESSION['_config'][masteracc] = intval($masteracc);
else
$masteracc = $_SESSION['_config'][masteracc] = 0;
- $_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_escape_string(stripslashes(trim($_REQUEST['email'])));
- $OU = $_SESSION['_config']['OU'] = mysql_escape_string(stripslashes(trim($OU)));
- $comments = $_SESSION['_config']['comments'] = mysql_escape_string(stripslashes(trim($comments)));
+ $_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
+ $OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($OU)));
+ $comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($comments)));
$res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."'");
if(mysql_num_rows($res) <= 0)
{
@@ -1867,7 +1867,7 @@
if($oldid == 41)
{
- $lang = mysql_escape_string($_POST['lang']);
+ $lang = mysql_real_escape_string($_POST['lang']);
foreach($_SESSION['_config']['translations'] as $key => $val)
{
if($key == $lang)
@@ -1914,9 +1914,9 @@
$regid = intval($_REQUEST['regid']);
$newreg = intval($_REQUEST['newreg']);
$locid = intval($_REQUEST['locid']);
- $name = mysql_escape_string($_REQUEST['name']);
- $long = mysql_escape_string($_REQUEST['longitude']);
- $lat = mysql_escape_string($_REQUEST['latitude']);
+ $name = mysql_real_escape_string($_REQUEST['name']);
+ $long = mysql_real_escape_string($_REQUEST['longitude']);
+ $lat = mysql_real_escape_string($_REQUEST['latitude']);
if($locid > 0 && $_REQUEST['action'] == "edit" && $name == htmlentities($name))
{
@@ -2032,7 +2032,7 @@
{
echo _("No such user found.");
} else {
- mysql_query("update `users` set `password`=sha1('".mysql_escape_string(stripslashes($_POST['newpass']))."') where `id`='".intval($_POST['userid'])."'");
+ mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_POST['newpass']))."') where `id`='".intval($_POST['userid'])."'");
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_POST['userid']."'"));
printf(_("The password for %s has been updated successfully in the system."), $row['email']);
}
@@ -2252,7 +2252,7 @@
`tverify`='$uid',
`memid`='".$_SESSION['profile']['id']."',
`when`=NOW(), `vote`='$vote',
- `comment`='".mysql_escape_string($_POST['comment'])."'";
+ `comment`='".mysql_real_escape_string($_POST['comment'])."'";
mysql_query($query);
$rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'"));
diff --git a/www/ac.php b/www/ac.php
index dc5bc81..383db07 100644
--- a/www/ac.php
+++ b/www/ac.php
@@ -4,17 +4,17 @@
if($_REQUEST['i'] != "")
echo "