From 3af71ece2ae8bb7f6cc6c77b060727a99a2bac81 Mon Sep 17 00:00:00 2001
From: root <root@www.cacert.org>
Date: Thu, 20 Apr 2006 20:48:35 +0000
Subject: [PATCH] security fixes

---
 includes/account.php | 128 +++++++++++++++++++++----------------------
 www/ac.php           |  10 ++--
 www/gpg.php          |  10 ++--
 www/src-lic.php      |   2 +-
 4 files changed, 75 insertions(+), 75 deletions(-)

diff --git a/includes/account.php b/includes/account.php
index 68c0771..96d6213 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -29,7 +29,7 @@
 			showfooter();
 			exit;
 		}
-		if(trim(mysql_escape_string(stripslashes($_REQUEST['newemail']))) == "")
+		if(trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))) == "")
 		{
 			showheader(_("My CAcert.org Account!"));
 			printf(_("Not a valid email address. Can't continue."), $_REQUEST['email']);
@@ -37,7 +37,7 @@
 			exit;
 		}
 		unset($oldid);
-		$_REQUEST['email'] = trim(mysql_escape_string(stripslashes($_REQUEST['newemail'])));
+		$_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
 		$query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) > 0)
@@ -295,14 +295,14 @@
 			$query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='MS',
 						`memid`='".$_SESSION['profile']['id']."',
 						`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
-						`subject`='$csrsubject',
+						`subject`='".mysql_real_escape_string($csrsubject)."',
 						`codesign`='".$_SESSION['_config']['codesign']."',
 						`rootcert`='".$_SESSION['_config']['rootcert']."'";
 			mysql_query($query);
 			$emailid = mysql_insert_id();
 			if(is_array($addys))
 			foreach($addys as $addy)
-				mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
+				mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
 			$CSRname = $_SESSION['_config']['filepath']."/csr/client-$emailid.csr";
 			$fp = fopen($CSRname, "w");
 			fputs($fp, $csr);
@@ -336,7 +336,7 @@
 		}
 
 		$newdom = trim(escapeshellarg($newdomain));
-		$newdomain = mysql_escape_string(trim($newdomain));
+		$newdomain = mysql_real_escape_string(trim($newdomain));
 
 		$res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
 		$query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0";
@@ -367,7 +367,7 @@
 				$bits = explode(":", $line, 2);
 				$line = trim($bits[1]);
 				if(!in_array($line, $addy) && $line != "")
-					$addy[] = trim(mysql_escape_string(stripslashes($line)));
+					$addy[] = trim(mysql_real_escape_string(stripslashes($line)));
 			}
 		} else {
 			if(is_array($adds))
@@ -384,7 +384,7 @@
 						$line = $bit;
 				}
 				if(!in_array($line, $addy) && $line != "")
-					$addy[] = trim(mysql_escape_string(stripslashes($line)));
+					$addy[] = trim(mysql_real_escape_string(stripslashes($line)));
 			}
 		}
 
@@ -393,7 +393,7 @@
 			if(!in_array($sub, $addy))
 				$addy[] = $sub;
 		$_SESSION['_config']['addy'] = $addy;
-		$_SESSION['_config']['domain'] = mysql_escape_string($newdomain);
+		$_SESSION['_config']['domain'] = mysql_real_escape_string($newdomain);
 	}
 
 	if($_REQUEST['process'] != "" && $oldid == 8)
@@ -401,7 +401,7 @@
 		unset($oldid);
 		$id = 8;
 
-		$authaddy = trim(mysql_escape_string(stripslashes($_POST['authaddy'])));
+		$authaddy = trim(mysql_real_escape_string(stripslashes($_POST['authaddy'])));
 
 		if($authaddy == "" || !is_array($_SESSION['_config']['addy']))
 		{
@@ -419,7 +419,7 @@
 			exit;
 		}
 
-		$query = "select * from `domains` where `domain`='".$_SESSION['_config']['domain']."' and `deleted`=0";
+		$query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) > 0)
 		{
@@ -442,7 +442,7 @@
 		$hash = md5(fgets($rnd, 64));
 		fclose($rnd);
 
-		$query = "insert into `domains` set `domain`='".$_SESSION['_config']['domain']."',
+		$query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
 					`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
 		mysql_query($query);
 		$domainid = mysql_insert_id();
@@ -563,15 +563,15 @@
 
 		if($_SESSION['_config']['rowid']['0'] > 0)
 		{
-			$query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['rows']['0']."',
-						`domid`='".$_SESSION['_config']['rowid']['0']."',
-						`created`=NOW(),`subject`='$subject',
-						`rootcert`='".$_SESSION['_config']['rootcert']."'";
+			$query = "insert into `domaincerts` set `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
+						`domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
+						`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
+						`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
 		} else {
-			$query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['altrows']['0']."',
-						`domid`='".$_SESSION['_config']['altid']['0']."',
-						`created`=NOW(),`subject`='$subject',
-						`rootcert`='".$_SESSION['_config']['rootcert']."'";
+			$query = "insert into `domaincerts` set `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
+						`domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
+						`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
+						`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
 		}
 		mysql_query($query);
 		$CSRid = mysql_insert_id();
@@ -630,7 +630,7 @@
 				}
 				mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
 				$row = mysql_fetch_assoc($res);
-				$query = "insert into `domaincerts` set `domid`='".$row['domid']."', `CN`='".$row['CN']."',
+				$query = "insert into `domaincerts` set `domid`='".$row['domid']."', `CN`='".mysql_real_escape_string($row['CN'])."',
 						`csr_name`='".$row['csr_name']."', `created`='".$row['created']."',
 						`modified`=NOW(), `rootcert`='".$row['rootcert']."'";
 				mysql_query($query);
@@ -679,7 +679,7 @@
 						if(!strstr($subject, "=$row/") &&
 							substr($subject, -strlen("=$row")) != "=$row")
 							$subject .= "/subjectAltName=$row";
-
+				$subject = mysql_real_escape_string($subject);
 				mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
 
 				echo _("Renewing").": ".$_SESSION['_config']['0.CN']."<br>\n";
@@ -783,7 +783,7 @@
 				}
 				mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
 				$row = mysql_fetch_assoc($res);
-				$query = "insert into `emailcerts` set `memid`='".$row['memid']."', `CN`='".$row['CN']."',
+				$query = "insert into `emailcerts` set `memid`='".$row['memid']."', `CN`='".mysql_real_escape_string($row['CN'])."',
 						`keytype`='".$row['keytype']."', `csr_name`='".$row['csr_name']."', 
 						`created`='".$row['created']."', `modified`=NOW(),
 						`rootcert`='".$row['rootcert']."'";
@@ -883,23 +883,23 @@
 
 	if($oldid == 13 && $_REQUEST['process'] != "")
 	{
-		$_SESSION['_config']['user']['fname'] = trim(mysql_escape_string(stripslashes($fname)));
-		$_SESSION['_config']['user']['mname'] = trim(mysql_escape_string(stripslashes($mname)));
-		$_SESSION['_config']['user']['lname'] = trim(mysql_escape_string(stripslashes($lname)));
-		$_SESSION['_config']['user']['suffix'] = trim(mysql_escape_string(stripslashes($suffix)));
+		$_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes($fname)));
+		$_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes($mname)));
+		$_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes($lname)));
+		$_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes($suffix)));
 		$_SESSION['_config']['user']['day'] = intval($day);
 		$_SESSION['_config']['user']['month'] = intval($month);
 		$_SESSION['_config']['user']['year'] = intval($year);
-		$_SESSION['_config']['user']['Q1'] = trim(mysql_escape_string(stripslashes($Q1)));
-		$_SESSION['_config']['user']['Q2'] = trim(mysql_escape_string(stripslashes($Q2)));
-		$_SESSION['_config']['user']['Q3'] = trim(mysql_escape_string(stripslashes($Q3)));
-		$_SESSION['_config']['user']['Q4'] = trim(mysql_escape_string(stripslashes($Q4)));
-		$_SESSION['_config']['user']['Q5'] = trim(mysql_escape_string(stripslashes($Q5)));
-		$_SESSION['_config']['user']['A1'] = trim(mysql_escape_string(stripslashes($A1)));
-		$_SESSION['_config']['user']['A2'] = trim(mysql_escape_string(stripslashes($A2)));
-		$_SESSION['_config']['user']['A3'] = trim(mysql_escape_string(stripslashes($A3)));
-		$_SESSION['_config']['user']['A4'] = trim(mysql_escape_string(stripslashes($A4)));
-		$_SESSION['_config']['user']['A5'] = trim(mysql_escape_string(stripslashes($A5)));
+		$_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes($Q1)));
+		$_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes($Q2)));
+		$_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes($Q3)));
+		$_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes($Q4)));
+		$_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes($Q5)));
+		$_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes($A1)));
+		$_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes($A2)));
+		$_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes($A3)));
+		$_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes($A4)));
+		$_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes($A5)));
 
 		if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
 			$_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
@@ -973,9 +973,9 @@
 
 	if($oldid == 14 && $_REQUEST['process'] != "")
 	{
-		$_SESSION['_config']['user']['oldpass'] = trim(mysql_escape_string(stripslashes($oldpassword)));
-		$_SESSION['_config']['user']['pword1'] = trim(mysql_escape_string(stripslashes($pword1)));
-		$_SESSION['_config']['user']['pword2'] = trim(mysql_escape_string(stripslashes($pword2)));
+		$_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($oldpassword)));
+		$_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($pword1)));
+		$_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($pword2)));
 
 		$id = 14;
 		showheader(_("My CAcert.org Account!"));
@@ -1013,7 +1013,7 @@
 
 		foreach($_POST['emails'] as $val)
 		{
-			$val = mysql_escape_string(stripslashes(trim($val)));
+			$val = mysql_real_escape_string(stripslashes(trim($val)));
 			$bits = explode("@", $val);
 			$count = count($bits);
 			if($count != 2)
@@ -1030,7 +1030,7 @@
 			if($val != "")
 				$_SESSION['_config']['emails'][] = $val;
 		}
-		$_SESSION['_config']['name'] = mysql_escape_string(stripslashes(trim($name)));
+		$_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($name)));
 	}
 
 	if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
@@ -1575,12 +1575,12 @@
 	if($oldid == 24 && $_REQUEST['process'] != "")
 	{
 		$id = intval($oldid);
-		$_SESSION['_config']['O'] = trim(mysql_escape_string(stripslashes($O)));
-		$_SESSION['_config']['contact'] = trim(mysql_escape_string(stripslashes($contact)));
-		$_SESSION['_config']['L'] = trim(mysql_escape_string(stripslashes($L)));
-		$_SESSION['_config']['ST'] = trim(mysql_escape_string(stripslashes($ST)));
-		$_SESSION['_config']['C'] = trim(mysql_escape_string(stripslashes($C)));
-		$_SESSION['_config']['comments'] = trim(mysql_escape_string(stripslashes($comments)));
+		$_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($O)));
+		$_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($contact)));
+		$_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($L)));
+		$_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($ST)));
+		$_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($C)));
+		$_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($comments)));
 
 		if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
 		{
@@ -1602,12 +1602,12 @@
 	if($oldid == 27 && $_REQUEST['process'] != "")
 	{
 		$id = intval($oldid);
-		$_SESSION['_config']['O'] = trim(mysql_escape_string(stripslashes($O)));
-		$_SESSION['_config']['contact'] = trim(mysql_escape_string(stripslashes($contact)));
-		$_SESSION['_config']['L'] = trim(mysql_escape_string(stripslashes($L)));
-		$_SESSION['_config']['ST'] = trim(mysql_escape_string(stripslashes($ST)));
-		$_SESSION['_config']['C'] = trim(mysql_escape_string(stripslashes($C)));
-		$_SESSION['_config']['comments'] = trim(mysql_escape_string(stripslashes($comments)));
+		$_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($O)));
+		$_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($contact)));
+		$_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($L)));
+		$_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($ST)));
+		$_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($C)));
+		$_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($comments)));
 
 		if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
 		{
@@ -1629,7 +1629,7 @@
 
 	if($oldid == 28 && $_REQUEST['process'] != "")
 	{
-		$domain = $_SESSION['_config']['domain'] = trim(mysql_escape_string(stripslashes($domainname)));
+		$domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($domainname)));
 		$res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
 		if(mysql_num_rows($res1) > 0)
 		{
@@ -1657,7 +1657,7 @@
 
 	if($oldid == 29 && $_REQUEST['process'] != "")
 	{
-		$domain = mysql_escape_string(stripslashes(trim($domainname)));
+		$domain = mysql_real_escape_string(stripslashes(trim($domainname)));
 
 		$res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".$_SESSION['_config']['domid']."'");
 		$res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
@@ -1806,9 +1806,9 @@
 			$masteracc = $_SESSION['_config'][masteracc] = intval($masteracc);
 		else
 			$masteracc = $_SESSION['_config'][masteracc] = 0;
-		$_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_escape_string(stripslashes(trim($_REQUEST['email'])));
-		$OU = $_SESSION['_config']['OU'] = mysql_escape_string(stripslashes(trim($OU)));
-		$comments = $_SESSION['_config']['comments'] = mysql_escape_string(stripslashes(trim($comments)));
+		$_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
+		$OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($OU)));
+		$comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($comments)));
 		$res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."'");
 		if(mysql_num_rows($res) <= 0)
 		{
@@ -1867,7 +1867,7 @@
 
 	if($oldid == 41)
 	{
-		$lang = mysql_escape_string($_POST['lang']);
+		$lang = mysql_real_escape_string($_POST['lang']);
 		foreach($_SESSION['_config']['translations'] as $key => $val)
 		{
 			if($key == $lang)
@@ -1914,9 +1914,9 @@
 		$regid = intval($_REQUEST['regid']);
 		$newreg = intval($_REQUEST['newreg']);
 		$locid = intval($_REQUEST['locid']);
-		$name = mysql_escape_string($_REQUEST['name']);
-		$long = mysql_escape_string($_REQUEST['longitude']);
-		$lat = mysql_escape_string($_REQUEST['latitude']);
+		$name = mysql_real_escape_string($_REQUEST['name']);
+		$long = mysql_real_escape_string($_REQUEST['longitude']);
+		$lat = mysql_real_escape_string($_REQUEST['latitude']);
 
 		if($locid > 0 && $_REQUEST['action'] == "edit" && $name == htmlentities($name))
 		{
@@ -2032,7 +2032,7 @@
 		{
 			echo _("No such user found.");
 		} else {
-			mysql_query("update `users` set `password`=sha1('".mysql_escape_string(stripslashes($_POST['newpass']))."') where `id`='".intval($_POST['userid'])."'");
+			mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_POST['newpass']))."') where `id`='".intval($_POST['userid'])."'");
 			$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_POST['userid']."'"));
 			printf(_("The password for %s has been updated successfully in the system."), $row['email']);
 		}
@@ -2252,7 +2252,7 @@
 				`tverify`='$uid',
 				`memid`='".$_SESSION['profile']['id']."',
 				`when`=NOW(), `vote`='$vote',
-				`comment`='".mysql_escape_string($_POST['comment'])."'";
+				`comment`='".mysql_real_escape_string($_POST['comment'])."'";
 		mysql_query($query);
 
 		$rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'"));
diff --git a/www/ac.php b/www/ac.php
index dc5bc81..383db07 100644
--- a/www/ac.php
+++ b/www/ac.php
@@ -4,17 +4,17 @@
 	if($_REQUEST['i'] != "")
 		echo "<html><body><script language=\"JavaScript\"><!--\n";
 
-	$s = mysql_escape_string($_REQUEST['s']);
+	$s = mysql_real_escape_string($_REQUEST['s']);
 
-	$id = $_REQUEST['id'];
+	$id = intval($_REQUEST['id']);
 
 	echo "parent._ac_rpc('$id',";
 
 	$bits = explode(",", $s);
 
-	$loc = trim(mysql_escape_string($bits['0']));
-	$reg = trim(mysql_escape_string($bits['1']));
-	$ccname = trim(mysql_escape_string($bits['2']));
+	$loc = trim(mysql_real_escape_string($bits['0']));
+	$reg = trim(mysql_real_escape_string($bits['1']));
+	$ccname = trim(mysql_real_escape_string($bits['2']));
 	$query = "select `locations`.`id` as `locid`, `locations`.`name` as `locname`, `regions`.`name` as `regname`,
 			`countries`.`name` as `ccname` from `locations`, `regions`, `countries` where
 			`locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and
diff --git a/www/gpg.php b/www/gpg.php
index c62af26..6ff2339 100644
--- a/www/gpg.php
+++ b/www/gpg.php
@@ -42,7 +42,7 @@
 	if($oldid == "0" && $_POST['CSR'] != "")
 	{
 		$gpgkey = $_POST['CSR'];
-		$gpg = `echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1`;
+		$gpg = mysql_real_escape_string(trim(`echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1`));
 		$lines = "";
 		foreach(explode("\n", $gpg) as $line)
 		{
@@ -124,7 +124,7 @@
 			foreach($emailaddies as $email)
 			{
 				if(mysql_num_rows(mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and 
-						`email`='$email' and `deleted`=0 and `hash`=''")) > 0)
+						`email`='".mysql_real_escape_string($email)."' and `deleted`=0 and `hash`=''")) > 0)
 					continue;
 				$_SESSION['_config']['errmsg'] = _("No suitable emails could be matched from your PGP/GPG keys to what we have in the database. ('$email')");
 				unset($_POST['process']);
@@ -142,10 +142,10 @@
 	if($oldid == "0" && $_POST['CSR'] != "")
 	{
 		$query = "insert into `gpg` set `memid`='".$_SESSION['profile']['id']."',
-						`email`='".$emailaddies['0']."',
+						`email`='".mysql_real_escape_string($emailaddies['0'])."',
 						`level`='1',
-						`expires`='$expires',
-						`multiple`='$multiple'";
+						`expires`='".mysql_real_escape_string($expires)."',
+						`multiple`='".mysql_real_escape_string($multiple)."'";
 		mysql_query($query);
 		$id = mysql_insert_id();
 
diff --git a/www/src-lic.php b/www/src-lic.php
index 2e655b5..9e2cae6 100644
--- a/www/src-lic.php
+++ b/www/src-lic.php
@@ -1,7 +1,7 @@
 <?
 	if($process == "Confirm, I agree to these terms and conditions" && $iagree == "yes")
 	{
-		$output_file = $fname = "cacert-20060417.tar.bz2";
+		$output_file = $fname = "cacert-20060421.tar.bz2";
 
 		header('Pragma: public');