cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 7 Projects Releases 2 Wiki Activity

security fixes

Browse Source
pull/1/head
root 18 years ago
parent 589b2191f7
commit 3af71ece2a
4 changed files with 75 additions and 75 deletions
Show Stats Download Patch File Download Diff File

128
includes/account.php
Unescape Escape View File

@ -29,7 +29,7 @@
showfooter(); showfooter();
exit; exit;
} }
if(trim(mysql_escape_string(stripslashes($_REQUEST['newemail']))) == "") if(trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))) == "")
{ {
showheader(_("My CAcert.org Account!")); showheader(_("My CAcert.org Account!"));
printf(_("Not a valid email address. Can't continue."), $_REQUEST['email']); printf(_("Not a valid email address. Can't continue."), $_REQUEST['email']);
@ -37,7 +37,7 @@
exit; exit;
} }
unset($oldid); unset($oldid);
$_REQUEST['email'] = trim(mysql_escape_string(stripslashes($_REQUEST['newemail']))); $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
$query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0"; $query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) > 0) if(mysql_num_rows($res) > 0)
@ -295,14 +295,14 @@
$query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='MS', $query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='MS',
`memid`='".$_SESSION['profile']['id']."', `memid`='".$_SESSION['profile']['id']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='$csrsubject', `subject`='".mysql_real_escape_string($csrsubject)."',
`codesign`='".$_SESSION['_config']['codesign']."', `codesign`='".$_SESSION['_config']['codesign']."',
`rootcert`='".$_SESSION['_config']['rootcert']."'"; `rootcert`='".$_SESSION['_config']['rootcert']."'";
mysql_query($query); mysql_query($query);
$emailid = mysql_insert_id(); $emailid = mysql_insert_id();
if(is_array($addys)) if(is_array($addys))
foreach($addys as $addy) foreach($addys as $addy)
mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
$CSRname = $_SESSION['_config']['filepath']."/csr/client-$emailid.csr"; $CSRname = $_SESSION['_config']['filepath']."/csr/client-$emailid.csr";
$fp = fopen($CSRname, "w"); $fp = fopen($CSRname, "w");
fputs($fp, $csr); fputs($fp, $csr);
@ -336,7 +336,7 @@
} }
$newdom = trim(escapeshellarg($newdomain)); $newdom = trim(escapeshellarg($newdomain));
$newdomain = mysql_escape_string(trim($newdomain)); $newdomain = mysql_real_escape_string(trim($newdomain));
$res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'"); $res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
$query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0"; $query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0";
@ -367,7 +367,7 @@
$bits = explode(":", $line, 2); $bits = explode(":", $line, 2);
$line = trim($bits[1]); $line = trim($bits[1]);
if(!in_array($line, $addy) && $line != "") if(!in_array($line, $addy) && $line != "")
$addy[] = trim(mysql_escape_string(stripslashes($line))); $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
} }
} else { } else {
if(is_array($adds)) if(is_array($adds))
@ -384,7 +384,7 @@
$line = $bit; $line = $bit;
} }
if(!in_array($line, $addy) && $line != "") if(!in_array($line, $addy) && $line != "")
$addy[] = trim(mysql_escape_string(stripslashes($line))); $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
} }
} }
@ -393,7 +393,7 @@
if(!in_array($sub, $addy)) if(!in_array($sub, $addy))
$addy[] = $sub; $addy[] = $sub;
$_SESSION['_config']['addy'] = $addy; $_SESSION['_config']['addy'] = $addy;
$_SESSION['_config']['domain'] = mysql_escape_string($newdomain); $_SESSION['_config']['domain'] = mysql_real_escape_string($newdomain);
} }
if($_REQUEST['process'] != "" && $oldid == 8) if($_REQUEST['process'] != "" && $oldid == 8)
@ -401,7 +401,7 @@
unset($oldid); unset($oldid);
$id = 8; $id = 8;
$authaddy = trim(mysql_escape_string(stripslashes($_POST['authaddy']))); $authaddy = trim(mysql_real_escape_string(stripslashes($_POST['authaddy'])));
if($authaddy == "" || !is_array($_SESSION['_config']['addy'])) if($authaddy == "" || !is_array($_SESSION['_config']['addy']))
{ {
@ -419,7 +419,7 @@
exit; exit;
} }
$query = "select * from `domains` where `domain`='".$_SESSION['_config']['domain']."' and `deleted`=0"; $query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) > 0) if(mysql_num_rows($res) > 0)
{ {
@ -442,7 +442,7 @@
$hash = md5(fgets($rnd, 64)); $hash = md5(fgets($rnd, 64));
fclose($rnd); fclose($rnd);
$query = "insert into `domains` set `domain`='".$_SESSION['_config']['domain']."', $query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'"; `memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
mysql_query($query); mysql_query($query);
$domainid = mysql_insert_id(); $domainid = mysql_insert_id();
@ -563,15 +563,15 @@
if($_SESSION['_config']['rowid']['0'] > 0) if($_SESSION['_config']['rowid']['0'] > 0)
{ {
$query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['rows']['0']."', $query = "insert into `domaincerts` set `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
`domid`='".$_SESSION['_config']['rowid']['0']."', `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
`created`=NOW(),`subject`='$subject', `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
`rootcert`='".$_SESSION['_config']['rootcert']."'"; `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
} else { } else {
$query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['altrows']['0']."', $query = "insert into `domaincerts` set `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
`domid`='".$_SESSION['_config']['altid']['0']."', `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
`created`=NOW(),`subject`='$subject', `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
`rootcert`='".$_SESSION['_config']['rootcert']."'"; `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
} }
mysql_query($query); mysql_query($query);
$CSRid = mysql_insert_id(); $CSRid = mysql_insert_id();
@ -630,7 +630,7 @@
} }
mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'"); mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
$row = mysql_fetch_assoc($res); $row = mysql_fetch_assoc($res);
$query = "insert into `domaincerts` set `domid`='".$row['domid']."', `CN`='".$row['CN']."', $query = "insert into `domaincerts` set `domid`='".$row['domid']."', `CN`='".mysql_real_escape_string($row['CN'])."',
`csr_name`='".$row['csr_name']."', `created`='".$row['created']."', `csr_name`='".$row['csr_name']."', `created`='".$row['created']."',
`modified`=NOW(), `rootcert`='".$row['rootcert']."'"; `modified`=NOW(), `rootcert`='".$row['rootcert']."'";
mysql_query($query); mysql_query($query);
@ -679,7 +679,7 @@
if(!strstr($subject, "=$row/") && if(!strstr($subject, "=$row/") &&
substr($subject, -strlen("=$row")) != "=$row") substr($subject, -strlen("=$row")) != "=$row")
$subject .= "/subjectAltName=$row"; $subject .= "/subjectAltName=$row";
$subject = mysql_real_escape_string($subject);
mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'"); mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
echo _("Renewing").": ".$_SESSION['_config']['0.CN']."<br>\n"; echo _("Renewing").": ".$_SESSION['_config']['0.CN']."<br>\n";
@ -783,7 +783,7 @@
} }
mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'"); mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
$row = mysql_fetch_assoc($res); $row = mysql_fetch_assoc($res);
$query = "insert into `emailcerts` set `memid`='".$row['memid']."', `CN`='".$row['CN']."', $query = "insert into `emailcerts` set `memid`='".$row['memid']."', `CN`='".mysql_real_escape_string($row['CN'])."',
`keytype`='".$row['keytype']."', `csr_name`='".$row['csr_name']."', `keytype`='".$row['keytype']."', `csr_name`='".$row['csr_name']."',
`created`='".$row['created']."', `modified`=NOW(), `created`='".$row['created']."', `modified`=NOW(),
`rootcert`='".$row['rootcert']."'"; `rootcert`='".$row['rootcert']."'";
@ -883,23 +883,23 @@
if($oldid == 13 && $_REQUEST['process'] != "") if($oldid == 13 && $_REQUEST['process'] != "")
{ {
$_SESSION['_config']['user']['fname'] = trim(mysql_escape_string(stripslashes($fname))); $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes($fname)));
$_SESSION['_config']['user']['mname'] = trim(mysql_escape_string(stripslashes($mname))); $_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes($mname)));
$_SESSION['_config']['user']['lname'] = trim(mysql_escape_string(stripslashes($lname))); $_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes($lname)));
$_SESSION['_config']['user']['suffix'] = trim(mysql_escape_string(stripslashes($suffix))); $_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes($suffix)));
$_SESSION['_config']['user']['day'] = intval($day); $_SESSION['_config']['user']['day'] = intval($day);
$_SESSION['_config']['user']['month'] = intval($month); $_SESSION['_config']['user']['month'] = intval($month);
$_SESSION['_config']['user']['year'] = intval($year); $_SESSION['_config']['user']['year'] = intval($year);
$_SESSION['_config']['user']['Q1'] = trim(mysql_escape_string(stripslashes($Q1))); $_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes($Q1)));
$_SESSION['_config']['user']['Q2'] = trim(mysql_escape_string(stripslashes($Q2))); $_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes($Q2)));
$_SESSION['_config']['user']['Q3'] = trim(mysql_escape_string(stripslashes($Q3))); $_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes($Q3)));
$_SESSION['_config']['user']['Q4'] = trim(mysql_escape_string(stripslashes($Q4))); $_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes($Q4)));
$_SESSION['_config']['user']['Q5'] = trim(mysql_escape_string(stripslashes($Q5))); $_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes($Q5)));
$_SESSION['_config']['user']['A1'] = trim(mysql_escape_string(stripslashes($A1))); $_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes($A1)));
$_SESSION['_config']['user']['A2'] = trim(mysql_escape_string(stripslashes($A2))); $_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes($A2)));
$_SESSION['_config']['user']['A3'] = trim(mysql_escape_string(stripslashes($A3))); $_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes($A3)));
$_SESSION['_config']['user']['A4'] = trim(mysql_escape_string(stripslashes($A4))); $_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes($A4)));
$_SESSION['_config']['user']['A5'] = trim(mysql_escape_string(stripslashes($A5))); $_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes($A5)));
if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" || if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
$_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" || $_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
@ -973,9 +973,9 @@
if($oldid == 14 && $_REQUEST['process'] != "") if($oldid == 14 && $_REQUEST['process'] != "")
{ {
$_SESSION['_config']['user']['oldpass'] = trim(mysql_escape_string(stripslashes($oldpassword))); $_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($oldpassword)));
$_SESSION['_config']['user']['pword1'] = trim(mysql_escape_string(stripslashes($pword1))); $_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($pword1)));
$_SESSION['_config']['user']['pword2'] = trim(mysql_escape_string(stripslashes($pword2))); $_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($pword2)));
$id = 14; $id = 14;
showheader(_("My CAcert.org Account!")); showheader(_("My CAcert.org Account!"));
@ -1013,7 +1013,7 @@
foreach($_POST['emails'] as $val) foreach($_POST['emails'] as $val)
{ {
$val = mysql_escape_string(stripslashes(trim($val))); $val = mysql_real_escape_string(stripslashes(trim($val)));
$bits = explode("@", $val); $bits = explode("@", $val);
$count = count($bits); $count = count($bits);
if($count != 2) if($count != 2)
@ -1030,7 +1030,7 @@
if($val != "") if($val != "")
$_SESSION['_config']['emails'][] = $val; $_SESSION['_config']['emails'][] = $val;
} }
$_SESSION['_config']['name'] = mysql_escape_string(stripslashes(trim($name))); $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($name)));
} }
if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0) if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
@ -1575,12 +1575,12 @@
if($oldid == 24 && $_REQUEST['process'] != "") if($oldid == 24 && $_REQUEST['process'] != "")
{ {
$id = intval($oldid); $id = intval($oldid);
$_SESSION['_config']['O'] = trim(mysql_escape_string(stripslashes($O))); $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($O)));
$_SESSION['_config']['contact'] = trim(mysql_escape_string(stripslashes($contact))); $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($contact)));
$_SESSION['_config']['L'] = trim(mysql_escape_string(stripslashes($L))); $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($L)));
$_SESSION['_config']['ST'] = trim(mysql_escape_string(stripslashes($ST))); $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($ST)));
$_SESSION['_config']['C'] = trim(mysql_escape_string(stripslashes($C))); $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($C)));
$_SESSION['_config']['comments'] = trim(mysql_escape_string(stripslashes($comments))); $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($comments)));
if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "") if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
{ {
@ -1602,12 +1602,12 @@
if($oldid == 27 && $_REQUEST['process'] != "") if($oldid == 27 && $_REQUEST['process'] != "")
{ {
$id = intval($oldid); $id = intval($oldid);
$_SESSION['_config']['O'] = trim(mysql_escape_string(stripslashes($O))); $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($O)));
$_SESSION['_config']['contact'] = trim(mysql_escape_string(stripslashes($contact))); $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($contact)));
$_SESSION['_config']['L'] = trim(mysql_escape_string(stripslashes($L))); $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($L)));
$_SESSION['_config']['ST'] = trim(mysql_escape_string(stripslashes($ST))); $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($ST)));
$_SESSION['_config']['C'] = trim(mysql_escape_string(stripslashes($C))); $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($C)));
$_SESSION['_config']['comments'] = trim(mysql_escape_string(stripslashes($comments))); $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($comments)));
if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "") if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
{ {
@ -1629,7 +1629,7 @@
if($oldid == 28 && $_REQUEST['process'] != "") if($oldid == 28 && $_REQUEST['process'] != "")
{ {
$domain = $_SESSION['_config']['domain'] = trim(mysql_escape_string(stripslashes($domainname))); $domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($domainname)));
$res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'"); $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
if(mysql_num_rows($res1) > 0) if(mysql_num_rows($res1) > 0)
{ {
@ -1657,7 +1657,7 @@
if($oldid == 29 && $_REQUEST['process'] != "") if($oldid == 29 && $_REQUEST['process'] != "")
{ {
$domain = mysql_escape_string(stripslashes(trim($domainname))); $domain = mysql_real_escape_string(stripslashes(trim($domainname)));
$res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".$_SESSION['_config']['domid']."'"); $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".$_SESSION['_config']['domid']."'");
$res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0"); $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
@ -1806,9 +1806,9 @@
$masteracc = $_SESSION['_config'][masteracc] = intval($masteracc); $masteracc = $_SESSION['_config'][masteracc] = intval($masteracc);
else else
$masteracc = $_SESSION['_config'][masteracc] = 0; $masteracc = $_SESSION['_config'][masteracc] = 0;
$_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_escape_string(stripslashes(trim($_REQUEST['email']))); $_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
$OU = $_SESSION['_config']['OU'] = mysql_escape_string(stripslashes(trim($OU))); $OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($OU)));
$comments = $_SESSION['_config']['comments'] = mysql_escape_string(stripslashes(trim($comments))); $comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($comments)));
$res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."'"); $res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."'");
if(mysql_num_rows($res) <= 0) if(mysql_num_rows($res) <= 0)
{ {
@ -1867,7 +1867,7 @@
if($oldid == 41) if($oldid == 41)
{ {
$lang = mysql_escape_string($_POST['lang']); $lang = mysql_real_escape_string($_POST['lang']);
foreach($_SESSION['_config']['translations'] as $key => $val) foreach($_SESSION['_config']['translations'] as $key => $val)
{ {
if($key == $lang) if($key == $lang)
@ -1914,9 +1914,9 @@
$regid = intval($_REQUEST['regid']); $regid = intval($_REQUEST['regid']);
$newreg = intval($_REQUEST['newreg']); $newreg = intval($_REQUEST['newreg']);
$locid = intval($_REQUEST['locid']); $locid = intval($_REQUEST['locid']);
$name = mysql_escape_string($_REQUEST['name']); $name = mysql_real_escape_string($_REQUEST['name']);
$long = mysql_escape_string($_REQUEST['longitude']); $long = mysql_real_escape_string($_REQUEST['longitude']);
$lat = mysql_escape_string($_REQUEST['latitude']); $lat = mysql_real_escape_string($_REQUEST['latitude']);
if($locid > 0 && $_REQUEST['action'] == "edit" && $name == htmlentities($name)) if($locid > 0 && $_REQUEST['action'] == "edit" && $name == htmlentities($name))
{ {
@ -2032,7 +2032,7 @@
{ {
echo _("No such user found."); echo _("No such user found.");
} else { } else {
mysql_query("update `users` set `password`=sha1('".mysql_escape_string(stripslashes($_POST['newpass']))."') where `id`='".intval($_POST['userid'])."'"); mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_POST['newpass']))."') where `id`='".intval($_POST['userid'])."'");
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_POST['userid']."'")); $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_POST['userid']."'"));
printf(_("The password for %s has been updated successfully in the system."), $row['email']); printf(_("The password for %s has been updated successfully in the system."), $row['email']);
} }
@ -2252,7 +2252,7 @@
`tverify`='$uid', `tverify`='$uid',
`memid`='".$_SESSION['profile']['id']."', `memid`='".$_SESSION['profile']['id']."',
`when`=NOW(), `vote`='$vote', `when`=NOW(), `vote`='$vote',
`comment`='".mysql_escape_string($_POST['comment'])."'"; `comment`='".mysql_real_escape_string($_POST['comment'])."'";
mysql_query($query); mysql_query($query);
$rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'")); $rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'"));

10
www/ac.php
Unescape Escape View File

@ -4,17 +4,17 @@
if($_REQUEST['i'] != "") if($_REQUEST['i'] != "")
echo "<html><body><script language=\"JavaScript\"><!--\n"; echo "<html><body><script language=\"JavaScript\"><!--\n";
$s = mysql_escape_string($_REQUEST['s']); $s = mysql_real_escape_string($_REQUEST['s']);
$id = $_REQUEST['id']; $id = intval($_REQUEST['id']);
echo "parent._ac_rpc('$id',"; echo "parent._ac_rpc('$id',";
$bits = explode(",", $s); $bits = explode(",", $s);
$loc = trim(mysql_escape_string($bits['0'])); $loc = trim(mysql_real_escape_string($bits['0']));
$reg = trim(mysql_escape_string($bits['1'])); $reg = trim(mysql_real_escape_string($bits['1']));
$ccname = trim(mysql_escape_string($bits['2'])); $ccname = trim(mysql_real_escape_string($bits['2']));
$query = "select `locations`.`id` as `locid`, `locations`.`name` as `locname`, `regions`.`name` as `regname`, $query = "select `locations`.`id` as `locid`, `locations`.`name` as `locname`, `regions`.`name` as `regname`,
`countries`.`name` as `ccname` from `locations`, `regions`, `countries` where `countries`.`name` as `ccname` from `locations`, `regions`, `countries` where
`locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and `locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and

10
www/gpg.php
Unescape Escape View File

@ -42,7 +42,7 @@
if($oldid == "0" && $_POST['CSR'] != "") if($oldid == "0" && $_POST['CSR'] != "")
{ {
$gpgkey = $_POST['CSR']; $gpgkey = $_POST['CSR'];
$gpg = `echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1`; $gpg = mysql_real_escape_string(trim(`echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1`));
$lines = ""; $lines = "";
foreach(explode("\n", $gpg) as $line) foreach(explode("\n", $gpg) as $line)
{ {
@ -124,7 +124,7 @@
foreach($emailaddies as $email) foreach($emailaddies as $email)
{ {
if(mysql_num_rows(mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and if(mysql_num_rows(mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and
`email`='$email' and `deleted`=0 and `hash`=''")) > 0) `email`='".mysql_real_escape_string($email)."' and `deleted`=0 and `hash`=''")) > 0)
continue; continue;
$_SESSION['_config']['errmsg'] = _("No suitable emails could be matched from your PGP/GPG keys to what we have in the database. ('$email')"); $_SESSION['_config']['errmsg'] = _("No suitable emails could be matched from your PGP/GPG keys to what we have in the database. ('$email')");
unset($_POST['process']); unset($_POST['process']);
@ -142,10 +142,10 @@
if($oldid == "0" && $_POST['CSR'] != "") if($oldid == "0" && $_POST['CSR'] != "")
{ {
$query = "insert into `gpg` set `memid`='".$_SESSION['profile']['id']."', $query = "insert into `gpg` set `memid`='".$_SESSION['profile']['id']."',
`email`='".$emailaddies['0']."', `email`='".mysql_real_escape_string($emailaddies['0'])."',
`level`='1', `level`='1',
`expires`='$expires', `expires`='".mysql_real_escape_string($expires)."',
`multiple`='$multiple'"; `multiple`='".mysql_real_escape_string($multiple)."'";
mysql_query($query); mysql_query($query);
$id = mysql_insert_id(); $id = mysql_insert_id();

2
www/src-lic.php
Unescape Escape View File

@ -1,7 +1,7 @@
<? <?
if($process == "Confirm, I agree to these terms and conditions" && $iagree == "yes") if($process == "Confirm, I agree to these terms and conditions" && $iagree == "yes")
{ {
$output_file = $fname = "cacert-20060417.tar.bz2"; $output_file = $fname = "cacert-20060421.tar.bz2";
header('Pragma: public'); header('Pragma: public');

Write Preview
Loading…
Cancel
Save