Fixed XSS exploits

includes/general.php

@@ -677,9 +677,9 @@
 		while($trycount++ <= 30)
 		{
 			if($table == "gpg")
-				$query = "select * from `$table` where `id`='$certid' and `crt` != ''";
+				$query = "select * from `$table` where `id`='".intval($certid)."' and `crt` != ''";
 			else
-				$query = "select * from `$table` where `id`='$certid' and `crt_name` != ''";
+				$query = "select * from `$table` where `id`='".intval($certid)."' and `crt_name` != ''";
 			$res = mysql_query($query);
 			if(mysql_num_rows($res) > 0)
 			{
@@ -692,12 +692,12 @@
 		if(!$found)
 		{
 			if($show) showheader(_("My CAcert.org Account!"));
-			$query = "select * from `$table` where `id`='$certid' ";
+			$query = "select * from `$table` where `id`='".intval($certid)."' ";
 			$res = mysql_query($query);
 			if(mysql_num_rows($res) > 0)
 				printf(_("Your certificate request is still queued and hasn't been processed yet. Please wait, and go to Certificates -> View to see it's status."));
 			else
-				printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." certid:$table:$certid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
+				printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." certid:$table:".intval($certid), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
 			if($show) showfooter();
 			if($show) exit;
 		}