From 45a79bce5268047e1c9171e571f9230652d7d85f Mon Sep 17 00:00:00 2001
From: Philipp Dunkel <philipp@cacert.org>
Date: Wed, 2 Dec 2009 22:08:51 +0000
Subject: [PATCH] Prevented wrong root certificate selection due to session
 problem

---
 includes/account.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/includes/account.php b/includes/account.php
index e78b465..031b66c 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -295,6 +295,9 @@
 				if($_SESSION['_config']['incname'] == 4)
 					$emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n";
 			}
+			if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
+				$_SESSION['_config']['rootcert'] = 1;
+
 			$emails .= "SPKAC = $spkac";
 			$query = "insert into emailcerts set
 						`CN`='$defaultemail', 
@@ -374,6 +377,8 @@
 				$csr .= $data;
 			fclose($fp);
 			@unlink($tmpname);
+			if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
+				$_SESSION['_config']['rootcert'] = 1;
 
 			if($csr == "")
 			{
@@ -690,6 +695,8 @@
 					if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
 				}
 			}
+		if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
+			$_SESSION['_config']['rootcert'] = 1;
 
 		if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
 		{
@@ -1366,6 +1373,8 @@
 				$emails .= "stateOrProvinceName = ".$org['ST']."\n";
 			if($org['C'])
 				$emails .= "countryName = ".$org['C']."\n";
+			if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
+				$_SESSION['_config']['rootcert'] = 1;
 
 			$emails .= "SPKAC = $spkac";
 			$query = "insert into `orgemailcerts` set 
@@ -1444,6 +1453,9 @@
 				showfooter();
 				exit;
 			}
+			if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
+				$_SESSION['_config']['rootcert'] = 1;
+
 			$query = "insert into `orgemailcerts` set 
 						`CN`='$defaultemail', 
 						`keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
@@ -1715,6 +1727,8 @@
 
 		$type="";
 		if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8";
+		if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
+			$_SESSION['_config']['rootcert'] = 1;
 
                 if($_SESSION['_config']['rowid']['0'] > 0)
                 {