From 4982654f2c3e907da7abcb4fd342eeb180ab6426 Mon Sep 17 00:00:00 2001
From: root <root@www.cacert.org>
Date: Wed, 27 Aug 2008 23:07:21 +0000
Subject: [PATCH] Improved register_globals handling

---
 www/index.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/www/index.php b/www/index.php
index 624f2d6..997e7b6 100644
--- a/www/index.php
+++ b/www/index.php
@@ -550,14 +550,14 @@
 
 	if($oldid == 11 && $process != "")
 	{
-		$who = stripslashes($who);
+		$who = stripslashes($_REQUEST['who']);
 		$email = stripslashes($_REQUEST['email']);
-		$subject = stripslashes($subject);
-		$message = stripslashes($message);
+		$subject = stripslashes($_REQUEST['subject']);
+		$message = stripslashes($_REQUEST['message']);
 		$secrethash = $_REQUEST['secrethash2'];
 
 		if($_SESSION['_config']['secrethash'] != $secrethash || $secrethash == "" || $_SESSION['_config']['secrethash'] == "" ||
-			strstr($subject, "botmetka") || strstr($subject, "servermetka"))
+			strstr($subject, "botmetka") || strstr($subject, "servermetka") || strstr($who,"\n") || strstr($email,"\n") || strstr($subject,"\n") )
 		{
 			$id = $oldid;
 			$process = "";