cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 2 Projects Releases Wiki Activity

Fix for https://bugs.cacert.org/view.php?id=1273

Browse Source 
"Replace all backtick operators with calls to runCommand() or shell_exec()"
pull/1/head
Wytze van der Raay 10 years ago
parent ca2fe0bc16
commit 4f70392a23
9 changed files with 41 additions and 34 deletions
Show Stats Download Patch File Download Diff File

39
includes/account.php
Unescape Escape View File

@ -402,7 +402,7 @@ function buildSubjectFromSession() {
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
$CSRname_esc = escapeshellarg($CSRname);
$res=`openssl spkac -verify -in $CSRname_esc`;
$res=shell_exec("openssl spkac -verify -in $CSRname_esc");
if(!strstr($res,"Challenge String: ".$challenge))
{
$id = $oldid;
@ -466,7 +466,7 @@ function buildSubjectFromSession() {
$tmpname = tempnam("/tmp", "id4csr");
$tmpfname_esc = escapeshellarg($tmpfname);
$tmpname_esc = escapeshellarg($tmpname);
$do = `/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc`; // -subj "$csr"`;
$do = shell_exec("/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc"); // -subj "$csr";
@unlink($tmpfname);
$csr = "";
$fp = fopen($tmpname, "r");
@ -570,7 +570,7 @@ function buildSubjectFromSession() {
$addy = array();
$adds = array();
if(strtolower(substr($newdom, -4, 3)) != ".jp")
$adds = explode("\n", trim(`/usr/bin/whois $newdom|grep "@"`));
$adds = explode("\n", trim(shell_exec("/usr/bin/whois $newdom|grep \"@\"")));
if(substr($newdomain, -4) == ".org" || substr($newdomain, -5) == ".info")
{
if(is_array($adds))
@ -740,8 +740,8 @@ function buildSubjectFromSession() {
fputs($fp, $CSR);
fclose($fp);
$CSR = escapeshellarg($_SESSION['_config']['tmpfname']);
$_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep "Subject:"`);
$bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
$_SESSION['_config']['subject'] = trim(shell_exec("/usr/bin/openssl req -text -noout -in $CSR |tr -d \"\\0\"|grep \"Subject:\""));
$bits = explode(",", trim(shell_exec("/usr/bin/openssl req -text -noout -in $CSR |tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:")));
foreach($bits as $val)
{
$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@ -911,8 +911,8 @@ function buildSubjectFromSession() {
$newfile=generatecertpath("csr","server",$newid);
copy($row['csr_name'], $newfile);
$newfile_esc = escapeshellarg($newfile);
$_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d "\\0"|grep "Subject:"`);
$bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
$_SESSION['_config']['subject'] = trim(shell_exec("/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d \"\\0\"|grep \"Subject:\""));
$bits = explode(",", trim(shell_exec("/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:")));
foreach($bits as $val)
{
$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@ -942,7 +942,7 @@ function buildSubjectFromSession() {
} else {
$drow = mysql_fetch_assoc($res);
$crt_name = escapeshellarg($drow['crt_name']);
$cert = `/usr/bin/openssl x509 -in $crt_name`;
$cert = shell_exec("/usr/bin/openssl x509 -in $crt_name");
echo "<pre>\n$cert\n</pre>\n";
}
}
@ -1549,7 +1549,7 @@ function buildSubjectFromSession() {
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
$CSRname_esc = escapeshellarg($CSRname);
$res=`openssl spkac -verify -in $CSRname_esc`;
$res=shell_exec("openssl spkac -verify -in $CSRname_esc");
if(!strstr($res,"Challenge String: ".$challenge))
{
$id = $oldid;
@ -1603,7 +1603,7 @@ function buildSubjectFromSession() {
$tmpname = tempnam("/tmp", "id17csr");
$tmpfname_esc = escapeshellarg($tmpfname);
$tmpname_esc = escapeshellarg($tmpname);
$do = `/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc`;
$do = shell_exec("/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc");
@unlink($tmpfname);
$csr = "";
$fp = fopen($tmpname, "r");
@ -1857,8 +1857,8 @@ function buildSubjectFromSession() {
fputs($fp, $CSR);
fclose($fp);
$CSR = escapeshellarg($_SESSION['_config']['tmpfname']);
$_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep "Subject:"`);
$bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
$_SESSION['_config']['subject'] = trim(shell_exec("/usr/bin/openssl req -text -noout -in $CSR |tr -d \"\\0\"|grep \"Subject:\""));
$bits = explode(",", trim(shell_exec("/usr/bin/openssl req -text -noout -in $CSR |tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:")));
foreach($bits as $val)
{
$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@ -2081,7 +2081,7 @@ function buildSubjectFromSession() {
} else {
$drow = mysql_fetch_assoc($res);
$crtname = escapeshellarg($drow['crt_name']);
$cert = `/usr/bin/openssl x509 -in $crtname`;
$cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
echo "<pre>\n$cert\n</pre>\n";
}
}
@ -2802,8 +2802,10 @@ function buildSubjectFromSession() {
{
$CSR = clean_csr($CSR);
$_SESSION['_config']['CSR'] = $CSR;
$_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep "Subject:"`);
$bits = explode(",", trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
runCommand("/usr/bin/openssl req -text -noout|tr -d \"\\0\"|grep \"Subject:\"", $CSR, $CSRSubjects);
runCommand("/usr/bin/openssl req -text -noout|tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:", $CSR, $CSRAlts);
$_SESSION['_config']['subject'] = trim($CSRSubjects);
$bits = explode(",", trim($CSRAlts));
foreach($bits as $val)
{
$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@ -2827,8 +2829,11 @@ function buildSubjectFromSession() {
if($process != "" && $oldid == 46)
{
$CSR = clean_csr($_SESSION['_config']['CSR']);
$_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep "Subject:"`);
$bits = explode(",", trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
runCommand("/usr/bin/openssl req -text -noout|tr -d \"\\0\"|grep \"Subject:\"", $CSR, $CSRSubjects);
runCommand("/usr/bin/openssl req -text -noout|tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:", $CSR, $CSRAlts);
$_SESSION['_config']['subject'] = trim($CSRSubjects);
$bits = explode(",", trim($CSRAlts));
foreach($bits as $val)
{
$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);

9
includes/general.php
Unescape Escape View File

@ -219,7 +219,7 @@
//echo "Points due to name matches: $points<br/>";
$shellpwd = escapeshellarg($pwd);
$do = `grep -F -- $shellpwd /usr/share/dict/american-english`;
$do = shell_exec("grep -F -- $shellpwd /usr/share/dict/american-english");
if($do)
$points--;
@ -527,7 +527,8 @@
$fp = fopen($tmpfname, "w");
fputs($fp, $message);
fclose($fp);
$do = `/usr/bin/gpg --homedir /home/gpg --clearsign "$tmpfname"|/usr/sbin/sendmail "$to"`;
$to_esc = escapeshellarg($to);
$do = shell_exec("/usr/bin/gpg --homedir /home/gpg --clearsign \"$tmpfname\"|/usr/sbin/sendmail ".$to_esc);
@unlink($tmpfname);
}
@ -538,9 +539,9 @@
{
list($username,$domain)=explode('@',$email,2);
$dom = escapeshellarg($domain);
$line = trim(`dig +short MX $dom 2>&1`);
$line = trim(shell_exec("dig +short MX $dom 2>&1"));
#echo $email."-$dom-$line-\n";
#echo `dig +short mx heise.de 2>&1`."-<br>\n";
#echo shell_exec("dig +short mx heise.de 2>&1")."-<br>\n";
$list = explode("\n", $line);
foreach($list as $row) {

2
pages/account/15.php
Unescape Escape View File

@ -30,7 +30,7 @@
}
$row = mysql_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
$cert = `/usr/bin/openssl x509 -in $crtname`;
$cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
?>
<h3><?=_("Below is your Server Certificate")?></h3>
<pre>

2
pages/account/19.php
Unescape Escape View File

@ -31,7 +31,7 @@
}
$row = mysql_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
$cert = `/usr/bin/openssl x509 -in $crtname`;
$cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
if($row['keytype'] == "NS")
{

2
pages/account/23.php
Unescape Escape View File

@ -30,7 +30,7 @@
}
$row = mysql_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
$cert = `/usr/bin/openssl x509 -in $crtname`;
$cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
?>
<h3><?=_("Below is your Server Certificate")?></h3>
<pre>

6
pages/account/6.php
Unescape Escape View File

@ -60,7 +60,7 @@ if (array_key_exists('format', $_REQUEST)) {
}
$crtname=escapeshellarg($row['crt_name']);
$cert = `/usr/bin/openssl x509 -in $crtname $outform`;
$cert = shell_exec("/usr/bin/openssl x509 -in $crtname $outform");
header("Content-Type: application/pkix-cert");
header("Content-Length: ".strlen($cert));
@ -82,7 +82,7 @@ if (array_key_exists('format', $_REQUEST)) {
} else {
// All other browsers
$crtname=escapeshellarg($row['crt_name']);
$cert = `/usr/bin/openssl x509 -in $crtname -outform DER`;
$cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform DER");
header("Content-Type: application/x-x509-user-cert");
header("Content-Length: ".strlen($cert));
@ -111,7 +111,7 @@ if (array_key_exists('format', $_REQUEST)) {
// Allow to directly copy and paste the cert in PEM format
$crtname=escapeshellarg($row['crt_name']);
$cert = `/usr/bin/openssl x509 -in $crtname -outform PEM`;
$cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform PEM");
echo "<pre>$cert</pre>";
?>

5
scripts/cron/warning.php
Unescape Escape View File

@ -1,5 +1,5 @@
#!/usr/bin/php -q
<? /*
<?php /*
LibreSSL - CAcert web application
Copyright (C) 2004-2008 CAcert Inc.
@ -18,6 +18,7 @@
*/
require_once(dirname(__FILE__).'/../../includes/mysql.php');
require_once(dirname(__FILE__).'/../../includes/lib/general.php');
$days = array("1" => "3", "15" => "2", "30" => "1", "45" => "0");
@ -39,7 +40,7 @@
$row['crt_name'] = str_replace("../", "www/", $row['crt_name']);
$row['crt_name'] = "/home/cacert/".$row['crt_name'];
$crt_name = escapeshellarg($row['crt_name']);
$subject = `openssl x509 -in $crt_name -text -noout|grep Subject:`;
$subject = runCommand("openssl x509 -in $crt_name -text -noout|grep Subject:");
$bits = explode("/", $subject);
foreach($bits as $val)
{

4
www/api/ccsr.php
Unescape Escape View File

@ -75,7 +75,7 @@ require_once '../../includes/lib/check_weak_key.php';
fclose($fp);
$incsr_esc = escapeshellarg($incsr);
$checkedcsr_esc = escapeshellarg($checkedcsr);
$do = `/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc`;
$do = shell_exec("/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc");
@unlink($incsr);
if(filesize($checkedcsr) <= 0)
die("404,Invalid or missing CSR");
@ -97,7 +97,7 @@ require_once '../../includes/lib/check_weak_key.php';
foreach($emails as $emailid => $email)
mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='".intval($emailid)."'");
$do = `../../scripts/runclient`;
$do = shell_exec("../../scripts/runclient");
sleep(10); // THIS IS BROKEN AND SHOULD BE FIXED
$query = "select * from `emailcerts` where `id`='$certid' and `crt_name` != ''";
$res = mysql_query($query);

6
www/gpg.php
Unescape Escape View File

@ -112,7 +112,7 @@ function verifyEmail($email)
clean_gpgcsr($CSR),
$gpg);
`rm -r $tmpdir`;
shell_exec("rm -r $tmpdir");
}
if ($err)
@ -340,7 +340,7 @@ function verifyEmail($email)
$cmd_keyid = escapeshellarg($keyid);
$gpg = trim(`gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $cmd_keyid 2>&1`);
$gpg = trim(shell_exec("gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $cmd_keyid 2>&1"));
$lines = "";
$gpgarr = explode("\n", $gpg);
foreach($gpgarr as $line)
@ -525,7 +525,7 @@ function verifyEmail($email)
$csrname=generatecertpath("csr","gpg",$insert_id);
$cmd_keyid = escapeshellarg($keyid);
$do=`gpg --homedir $cwd --batch --export-options export-minimal --export $cmd_keyid >$csrname`;
$do=shell_exec("gpg --homedir $cwd --batch --export-options export-minimal --export $cmd_keyid >$csrname");
mysql_query("update `gpg` set `csr`='$csrname' where `id`='$insert_id'");
waitForResult('gpg', $insert_id);

Write Preview
Loading…
Cancel
Save