diff --git a/includes/account.php b/includes/account.php index 88026d6..e004ce2 100644 --- a/includes/account.php +++ b/includes/account.php @@ -402,7 +402,7 @@ function buildSubjectFromSession() { fclose($fp); $challenge=$_SESSION['spkac_hash']; $CSRname_esc = escapeshellarg($CSRname); - $res=`openssl spkac -verify -in $CSRname_esc`; + $res=shell_exec("openssl spkac -verify -in $CSRname_esc"); if(!strstr($res,"Challenge String: ".$challenge)) { $id = $oldid; @@ -466,7 +466,7 @@ function buildSubjectFromSession() { $tmpname = tempnam("/tmp", "id4csr"); $tmpfname_esc = escapeshellarg($tmpfname); $tmpname_esc = escapeshellarg($tmpname); - $do = `/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc`; // -subj "$csr"`; + $do = shell_exec("/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc"); // -subj "$csr"; @unlink($tmpfname); $csr = ""; $fp = fopen($tmpname, "r"); @@ -570,7 +570,7 @@ function buildSubjectFromSession() { $addy = array(); $adds = array(); if(strtolower(substr($newdom, -4, 3)) != ".jp") - $adds = explode("\n", trim(`/usr/bin/whois $newdom|grep "@"`)); + $adds = explode("\n", trim(shell_exec("/usr/bin/whois $newdom|grep \"@\""))); if(substr($newdomain, -4) == ".org" || substr($newdomain, -5) == ".info") { if(is_array($adds)) @@ -740,8 +740,8 @@ function buildSubjectFromSession() { fputs($fp, $CSR); fclose($fp); $CSR = escapeshellarg($_SESSION['_config']['tmpfname']); - $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep "Subject:"`); - $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); + $_SESSION['_config']['subject'] = trim(shell_exec("/usr/bin/openssl req -text -noout -in $CSR |tr -d \"\\0\"|grep \"Subject:\"")); + $bits = explode(",", trim(shell_exec("/usr/bin/openssl req -text -noout -in $CSR |tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:"))); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); @@ -911,8 +911,8 @@ function buildSubjectFromSession() { $newfile=generatecertpath("csr","server",$newid); copy($row['csr_name'], $newfile); $newfile_esc = escapeshellarg($newfile); - $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d "\\0"|grep "Subject:"`); - $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); + $_SESSION['_config']['subject'] = trim(shell_exec("/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d \"\\0\"|grep \"Subject:\"")); + $bits = explode(",", trim(shell_exec("/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:"))); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); @@ -942,7 +942,7 @@ function buildSubjectFromSession() { } else { $drow = mysql_fetch_assoc($res); $crt_name = escapeshellarg($drow['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crt_name`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crt_name"); echo "
\n$cert\n\n"; } } @@ -1549,7 +1549,7 @@ function buildSubjectFromSession() { fclose($fp); $challenge=$_SESSION['spkac_hash']; $CSRname_esc = escapeshellarg($CSRname); - $res=`openssl spkac -verify -in $CSRname_esc`; + $res=shell_exec("openssl spkac -verify -in $CSRname_esc"); if(!strstr($res,"Challenge String: ".$challenge)) { $id = $oldid; @@ -1603,7 +1603,7 @@ function buildSubjectFromSession() { $tmpname = tempnam("/tmp", "id17csr"); $tmpfname_esc = escapeshellarg($tmpfname); $tmpname_esc = escapeshellarg($tmpname); - $do = `/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc`; + $do = shell_exec("/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc"); @unlink($tmpfname); $csr = ""; $fp = fopen($tmpname, "r"); @@ -1857,8 +1857,8 @@ function buildSubjectFromSession() { fputs($fp, $CSR); fclose($fp); $CSR = escapeshellarg($_SESSION['_config']['tmpfname']); - $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep "Subject:"`); - $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); + $_SESSION['_config']['subject'] = trim(shell_exec("/usr/bin/openssl req -text -noout -in $CSR |tr -d \"\\0\"|grep \"Subject:\"")); + $bits = explode(",", trim(shell_exec("/usr/bin/openssl req -text -noout -in $CSR |tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:"))); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); @@ -2081,7 +2081,7 @@ function buildSubjectFromSession() { } else { $drow = mysql_fetch_assoc($res); $crtname = escapeshellarg($drow['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname"); echo "
\n$cert\n\n"; } } @@ -2802,8 +2802,10 @@ function buildSubjectFromSession() { { $CSR = clean_csr($CSR); $_SESSION['_config']['CSR'] = $CSR; - $_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep "Subject:"`); - $bits = explode(",", trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); + runCommand("/usr/bin/openssl req -text -noout|tr -d \"\\0\"|grep \"Subject:\"", $CSR, $CSRSubjects); + runCommand("/usr/bin/openssl req -text -noout|tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:", $CSR, $CSRAlts); + $_SESSION['_config']['subject'] = trim($CSRSubjects); + $bits = explode(",", trim($CSRAlts)); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); @@ -2827,8 +2829,11 @@ function buildSubjectFromSession() { if($process != "" && $oldid == 46) { $CSR = clean_csr($_SESSION['_config']['CSR']); - $_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep "Subject:"`); - $bits = explode(",", trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); + runCommand("/usr/bin/openssl req -text -noout|tr -d \"\\0\"|grep \"Subject:\"", $CSR, $CSRSubjects); + runCommand("/usr/bin/openssl req -text -noout|tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:", $CSR, $CSRAlts); + + $_SESSION['_config']['subject'] = trim($CSRSubjects); + $bits = explode(",", trim($CSRAlts)); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); diff --git a/includes/general.php b/includes/general.php index 26a369e..596cc49 100644 --- a/includes/general.php +++ b/includes/general.php @@ -219,7 +219,7 @@ //echo "Points due to name matches: $points
diff --git a/pages/account/19.php b/pages/account/19.php index 6a2749c..959111f 100644 --- a/pages/account/19.php +++ b/pages/account/19.php @@ -31,7 +31,7 @@ } $row = mysql_fetch_assoc($res); $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname"); if($row['keytype'] == "NS") { diff --git a/pages/account/23.php b/pages/account/23.php index 4ec56c3..4255b47 100644 --- a/pages/account/23.php +++ b/pages/account/23.php @@ -30,7 +30,7 @@ } $row = mysql_fetch_assoc($res); $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname"); ?>=_("Below is your Server Certificate")?>
diff --git a/pages/account/6.php b/pages/account/6.php index 305fccb..de8d1a3 100644 --- a/pages/account/6.php +++ b/pages/account/6.php @@ -60,7 +60,7 @@ if (array_key_exists('format', $_REQUEST)) { } $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname $outform`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname $outform"); header("Content-Type: application/pkix-cert"); header("Content-Length: ".strlen($cert)); @@ -82,7 +82,7 @@ if (array_key_exists('format', $_REQUEST)) { } else { // All other browsers $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname -outform DER`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform DER"); header("Content-Type: application/x-x509-user-cert"); header("Content-Length: ".strlen($cert)); @@ -111,7 +111,7 @@ if (array_key_exists('format', $_REQUEST)) { // Allow to directly copy and paste the cert in PEM format $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname -outform PEM`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform PEM"); echo "$cert"; ?> diff --git a/scripts/cron/warning.php b/scripts/cron/warning.php index 8f607cd..db5da4f 100755 --- a/scripts/cron/warning.php +++ b/scripts/cron/warning.php @@ -1,5 +1,5 @@ #!/usr/bin/php -q - /* + "3", "15" => "2", "30" => "1", "45" => "0"); @@ -39,7 +40,7 @@ $row['crt_name'] = str_replace("../", "www/", $row['crt_name']); $row['crt_name'] = "/home/cacert/".$row['crt_name']; $crt_name = escapeshellarg($row['crt_name']); - $subject = `openssl x509 -in $crt_name -text -noout|grep Subject:`; + $subject = runCommand("openssl x509 -in $crt_name -text -noout|grep Subject:"); $bits = explode("/", $subject); foreach($bits as $val) { diff --git a/www/api/ccsr.php b/www/api/ccsr.php index b223168..3bfe55a 100644 --- a/www/api/ccsr.php +++ b/www/api/ccsr.php @@ -75,7 +75,7 @@ require_once '../../includes/lib/check_weak_key.php'; fclose($fp); $incsr_esc = escapeshellarg($incsr); $checkedcsr_esc = escapeshellarg($checkedcsr); - $do = `/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc`; + $do = shell_exec("/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc"); @unlink($incsr); if(filesize($checkedcsr) <= 0) die("404,Invalid or missing CSR"); @@ -97,7 +97,7 @@ require_once '../../includes/lib/check_weak_key.php'; foreach($emails as $emailid => $email) mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='".intval($emailid)."'"); - $do = `../../scripts/runclient`; + $do = shell_exec("../../scripts/runclient"); sleep(10); // THIS IS BROKEN AND SHOULD BE FIXED $query = "select * from `emailcerts` where `id`='$certid' and `crt_name` != ''"; $res = mysql_query($query); diff --git a/www/gpg.php b/www/gpg.php index 80d8f21..cb72475 100644 --- a/www/gpg.php +++ b/www/gpg.php @@ -112,7 +112,7 @@ function verifyEmail($email) clean_gpgcsr($CSR), $gpg); - `rm -r $tmpdir`; + shell_exec("rm -r $tmpdir"); } if ($err) @@ -340,7 +340,7 @@ function verifyEmail($email) $cmd_keyid = escapeshellarg($keyid); - $gpg = trim(`gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $cmd_keyid 2>&1`); + $gpg = trim(shell_exec("gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $cmd_keyid 2>&1")); $lines = ""; $gpgarr = explode("\n", $gpg); foreach($gpgarr as $line) @@ -525,7 +525,7 @@ function verifyEmail($email) $csrname=generatecertpath("csr","gpg",$insert_id); $cmd_keyid = escapeshellarg($keyid); - $do=`gpg --homedir $cwd --batch --export-options export-minimal --export $cmd_keyid >$csrname`; + $do=shell_exec("gpg --homedir $cwd --batch --export-options export-minimal --export $cmd_keyid >$csrname"); mysql_query("update `gpg` set `csr`='$csrname' where `id`='$insert_id'"); waitForResult('gpg', $insert_id);