From 64eed063d63063215c8a13cc43f97ed1142b7e49 Mon Sep 17 00:00:00 2001
From: root <root@www.cacert.org>
Date: Sun, 31 Aug 2008 23:00:49 +0000
Subject: [PATCH] Improved register_globals

---
 www/gpg.php | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/www/gpg.php b/www/gpg.php
index 9bda61f..4d5c047 100644
--- a/www/gpg.php
+++ b/www/gpg.php
@@ -19,7 +19,7 @@
 	require_once("../includes/loggedin.php");
 
         $id = intval($_REQUEST['id']);
-        $oldid = $_REQUEST['oldid'] = intval($_REQUEST['oldid']);
+	$oldid = $_REQUEST['oldid'] = array_key_exists('oldid',$_REQUEST) ? intval($_REQUEST['oldid']) : 0;
 
 	if($_SESSION['profile']['points'] < 50)
 	{
@@ -31,12 +31,12 @@
 
 
 
-
+	$CSR=""; if(array_key_exists('CSR',$_REQUEST)) $CSR=stripslashes($_REQUEST['CSR']);
 
 
 	if($oldid == "0")
 	{
-		if($_REQUEST['process'] == _("Submit") && $_REQUEST['CSR'] == "")
+		if(array_key_exists('process',$_REQUEST) && $_REQUEST['process'] != "" && $CSR == "")
 		{
 			$_SESSION['_config']['errmsg'] = _("You failed to paste a valid GPG/PGP key.");
 			$id = $oldid;
@@ -80,9 +80,9 @@ function verifyEmail($email)
 
 	$ToBeDeleted=array();
 
-	if($oldid == "0" && $_REQUEST['CSR'] != "")
+	if($oldid == "0" && $CSR != "")
 	{
-		$debugkey = $gpgkey = clean_csr(stripslashes($_REQUEST['CSR']));
+		$debugkey = $gpgkey = clean_csr($CSR);
 		$debugpg = $gpg = trim(`echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1`);
 		$lines = "";
 		$gpgarr = explode("\n", $gpg);
@@ -252,7 +252,7 @@ function verifyEmail($email)
  	}
 
 
-	if($oldid == "0" && $_REQUEST['CSR'] != "")
+	if($oldid == "0" && $CSR != "")
 	{
 		$query = "insert into `gpg` set `memid`='".$_SESSION['profile']['id']."',
 						`email`='".mysql_real_escape_string($lastvalidemail)."',
@@ -268,7 +268,7 @@ function verifyEmail($email)
 		mkdir($cwd,0755);
 
 		$fp = fopen("$cwd/gpg.csr", "w");
-		fputs($fp, clean_csr(stripslashes($_REQUEST['CSR'])));
+		fputs($fp, clean_csr($CSR));
 		fclose($fp);
 
 
@@ -469,7 +469,7 @@ function verifyEmail($email)
 		//echo "Export: $do\n";
 
 		//$fp = fopen("../csr/gpg-$id.csr", "w");
-		//fputs($fp, clean_csr(stripslashes($_REQUEST['CSR'])));
+		//fputs($fp, clean_csr($CSR'));
 		//fclose($fp);