diff --git a/www/gpg.php b/www/gpg.php
index 2c5bfc4..e6ec224 100644
--- a/www/gpg.php
+++ b/www/gpg.php
@@ -40,7 +40,7 @@
{
$_SESSION['_config']['errmsg'] = _("You failed to paste a valid GPG/PGP key.");
$id = $oldid;
- unset($oldid);
+ $oldid=0;
}
}
@@ -79,7 +79,7 @@ function verifyEmail($email)
$ToBeDeleted=array();
-
+ $state=0;
if($oldid == "0" && $CSR != "")
{
$debugkey = $gpgkey = clean_csr($CSR);
@@ -106,9 +106,9 @@ function verifyEmail($email)
$lastvalidemail="";
foreach(explode("\n", $gpg) as $line)
{
+ $bits = explode(":", $line);
$resulttable.="
".++$i." | ";
$name = $comment = "";
- $bits = explode(":", $line);
if($bits[0] == "pub" && (!$keyid || !$when))
{
$keyid = $bits[4];
@@ -116,38 +116,13 @@ function verifyEmail($email)
if($bits[6] != "")
$expires = 1;
}
- //if(!strstr($line, "@")) continue;
-
-
-
- $pos = strpos($bits[9], "(") - 1;
- $nocomment = 0;
- if($pos < 0)
- {
- $nocomment = 1;
- $pos = strpos($bits[9], "<") - 1;
- }
- if($pos < 0)
- {
- $pos = strlen($bits[9]);
- }
- $name = trim(hex2bin(trim(substr($bits[9], 0, $pos))));
- $nameok=verifyName($name);
- $resulttable.="$name | ";
-
-
- if($nocomment == 0 && (strpos($bits[9],")")>$pos))
- {
- $pos += 2;
- $pos2 = strpos($bits[9], ")");
- $comm = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
- if($comm != "")
- $comment[] = $comm;
- $pos = $pos2 + 3;
- } else {
- $pos = strpos($bits[9], "<") + 1;
- }
+ $name="";
+ $comm="";
$mail="";
+ $uidformatwrong=0;
+
+ if(sizeof($bits)<10) $uidformatwrong=1;
+
if(preg_match("/\@.*\@/",$bits[9]))
{
showheader(_("Welcome to CAcert.org"));
@@ -158,23 +133,48 @@ function verifyEmail($email)
unset($oldid);
exit();
}
- if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) {
- //echo "Found: ".$match[1];
- $mail = trim(hex2bin($match[1]));
+
+ // Name (Comment)
+ if(preg_match("/^([^\(\)\[@<>]+) \(([^\(\)@<>]*)\) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches))
+ {
+ $name=trim(hex2bin($matches[1]));
+ $nocomment=0;
+ $comm=trim(hex2bin($matches[2]));
+ $mail=trim(hex2bin($matches[3]));
}
+ // Name
+ elseif(preg_match("/^([^\(\)\[@<>]+) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches))
+ {
+ $name=trim(hex2bin($matches[1]));
+ $nocomment=1;
+ $comm="";
+ $mail=trim(hex2bin($matches[2]));
+ }
+ // Unrecognized format
else
{
- //echo "Not found!\n";
+ $nocomment=1;
+ $uidformatwrong=1;
}
-
+ $nameok=verifyName($name);
$emailok=verifyEmail($mail);
- $resulttable.="$mail | ";
+
+ if($comm != "")
+ $comment[] = $comm;
+
+ $resulttable.="".sanitizeHTML($name)." | ";
+ $resulttable.="".sanitizeHTML($mail)." | ";
+
$uidok=0;
if($bits[1]=="r")
{
$rmessage=_("Error: UID is revoked");
}
+ elseif($uidformatwrong==1)
+ {
+ $rmessage=_("The format of the UID was not recognized. Please use 'Name (comment) <email@domain>' ");
+ }
elseif($mail=="" and $name=="")
{
$rmessage=_("Error: Both Name and Email address are empty");
@@ -222,7 +222,7 @@ function verifyEmail($email)
$nerr++;
//$ToBeDeleted[]=$i;
//echo "Adding UID $i\n";
- $resulttable.="$rmessage | ";
+ $resulttable.="".sanitizeHTML($rmessage)." | ";
}
$resulttable.="
\n";
@@ -368,7 +368,7 @@ function verifyEmail($email)
if(count($ToBeDeleted)>0)
{
- $state=0;
+
$descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from