From 6969166ae8ddcc0bb7bcdd760587991776135c1c Mon Sep 17 00:00:00 2001 From: root Date: Sun, 19 Apr 2009 23:00:56 +0000 Subject: [PATCH] http://bugs.cacert.org/view.php?id=517 --- www/gpg.php | 84 ++++++++++++++++++++++++++--------------------------- 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/www/gpg.php b/www/gpg.php index 2c5bfc4..e6ec224 100644 --- a/www/gpg.php +++ b/www/gpg.php @@ -40,7 +40,7 @@ { $_SESSION['_config']['errmsg'] = _("You failed to paste a valid GPG/PGP key."); $id = $oldid; - unset($oldid); + $oldid=0; } } @@ -79,7 +79,7 @@ function verifyEmail($email) $ToBeDeleted=array(); - + $state=0; if($oldid == "0" && $CSR != "") { $debugkey = $gpgkey = clean_csr($CSR); @@ -106,9 +106,9 @@ function verifyEmail($email) $lastvalidemail=""; foreach(explode("\n", $gpg) as $line) { + $bits = explode(":", $line); $resulttable.="".++$i.""; $name = $comment = ""; - $bits = explode(":", $line); if($bits[0] == "pub" && (!$keyid || !$when)) { $keyid = $bits[4]; @@ -116,38 +116,13 @@ function verifyEmail($email) if($bits[6] != "") $expires = 1; } - //if(!strstr($line, "@")) continue; - - - - $pos = strpos($bits[9], "(") - 1; - $nocomment = 0; - if($pos < 0) - { - $nocomment = 1; - $pos = strpos($bits[9], "<") - 1; - } - if($pos < 0) - { - $pos = strlen($bits[9]); - } - $name = trim(hex2bin(trim(substr($bits[9], 0, $pos)))); - $nameok=verifyName($name); - $resulttable.="$name"; - - - if($nocomment == 0 && (strpos($bits[9],")")>$pos)) - { - $pos += 2; - $pos2 = strpos($bits[9], ")"); - $comm = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos)))); - if($comm != "") - $comment[] = $comm; - $pos = $pos2 + 3; - } else { - $pos = strpos($bits[9], "<") + 1; - } + $name=""; + $comm=""; $mail=""; + $uidformatwrong=0; + + if(sizeof($bits)<10) $uidformatwrong=1; + if(preg_match("/\@.*\@/",$bits[9])) { showheader(_("Welcome to CAcert.org")); @@ -158,23 +133,48 @@ function verifyEmail($email) unset($oldid); exit(); } - if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) { - //echo "Found: ".$match[1]; - $mail = trim(hex2bin($match[1])); + + // Name (Comment) + if(preg_match("/^([^\(\)\[@<>]+) \(([^\(\)@<>]*)\) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches)) + { + $name=trim(hex2bin($matches[1])); + $nocomment=0; + $comm=trim(hex2bin($matches[2])); + $mail=trim(hex2bin($matches[3])); } + // Name + elseif(preg_match("/^([^\(\)\[@<>]+) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches)) + { + $name=trim(hex2bin($matches[1])); + $nocomment=1; + $comm=""; + $mail=trim(hex2bin($matches[2])); + } + // Unrecognized format else { - //echo "Not found!\n"; + $nocomment=1; + $uidformatwrong=1; } - + $nameok=verifyName($name); $emailok=verifyEmail($mail); - $resulttable.="$mail"; + + if($comm != "") + $comment[] = $comm; + + $resulttable.="".sanitizeHTML($name).""; + $resulttable.="".sanitizeHTML($mail).""; + $uidok=0; if($bits[1]=="r") { $rmessage=_("Error: UID is revoked"); } + elseif($uidformatwrong==1) + { + $rmessage=_("The format of the UID was not recognized. Please use 'Name (comment) <email@domain>' "); + } elseif($mail=="" and $name=="") { $rmessage=_("Error: Both Name and Email address are empty"); @@ -222,7 +222,7 @@ function verifyEmail($email) $nerr++; //$ToBeDeleted[]=$i; //echo "Adding UID $i\n"; - $resulttable.="$rmessage"; + $resulttable.="".sanitizeHTML($rmessage).""; } $resulttable.="\n"; @@ -368,7 +368,7 @@ function verifyEmail($email) if(count($ToBeDeleted)>0) { - $state=0; + $descriptorspec = array( 0 => array("pipe", "r"), // stdin is a pipe that the child will read from