cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 5 Projects Releases Wiki Activity

Improved register_globals handling

Browse Source
pull/1/head
root 16 years ago
parent 5614803eb3
commit 72c9fa43d1
4 changed files with 63 additions and 63 deletions
Show Stats Download Patch File Download Diff File

119
includes/account.php
Unescape Escape View File

@ -21,6 +21,7 @@
$id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
$oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
$process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
if($id == 45 || $id == 46 || $oldid == 45 || $oldid == 46)
{
@ -28,7 +29,7 @@
unset($oldid);
}
if($_REQUEST['process'] != "" && $oldid == 1)
if($process != "" && $oldid == 1)
{
$id = 1;
if(strstr($_REQUEST['newemail'], "xn--") && $_SESSION['profile']['codesign'] <= 0)
@ -87,7 +88,7 @@
exit;
}
if($_REQUEST['makedefault'] != "" && $oldid == 2)
if(array_key_exists("makedefault",$_REQUEST) && $_REQUEST['makedefault'] != "" && $oldid == 2)
{
$id = 2;
$emailid = intval($emailid);
@ -119,7 +120,7 @@
exit;
}
if($_REQUEST['process'] != "" && $oldid == 2)
if($process != "" && $oldid == 2)
{
$id = 2;
showheader(_("My CAcert.org Account!"));
@ -166,7 +167,7 @@
exit;
}
if($_REQUEST['process'] != "" && $oldid == 3)
if($process != "" && $oldid == 3)
{
if(!is_array($addid) && $_REQUEST['SSO'] != '1')
{
@ -458,7 +459,7 @@
$_SESSION['_config']['domain'] = mysql_real_escape_string($newdomain);
}
if($_REQUEST['process'] != "" && $oldid == 8)
if($process != "" && $oldid == 8)
{
unset($oldid);
$id = 8;
@ -524,7 +525,7 @@
exit;
}
if($_REQUEST['process'] != "" && $oldid == 9)
if($process != "" && $oldid == 9)
{
$id = 9;
showheader(_("My CAcert.org Account!"));
@ -558,7 +559,7 @@
exit;
}
if($_REQUEST['process'] != "" && $oldid == 10)
if($process != "" && $oldid == 10)
{
$CSR = str_replace("\r\n","\n",trim($_REQUEST['CSR']));
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "Id10Csr");
@ -604,7 +605,7 @@
}
}
if($_REQUEST['process'] != "" && $oldid == 11)
if($process != "" && $oldid == 11)
{
$id = 11;
if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
@ -1015,7 +1016,7 @@
$_SESSION['_config']['user']['set'] = 1;
}
if($oldid == 13 && $_REQUEST['process'] != "")
if($oldid == 13 && $process != "")
{
$_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
$_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
@ -1075,7 +1076,7 @@
}
}
if($oldid == 13 && $_REQUEST['process'] != "")
if($oldid == 13 && $process != "")
{
$ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
$ddres = mysql_query($ddquery);
@ -1107,7 +1108,7 @@
}
}
if($oldid == 13 && $_REQUEST['process'] != "")
if($oldid == 13 && $process != "")
{
if($_SESSION['profile']['points'] == 0)
{
@ -1153,7 +1154,7 @@
exit;
}
if($oldid == 14 && $_REQUEST['process'] != "")
if($oldid == 14 && $process != "")
{
$_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($oldpassword)));
$_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($pword1)));
@ -1239,7 +1240,7 @@
exit;
}
if($oldid == 16 && $_REQUEST['process'] != "")
if($oldid == 16 && $process != "")
{
if($_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100))
@ -1527,7 +1528,7 @@
exit;
}
if($_REQUEST['process'] != "" && $oldid == 20)
if($process != "" && $oldid == 20)
{
$CSR = trim($CSR);
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "FOO");
@ -1576,7 +1577,7 @@
$_SESSION['_config']['rootcert'] = 1;
}
if($_REQUEST['process'] != "" && $oldid == 21)
if($process != "" && $oldid == 21)
{
$id = 21;
@ -1823,7 +1824,7 @@
exit;
}
if($oldid == 24 && $_REQUEST['process'] != "")
if($oldid == 24 && $process != "")
{
$id = intval($oldid);
$_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($O)));
@ -1850,7 +1851,7 @@
}
}
if($oldid == 27 && $_REQUEST['process'] != "")
if($oldid == 27 && $process != "")
{
$id = intval($oldid);
$_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($O)));
@ -1878,9 +1879,9 @@
}
}
if($oldid == 28 && $_REQUEST['process'] != "")
if($oldid == 28 && $process != "" && array_key_exists("domainname",$_REQUEST))
{
$domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($domainname)));
$domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname'])));
$res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
if(mysql_num_rows($res1) > 0)
{
@ -1896,21 +1897,21 @@
$id = 25;
}
if($oldid == 28 && $_REQUEST['process'] != "")
if($oldid == 28 && $process != "" && array_key_exists("orgid",$_SESSION["_config"]))
{
mysql_query("insert into `orgdomains` set `orgid`='".$_SESSION['_config']['orgid']."', `domain`='$domain'");
mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully added to the database."), $domain);
echo "<br><br><a href='account.php?id=26&orgid=".$_SESSION['_config']['orgid']."'>"._("Click here")."</a> "._("to continue.");
echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
showfooter();
exit;
}
if($oldid == 29 && $_REQUEST['process'] != "")
if($oldid == 29 && $process != "")
{
$domain = mysql_real_escape_string(stripslashes(trim($domainname)));
$res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".$_SESSION['_config']['domid']."'");
$res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($_SESSION['_config']['domid'])."'");
$res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
{
@ -1920,12 +1921,12 @@
}
}
if(($oldid == 29 || $oldid == 30) && $_REQUEST['process'] != _("Cancel"))
if(($oldid == 29 || $oldid == 30) && $process != _("Cancel"))
{
$query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".$_SESSION['_config']['domid']."'";
`orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
@ -1933,31 +1934,31 @@
$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".$_SESSION['_config']['domid']."'";
`orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
}
if($oldid == 29 && $_REQUEST['process'] != "")
if($oldid == 29 && $process != "")
{
$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".$_SESSION['_config']['domid']."'"));
mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".$_SESSION['_config']['domid']."'");
$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"));
mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($_SESSION['_config']['domid'])."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully updated in the database."), $domain);
echo "<br><br><a href='account.php?id=26&orgid=".$_SESSION['_config']['orgid']."'>"._("Click here")."</a> "._("to continue.");
echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
showfooter();
exit;
}
if($oldid == 30 && $_REQUEST['process'] != "")
if($oldid == 30 && $process != "")
{
$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".$_SESSION['_config']['domid']."'"));
$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"));
$domain = $row['domain'];
mysql_query("delete from `orgdomains` where `id`='".$_SESSION['_config']['domid']."'");
mysql_query("delete from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully deleted from the database."), $domain);
echo "<br><br><a href='account.php?id=26&orgid=".$_SESSION['_config']['orgid']."'>"._("Click here")."</a> "._("to continue.");
echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
showfooter();
exit;
}
@ -1968,39 +1969,39 @@
$orgid = 0;
}
if($oldid == 31 && $_REQUEST['process'] != _("Cancel"))
if($oldid == 31 && $process != _("Cancel"))
{
$query = "select * from `orgdomains` where `orgid`='".$_SESSION['_config']['orgid']."'";
$query = "select * from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'";
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres))
{
$query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".$drow['id']."'";
`orgdomains`.`id`='".intval($drow['id'])."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
mysql_query("delete from `orgdomaincerts` where `orgid`='".$row['id']."'");
mysql_query("delete from `orgdomlink` where `domid`='".$row['id']."'");
mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
mysql_query("delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'");
mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
}
$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".$drow['id']."'";
`orgdomains`.`id`='".intval($drow['id'])."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
mysql_query("delete from `orgemailcerts` where `id`='".$row['id']."'");
mysql_query("delete from `orgemaillink` where `domid`='".$row['id']."'");
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
mysql_query("delete from `orgemailcerts` where `id`='".intval($row['id'])."'");
mysql_query("delete from `orgemaillink` where `domid`='".intval($row['id'])."'");
}
}
mysql_query("delete from `org` where `orgid`='".$_SESSION['_config']['orgid']."'");
mysql_query("delete from `orgdomains` where `orgid`='".$_SESSION['_config']['orgid']."'");
mysql_query("delete from `orginfo` where `id`='".$_SESSION['_config']['orgid']."'");
mysql_query("delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
mysql_query("delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
mysql_query("delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'");
}
if($oldid == 31)
@ -2012,7 +2013,7 @@
if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34 ||
$id == 35 || $oldid == 35)
{
$query = "select * from `org` where `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'";
$query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
$_macc = mysql_num_rows(mysql_query($query));
if($_SESSION['profile']['orgadmin'] != 1 && $_macc <= 0)
{
@ -2026,7 +2027,7 @@
if($id == 33 && $_SESSION['profile']['orgadmin'] != 1)
{
$orgid = intval($_SESSION['_config']['orgid']);
$query = "select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'";
$query = "select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
@ -2034,15 +2035,15 @@
}
}
if($oldid == 33 && $_REQUEST['process'] != "")
if($oldid == 33 && $process != "")
{
if($_SESSION['profile']['orgadmin'] == 1)
$masteracc = $_SESSION['_config'][masteracc] = intval($masteracc);
$masteracc = $_SESSION['_config'][masteracc] = intval($_REQUEST['masteracc']);
else
$masteracc = $_SESSION['_config'][masteracc] = 0;
$_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
$OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($OU)));
$comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($comments)));
$OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
$comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['comments'])));
$res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0");
if(mysql_num_rows($res) <= 0)
{
@ -2064,7 +2065,7 @@
$id = 32;
}
if($oldid == 34 && $_REQUEST['process'] != "")
if($oldid == 34 && $process != "")
{
$orgid = intval($_SESSION['_config']['orgid']);
$memid = intval($_REQUEST['memid']);
@ -2337,7 +2338,7 @@
exit;
}
if($_REQUEST['process'] != "" && $oldid == 45)
if($process != "" && $oldid == 45)
{
$CSR = trim($CSR);
$_SESSION['_config']['CSR'] = $CSR;
@ -2363,7 +2364,7 @@
}
}
if($_REQUEST['process'] != "" && $oldid == 46)
if($process != "" && $oldid == 46)
{
$CSR = $_SESSION['_config']['CSR'];
$_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep "Subject:"`);
@ -2566,7 +2567,7 @@
$_REQUEST['userid'] = intval($_REQUEST['userid']);
}
if($oldid == 50 && $_REQUEST['process'] != "")
if($oldid == 50 && $process != "")
{
$_REQUEST['userid'] = intval($_REQUEST['userid']);
$res = mysql_query("select * from `users` where `id`='".$_REQUEST['userid']."'");

3
includes/account_stuff.php
Unescape Escape View File

@ -16,8 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
$id = $_REQUEST['id'];
$id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
function showheader($title = "CAcert.org", $title2 = "")
{

2
includes/general_stuff.php
Unescape Escape View File

@ -26,7 +26,7 @@ if(!function_exists("showheader"))
<html>
<head>
<title><?=$title?></title>
<? if($_SESSION['_config']['header'] != "") { ?><?=$_SESSION['_config']['header']?><? } ?>
<? if(array_key_exists("header",$_SESSION['_config']) && $_SESSION['_config']['header'] != "") { ?><?=$_SESSION['_config']['header']?><? } ?>
<link rel="stylesheet" href="/styles/default.css" type="text/css">
<link href="http://blog.CAcert.org/feed/" rel="alternate" type="application/rss+xml" title="rss">
<script language="JavaScript" type="text/javascript">

2
includes/loggedin.php
Unescape Escape View File

@ -126,7 +126,7 @@
}
}
if($_REQUEST['id'] == "logout")
if(array_key_exists("id",$_REQUEST) && $_REQUEST['id'] == "logout")
{
$normalhost=$_SESSION['_config']['normalhostname'];
$_SESSION['profile']['loggedin'] = 0;

Write Preview
Loading…
Cancel
Save