From 81932bfd0aac67ff6ddb2f159cce601fb076578b Mon Sep 17 00:00:00 2001 From: Wytze van der Raay Date: Sat, 7 Jun 2014 09:14:52 +0000 Subject: [PATCH] Combined fixes for - https://bugs.cacert.org/view.php?id=413 "Add a web page indicating the certificate request is still pending" - https://bugs.cacert.org/view.php?id=1138 "Implement to log the SE activity" - https://bugs.cacert.org/view.php?id=1221 "Inconsistency in Assurance Management" --- stamp/common.php | 6 ++--- www/api/ccsr.php | 18 ++++++------- www/api/cemails.php | 9 ++++--- www/index.php | 24 +++++++++--------- www/stats.php | 5 ++-- www/styles/default.css | 24 +++++++++++++++--- www/wot.php | 57 +++++++++++++++++++++--------------------- 7 files changed, 81 insertions(+), 62 deletions(-) diff --git a/stamp/common.php b/stamp/common.php index ff814dd..d99a23a 100644 --- a/stamp/common.php +++ b/stamp/common.php @@ -41,9 +41,9 @@ if($row['certid'] > 0) { if($row['org'] == 0) - $query = "select * from `domaincerts` where `id`='$row[certid]' and `expire`>NOW() and `revoked`=0"; + $query = "select * from `domaincerts` where `id`='".intval($row['certid'])."' and `expire`>NOW() and `revoked`=0"; else - $query = "select * from `orgdomaincerts` where `id`='$row[certid]' and `expire`>NOW() and `revoked`=0"; + $query = "select * from `orgdomaincerts` where `id`='".intval($row['certid'])."' and `expire`>NOW() and `revoked`=0"; if($_REQUEST['debug'] == 1) echo $query."
\n"; $res = mysql_query($query); @@ -117,7 +117,7 @@ if($org == 0) { $query = "SELECT *, sum(`points`) AS `total` FROM `users`, `notary` WHERE `users`.`id` = '$cert[memid]' AND - `notary`.`to` = `users`.`id` and `notary`.`when` <= '$cert[issued]' GROUP BY `notary`.`to`"; + `notary`.`to` = `users`.`id` and `notary`.`when` <= '$cert[issued]' and `notary`.`deleted`=0 GROUP BY `notary`.`to`"; $user = mysql_fetch_assoc(mysql_query($query)); } else { $query = "select * from `orginfo` where `id`='$cert[orgid]'"; diff --git a/www/api/ccsr.php b/www/api/ccsr.php index 403882f..b223168 100644 --- a/www/api/ccsr.php +++ b/www/api/ccsr.php @@ -31,7 +31,7 @@ require_once '../../includes/lib/check_weak_key.php'; foreach($_REQUEST['email'] as $email) { $email = mysql_real_escape_string(trim($email)); - $query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0 and `email`='$email'"; + $query = "select * from `email` where `memid`='".intval($memid)."' and `hash`='' and `deleted`=0 and `email`='$email'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { @@ -42,7 +42,7 @@ require_once '../../includes/lib/check_weak_key.php'; } if(count($emails) <= 0) die("404,Wasn't able to match any emails sent against your account"); - $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`"; + $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `notary`.`deleted`=0 group by `to`"; $row = mysql_fetch_assoc(mysql_query($query)); $points = $row['points']; @@ -62,12 +62,12 @@ require_once '../../includes/lib/check_weak_key.php'; $codesign = 1; $CSR = trim($_REQUEST['optionalCSR']); - + if (($weakKey = checkWeakKeyCSR($CSR)) !== "") { die("403, $weakKey"); } - + $incsr = tempnam("/tmp", "ccsrIn"); $checkedcsr = tempnam("/tmp", "ccsrOut"); $fp = fopen($incsr, "w"); @@ -84,9 +84,9 @@ require_once '../../includes/lib/check_weak_key.php'; foreach($emails as $id => $email) $csrsubject .= "/emailAddress=".$email; - $query = "insert into `emailcerts` set `CN`='".$user['email']."', `keytype`='MS', - `memid`='".$user['id']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), - `subject`='$csrsubject', `codesign`='$codesign'"; + $query = "insert into `emailcerts` set `CN`='".mysql_real_escape_string($user['email'])."', `keytype`='MS', + `memid`='".intval($user['id'])."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), + `subject`='".mysql_real_escape_string($csrsubject)."', `codesign`='".intval($codesign)."'"; mysql_query($query); $certid = mysql_insert_id(); $CSRname = generatecertpath("csr","client",$certid); @@ -95,14 +95,14 @@ require_once '../../includes/lib/check_weak_key.php'; mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$certid'"); foreach($emails as $emailid => $email) - mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='$emailid'"); + mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='".intval($emailid)."'"); $do = `../../scripts/runclient`; sleep(10); // THIS IS BROKEN AND SHOULD BE FIXED $query = "select * from `emailcerts` where `id`='$certid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) - die("404,Your certificate request has failed. ID: $certid"); + die("404,Your certificate request has failed. ID: ".intval($certid)); $cert = mysql_fetch_assoc($res); echo "200,Authentication Ok\n"; readfile("../".$cert['crt_name']); diff --git a/www/api/cemails.php b/www/api/cemails.php index 0d067ea..f937069 100644 --- a/www/api/cemails.php +++ b/www/api/cemails.php @@ -25,7 +25,7 @@ echo "200,Authentication Ok\n"; $user = mysql_fetch_assoc($res); $memid = $user['id']; - $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`"; + $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `notary`.`deleted`=0 group by `to`"; $row = mysql_fetch_assoc(mysql_query($query)); $points = $row['points']; echo "CS=".intval($user['codesign'])."\n"; @@ -40,8 +40,9 @@ if($user['mname'] != "" && $user['suffix'] != "") echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n"; } - $query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0"; + $query = "select * from `email` where `memid`='".intval($memid)."' and `hash`='' and `deleted`=0"; $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - echo "EMAIL=".$row['email']."\n"; + while($row = mysql_fetch_assoc($res)) { + echo "EMAIL=".sanitizeHTML($row['email'])."\n"; + } ?> diff --git a/www/index.php b/www/index.php index c7cc03e..40a8e86 100644 --- a/www/index.php +++ b/www/index.php @@ -125,7 +125,7 @@ require_once('../includes/lib/l10n.php'); showfooter(); exit; } - } + } } if($oldid == 5 && $process != "") @@ -153,13 +153,13 @@ require_once('../includes/lib/l10n.php'); include_once("../includes/lib/general.php"); $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'], $_SERVER['SSL_CLIENT_I_DN_CN']); - + if($user_id >= 0) { $_SESSION['profile'] = mysql_fetch_assoc(mysql_query( - "select * from `users` where + "select * from `users` where `id`='$user_id' and `deleted`=0 and `locked`=0")); - + if($_SESSION['profile']['id'] != 0) { $_SESSION['profile']['loggedin'] = 1; @@ -307,19 +307,19 @@ require_once('../includes/lib/l10n.php'); $_SESSION['profile'] = ""; unset($_SESSION['profile']); $_SESSION['profile'] = mysql_fetch_assoc($res); - $query = "update `users` set `modified`=NOW(), `password`=sha1('$pword') where `id`='".$_SESSION['profile']['id']."'"; + $query = "update `users` set `modified`=NOW(), `password`=sha1('$pword') where `id`='".intval($_SESSION['profile']['id'])."'"; mysql_query($query); if($_SESSION['profile']['language'] == "") { $query = "update `users` set `language`='".L10n::get_translation()."' - where `id`='".$_SESSION['profile']['id']."'"; + where `id`='".intval($_SESSION['profile']['id'])."'"; mysql_query($query); } else { L10n::set_translation($_SESSION['profile']['language']); L10n::init_gettext(); } - $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; + $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 group by `to`"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); $_SESSION['profile']['points'] = $row['total']; @@ -499,7 +499,7 @@ require_once('../includes/lib/l10n.php'); if($checkemail != "OK") { $id = 1; - if (substr($checkemail, 0, 1) == "4") + if (substr($checkemail, 0, 1) == "4") { $_SESSION['_config']['errmsg'] .= _("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes."); } else { @@ -566,9 +566,9 @@ require_once('../includes/lib/l10n.php'); $subject = stripslashes($_REQUEST['subject']); $message = stripslashes($_REQUEST['message']); $secrethash = $_REQUEST['secrethash2']; - + //check for spam via honeypot - if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){ + if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){ echo _("Form could not be sent."); showfooter(); exit; @@ -641,7 +641,7 @@ require_once('../includes/lib/l10n.php'); $newUrl = $protocol . '://wiki.cacert.org/FAQ/AboutUs'; header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved } - + if ($id == 19) { $protocol = $_SERVER['HTTPS'] ? 'https' : 'http'; @@ -655,7 +655,7 @@ require_once('../includes/lib/l10n.php'); $newUrl = $protocol . '://wiki.cacert.org/Board'; header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved } - + showheader(_("Welcome to CAcert.org")); includeit($id); showfooter(); diff --git a/www/stats.php b/www/stats.php index 1599e17..d4d892d 100644 --- a/www/stats.php +++ b/www/stats.php @@ -32,7 +32,7 @@ $stats['timestamp'] = $ar['timestamp']; return $stats; } - + return null; } @@ -40,7 +40,7 @@ if ($stats === null) { echo '

', _("Error while retrieving the statistics!"), '

'; showfooter(); - die(); + die(); } ?>

CAcert.org

@@ -157,4 +157,3 @@ - diff --git a/www/styles/default.css b/www/styles/default.css index 4d4db6a..a7ba2a8 100644 --- a/www/styles/default.css +++ b/www/styles/default.css @@ -14,7 +14,7 @@ body { margin: 0px; padding: 0px; background: #cccccc; -/* url("/siteimages/bg_grad.jpg") fixed; */ +/* url("/siteimages/bg_grad.jpg") fixed; */ } @@ -219,7 +219,7 @@ ul.no_indent { } #globalNav img { - margin-bottom: -4px; + margin-bottom: -4px; } #gnl { @@ -558,6 +558,19 @@ td.storyLeft { border-right: 1px #cfcfcf solid; } +.DataTDError { + border-style: inset; + border-width: 1px; + font-size: 8pt; + color: #ff0000; + font-family: Arial, Tahoma, Verdana, Helvetica, sans-serif; + + background: #ffffff; + padding: 1px 5px 1px 5px; + border: 1px #cfcfcf solid; + border-left: 1px #cfcfcf dotted; + border-right: 1px #cfcfcf dotted; +} .wrapper { border-collapse: collapse; font-family: verdana, sans-serif; @@ -571,7 +584,12 @@ td.greytxt { text-align: right; vertical-align: bottom; } - +.bold, .primaryemailaddress { + font-weight:bold; +} +.italic, .deletedemailaddress { + font-style:italic; +} .title { background: #e2e2e2; font-weight: bold; diff --git a/www/wot.php b/www/wot.php index 7200517..faa8339 100644 --- a/www/wot.php +++ b/www/wot.php @@ -133,9 +133,9 @@ function send_reminder() //This mail does not need to be translated $body = "Hi TTP adminstrators,\n\n"; $body .= "User ".$_SESSION['profile']['fname']." ". - $_SESSION['profile']['lname']." with email address '". - $_SESSION['profile']['email']."' is requesting a TTP assurances for ". - mysql_escape_string(stripslashes($_POST['country'])).".\n\n"; + $_SESSION['profile']['lname']." with email address '". + $_SESSION['profile']['email']."' is requesting a TTP assurances for ". + mysql_escape_string(stripslashes($_POST['country'])).".\n\n"; if ($_POST['ttptopup']=='1') { $body .= "The user is also requesting TTP TOPUP.\n\n"; }else{ @@ -224,8 +224,8 @@ function send_reminder() exit; } - $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and - `to`='".$_SESSION['_config']['notarise']['id']."'"; + $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and + `to`='".intval($_SESSION['_config']['notarise']['id'])."' and `deleted` = 0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { @@ -310,7 +310,7 @@ $iecho= "c"; exit; } - $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'"; + $query = "select * from `users` where `id`='".intval($_SESSION['_config']['notarise']['id'])."'"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix']; @@ -332,7 +332,7 @@ $iecho= "c"; if($newpoints < 0) $newpoints = $awarded = 0; - $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`"; + $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['_config']['notarise']['id'])."' and `deleted` = 0 group by `to`"; $res = mysql_query($query); $drow = mysql_fetch_assoc($res); @@ -345,14 +345,15 @@ $iecho= "c"; if($newpoints < 0) $newpoints = 0; - if(mysql_escape_string(stripslashes($_POST['date'])) == "") + if(mysql_real_escape_string(stripslashes($_POST['date'])) == "") $_POST['date'] = date("Y-m-d H:i:s"); - $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND - `to`='".$_SESSION['_config']['notarise']['id']."' AND - `awarded`='$awarded' AND - `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND - `date`='".mysql_escape_string(stripslashes($_POST['date']))."'"; + $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' AND + `to`='".intval($_SESSION['_config']['notarise']['id'])."' AND + `awarded`='".intval($awarded)."' AND + `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."' AND + `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."' AND + `deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { @@ -363,11 +364,11 @@ $iecho= "c"; if($oldid == 6) { - $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."', - `to`='".$_SESSION['_config']['notarise']['id']."', - `points`='$newpoints', `awarded`='$awarded', - `location`='".mysql_escape_string(stripslashes($_POST['location']))."', - `date`='".mysql_escape_string(stripslashes($_POST['date']))."', + $query = "insert into `notary` set `from`='".intval($_SESSION['profile']['id'])."', + `to`='".intval($_SESSION['_config']['notarise']['id'])."', + `points`='".intval($newpoints)."', `awarded`='".intval($awarded)."', + `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."', + `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."', `when`=NOW()"; //record active acceptance by Assurer if (check_date_format(trim($_REQUEST['date']),2010)) { @@ -388,11 +389,11 @@ $iecho= "c"; $addpoints = 2; else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100) $addpoints = 1; - $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."', - `to`='".$_SESSION['profile']['id']."', - `points`='$addpoints', `awarded`='$addpoints', - `location`='".mysql_escape_string(stripslashes($_POST['location']))."', - `date`='".mysql_escape_string(stripslashes($_POST['date']))."', + $query = "insert into `notary` set `from`='".intval($_SESSION['profile']['id'])."', + `to`='".intval($_SESSION['profile']['id'])."', + `points`='".intval($addpoints)."', `awarded`='".intval($addpoints)."', + `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."', + `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."', `method`='Administrative Increase', `when`=NOW()"; mysql_query($query); @@ -478,7 +479,7 @@ $iecho= "c"; { csrf_check("chgcontact"); - $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo']))); + $info = mysql_real_escape_string(strip_tags(stripslashes($_POST['contactinfo']))); $listme = intval($_POST['listme']); if($listme < 0 || $listme > 1) $listme = 0; @@ -486,7 +487,7 @@ $iecho= "c"; $_SESSION['profile']['listme'] = $listme; $_SESSION['profile']['contactinfo'] = $info; - $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'"; + $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".intval($_SESSION['profile']['id'])."'"; mysql_query($query); showheader(_("My CAcert.org Account!")); @@ -507,9 +508,9 @@ $iecho= "c"; $body = $_REQUEST['message']; $subject = $_REQUEST['subject']; $userid = intval($_REQUEST['userid']); - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1")); + $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($userid)."' and `listme`=1")); $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary` - where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0")); + where `to`='".intval($user['id'])."' and `deleted` = 0 group by `to` HAVING SUM(`points`) > 0")); if($points > 0) { $my_translation = L10n::get_translation(); @@ -545,7 +546,7 @@ $iecho= "c"; showheader(_("My CAcert.org Account!"));?>

- +

[ ]