From 8ec3d9eeb54168edd2dace1841229f227d30df52 Mon Sep 17 00:00:00 2001
From: root <root@www.cacert.org>
Date: Wed, 19 Dec 2007 22:12:21 +0000
Subject: [PATCH] Added a filter against multiple email addresses per UID

---
 www/gpg.php | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/www/gpg.php b/www/gpg.php
index 72e4465..236738b 100644
--- a/www/gpg.php
+++ b/www/gpg.php
@@ -144,6 +144,16 @@ function verifyEmail($email)
 				$pos = strpos($bits[9], "<") + 1;
 			}
 			$mail="";
+			if(preg_match("/\@.*\@/",$bits[9]))
+			{
+				showheader(_("Welcome to CAcert.org"));
+
+				echo "<font color='#ff0000'>"._("Multiple Email Adresses per UID are not allowed.")."</font>";
+				unset($_REQUEST['process']);
+				$id = $oldid;
+				unset($oldid);
+				exit();
+			}
                         if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) {
 				//echo "Found: ".$match[1];
 				$mail = trim(hex2bin($match[1]));
@@ -240,10 +250,11 @@ function verifyEmail($email)
 	if($oldid == "0" && $_REQUEST['CSR'] != "")
 	{
 		$query = "insert into `gpg` set `memid`='".$_SESSION['profile']['id']."',
-						`email`='".mysql_real_escape_string($emailaddies['0'])."',
+						`email`='".mysql_real_escape_string($mail)."',
 						`level`='1',
 						`expires`='".mysql_real_escape_string($expires)."',
-						`multiple`='".mysql_real_escape_string($multiple)."'";
+						`multiple`='".mysql_real_escape_string($multiple)."',
+						`keyid`='".mysql_real_escape_string($keyid)."'";
 		mysql_query($query);
 		$id = mysql_insert_id();