bug #288

18 years ago · 9363c70495
parent 984d5d39ec
commit 9363c70495
5 changed files with 12 additions and 7 deletions
--- a/includes/account.php
+++ b/includes/account.php
@ -48,7 +48,7 @@
 			exit;
 		}
 		$checkemail = checkEmail($_REQUEST['newemail']);
-		if($checkemail != true)
+		if($checkemail != "OK")
 		{
 			showheader(_("My CAcert.org Account!"));
 			echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
@ -427,7 +427,7 @@
 			exit;
 		}
 		$checkemail = checkEmail($_REQUEST['newemail']);
-		if($checkemail != true)
+		if($checkemail != "OK")
 		{
 			showheader(_("My CAcert.org Account!"));
 			echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
--- a/includes/general.php
+++ b/includes/general.php
@ -88,7 +88,7 @@

 	if($_SESSION['_config']['language'] == "")
 	{
-		$bits = explode(",", strtolower(str_replace(" ", "", $_SERVER['HTTP_ACCEPT_LANGUAGE'])));
+		$bits = explode(",", strtolower(str_replace(" ", "", mysql_real_escape_string($_SERVER['HTTP_ACCEPT_LANGUAGE']))));
 		foreach($bits as $lang)
 		{
 			$b = explode(";", $lang);
@ -105,6 +105,7 @@

 		foreach($value as $key => $val)
 		{
+			$val = substr(escapeshellarg($val), 1, -1);
 			$short = substr($val, 0, 2);
 			if($val == "en" || $short == "en")
 			{
@ -624,7 +625,7 @@
 						break;
 				}
 			}
-			return true;
+			return "OK";
 		}
 		return _("Failed to make a connection to the mail server");
 	}
--- a/pages/account/43.php
+++ b/pages/account/43.php
@ -168,7 +168,10 @@
    <td class="DataTD"><?=_("Delete Account")?>:</td>
    <td class="DataTD"><a href="account.php?id=50&userid=<?=$row['id']?>"><?=_("Delete Account")?></a></td>
  </tr>
-<? if($_REQUEST['showlostpw'] != "yes") { ?>
+<?
+	// This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
+	if($_GET['showlostpw'] != "yes") {
+?>
  <tr>
    <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
  </tr>
--- a/tverify/index/0.php
+++ b/tverify/index/0.php
@ -34,7 +34,8 @@
 		$row = mysql_fetch_assoc($account);
 		$memid = $row['memid'];

-		$firstname = trim($_SERVER['SSL_CLIENT_S_DN_G']);
+		$bits = explode(" ", trim($_SERVER['SSL_CLIENT_S_DN_G']), 2);
+		$firstname = trim($bits['0']);
 		$lastname = trim($_SERVER['SSL_CLIENT_S_DN_S']);

 		$query = "select * from `users` where `fname`='$firstname' and `lname`='$lastname' and `id`='$memid'";
--- a/www/index.php
+++ b/www/index.php
@ -326,7 +326,7 @@
 		if($id == 2)
 		{
 			$checkemail = checkEmail($_SESSION['signup']['email']);
-			if($checkemail != true)
+			if($checkemail != "OK")
 			{
 				$id = 1;
 				$_SESSION['_config']['errmsg'] .= _("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."<br>\n$checkemail<br>\n";