cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 4 Projects Releases 2 Wiki Activity

bug #288

Browse Source
pull/1/head
root 18 years ago
parent 984d5d39ec
commit 9363c70495
5 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File

4
includes/account.php
Unescape Escape View File

@ -48,7 +48,7 @@
exit; exit;
} }
$checkemail = checkEmail($_REQUEST['newemail']); $checkemail = checkEmail($_REQUEST['newemail']);
if($checkemail != true) if($checkemail != "OK")
{ {
showheader(_("My CAcert.org Account!")); showheader(_("My CAcert.org Account!"));
echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n"; echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
@ -427,7 +427,7 @@
exit; exit;
} }
$checkemail = checkEmail($_REQUEST['newemail']); $checkemail = checkEmail($_REQUEST['newemail']);
if($checkemail != true) if($checkemail != "OK")
{ {
showheader(_("My CAcert.org Account!")); showheader(_("My CAcert.org Account!"));
echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n"; echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";

5
includes/general.php
Unescape Escape View File

@ -88,7 +88,7 @@
if($_SESSION['_config']['language'] == "") if($_SESSION['_config']['language'] == "")
{ {
$bits = explode(",", strtolower(str_replace(" ", "", $_SERVER['HTTP_ACCEPT_LANGUAGE']))); $bits = explode(",", strtolower(str_replace(" ", "", mysql_real_escape_string($_SERVER['HTTP_ACCEPT_LANGUAGE']))));
foreach($bits as $lang) foreach($bits as $lang)
{ {
$b = explode(";", $lang); $b = explode(";", $lang);
@ -105,6 +105,7 @@
foreach($value as $key => $val) foreach($value as $key => $val)
{ {
$val = substr(escapeshellarg($val), 1, -1);
$short = substr($val, 0, 2); $short = substr($val, 0, 2);
if($val == "en" || $short == "en") if($val == "en" || $short == "en")
{ {
@ -624,7 +625,7 @@
break; break;
} }
} }
return true; return "OK";
} }
return _("Failed to make a connection to the mail server"); return _("Failed to make a connection to the mail server");
} }

5
pages/account/43.php
Unescape Escape View File

@ -168,7 +168,10 @@
<td class="DataTD"><?=_("Delete Account")?>:</td> <td class="DataTD"><?=_("Delete Account")?>:</td>
<td class="DataTD"><a href="account.php?id=50&userid=<?=$row['id']?>"><?=_("Delete Account")?></a></td> <td class="DataTD"><a href="account.php?id=50&userid=<?=$row['id']?>"><?=_("Delete Account")?></a></td>
</tr> </tr>
<? if($_REQUEST['showlostpw'] != "yes") { ?> <?
// This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
if($_GET['showlostpw'] != "yes") {
?>
<tr> <tr>
<td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&showlostpw=yes"><?=_("Show Lost Password Details")?></a></td> <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
</tr> </tr>

3
tverify/index/0.php
Unescape Escape View File

@ -34,7 +34,8 @@
$row = mysql_fetch_assoc($account); $row = mysql_fetch_assoc($account);
$memid = $row['memid']; $memid = $row['memid'];
$firstname = trim($_SERVER['SSL_CLIENT_S_DN_G']); $bits = explode(" ", trim($_SERVER['SSL_CLIENT_S_DN_G']), 2);
$firstname = trim($bits['0']);
$lastname = trim($_SERVER['SSL_CLIENT_S_DN_S']); $lastname = trim($_SERVER['SSL_CLIENT_S_DN_S']);
$query = "select * from `users` where `fname`='$firstname' and `lname`='$lastname' and `id`='$memid'"; $query = "select * from `users` where `fname`='$firstname' and `lname`='$lastname' and `id`='$memid'";

2
www/index.php
Unescape Escape View File

@ -326,7 +326,7 @@
if($id == 2) if($id == 2)
{ {
$checkemail = checkEmail($_SESSION['signup']['email']); $checkemail = checkEmail($_SESSION['signup']['email']);
if($checkemail != true) if($checkemail != "OK")
{ {
$id = 1; $id = 1;
$_SESSION['_config']['errmsg'] .= _("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."<br>\n$checkemail<br>\n"; $_SESSION['_config']['errmsg'] .= _("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."<br>\n$checkemail<br>\n";

Write Preview
Loading…
Cancel
Save