diff --git a/www/api/ccsr.php b/www/api/ccsr.php index 75934ed..b2db656 100644 --- a/www/api/ccsr.php +++ b/www/api/ccsr.php @@ -59,14 +59,14 @@ $codesign = 1; $CSR = trim($_REQUEST['optionalCSR']); - $tmpname = tempnam("/tmp", "CSR"); - $tempnam = tempnam("/tmp", "CSR"); - $fp = fopen($tmpname, "w"); + $incsr = tempnam("/tmp", "ccsrIn"); + $checkedcsr = tempnam("/tmp", "ccsrOut"); + $fp = fopen($incsr, "w"); fputs($fp, $CSR); fclose($fp); - $do = `/usr/bin/openssl req -in $tmpname -out $tempnam`; - @unlink($tmpfname); - if(filesize($tempnam) <= 0) + $do = `/usr/bin/openssl req -in $incsr -out $checkedcsr`; + @unlink($incsr); + if(filesize($checkedcsr) <= 0) die("404,Invalid or missing CSR"); $csrsubject = "/CN=$name"; @@ -79,7 +79,7 @@ mysql_query($query); $certid = mysql_insert_id(); $CSRname = "/www/csr/client-$certid.csr"; - rename($tempnam, $CSRname); + rename($checkedcsr, $CSRname); mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$certid'");