From b09426a18edbb29a76dcb4834f20847f018dd5bf Mon Sep 17 00:00:00 2001 From: root Date: Mon, 18 Aug 2008 11:23:07 +0000 Subject: [PATCH] Improved input checking --- includes/account.php | 43 ++++++++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/includes/account.php b/includes/account.php index 38501b9..4f1303c 100644 --- a/includes/account.php +++ b/includes/account.php @@ -125,12 +125,12 @@ $id = 2; showheader(_("My CAcert.org Account!")); $delcount = 0; - if(is_array($delid)) + if(is_array($_REQUEST['delid'])) { - foreach($delid as $id) + foreach($_REQUEST['delid'] as $id) { $id = intval($id); - $query = "select * from `email` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."' and + $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and `email`!='".$_SESSION['profile']['email']."'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) @@ -169,7 +169,7 @@ if($process != "" && $oldid == 3) { - if(!is_array($addid) && $_REQUEST['SSO'] != '1') + if(!is_array($_REQUEST['addid']) && $_REQUEST['SSO'] != '1') { showheader(_("My CAcert.org Account!")); echo _("I didn't receive a valid Certificate Request, hit the back button and try again."); @@ -179,7 +179,7 @@ $_SESSION['_config']['SSO'] = intval($_REQUEST['SSO']); - $_SESSION['_config']['addid'] = $addid; + $_SESSION['_config']['addid'] = $_REQUEST['addid']; if($_SESSION['profile']['points'] >= 50) $_SESSION['_config']['incname'] = intval($incname); if($_REQUEST['codesign'] != 0 && ($_SESSION['profile']['codesign'] == 0 || $_SESSION['profile']['points'] < 100)) @@ -223,7 +223,9 @@ { if($_REQUEST['keytype'] == "NS") { - if($_REQUEST['SPKAC'] == "" || $_REQUEST['SPKAC'] == "deadbeef") + $spkac=""; if(preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))); + + if($spkac=="" || $spkac == "deadbeef") { $id = 4; showheader(_("My CAcert.org Account!")); @@ -231,13 +233,14 @@ showfooter(); exit; } - $emailcount = 0; + $count = 0; $emails = ""; $addys = array(); + $defaultemail=""; if(is_array($_SESSION['_config']['addid'])) foreach($_SESSION['_config']['addid'] as $id) { - $res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='$id'"); + $res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='".intval($id)."'"); if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); @@ -245,7 +248,7 @@ $defaultemail = $row['email']; $emails .= "$count.emailAddress = ".$row['email']."\n"; $count++; - $addys[] = $row['id']; + $addys[] = intval($row['id']); } } if($count <= 0 && $_SESSION['_config']['SSO'] != 1) @@ -272,25 +275,25 @@ $emails .= "commonName = ".$user['fname']." ".$user['lname']." ".$user['suffix']."\n"; if($_SESSION['_config']['incname'] == 4) $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n"; - $emails .= "SPKAC = ".str_replace("\n", "", str_replace("\r", "", $_REQUEST['SPKAC'])); + $emails .= "SPKAC = $spkac"; $query = "insert into emailcerts set `CN`='$defaultemail', `keytype`='NS', - `memid`='".$_SESSION['profile']['id']."', + `memid`='".intval($_SESSION['profile']['id'])."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), - `codesign`='".$_SESSION['_config']['codesign']."', + `codesign`='".intval($_SESSION['_config']['codesign'])."', `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."', - `rootcert`='".$_SESSION['_config']['rootcert']."'"; + `rootcert`='".intval($_SESSION['_config']['rootcert'])."'"; mysql_query($query); $emailid = mysql_insert_id(); if(is_array($addys)) foreach($addys as $addy) mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); - $CSRname = $_SESSION['_config']['filepath']."/csr/client-$emailid.csr"; + $CSRname = $_SESSION['_config']['filepath']."/csr/client-".intval($emailid).".csr"; $fp = fopen($CSRname, "w"); fputs($fp, $emails); fclose($fp); - mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); + mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'"); } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") { if($csr == "") $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".trim($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n"; @@ -302,7 +305,7 @@ $addys = array(); $defaultemail = ""; - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'")); + $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'")); if(strlen($user['mname']) == 1) $user['mname'] .= '.'; if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4) @@ -318,7 +321,7 @@ if(is_array($_SESSION['_config']['addid'])) foreach($_SESSION['_config']['addid'] as $id) { - $res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='$id'"); + $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'"); if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); @@ -1267,7 +1270,9 @@ $org = $_SESSION['_config']['row']; if($_REQUEST['keytype'] == "NS") { - if($_REQUEST['SPKAC'] == "" || strlen($_REQUEST['SPKAC']) < 128) + $spkac=""; if(preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))); + + if($spkac == "" || strlen($spkac) < 128) { $id = 17; showheader(_("My CAcert.org Account!")); @@ -1300,7 +1305,7 @@ if($org['C']) $emails .= "countryName = ".$org['C']."\n"; - $emails .= "SPKAC = ".str_replace("\n", "", str_replace("\r", "", $_REQUEST['SPKAC'])); + $emails .= "SPKAC = $spkac"; $query = "insert into `orgemailcerts` set `CN`='$defaultemail', `keytype`='NS',