From c5e711ba1fdaf5b30d17bc2717e3669617b705af Mon Sep 17 00:00:00 2001
From: root <root@www.cacert.org>
Date: Sun, 23 Nov 2008 05:08:59 +0000
Subject: [PATCH] Added XSS prevention

---
 pages/account/6.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pages/account/6.php b/pages/account/6.php
index e02035d..38af8e8 100644
--- a/pages/account/6.php
+++ b/pages/account/6.php
@@ -38,7 +38,9 @@
 		{
 			header("Content-Type: application/x-x509-user-cert");
 			header("Content-Length: ".strlen($cert));
-			header('Content-Disposition: inline; filename="'.$row['CN'].'.crt"');
+			$fname=sanitizeFilename($row['CN']);
+			if($fname=="") $fname="certificate";
+			header('Content-Disposition: inline; filename="'.$fname.'.crt"');
 			echo $cert;
 			exit;
 		} else {