From d6310c201642b7fa83b8ab19c460a9d834384f87 Mon Sep 17 00:00:00 2001
From: root <root@www.cacert.org>
Date: Wed, 3 Sep 2008 18:36:33 +0000
Subject: [PATCH] Improved register_globals

---
 www/analyse.php  | 2 +-
 www/cap.php      | 2 +-
 www/disputes.php | 8 ++++----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/www/analyse.php b/www/analyse.php
index 1b277b2..73fb23a 100644
--- a/www/analyse.php
+++ b/www/analyse.php
@@ -24,7 +24,7 @@
 	
 	if($_POST['csr'] == "")
 	{ ?>
-<form method="post" action="<?=$PHP_SELF?>">
+<form method="post">
 <p>Please paste the PEM encoded certificate signing request you would like to analyze in the text area below:</p>
 <p><textarea name="csr" cols="64" rows="12"></textarea></p>
 <p><input type="submit" name="process" value="<?=_("Analyse")?>"></p>
diff --git a/www/cap.php b/www/cap.php
index 913c5be..18456a8 100644
--- a/www/cap.php
+++ b/www/cap.php
@@ -33,7 +33,7 @@
 	{
 		function Header()
 		{
-			$this->Image($_REQUEST[bw]?'images/CAcert-logo-mono-1000.png':'images/CAcert-logo-colour-1000.png',8,8,100);
+			$this->Image($_REQUEST['bw']?'images/CAcert-logo-mono-1000.png':'images/CAcert-logo-colour-1000.png',8,8,100);
 			$this->SetFont('Arial','B',14);
 			if($_SESSION['_config']['language'] == "ja_JP")
 				$this->SetFont('SJIS','',14);
diff --git a/www/disputes.php b/www/disputes.php
index 9b4471f..b816d9c 100644
--- a/www/disputes.php
+++ b/www/disputes.php
@@ -40,7 +40,7 @@
 
 		if($action == "reject")
 		{
-			mysql_query("update `disputeemail` set hash='',action='reject' where `id`='$emailid'");
+			mysql_query("update `disputeemail` set hash='',action='reject' where `id`='".intval($emailid)."'");
 			showheader(_("Email Dispute"));
 			echo _("You have opted to reject this dispute and the request will be removed from the database");
 			showfooter();
@@ -51,7 +51,7 @@
 			showheader(_("Email Dispute"));
 			echo "<p>"._("You have opted to accept this dispute and the request will now remove this email address from the existing account, and revoke any current certificates.")."</p>";
 			echo "<p>"._("The following accounts have been removed:")."<br>\n";
-			$query = "select * from `email` where `id`='$emailid' and deleted=0";
+			$query = "select * from `email` where `id`='".intval($emailid)."' and deleted=0";
 			$res = mysql_query($query);
 			if(mysql_num_rows($res) > 0)
 			{
@@ -64,10 +64,10 @@
 						group by `emailcerts`.`id`";
 				$dres = mysql_query($query);
 				while($drow = mysql_fetch_assoc($dres))
-					mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
+					mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($drow['id'])."'");
 
 				$do = `../scripts/runclient`;
-				$query = "update `email` set `deleted`=NOW() where `id`='$emailid'";
+				$query = "update `email` set `deleted`=NOW() where `id`='".intval($emailid)."'";
 				mysql_query($query);
 			}
 			mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'");