From e2e8259c685ef7b4400c61c6ead76370249c0290 Mon Sep 17 00:00:00 2001 From: Wytze van der Raay Date: Sat, 9 Aug 2014 09:13:02 +0000 Subject: [PATCH] Fix for https://bugs.cacert.org/view.php?id=1291 "Executable code can be entered in location field, executable on wot15" --- includes/notary.inc.php | 2 +- pages/wot/6.php | 12 ++++++------ www/wot.php | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/includes/notary.inc.php b/includes/notary.inc.php index f15e09e..3b8e736 100644 --- a/includes/notary.inc.php +++ b/includes/notary.inc.php @@ -502,7 +502,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00'); ?> > >%s",_("Revoked")) : $awarded?> - > + > > > _('December') ); - $fname = $row['fname']; - $mname = $row['mname']; - $lname = $row['lname']; - $suffix = $row['suffix']; + $fname = sanitizeHTML($row['fname']); + $mname = sanitizeHTML($row['mname']); + $lname = sanitizeHTML($row['lname']); + $suffix = sanitizeHTML($row['suffix']); $dob = $row['dob']; $dob_date = explode('-', $dob, 3); @@ -77,8 +77,8 @@ AssureMethodLine(_("Method"),$methods,''); AssureBoxLine("certify",sprintf(_("I certify that %s %s %s %s has appeared in person."), $fname, $mname, $lname, $suffix),array_key_exists('certify',$_POST) && $_POST['certify'] == 1); AssureBoxLine("CCAAgreed",sprintf(_("I verify that %s %s %s %s has accepted the CAcert Community Agreement."), $fname, $mname, $lname, $suffix),array_key_exists('CCAAgreed',$_POST) && $_POST['CCAAgreed'] == 1); - AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"",""); - AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"
"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD).")); + AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['location']):"",""); + AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['date']):date("Y-m-d"),"
"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD).")); AssureTextLine("",_("Only tick the next box if the Assurance was face to face.")); AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1); AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1); diff --git a/www/wot.php b/www/wot.php index 89b0aac..e6d180c 100644 --- a/www/wot.php +++ b/www/wot.php @@ -324,7 +324,7 @@ function send_reminder() $query = "select * from `users` where `id`='".intval($_SESSION['_config']['notarise']['id'])."'"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); - $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix']; + $name = sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])." ".sanitizeHTML($row['suffix']); if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash']) { show_page("VerifyData","",_("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS."));