cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 5 Projects Releases Wiki Activity

Improved register_globals

Browse Source
pull/1/head
root 16 years ago
parent 7c70c7978a
commit f751f0139e
2 changed files with 32 additions and 22 deletions
Show Stats Download Patch File Download Diff File

48
includes/account.php
Unescape Escape View File

@ -23,10 +23,16 @@
$oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
$process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
$cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']);
$orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']);
$memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']);
$domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']);
if($id == 45 || $id == 46 || $oldid == 45 || $oldid == 46)
{
$id = 1;
unset($oldid);
$oldid=0;
}
if($process != "" && $oldid == 1)
@ -46,7 +52,7 @@
showfooter();
exit;
}
unset($oldid);
$oldid=0;
$_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
$query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0";
$res = mysql_query($query);
@ -389,7 +395,7 @@
if($oldid == 7)
{
list($newdomain, $crud) = explode(" ", $newdomain, 2);
list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
while($newdomain['0'] == '-')
$newdomain = substr($newdomain, 1);
if(strstr($newdomain, "xn--") && $_SESSION['profile']['codesign'] <= 0)
@ -408,7 +414,7 @@
$res2 = mysql_query($query);
if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2))
{
unset($oldid);
$oldid=0;
$id = 7;
showheader(_("My CAcert.org Account!"));
printf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), $newdomain);
@ -419,7 +425,7 @@
if($oldid == 7)
{
unset($oldid);
$oldid=0;
$id = 8;
$addy = array();
$adds = array();
@ -464,7 +470,7 @@
if($process != "" && $oldid == 8)
{
unset($oldid);
$oldid=0;
$id = 8;
$authaddy = trim(mysql_real_escape_string(stripslashes($_REQUEST['authaddy'])));
@ -1062,7 +1068,7 @@
{
$_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
$id = $oldid;
unset($oldid);
$oldid=0;
}
if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
@ -1071,7 +1077,7 @@
{
$_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
$id = $oldid;
unset($oldid);
$oldid=0;
}
}
@ -1095,14 +1101,14 @@
{
$_SESSION['_config']['errmsg'] .= _("First and Last name fields can not be blank.")."<br>";
$id = $oldid;
unset($oldid);
$oldid=0;
}
if($_SESSION['_config']['user']['year'] < 1900 || $_SESSION['_config']['user']['month'] < 1 || $_SESSION['_config']['user']['month'] > 12 ||
$_SESSION['_config']['user']['day'] < 1 || $_SESSION['_config']['user']['day'] > 31)
{
$_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
$id = $oldid;
unset($oldid);
$oldid=0;
}
}
}
@ -1894,13 +1900,13 @@
{
$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), $domain);
$id = $oldid;
unset($oldid);
$oldid=0;
}
}
if($oldid == 28 && $_SESSION['_config']['orgid'] <= 0)
{
unset($oldid);
$oldid=0;
$id = 25;
}
@ -1924,7 +1930,7 @@
{
$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), $domain);
$id = $oldid;
unset($oldid);
$oldid=0;
}
}
@ -2055,7 +2061,7 @@
if(mysql_num_rows($res) <= 0)
{
$id = $oldid;
unset($oldid);
$oldid=0;
$_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), $_REQUEST['email']);
} else {
$row = mysql_fetch_assoc($res);
@ -2082,7 +2088,7 @@
if($oldid == 34 || $oldid == 33)
{
unset($oldid);
$oldid=0;
$id = 32;
$orgid = 0;
}
@ -2115,7 +2121,7 @@
}
mysql_query($query);
$id = $oldid;
unset($oldid);
$oldid=0;
}
if($oldid == 41 && $_REQUEST['action'] == 'default')
@ -2266,19 +2272,19 @@
if($oldid == 42 && $_REQUEST['email'] == "")
{
$id = $oldid;
unset($oldid);
$oldid=0;
}
if($oldid == 42)
{
$id = 43;
unset($oldid);
$oldid=0;
}
if($oldid == 43 && $_REQUEST['action'] == "updatedob")
{
$id = 43;
unset($oldid);
$oldid=0;
$fname = mysql_real_escape_string($_REQUEST['fname']);
$mname = mysql_real_escape_string($_REQUEST['mname']);
$lname = mysql_real_escape_string($_REQUEST['lname']);
@ -2299,13 +2305,13 @@
if($oldid == 48 && $_REQUEST['domain'] == "")
{
$id = $oldid;
unset($oldid);
$oldid=0;
}
if($oldid == 48)
{
$id = 49;
unset($oldid);
$oldid=0;
}
if($id == 44)

6
includes/general.php
Unescape Escape View File

@ -321,7 +321,7 @@
function extractit()
{
$bits = explode(": ", $_SESSION['_config']['subject'], 2);
$bits = str_replace(", ", "|", str_replace("/", "|", $bits['1']));
$bits = str_replace(", ", "|", str_replace("/", "|", array_key_exists('1',$bits)?$bits['1']:""));
$bits = explode("|", $bits);
$_SESSION['_config']['cnc'] = $_SESSION['_config']['subaltc'] = 0;
@ -361,6 +361,8 @@
unset($_SESSION['_config']['rows']);
unset($_SESSION['_config']['rowid']);
unset($_SESSION['_config']['rejected']);
$rows=array();
$rowid=array();
for($cnc = 0; $cnc < $_SESSION['_config']['cnc']; $cnc++)
{
$CN = $_SESSION['_config']["$cnc.CN"];
@ -406,6 +408,8 @@
{
unset($_SESSION['_config']['altrows']);
unset($_SESSION['_config']['altid']);
$altrows=array();
$altid=array();
for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++)
{
$subalt = $_SESSION['_config']["$altc.subjectAltName"];

Write Preview
Loading…
Cancel
Save