From 9837549fac12036b8127d69c05a2aefdb34c5425 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Thu, 24 Feb 2022 20:27:03 +0000
Subject: [PATCH] Escape certificate issuer when parsed from public key, values
 like [Let's Encrypt] break it otherwise

---
 post.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/post.php b/post.php
index 9cbbee9f..cee1c81e 100644
--- a/post.php
+++ b/post.php
@@ -5163,7 +5163,7 @@ if(isset($_POST['add_certificate'])){
         $public_key_obj = openssl_x509_parse($_POST['public_key']);
         if ($public_key_obj) {
             $expire = date('Y-m-d', $public_key_obj['validTo_time_t']);
-            $issued_by = strip_tags($public_key_obj['issuer']['O']);
+            $issued_by = strip_tags(mysqli_real_escape_string($mysqli,$public_key_obj['issuer']['O']));
         }
     }
 
@@ -5171,6 +5171,8 @@ if(isset($_POST['add_certificate'])){
         $expire = "0000-00-00";
     }
 
+
+
     mysqli_query($mysqli,"INSERT INTO certificates SET certificate_name = '$name', certificate_domain = '$domain', certificate_issued_by = '$issued_by', certificate_expire = '$expire', certificate_created_at = NOW(), certificate_public_key = '$public_key', certificate_domain_id = $domain_id, certificate_client_id = $client_id, company_id = $session_company_id");
 
     //Logging
@@ -5198,7 +5200,7 @@ if(isset($_POST['edit_certificate'])){
         $public_key_obj = openssl_x509_parse($_POST['public_key']);
         if ($public_key_obj) {
             $expire = date('Y-m-d', $public_key_obj['validTo_time_t']);
-            $issued_by = strip_tags($public_key_obj['issuer']['O']);
+            $issued_by = strip_tags(mysqli_real_escape_string($mysqli,$public_key_obj['issuer']['O']));
         }
     }