AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #376 from wrongecho/cert-parse 

SSL Parse - escape issued_by
This commit is contained in:
Johnny 2022-02-24 15:42:58 -05:00 committed by GitHub
parent f416d25fc7 9837549fac
commit 3bd79635ec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
post.php
View File

@ -5163,7 +5163,7 @@ if(isset($_POST['add_certificate'])){
$public_key_obj = openssl_x509_parse($_POST['public_key']); $public_key_obj = openssl_x509_parse($_POST['public_key']);
if ($public_key_obj) { if ($public_key_obj) {
$expire = date('Y-m-d', $public_key_obj['validTo_time_t']); $expire = date('Y-m-d', $public_key_obj['validTo_time_t']);
$issued_by = strip_tags($public_key_obj['issuer']['O']); $issued_by = strip_tags(mysqli_real_escape_string($mysqli,$public_key_obj['issuer']['O']));
} }
} }
@ -5171,6 +5171,8 @@ if(isset($_POST['add_certificate'])){
$expire = "0000-00-00"; $expire = "0000-00-00";
} }
mysqli_query($mysqli,"INSERT INTO certificates SET certificate_name = '$name', certificate_domain = '$domain', certificate_issued_by = '$issued_by', certificate_expire = '$expire', certificate_created_at = NOW(), certificate_public_key = '$public_key', certificate_domain_id = $domain_id, certificate_client_id = $client_id, company_id = $session_company_id"); mysqli_query($mysqli,"INSERT INTO certificates SET certificate_name = '$name', certificate_domain = '$domain', certificate_issued_by = '$issued_by', certificate_expire = '$expire', certificate_created_at = NOW(), certificate_public_key = '$public_key', certificate_domain_id = $domain_id, certificate_client_id = $client_id, company_id = $session_company_id");
//Logging //Logging
@ -5198,7 +5200,7 @@ if(isset($_POST['edit_certificate'])){
$public_key_obj = openssl_x509_parse($_POST['public_key']); $public_key_obj = openssl_x509_parse($_POST['public_key']);
if ($public_key_obj) { if ($public_key_obj) {
$expire = date('Y-m-d', $public_key_obj['validTo_time_t']); $expire = date('Y-m-d', $public_key_obj['validTo_time_t']);
$issued_by = strip_tags($public_key_obj['issuer']['O']); $issued_by = strip_tags(mysqli_real_escape_string($mysqli,$public_key_obj['issuer']['O']));
} }
} }