https://bugs.koozali.org/show_bug.cgi?id=12274

            Bug ID: 12274
           Summary: string regex
    Classification: Contribs
           Product: SME Contribs
           Version: 10.0
          Hardware: ---
                OS: ---
            Status: CONFIRMED
          Severity: normal
          Priority: P3
         Component: phpki-ng
          Assignee: [email protected]
          Reporter: [email protected]
        QA Contact: [email protected]
  Target Milestone: ---

review the change  in ns_revoke_query.php


#header("Content-type: application/x-netscape-revocation");

# old Reg Ex doesnt work, new should do the work
#$regexp = "^R\t.*\t.*\t$serial\t.*\t.*$";
$regexp = "^R.*$serial.*$";

one should limit search to the serial only, not any string in the line or it
will lead to false results
V       271214045049Z           100001  unknown
/C=CA/ST=Quebec/L=r/O=r/O=c21f969b5f03d33d43e04f8f136e7682/OU=r/CN=jppialasse/[email protected]
R       271214095559Z   221214100755Z   100002  unknown
/C=CA/ST=Quebec/L=r/O=r/O=c21f969b5f03d33d43e04f8f136e7682/OU=r/CN=toot/[email protected]
V       241214100945Z           100003  unknown
/C=CA/ST=Quebec/L=r/O=r/O=c21f969b5f03d33d43e04f8f136e7682/OU=r/CN=toot/[email protected]


revoked lines have 1 more field, this could make one think the regex was wrong


also the $serial = escapeshellcmd(trim($_SERVER['QUERY_STRING']));
is wrong
https://stackoverflow.com/questions/1881582/whats-the-difference-between-escapeshellarg-and-escapeshellcmd

we know the string should be a numerical like 100001, then regex it, if wrong
reject it
escapeshellcmd is not appropriate to escap a single argument see
https://www.php.net/manual/en/function.escapeshellcmd.php
or we could just rely on is_numeric where letting 1337.0 accepted would not be
a huge risk.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

Reply via email to