--- gpg.php.orig	2009-04-09 14:58:20.000000000 +0200
+++ gpg.php	2009-04-09 14:59:32.000000000 +0200
@@ -116,38 +116,11 @@
 				if($bits[6] != "")
 					$expires = 1;
 			}
-			//if(!strstr($line, "@")) continue;
-
-
-
-			$pos = strpos($bits[9], "(") - 1;
-			$nocomment = 0;
-			if($pos < 0)
-			{
-				$nocomment = 1;
-				$pos = strpos($bits[9], "<") - 1;
-			}
-			if($pos < 0)
-			{
-				$pos = strlen($bits[9]);
-			}
-			$name = trim(hex2bin(trim(substr($bits[9], 0, $pos))));
-			$nameok=verifyName($name);
-			$resulttable.="<td bgcolor='#".($nameok?"c0ffc0":"ffc0c0")."'>$name</td>";
-
-
-			if($nocomment == 0 && (strpos($bits[9],")")>$pos))
-			{
-				$pos += 2;
-				$pos2 = strpos($bits[9], ")");
-				$comm = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
-				if($comm != "")
-					$comment[] = $comm;
-				$pos = $pos2 + 3;
-			} else {
-				$pos = strpos($bits[9], "<") + 1;
-			}
+			$name="";
+			$comm="";
 			$mail="";
+			$uidformatwrong=0;
+
 			if(preg_match("/\@.*\@/",$bits[9]))
 			{
 				showheader(_("Welcome to CAcert.org"));
@@ -158,23 +131,46 @@
 				unset($oldid);
 				exit();
 			}
-                        if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) {
-				//echo "Found: ".$match[1];
-				$mail = trim(hex2bin($match[1]));
+
+
+			if(preg_match("/^([^\(\[@]+) \(([^@<>)]*)\) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches))
+			{
+			  $name=trim(hex2bin($matches[1]));
+	  		  $nameok=verifyName($name);
+			  $nocomment=0;
+			  $comm=trim(hex2bin($matches[2]));
+			  $mail=trim(hex2bin($matches[3]));
+			}
+			elseif(preg_match("/^([^\(\[@]+) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches))
+			{
+			  $name=trim(hex2bin($matches[1]));
+			  $nocomment=1;
+			  $mail=trim(hex2bin($matches[2]));
 			}
 			else
 			{
-				//echo "Not found!\n";
+				$nocomment=1;
+				$uidformatwrong=1;
 			}
-
+  		  	$nameok=verifyName($name);
 			$emailok=verifyEmail($mail);
 
-                        $resulttable.="<td bgcolor='#".($emailok?"c0ffc0":"ffc0c0")."'>$mail</td>";
+
+			if($comm != "")
+				$comment[] = $comm;
+
+			$resulttable.="<td bgcolor='#".($nameok?"c0ffc0":"ffc0c0")."'>".sanitizeHTML($name)."</td>";
+                        $resulttable.="<td bgcolor='#".($emailok?"c0ffc0":"ffc0c0")."'>".sanitizeHTML($mail)."</td>";
+
 			$uidok=0;
 			if($bits[1]=="r")
 			{
 				$rmessage=_("Error: UID is revoked");
 			}
+			elseif($uidformatwrong==1)
+			{
+				$rmessage=_("The format of the UID was not recognized. Please use 'Name (comment) &lt;email@domain>' ");
+			}
 			elseif($mail=="" and $name=="")
 			{
 				$rmessage=_("Error: Both Name and Email address are empty");