cacert-gpgupload.patch (3,276 bytes)
diff -rU3 cacert.orig/pages/gpg/0.php cacert/pages/gpg/0.php
--- cacert.orig/pages/gpg/0.php 2007-01-30 15:08:15.000000000 +0100
+++ cacert/pages/gpg/0.php 2007-07-18 13:55:10.000000000 +0200
@@ -20,3 +20,11 @@
<input type="submit" name="process" value="<?=_("Submit")?>">
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
+
+<p><?=_("Alternatively, you can upload a file containing your key.")?></p>
+<p><?=_("DO NOT upload your complete keyring!")?></p>
+<form method="post" action="gpg.php" enctype="multipart/form-data">
+<input type="file" name="CSRfile">
+<input type="submit" name="process" value="<?=_("Submit")?>">
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff -rU3 cacert.orig/www/gpg.php cacert/www/gpg.php
--- cacert.orig/www/gpg.php 2007-02-07 16:51:20.000000000 +0100
+++ cacert/www/gpg.php 2007-07-18 14:41:12.000000000 +0200
@@ -28,7 +28,7 @@
if($oldid == "0")
{
- if($_REQUEST['process'] == _("Submit") && $_REQUEST['CSR'] == "")
+ if($_REQUEST['process'] == _("Submit") && $_REQUEST['CSR'] == "" && $_FILES['CSRfile']['tmp_name'] == "")
{
$_SESSION['_config']['errmsg'] = _("You failed to paste a valid GPG/PGP key.");
$id = $oldid;
@@ -38,10 +38,17 @@
$keyid="";
- if($oldid == "0" && $_REQUEST['CSR'] != "")
+ if($oldid == "0" && ($_REQUEST['CSR'] != ""
+ || $_FILES['CSRfile']['tmp_name'] != ""))
{
- $debugkey = $gpgkey = clean_csr(stripslashes($_REQUEST['CSR']));
- $debugpg = $gpg = mysql_real_escape_string(trim(`echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1`));
+ if ($_REQUEST['CSR'] != "") {
+ $debugkey = $gpgkey = clean_csr(stripslashes($_REQUEST['CSR']));
+ $debugpg = $gpg = mysql_real_escape_string(trim(`echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1`));
+ } else {
+ $debugkey = $gpgkey = $_FILES['CSRfile']['tmp_name'];
+ $debugpg = $gpg = mysql_real_escape_string(trim(`gpg --with-colons --homedir /tmp 2>&1 "$gpgkey"`));
+ echo "<pre>\n$gpgkey\n$gpg\n</pre>";
+ }
$lines = "";
$gpgarr = explode("\n", $gpg);
foreach($gpgarr as $line)
@@ -140,9 +147,13 @@
unset($oldid);
$do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug`;
}
+ if ($oldid != "0" && $_FILES['CSRfile']['tmp_name'] != "") {
+ unlink($_FILES['CSRfile']['tmp_name']);
+ }
}
- if($oldid == "0" && $_REQUEST['CSR'] != "")
+ if($oldid == "0" && ($_REQUEST['CSR'] != ""
+ || $_FILES['CSRfile']['tmp_name'] != ""))
{
$query = "insert into `gpg` set `memid`='".$_SESSION['profile']['id']."',
`email`='".mysql_real_escape_string($emailaddies['0'])."',
@@ -156,12 +167,15 @@
$cwd = '/tmp/gpgspace'.$id;
mkdir($cwd,0755);
- $fp = fopen("$cwd/gpg.csr", "w");
- fputs($fp, clean_csr(stripslashes($_REQUEST['CSR'])));
- fclose($fp);
-
-
- system("gpg --homedir $cwd --import $cwd/gpg.csr");
+ if ($_REQUEST['CSR'] != "") {
+ $fp = fopen("$cwd/gpg.csr", "w");
+ fputs($fp, clean_csr(stripslashes($_REQUEST['CSR'])));
+ fclose($fp);
+ system("gpg --homedir $cwd --import $cwd/gpg.csr");
+ } else {
+ system("gpg --homedir $cwd --import \"$gpgkey\"");
+ unlink($_FILES['CSRfile']['tmp_name']);
+ }
$descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from
