diff -ruN phpki.orig/phpki-0.82/include/my_functions.php phpki/phpki-0.82/include/my_functions.php --- phpki.orig/phpki-0.82/include/my_functions.php 2007-01-04 04:30:26.000000000 +0100 +++ phpki/phpki-0.82/include/my_functions.php 2018-09-07 20:20:04.025808255 +0200 @@ -160,42 +160,53 @@ # Returns TRUE if argument contains only alphabetic characters. # function is_alpha($v) { - return (eregi('[^A-Z]',$v) ? false : true) ; + #return (eregi('[^A-Z]',$v) ? false : true) ; + #return (preg_match('/[^A-Z]'.'/i',$v,PCRE_CASELESS) ? false : true) ; # Replaced eregi() with preg_match() + return (preg_match('/[^A-Z]/i',$v) ? false : true) ; } # # Returns TRUE if argument contains only numeric characters. # + function is_num($v) { - return (eregi('[^0-9]',$v) ? false : true) ; + #return (eregi('[^0-9]',$v) ? false : true) ; + return (preg_match('/[^0-9]/',$v) ? false : true) ; # Replaced eregi() with preg_match() } # # Returns TRUE if argument contains only alphanumeric characters. # + function is_alnum($v) { - return (eregi('[^A-Z0-9]',$v) ? false : true) ; + #return (eregi('[^A-Z0-9]',$v) ? false : true) ; + return (preg_match('/[^A-Z0-9]/i',$v) ? false : true) ; # Replaced eregi() with preg_match() } # # Returns TRUE if argument is in proper e-mail address format. # function is_email($v) { - return (eregi('^[^@ ]+\@[^@ ]+\.[A-Z]{2,3}$',$v) ? true : false); + #return (eregi('^[^@ ]+\@[^@ ]+\.[A-Z]{2,4}$',$v) ? true : false); + return (preg_match('/^[^@ ]+\@[^@ ]+\.[A-Z]{2,4}$'.'/i',$v) ? true : false); # Replaced eregi() with preg_match() } # # Checks regexp in every element of an array, returns TRUE as soon # as a match is found. # -function eregi_array($regexp, $a) { -foreach($a as $e) { - if (eregi($regexp,$e)) return true; -} -return false; -} +function eregi_array($regexp, $arr) { + foreach ($arr as $elem) { + #if (eregi($regexp,$elem)) + if (! preg_match('/^\/.*\/$/', $regexp)) # if it doesn't begin and end with '/' + $regexp = '/'.$regexp.'/'; # pad the $regexp with '/' to prepare for preg_match() + if (preg_match($regexp.'i',$elem)) # Replaced eregi() with preg_match() + return true; + } + return false; +} # # Reads entire file into a string # Same as file_get_contents in php >= 4.3.0 diff -ruN phpki.orig/phpki-0.82/include/openssl_functions.php phpki/phpki-0.82/include/openssl_functions.php --- phpki.orig/phpki-0.82/include/openssl_functions.php 2018-09-07 20:00:25.092998046 +0200 +++ phpki/phpki-0.82/include/openssl_functions.php 2018-09-07 20:22:48.264857264 +0200 @@ -212,18 +212,22 @@ global $config; # Prepend a default status to search string if missing. - if (! ereg('^\^\[.*\]', $search)) $search = '^[VRE].*'.$search; - + #if (! ereg('^\^\[.*\]', $search)) $search = '^[VRE].*'.$search; + if (! preg_match("/^\^\[.*\]/", $search)) $search = '^[VRE].*'.$search; # Include valid certs? - if (ereg('^\^\[.*V.*\]',$search)) $inclval = true; + #if (ereg('^\^\[.*V.*\]',$search)) $inclval = true; + if (preg_match('/^\^\[.*V.*\]/',$search)) $inclval = true; # Include revoked certs? - if (ereg('^\^\[.*R.*\]',$search)) $inclrev = true; + #if (ereg('^\^\[.*R.*\]',$search)) $inclrev = true; + if (preg_match('/^\^\[.*R.*\]/',$search)) $inclrev = true; # Include expired certs? - if (ereg('^\^\[.*E.*\]',$search)) $inclexp = true; + #if (ereg('^\^\[.*E.*\]',$search)) $inclexp = true; + if (preg_match('/^\^\[.*E.*\]/',$search)) $inclexp = true; # There isn't really a status of 'E' in the openssl index. # Change (E)xpired to (V)alid within the search string. - $search = ereg_replace('^(\^\[.*)E(.*\])','\\1V\\2',$search); + #$search = ereg_replace('^(\^\[.*)E(.*\])','\\1V\\2',$search); + $search = preg_replace('/^(\^\[.*)E(.*\])/','${1}V${2}',$search); $db = array(); exec('egrep -i '.escshellarg($search).' '.$config['index'], $x); @@ -449,7 +453,9 @@ // function CA_cert_cname($serial) { global $config; - return(ereg_replace('^.*/CN=(.*)/.*','\\1',CA_cert_subject($serial))); + #return(ereg_replace('^.*/CN=(.*)/.*','\\1',CA_cert_subject($serial))); + return(preg_replace('/^.*\/CN=(.*)\/.*/','${1}',CA_cert_subject($serial))); + } // @@ -794,25 +800,32 @@ $certtext = CA_cert_text($serial); - if (ereg('OpenSSL.* (E.?mail|Personal) .*Certificate', $certtext) && ereg('Code Signing', $certtest)) { + #if (ereg('OpenSSL.* (E.?mail|Personal) .*Certificate', $certtext) && ereg('Code Signing', $certtest)) { + if (preg_match('OpenSSL.* (E.?mail|Personal) .*Certificate', $certtext) && preg_match('Code Signing', $certtest)) { $cert_type = 'email_codesigning'; } - if (ereg('OpenSSL.* (E.?mail|Personal) .*Certificate', $certtext)) { + #if (ereg('OpenSSL.* (E.?mail|Personal) .*Certificate', $certtext)) { + if (preg_match('OpenSSL.* (E.?mail|Personal) .*Certificate', $certtext)) { $cert_type = 'email'; } - elseif (ereg('OpenSSL.* Server .*Certificate', $certtext)) { + #elseif (ereg('OpenSSL.* Server .*Certificate', $certtext)) { + elseif (preg_match('OpenSSL.* Server .*Certificate', $certtext)) { $cert_type = 'server'; } - elseif (ereg('timeStamping|Time Stamping', $certtext)) { + #elseif (ereg('timeStamping|Time Stamping', $certtext)) { + elseif (preg_match('timeStamping|Time Stamping', $certtext)) { $cert_type = 'time_stamping'; } - elseif (ereg('TLS Web Client Authentication', $certtext) && ereg('TLS Web Server Authentication', $certtext)) { + #elseif (ereg('TLS Web Client Authentication', $certtext) && ereg('TLS Web Server Authentication', $certtext)) { + elseif (preg_match('TLS Web Client Authentication', $certtext) && preg_match('TLS Web Server Authentication', $certtext)) { $cert_type = 'vpn_client_server'; } - elseif (ereg('TLS Web Client Authentication', $certtext)) { + #elseif (ereg('TLS Web Client Authentication', $certtext)) { + elseif (preg_match('TLS Web Client Authentication', $certtext)) { $cert_type = 'vpn_client'; } - elseif (ereg('TLS Web Server Authentication', $certtext)) { + #elseif (ereg('TLS Web Server Authentication', $certtext)) { + elseif (preg_match('TLS Web Server Authentication', $certtext)) { $cert_type = 'vpn_server'; } else {