Home Explore Help
Register Sign In
xoru
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Validate PGP public keys

spaghetti 7 years ago
parent
16c1e41e53
commit
fa75330612
1 changed files with 9 additions and 5 deletions
Split View Show Diff Stats
  1. 9
    5
      sections/user/2fa.php

+ 9
- 5
sections/user/2fa.php View File 

@@ -6,11 +6,15 @@ $TwoFA = new TwoFactorAuth(SITE_NAME);
6 6 
 $U2F = new u2f\U2F('https://'.SITE_DOMAIN);
7 7 
 if ($Type = $_POST['type'] ?? false) {
8 8 
   if ($Type == 'PGP') {
9 
-    $DB->query("
10 
-      UPDATE users_main
11 
-      SET PublicKey = '".db_string($_POST['publickey'])."'
12 
-      WHERE ID = $UserID");
13 
-    $Message = 'Public key '.(empty($_POST['publickey']) ? 'removed' : 'updated') ;
9 
+    if (!empty($_POST['publickey']) && (strpos($_POST['publickey'], 'BEGIN PGP PUBLIC KEY BLOCK') === false || strpos($_POST['publickey'], 'END PGP PUBLIC KEY BLOCK') === false)) {
10 
+      $Error = "Invalid PGP public key";
11 
+    } else {
12 
+      $DB->query("
13 
+        UPDATE users_main
14 
+        SET PublicKey = '".db_string($_POST['publickey'])."'
15 
+        WHERE ID = $UserID");
16 
+      $Message = 'Public key '.(empty($_POST['publickey']) ? 'removed' : 'updated') ;
17 
+    }
14 18 
   }
15 19 
   if ($Type == '2FA-E') {
16 20 
     if ($TwoFA->verifyCode($_POST['twofasecret'], $_POST['twofa'])) {

Write Preview
Loading…
Cancel
Save