diff --git a/en/recovery-challenge.cgi b/en/recovery-challenge.cgi
index 7985554..7c2f72f 100755
--- a/en/recovery-challenge.cgi
+++ b/en/recovery-challenge.cgi
@@ -12,7 +12,7 @@ runtime_dir=/var/log/challenges
gpg_home="$runtime_dir"/.gnupg
urldecode() { : "${*//+/ }"; echo -e "${_//%/\\x}"; }
-sig="$(urldecode "$arg_signature")"
+sig="$(urldecode "$arg_signature" | sed 's/\r//g')"
key="$(urldecode "$arg_newkey")"
if [[ $arg_username ]]; then
keyid="$(gpg --import-options show-only --import "/vm/$arg_username/.pgp.asc" 2>&1 | grep '^ ' | xargs)"
@@ -106,7 +106,7 @@ case "$arg_method" in
;;
esac
-sedcmd=" -e 's/USERNAME/$arg_username/' -e 's/CHALLENGE/$(<$runtime_dir/$arg_username)/' -e 's/KEYID/$keyid/' -e 's\\NAV\\$(php $(dirname $0)/nav.php)\\' -e 's\\FOOTER\\$($(dirname $0)/footer.cgi | sed '1,2d')\\'"
+sedcmd=" -e 's/USERNAME/$arg_username/' -e 's/CHALLENGE/$(<$runtime_dir/$arg_username)/' -e 's/KEYID/$keyid/' -e 's\\NAV\\$(php $(dirname $0)/nav.php | sed 's/\&/\\\&/g')\\' -e 's\\FOOTER\\$($(dirname $0)/footer.cgi | sed '1,2d')\\'"
sedcmd="$sedcmd $(if [[ $nokey == 1 ]]; then
printf '%s' '-e "s/NOKEY/This user has no .pgp.asc
file/"'
else
diff --git a/en/recovery-scripts/pgp/submit.html b/en/recovery-scripts/pgp/submit.html
index e0b6f96..95a7854 100644
--- a/en/recovery-scripts/pgp/submit.html
+++ b/en/recovery-scripts/pgp/submit.html
@@ -12,21 +12,21 @@
NAV
Generate your signature by going into a terminal and running the following:
-echo 'CHALLENGE' | gpg -a --detach-sig --default-key KEYID
+ echo 'CHALLENGE' | gpg -a --detach-sig --default-key KEYID
+