Menu
▾
▴
[phpMyChat CVS] CVS: phpMyChat - 0.14/chat messagesL.php3,1.8,1.9 loader.php3,1.11,1.12 input.php3,1.15,1.16 handle_inputH.php3,1.11,1.12
|
From: Lo?c C. <lo...@us...> - 2002-04-07 16:53:49
|
Update of /cvsroot/phpmychat/phpMyChat - 0.14/chat
In directory usw-pr-cvs1:/tmp/cvs-serv19795/chat
Modified Files:
messagesL.php3 loader.php3 input.php3 handle_inputH.php3
Log Message:
Security issues fixed thanks to SeazoN
***** Bogus filespec: -
***** Bogus filespec: 0.14/chat
Index: messagesL.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat - 0.14/chat/messagesL.php3,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -r1.8 -r1.9
*** messagesL.php3 7 Dec 2001 17:04:15 -0000 1.8
--- messagesL.php3 7 Apr 2002 16:53:45 -0000 1.9
***************
*** 49,53 ****
// ** Updates user info in connected users tables **
! $DbLink->query("SELECT room,status,ip FROM ".C_USR_TBL." WHERE username = '$U' LIMIT 1");
if($DbLink->num_rows() != 0)
{
--- 49,81 ----
// ** Updates user info in connected users tables **
! // Fixed a security issue thanks to SeazoN
! if (C_REQUIRE_REGISTER && (!isset($PWD_Hash) || $PWD_Hash == ''))
! {
! exit(); // hack attack
! }
! else if (isset($PWD_Hash) && $PWD_Hash != '')
! {
! $DbLink->query( 'SELECT ' . C_USR_TBL . '.room, ' . C_USR_TBL . '.status, ' . C_USR_TBL . '.ip'
! . ' FROM ' . C_USR_TBL . ', ' . C_REG_TBL
! . ' WHERE ' . C_USR_TBL . '.username = \'' . $U . '\''
! . ' AND ' . C_REG_TBL . '.username = \'' . $U . '\''
! . ' AND ' . C_REG_TBL . '.password = \'' . $PWD_Hash . '\''
! . ' LIMIT 1');
! }
! else // C_REQUIRE_REGISTER == 0 && $PWD_Hash is empty
! {
! $DbLink->query('SELECT username FROM ' . C_REG_TBL . ' WHERE username = \'' . $U . '\' LIMIT 1');
! if ($DbLink->num_rows() == 0)
! {
! $DbLink->query('SELECT room, status, ip FROM ' . C_USR_TBL . ' WHERE username = \'' . $U . '\' LIMIT 1');
! }
! else
! {
! $DbLink->clean_results();
! $DbLink->close();
! exit(); // hack attack
! }
! }
! // End of SeazoN Fix
if($DbLink->num_rows() != 0)
{
Index: loader.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat - 0.14/chat/loader.php3,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -r1.11 -r1.12
*** loader.php3 7 Dec 2001 17:04:15 -0000 1.11
--- loader.php3 7 Apr 2002 16:53:45 -0000 1.12
***************
*** 40,48 ****
// ** Updates user info in connected users tables **;
! $DbLink->query("SELECT status,room,ip FROM ".C_USR_TBL." WHERE username = '$U' LIMIT 1");
if($DbLink->num_rows() != 0)
{
// There is a row for the user in the users table
! list($status,$room,$knownIp) = $DbLink->next_record();
$DbLink->clean_results();
$kicked = 0;
--- 40,76 ----
// ** Updates user info in connected users tables **;
! // Fixed a security issue thanks to SeazoN
! if (C_REQUIRE_REGISTER && (!isset($PWD_Hash) || $PWD_Hash == ''))
! {
! exit(); // hack attack
! }
! else if (isset($PWD_Hash) && $PWD_Hash != '')
! {
! $DbLink->query( 'SELECT ' . C_USR_TBL . '.room, ' . C_USR_TBL . '.status, ' . C_USR_TBL . '.ip'
! . ' FROM ' . C_USR_TBL . ', ' . C_REG_TBL
! . ' WHERE ' . C_USR_TBL . '.username = \'' . $U . '\''
! . ' AND ' . C_REG_TBL . '.username = \'' . $U . '\''
! . ' AND ' . C_REG_TBL . '.password = \'' . $PWD_Hash . '\''
! . ' LIMIT 1');
! }
! else // C_REQUIRE_REGISTER == 0 && $PWD_Hash is empty
! {
! $DbLink->query('SELECT username FROM ' . C_REG_TBL . ' WHERE username = \'' . $U . '\' LIMIT 1');
! if ($DbLink->num_rows() == 0)
! {
! $DbLink->query('SELECT room, status, ip FROM ' . C_USR_TBL . ' WHERE username = \'' . $U . '\' LIMIT 1');
! }
! else
! {
! $DbLink->clean_results();
! $DbLink->close();
! exit(); // hack attack
! }
! }
! // End of SeazoN Fix
if($DbLink->num_rows() != 0)
{
// There is a row for the user in the users table
! list($room,$status,$knownIp) = $DbLink->next_record();
$DbLink->clean_results();
$kicked = 0;
Index: input.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat - 0.14/chat/input.php3,v
retrieving revision 1.15
retrieving revision 1.16
diff -C2 -r1.15 -r1.16
*** input.php3 7 Dec 2001 17:04:15 -0000 1.15
--- input.php3 7 Apr 2002 16:53:45 -0000 1.16
***************
*** 54,58 ****
// ** Updates user info in connected users tables and fix some security issues **
! $DbLink->query("SELECT room, status, ip FROM ".C_USR_TBL." WHERE username = '$U' LIMIT 1");
if ($DbLink->num_rows() != 0)
{
--- 54,86 ----
// ** Updates user info in connected users tables and fix some security issues **
! // Fixed a security issue thanks to SeazoN
! if (C_REQUIRE_REGISTER && (!isset($PWD_Hash) || $PWD_Hash == ''))
! {
! exit(); // hack attack
! }
! else if (isset($PWD_Hash) && $PWD_Hash != '')
! {
! $DbLink->query( 'SELECT ' . C_USR_TBL . '.room, ' . C_USR_TBL . '.status, ' . C_USR_TBL. '.ip'
! . ' FROM ' . C_USR_TBL . ', ' . C_REG_TBL
! . ' WHERE ' . C_USR_TBL . '.username = \'' . $U . '\''
! . ' AND ' . C_REG_TBL . '.username = \'' . $U . '\''
! . ' AND ' . C_REG_TBL . '.password = \'' . $PWD_Hash . '\''
! . ' LIMIT 1');
! }
! else // C_REQUIRE_REGISTER == 0 && $PWD_Hash is empty
! {
! $DbLink->query('SELECT username FROM ' . C_REG_TBL . ' WHERE username = \'' . $U . '\' LIMIT 1');
! if ($DbLink->num_rows() == 0)
! {
! $DbLink->query('SELECT room, status, ip FROM ' . C_USR_TBL . ' WHERE username = \'' . $U . '\' LIMIT 1');
! }
! else
! {
! $DbLink->clean_results();
! $DbLink->close();
! exit(); // hack attack
! }
! }
! // End of SeazoN Fix
if ($DbLink->num_rows() != 0)
{
***************
*** 451,455 ****
if (window.parent.connect == 0)
{
! window.parent.refresh_query = "<?php echo("From=".urlencode($From)."&L=$L&U=".urlencode(stripslashes($U))."&R=".urlencode(stripslashes($R))."&T=$T&D=$D&N=$N&ST=$ST&NT=$NT".$Tmp."&First=$First"); ?>";
window.parent.force_refresh();
};
--- 479,483 ----
if (window.parent.connect == 0)
{
! window.parent.refresh_query = "<?php echo("From=".urlencode($From)."&L=$L&U=".urlencode(stripslashes($U)).(isset($PWD_Hash) ? '&PWD_Hash=' . $PWD_Hash : '')."&R=".urlencode(stripslashes($R))."&T=$T&D=$D&N=$N&ST=$ST&NT=$NT".$Tmp."&First=$First"); ?>";
window.parent.force_refresh();
};
***************
*** 459,463 ****
{
?>
! window.parent.frames['messages'].window.location = 'messagesL.php3?<?php echo("From=".urlencode($From)."&L=$L&U=".urlencode(stripslashes($U))."&R=".urlencode(stripslashes($R))."&T=$T&D=$D&N=$N&O=$O&ST=$ST&NT=$NT".$Tmp); ?>';
<?php
};
--- 487,491 ----
{
?>
! window.parent.frames['messages'].window.location = 'messagesL.php3?<?php echo("From=".urlencode($From)."&L=$L&U=".urlencode(stripslashes($U)).(isset($PWD_Hash) ? '&PWD_Hash=' . $PWD_Hash : '')."&R=".urlencode(stripslashes($R))."&T=$T&D=$D&N=$N&O=$O&ST=$ST&NT=$NT".$Tmp); ?>';
<?php
};
Index: handle_inputH.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat - 0.14/chat/handle_inputH.php3,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -r1.11 -r1.12
*** handle_inputH.php3 7 Dec 2001 17:04:15 -0000 1.11
--- handle_inputH.php3 7 Apr 2002 16:53:45 -0000 1.12
***************
*** 59,63 ****
// ** Updates user info in connected users tables and fix some security issues **
! $DbLink->query("SELECT room, status, ip FROM ".C_USR_TBL." WHERE username = '$U' LIMIT 1");
if ($DbLink->num_rows() != 0)
{
--- 59,91 ----
// ** Updates user info in connected users tables and fix some security issues **
! // Fixed a security issue thanks to SeazoN
! if (C_REQUIRE_REGISTER && (!isset($PWD_Hash) || $PWD_Hash == ''))
! {
! exit(); // hack attack
! }
! else if (isset($PWD_Hash) && $PWD_Hash != '')
! {
! $DbLink->query( 'SELECT ' . C_USR_TBL . '.room, ' . C_USR_TBL . '.status, ' . C_USR_TBL. '.ip'
! . ' FROM ' . C_USR_TBL . ', ' . C_REG_TBL
! . ' WHERE ' . C_USR_TBL . '.username = \'' . $U . '\''
! . ' AND ' . C_REG_TBL . '.username = \'' . $U . '\''
! . ' AND ' . C_REG_TBL . '.password = \'' . $PWD_Hash . '\''
! . ' LIMIT 1');
! }
! else // C_REQUIRE_REGISTER == 0 && $PWD_Hash is empty
! {
! $DbLink->query('SELECT username FROM ' . C_REG_TBL . ' WHERE username = \'' . $U . '\' LIMIT 1');
! if ($DbLink->num_rows() == 0)
! {
! $DbLink->query('SELECT room, status, ip FROM ' . C_USR_TBL . ' WHERE username = \'' . $U . '\' LIMIT 1');
! }
! else
! {
! $DbLink->clean_results();
! $DbLink->close();
! exit(); // hack attack
! }
! }
! // End of SeazoN Fix
if ($DbLink->num_rows() != 0)
{
***************
*** 314,318 ****
if (window.parent.connect == 0)
{
! window.parent.refresh_query = "<?php echo("From=".urlencode($From)."&L=$L&U=".urlencode(stripslashes($U))."&R=".urlencode(stripslashes($R))."&T=$T&D=$D&N=$N&ST=$ST&NT=$NT".$Tmp."&First=$First"); ?>";
window.parent.force_refresh();
};
--- 342,346 ----
if (window.parent.connect == 0)
{
! window.parent.refresh_query = "<?php echo("From=".urlencode($From)."&L=$L&U=".urlencode(stripslashes($U)).(isset($PWD_Hash) ? '&PWD_Hash=' . $PWD_Hash : '')."&R=".urlencode(stripslashes($R))."&T=$T&D=$D&N=$N&ST=$ST&NT=$NT".$Tmp."&First=$First"); ?>";
window.parent.force_refresh();
};
|