XSS security vulnerability fix
Fully customizable web chat created using AJAX.
Brought to you by:
frug,
madblueimp
Chat doesn't check if the logout request is POST request.
It can be abused by third party users, who can - for example - insert malicious image BBcode into their chat messages. Sending something like that: [img]example.pl/chat/?logout=true[/img] will logout all users or spam window with fast increasing number of logout&login messages.
It can be fixed by changing file "/lib/class/AjaxChat.php" -> line:
$this->_requestVars['logout'] = isset($_REQUEST['login']) ? true : false;
To:
$this->_requestVars['logout'] = isset($_POST['logout']) ? true : false;
File from 0.8.5a with fix applied
Good find.
Fixed in upcoming 0.8.6. Thanks!