[Phpfreechat-svn] SF.net SVN: phpfreechat:[1250] trunk
Status: Beta
Brought to you by:
kerphi
From: <ke...@us...> - 2008-09-11 12:47:02
|
Revision: 1250 http://phpfreechat.svn.sourceforge.net/phpfreechat/?rev=1250&view=rev Author: kerphi Date: 2008-09-11 12:47:11 +0000 (Thu, 11 Sep 2008) Log Message: ----------- XSS security hole fix in the '/me' command. (thanks to Philipp Blaim for the report) Modified Paths: -------------- trunk/data/public/js/pfcclient.js trunk/src/commands/me.class.php Modified: trunk/data/public/js/pfcclient.js =================================================================== --- trunk/data/public/js/pfcclient.js 2008-08-01 07:17:10 UTC (rev 1249) +++ trunk/data/public/js/pfcclient.js 2008-09-11 12:47:11 UTC (rev 1250) @@ -967,7 +967,7 @@ line += '</span> '; } if (cmd == 'notice' || cmd == 'me') - line += '<span class="pfc_words">* '+ this.parseMessage(param) +'</span> '; + line += '<span class="pfc_words">* '+ sender.escapeHTML() + ' ' + this.parseMessage(param) +'</span> '; else line += '<span class="pfc_words">'+ this.parseMessage(param) +'</span> '; line += '</div>'; Modified: trunk/src/commands/me.class.php =================================================================== --- trunk/src/commands/me.class.php 2008-08-01 07:17:10 UTC (rev 1249) +++ trunk/src/commands/me.class.php 2008-09-11 12:47:11 UTC (rev 1250) @@ -30,7 +30,7 @@ } $msg = phpFreeChat::PreFilterMsg($param); - $ct->write($recipient, "*me*", $this->name, $u->getNickname()." ".$msg); + $ct->write($recipient, $sender, $this->name, $msg); } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |