[Phpfreechat-svn] SF.net SVN: phpfreechat: [485] trunk/src

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 485
Author:   kerphi
Date:     2006-04-29 10:59:27 -0700 (Sat, 29 Apr 2006)
ViewCVS:  http://svn.sourceforge.net/phpfreechat/?rev=485&view=rev

Log Message:
-----------
Now a private chat is identified by the both nicknames ids.
(it fixes a security hole : private chat takeover)

Modified Paths:
--------------
    trunk/src/commands/privmsg.class.php
    trunk/src/commands/update.class.php
    trunk/src/phpfreechat.class.php
Modified: trunk/src/commands/privmsg.class.php
===================================================================

--- trunk/src/commands/privmsg.class.php	2006-04-29 17:57:20 UTC (rev 484)
+++ trunk/src/commands/privmsg.class.php	2006-04-29 17:59:27 UTC (rev 485)
@@ -57,6 +57,7 @@
     {
       $u->privmsg[$pvrecipientid]["recipient"] = $pvrecipient;
       $u->privmsg[$pvrecipientid]["name"]      = $pvname;
+      $u->privmsg[$pvrecipientid]["pvnickid"]  = $pvnickid;
       $u->saveInCache();
 
       // clear the cached nicknames list for the given channel

Modified: trunk/src/commands/update.class.php
===================================================================
--- trunk/src/commands/update.class.php	2006-04-29 17:57:20 UTC (rev 484)
+++ trunk/src/commands/update.class.php	2006-04-29 17:59:27 UTC (rev 485)
@@ -15,12 +15,13 @@
       // -----
       // check if other user talk to me or not
       $container =& $c->getContainerInstance();
-      $pvnicks = $container->getMeta("privmsg", "nickname", $u->nick);
+      $nickid = $container->getNickId($u->nick);
+      $pvnicks = $container->getMeta("privmsg", "nickname", $nickid);
       if (is_string($pvnicks)) $pvnicks = unserialize($pvnicks);
       if (!is_array($pvnicks)) $pvnicks = array();
       for( $i=0; $i < count($pvnicks); $i++)
         $xml_reponse->addScript("pfc.handleResponse('update', 'privmsg', '".addslashes($pvnicks[$i])."');");
-      $container->rmMeta("privmsg", "nickname", $u->nick);
+      $container->rmMeta("privmsg", "nickname", $nickid);
       // -----
 
       // update the user nickname timestamp

Modified: trunk/src/phpfreechat.class.php
===================================================================
--- trunk/src/phpfreechat.class.php	2006-04-29 17:57:20 UTC (rev 484)
+++ trunk/src/phpfreechat.class.php	2006-04-29 17:59:27 UTC (rev 485)
@@ -348,14 +348,14 @@
         // alert the other from the new pv
         // (warn other user that someone talk to him)
         $container =& $c->getContainerInstance();
-        $pvs = $container->getMeta("privmsg", "nickname", $u->privmsg[$recipientid]["name"]);
+        $pvs = $container->getMeta("privmsg", "nickname", $u->privmsg[$recipientid]["pvnickid"]);
         if (is_string($pvs)) $pvs = unserialize($pvs);
         if (!is_array($pvs)) $pvs = array();
         if (!in_array($u->nick,$pvs))
         {
           $pvs[] = $u->nick;
           //          $xml_reponse->addScript("alert('pvs[]=".serialize($pvs)."');");
-          $container->setMeta(serialize($pvs), "privmsg", "nickname", $u->privmsg[$recipientid]["name"]);
+          $container->setMeta(serialize($pvs), "privmsg", "nickname", $u->privmsg[$recipientid]["pvnickid"]);
         }
       }
     }


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



