Menu
▾
▴
[phpMyChat CVS] CVS: phpMyChat-0.15/chat/lib/commands whois.cmd.php3,1.7,1.8 save.cmd.php3,1.4,1.5 quit.cmd.php3,1.6,1.7 promote.cmd.php3,1.5,1.6 priv_msg.cmd.php3,1.5,1.6 me.cmd.php3,1.8,1.9 kick.cmd.php3,1.4,1.5 join.cmd.php3,1.7,1.8 invite.cmd.php3,1.10,1.11 ignore.cmd.php3,1.6,1.7 banish.cmd.php3,1.9,1.10 announce.cmd.php3,1.8,1.9
|
From: Lo?c C. <lo...@us...> - 2001-05-30 10:22:21
|
Update of /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/commands
In directory usw-pr-cvs1:/tmp/cvs-serv15437/chat/lib/commands
Modified Files:
whois.cmd.php3 save.cmd.php3 quit.cmd.php3 promote.cmd.php3
priv_msg.cmd.php3 me.cmd.php3 kick.cmd.php3 join.cmd.php3
invite.cmd.php3 ignore.cmd.php3 banish.cmd.php3
announce.cmd.php3
Log Message:
Fixed some possibily security issues
Index: whois.cmd.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/commands/whois.cmd.php3,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -r1.7 -r1.8
*** whois.cmd.php3 2001/04/30 22:44:57 1.7
--- whois.cmd.php3 2001/05/30 08:07:12 1.8
***************
*** 26,29 ****
--- 26,39 ----
/**
+ * Ensure this library is called by another of the phpMyChat scripts (fix a
+ * security hole)
+ */
+ if (!dbSessionIsRegistered('lang'))
+ {
+ exit();
+ }
+
+
+ /**
* Check for invalid characters in the target user name
*/
***************
*** 46,56 ****
$dbLink->cleanResults();
! // Not a registered users -> show IP if the current user is administrator
! // or moderator of the current room, or if the target user is itself
if (!$isProfile)
{
$error = sprintf(L_NONREG_USER, $cmd[1]);
! if (($dbSessionVars['status'] == 'a' || $dbSessionVars['status'] == 'm')
! || $dbSessionVars['nick'] == $cmd[1])
{
$dbLink->query("SELECT ip FROM " . C_USR_TBL . " WHERE username='" . $slashedTarget . "' LIMIT 1");
--- 56,65 ----
$dbLink->cleanResults();
! // Not a registered users -> show IP if the current user is the
! // administrator or use the command for himself
if (!$isProfile)
{
$error = sprintf(L_NONREG_USER, $cmd[1]);
! if ($dbSessionVars['status'] == 'a' || $dbSessionVars['nick'] == $cmd[1])
{
$dbLink->query("SELECT ip FROM " . C_USR_TBL . " WHERE username='" . $slashedTarget . "' LIMIT 1");
Index: save.cmd.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/commands/save.cmd.php3,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -r1.4 -r1.5
*** save.cmd.php3 2001/04/30 22:44:57 1.4
--- save.cmd.php3 2001/05/30 08:07:12 1.5
***************
*** 26,29 ****
--- 26,39 ----
/**
+ * Ensure this library is called by another of the phpMyChat scripts (fix a
+ * security hole)
+ */
+ if (!dbSessionIsRegistered('lang'))
+ {
+ exit();
+ }
+
+
+ /**
* Ensure there are some messages to save
*
Index: quit.cmd.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/commands/quit.cmd.php3,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -r1.6 -r1.7
*** quit.cmd.php3 2001/05/07 21:15:00 1.6
--- quit.cmd.php3 2001/05/30 08:07:12 1.7
***************
*** 26,29 ****
--- 26,39 ----
/**
+ * Ensure this library is called by another of the phpMyChat scripts (fix a
+ * security hole)
+ */
+ if (!dbSessionIsRegistered('lang'))
+ {
+ exit();
+ }
+
+
+ /**
* Put the message in the messages table if required
*
Index: promote.cmd.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/commands/promote.cmd.php3,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -r1.5 -r1.6
*** promote.cmd.php3 2001/04/21 19:37:39 1.5
--- promote.cmd.php3 2001/05/30 08:07:12 1.6
***************
*** 26,29 ****
--- 26,39 ----
/**
+ * Ensure this library is called by another of the phpMyChat scripts (fix a
+ * security hole)
+ */
+ if (!dbSessionIsRegistered('lang'))
+ {
+ exit();
+ }
+
+
+ /**
* Check for invalid characters in the target user name
*/
***************
*** 76,80 ****
$dbLink->query("UPDATE " . C_REG_TBL . " SET perms = 'moderator', rooms = '$slashedModeratedRooms' WHERE username = '$slashedTarget'");
! $dbLink->query("UPDATE " . C_USR_TBL . " SET status = 'm' WHERE username = '$slashedTarget'");
$msgQuery = 'INSERT INTO ' . C_MSG_TBL . ' '
. '(type, room, username, latin1, m_time, address, color, msg_original, msg_enhanced) '
--- 86,90 ----
$dbLink->query("UPDATE " . C_REG_TBL . " SET perms = 'moderator', rooms = '$slashedModeratedRooms' WHERE username = '$slashedTarget'");
! $dbLink->query("UPDATE " . C_USR_TBL . " SET status = 'm' WHERE username = '$slashedTarget' AND room = '$slashedCurrentRoomName'");
$msgQuery = 'INSERT INTO ' . C_MSG_TBL . ' '
. '(type, room, username, latin1, m_time, address, color, msg_original, msg_enhanced) '
Index: priv_msg.cmd.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/commands/priv_msg.cmd.php3,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -r1.5 -r1.6
*** priv_msg.cmd.php3 2001/05/07 21:15:00 1.5
--- priv_msg.cmd.php3 2001/05/30 08:07:12 1.6
***************
*** 25,28 ****
--- 25,38 ----
+ /**
+ * Ensure this library is called by another of the phpMyChat scripts (fix a
+ * security hole)
+ */
+ if (!dbSessionIsRegistered('lang'))
+ {
+ exit();
+ }
+
+
$cmd[2] = trim($cmd[2]);
$cmd[3] = trim($cmd[3]);
Index: me.cmd.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/commands/me.cmd.php3,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -r1.8 -r1.9
*** me.cmd.php3 2001/05/10 11:46:33 1.8
--- me.cmd.php3 2001/05/30 08:07:12 1.9
***************
*** 25,28 ****
--- 25,38 ----
+ /**
+ * Ensure this library is called by another of the phpMyChat scripts (fix a
+ * security hole)
+ */
+ if (!dbSessionIsRegistered('lang'))
+ {
+ exit();
+ }
+
+
// Store the strict original message
$strictMessage = $message;
Index: kick.cmd.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/commands/kick.cmd.php3,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -r1.4 -r1.5
*** kick.cmd.php3 2001/05/26 11:54:25 1.4
--- kick.cmd.php3 2001/05/30 08:07:12 1.5
***************
*** 26,29 ****
--- 26,39 ----
/**
+ * Ensure this library is called by another of the phpMyChat scripts (fix a
+ * security hole)
+ */
+ if (!dbSessionIsRegistered('lang'))
+ {
+ exit();
+ }
+
+
+ /**
* Check for invalid characters in the target user name
*/
Index: join.cmd.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/commands/join.cmd.php3,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -r1.7 -r1.8
*** join.cmd.php3 2001/05/25 22:49:22 1.7
--- join.cmd.php3 2001/05/30 08:07:12 1.8
***************
*** 26,29 ****
--- 26,39 ----
/**
+ * Ensure this library is called by another of the phpMyChat scripts (fix a
+ * security hole)
+ */
+ if (!dbSessionIsRegistered('lang'))
+ {
+ exit();
+ }
+
+
+ /**
* Get the swearing library and defines some variables
*
Index: invite.cmd.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/commands/invite.cmd.php3,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -r1.10 -r1.11
*** invite.cmd.php3 2001/05/26 11:54:25 1.10
--- invite.cmd.php3 2001/05/30 08:07:12 1.11
***************
*** 26,29 ****
--- 26,39 ----
/**
+ * Ensure this library is called by another of the phpMyChat scripts (fix a
+ * security hole)
+ */
+ if (!dbSessionIsRegistered('lang'))
+ {
+ exit();
+ }
+
+
+ /**
* Check for invalid characters in the target user name
*/
Index: ignore.cmd.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/commands/ignore.cmd.php3,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -r1.6 -r1.7
*** ignore.cmd.php3 2001/04/30 22:44:57 1.6
--- ignore.cmd.php3 2001/05/30 08:07:12 1.7
***************
*** 26,29 ****
--- 26,39 ----
/**
+ * Ensure this library is called by another of the phpMyChat scripts (fix a
+ * security hole)
+ */
+ if (!dbSessionIsRegistered('lang'))
+ {
+ exit();
+ }
+
+
+ /**
* Check for invalid characters in the target user name
*/
Index: banish.cmd.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/commands/banish.cmd.php3,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -r1.9 -r1.10
*** banish.cmd.php3 2001/05/26 11:54:25 1.9
--- banish.cmd.php3 2001/05/30 08:07:12 1.10
***************
*** 26,29 ****
--- 26,39 ----
/**
+ * Ensure this library is called by another of the phpMyChat scripts (fix a
+ * security hole)
+ */
+ if (!dbSessionIsRegistered('lang'))
+ {
+ exit();
+ }
+
+
+ /**
* Check for invalid characters in the target user name
*/
Index: announce.cmd.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/commands/announce.cmd.php3,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -r1.8 -r1.9
*** announce.cmd.php3 2001/05/07 21:15:00 1.8
--- announce.cmd.php3 2001/05/30 08:07:12 1.9
***************
*** 26,29 ****
--- 26,39 ----
/**
+ * Ensure this library is called by another of the phpMyChat scripts (fix a
+ * security hole)
+ */
+ if (!dbSessionIsRegistered('lang'))
+ {
+ exit();
+ }
+
+
+ /**
* The current user is administrator -> insert the message in the 'messages'
* table
|
