[phpMyChat CVS] CVS: phpMyChat-0.15/chat/lib/index_libs main_index.lib.php3,1.33,1.34 do_enter_js_work.lib.php3,1.11,1.12 do_enter_frameset.lib.php3,1.11,1.12 do_enter_db_work.lib.php3,1.18,1.19

[Lo?c C. <lo...@us...>]

Update of /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/index_libs
In directory usw-pr-cvs1:/tmp/cvs-serv15437/chat/lib/index_libs

Modified Files:
	main_index.lib.php3 do_enter_js_work.lib.php3 
	do_enter_frameset.lib.php3 do_enter_db_work.lib.php3 
Log Message:
Fixed some possibily security issues

Index: main_index.lib.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/index_libs/main_index.lib.php3,v
retrieving revision 1.33
retrieving revision 1.34
diff -C2 -r1.33 -r1.34
*** main_index.lib.php3	2001/05/28 19:54:48	1.33
--- main_index.lib.php3	2001/05/30 08:07:12	1.34
***************
*** 61,66 ****
   * in the 'chat/lib/common.lib.php3' library.
   */
! $toGrab = array('%GET', '%POST', '%COOKIE');
  pmcGrabGlobals($toGrab);
  
  // Ensures compatibilty with old releases
--- 61,70 ----
   * in the 'chat/lib/common.lib.php3' library.
   */
! $retVar						= array($defaultChatRooms, $defaultPrivateRooms);
! $toGrab						= array('%GET', '%POST', '%COOKIE');
  pmcGrabGlobals($toGrab);
+ $defaultChatRooms			= $retVar[0];
+ $defaultPrivateRooms		= $retVar[1];
+ unset($retVar);
  
  // Ensures compatibilty with old releases
***************
*** 173,176 ****
--- 177,188 ----
  		unset($submitType);
  }
+ else if (isset($targetRoom))
+ {
+ 	unset($targetRoom);
+ 	if (isset($reloading))
+ 		unset($reloading);
+ 	if (isset($submitType))
+ 		unset($submitType);
+ }
  
  // Instantiates a new pmcDB object
***************
*** 198,202 ****
  	// Defines the message to be displayed
  	if (!dbSessionIsRegistered('kicked'))
! 		$dbSessionVars['kicked'] = 0;
  	switch ($dbSessionVars['kicked'])
  	{
--- 210,215 ----
  	// Defines the message to be displayed
  	if (!dbSessionIsRegistered('kicked'))
! 		$dbSessionVars['kicked'] 	= 0;
! 	$messageKind					= '';
  	switch ($dbSessionVars['kicked'])
  	{
***************
*** 231,235 ****
  
  	// Display the message
! 	if (isset($messageKind))
  	{
  		$nickForNotifications	= pmcSlashSingleQuotes(pmcSpecialChars($slashedNick, $latin1), 2);
--- 244,248 ----
  
  	// Display the message
! 	if (!empty($messageKind))
  	{
  		$nickForNotifications	= pmcSlashSingleQuotes(pmcSpecialChars($slashedNick, $latin1), 2);
***************
*** 270,274 ****
  
  /**
!  * Prepares reloading (in case the user clicked on a room name at the message
   * frame or he/she resizes the Netscape 4+ window)
   */
--- 283,287 ----
  
  /**
!  * Prepares reloading (in case the user clicked on a room name at the users
   * frame or he/she resizes the Netscape 4+ window)
   */
***************
*** 313,316 ****
--- 326,330 ----
  	$regUserModeratedRooms	= '';
  	$wasInRoom				= '';
+ 	$previousId				= '';
  	$isCreateRoom			= false;
  
***************
*** 325,331 ****
  	{
  		// Room has to be created
! 		if (!empty($createRoomName))
  		{
  			$targetRoom		= $createRoomName;
  			$isCreateRoom	= true;
  		}
--- 339,346 ----
  	{
  		// Room has to be created
! 		if (!empty($createRoomName) && ($createRoomType == 0 || $createRoomType == 1))
  		{
  			$targetRoom		= $createRoomName;
+ 			$roomType		= $createRoomType;
  			$isCreateRoom	= true;
  		}
***************
*** 342,352 ****
  			$roomType		= 1;
  		}
! 		// If no room has been specified, defines the first room among the default
! 		// public ones as the room to enter in
! 		if (C_VERSION == 0 || empty($targetRoom))
  		{
  			$targetRoom		= $defaultChatRooms[0];
  			$roomType		= 1;
  		}
  		unset($createRoomName);
  		unset($enterOtherRoomName);
--- 357,368 ----
  			$roomType		= 1;
  		}
! 		// If no room has been specified, defines the first room among the
! 		// default public ones as the room to enter in
! 		else
  		{
  			$targetRoom		= $defaultChatRooms[0];
  			$roomType		= 1;
  		}
+ 		unset($createRoomType);
  		unset($createRoomName);
  		unset($enterOtherRoomName);
***************
*** 393,397 ****
  	if (empty($reloading))
  	{
! 		$error = pmcValidateNickAndPaswd(	$isRegUser, $regUserPerms, $regUserModeratedRooms,
  											$previousId, $wasInRoom);
  		if ($error == '')
--- 409,413 ----
  	if (empty($reloading))
  	{
! 		$error	= pmcValidateNickAndPaswd(	$isRegUser, $regUserPerms, $regUserModeratedRooms,
  											$previousId, $wasInRoom);
  		if ($error == '')
***************
*** 632,638 ****
  	// 2. grabbed from session data
  	// 3. gabbed from cookies
! 	if (!empty($GLOBALS['createRoomName']) && !empty($GLOBALS['roomType']))
  	{
! 		$layoutRoomType	= $GLOBALS['roomType'];
  		$layoutRoom		= $GLOBALS['createRoomName'];
  	}
--- 648,654 ----
  	// 2. grabbed from session data
  	// 3. gabbed from cookies
! 	if (!empty($GLOBALS['createRoomName']) && !empty($GLOBALS['createRoomType']))
  	{
! 		$layoutRoomType	= $GLOBALS['createRoomType'];
  		$layoutRoom		= $GLOBALS['createRoomName'];
  	}
***************
*** 937,941 ****
  					<td align="<?php echo($cellAlign); ?>" valign="top" class="chatCell" nowrap="nowrap">
  						<?php echo(L_SET_9 . ' ' . "\n"); ?>
! 						<select name="roomType" class="chatBox">
  							<option value="1"<?php if ($layoutRoomType == 1 && !$defaultRoomFound) echo(' selected="selected"'); ?>><?php echo(L_SET_10); ?></option>
  							<option value="0"<?php if ($layoutRoomType == 0 && !$defaultRoomFound) echo(' selected="selected"'); ?>><?php echo(L_SET_11); ?></option>
--- 953,957 ----
  					<td align="<?php echo($cellAlign); ?>" valign="top" class="chatCell" nowrap="nowrap">
  						<?php echo(L_SET_9 . ' ' . "\n"); ?>
! 						<select name="createRoomType" class="chatBox">
  							<option value="1"<?php if ($layoutRoomType == 1 && !$defaultRoomFound) echo(' selected="selected"'); ?>><?php echo(L_SET_10); ?></option>
  							<option value="0"<?php if ($layoutRoomType == 0 && !$defaultRoomFound) echo(' selected="selected"'); ?>><?php echo(L_SET_11); ?></option>

Index: do_enter_js_work.lib.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/index_libs/do_enter_js_work.lib.php3,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -r1.11 -r1.12
*** do_enter_js_work.lib.php3	2001/05/06 16:47:51	1.11
--- do_enter_js_work.lib.php3	2001/05/30 08:07:12	1.12
***************
*** 27,30 ****
--- 27,40 ----
  
  
+ /**
+  * Ensure this library is called by another of the phpMyChat scripts (fix a
+  * security hole)
+  */
+ if (!dbSessionIsRegistered('lang'))
+ {
+ 	exit();
+ }
+ 
+ 
  ?>
  <!-- Defines some js variables -->

Index: do_enter_frameset.lib.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/index_libs/do_enter_frameset.lib.php3,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -r1.11 -r1.12
*** do_enter_frameset.lib.php3	2001/05/05 09:54:58	1.11
--- do_enter_frameset.lib.php3	2001/05/30 08:07:12	1.12
***************
*** 25,28 ****
--- 25,39 ----
  
  
+ 
+ /**
+  * Ensure this library is called by another of the phpMyChat scripts (fix a
+  * security hole)
+  */
+ if (!dbSessionIsRegistered('lang'))
+ {
+ 	exit();
+ }
+ 
+ 
  /**
   * Defines some variables

Index: do_enter_db_work.lib.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/index_libs/do_enter_db_work.lib.php3,v
retrieving revision 1.18
retrieving revision 1.19
diff -C2 -r1.18 -r1.19
*** do_enter_db_work.lib.php3	2001/05/25 22:49:22	1.18
--- do_enter_db_work.lib.php3	2001/05/30 08:07:12	1.19
***************
*** 31,34 ****
--- 31,44 ----
  
  /**
+  * Ensure this library is called by another of the phpMyChat scripts (fix a
+  * security hole)
+  */
+ if (!dbSessionIsRegistered('lang'))
+ {
+ 	exit();
+ }
+ 
+ 
+ /**
   * Sets cookies that will expire in one year
   */