[phpMyChat CVS] CVS: phpMyChat-0.15/chat whois_popup.php3,1.14,1.15 input.php3,1.36,1.37 handle_input.php3,1.28,1.29 exit.php3,1.16,1.17 admin.php3,1.2,1.3

[Lo?c C. <lo...@us...>]

Update of /cvsroot/phpmychat/phpMyChat-0.15/chat
In directory usw-pr-cvs1:/tmp/cvs-serv15437/chat

Modified Files:
	whois_popup.php3 input.php3 handle_input.php3 exit.php3 
	admin.php3 
Log Message:
Fixed some possibily security issues

Index: whois_popup.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/whois_popup.php3,v
retrieving revision 1.14
retrieving revision 1.15
diff -C2 -r1.14 -r1.15
*** whois_popup.php3	2001/05/28 19:55:16	1.14
--- whois_popup.php3	2001/05/30 08:07:12	1.15
***************
*** 46,52 ****
   * 'chat/lib/common.lib.php3' library.
   */
  pmcGrabGlobals('%GET');
! $whoisTarget		= pmcHandleMagicQuotes($whoisTarget, '1', '', 'del');
! $slashedWhoisTarget	= pmcSlashSingleQuotes($whoisTarget);
  
  /**
--- 46,56 ----
   * 'chat/lib/common.lib.php3' library.
   */
+ $retVar					= array($defaultChatRooms, $defaultPrivateRooms);
  pmcGrabGlobals('%GET');
! $defaultChatRooms		= $retVar[0];
! $defaultPrivateRooms	= $retVar[1];
! unset($retVar);
! $whoisTarget			= pmcHandleMagicQuotes($whoisTarget, '1', '', 'del');
! $slashedWhoisTarget		= pmcSlashSingleQuotes($whoisTarget);
  
  /**
***************
*** 83,86 ****
--- 87,91 ----
   * Define the level of information the current user is allowed to see
   */
+ $whoisDbLnk = new pmcDB;
  if ($dbSessionVars['nick'] == $whoisTarget)
  {
***************
*** 96,100 ****
  
  		case 'm':	// moderator
! 			$power = 'medium';
  			break;
  
--- 101,108 ----
  
  		case 'm':	// moderator
! 			$whoisDbLnk->query("SELECT COUNT(*) FROM " . C_USR_TBL . " WHERE username = '$slashedWhoisTarget' AND room = '" . pmcSlashSingleQuotes($dbSessionVars['currentRoom']) . "'");
! 			list($isInCurrentRoom)	= $whoisDbLnk->nextRecord();
! 			$whoisDbLnk->cleanResults();
! 			$power = ($isInCurrentRoom) ? 'medium' : 'weak';
  			break;
  
***************
*** 110,114 ****
   * defined in the 'chat/lib/common.lib.php3' library.
   */
- $whoisDbLnk = new pmcDB;
  $whoisDbLnk->query("SELECT latin1, firstname, lastname, country, website, email, showemail, perms, rooms, ip, gender FROM " . C_REG_TBL . " WHERE username = '$slashedWhoisTarget' LIMIT 1");
  list($latin1, $firstname, $lastname, $country, $website, $email, $showemail, $perms, $rooms, $ip, $gender) = $whoisDbLnk->nextRecord();
--- 118,121 ----

Index: input.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/input.php3,v
retrieving revision 1.36
retrieving revision 1.37
diff -C2 -r1.36 -r1.37
*** input.php3	2001/05/26 11:54:25	1.36
--- input.php3	2001/05/30 08:07:12	1.37
***************
*** 48,59 ****
   * defined in the 'chat/lib/common.lib.php3' library.
   */
  $toGrab = array('dbSessionId', '%POST', 'cookieColor');
  pmcGrabGlobals($toGrab);
  if (!empty($msgTo))
! 	$msgTo			= pmcHandleMagicQuotes($msgTo, 1, '', 'del');
  if (!empty($prevMessage))
! 	$prevMessage	= pmcHandleMagicQuotes($prevMessage, 1, '', 'del');
  if (!empty($message))
! 	$message		= pmcHandleMagicQuotes($message, 1, '', 'del');
  
  /**
--- 48,63 ----
   * defined in the 'chat/lib/common.lib.php3' library.
   */
+ $retVar					= array($defaultChatRooms, $defaultPrivateRooms);
  $toGrab = array('dbSessionId', '%POST', 'cookieColor');
  pmcGrabGlobals($toGrab);
+ $defaultChatRooms		= $retVar[0];
+ $defaultPrivateRooms	= $retVar[1];
+ unset($retVar);
  if (!empty($msgTo))
! 	$msgTo				= pmcHandleMagicQuotes($msgTo, 1, '', 'del');
  if (!empty($prevMessage))
! 	$prevMessage		= pmcHandleMagicQuotes($prevMessage, 1, '', 'del');
  if (!empty($message))
! 	$message			= pmcHandleMagicQuotes($message, 1, '', 'del');
  
  /**

Index: handle_input.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/handle_input.php3,v
retrieving revision 1.28
retrieving revision 1.29
diff -C2 -r1.28 -r1.29
*** handle_input.php3	2001/05/26 11:54:25	1.28
--- handle_input.php3	2001/05/30 08:07:12	1.29
***************
*** 48,59 ****
   * defined in the 'chat/lib/common.lib.php3' library.
   */
  $toGrab = array('dbSessionId', '%POST', 'cookieColor');
  pmcGrabGlobals($toGrab);
  if (!empty($msgTo))
! 	$msgTo			= pmcHandleMagicQuotes($msgTo, 1, '', 'del');
  if (!empty($prevMessage))
! 	$prevMessage	= pmcHandleMagicQuotes($prevMessage, 1, '', 'del');
  if (!empty($message))
! 	$message		= pmcHandleMagicQuotes($message, 1, '', 'del');
  
  /**
--- 48,63 ----
   * defined in the 'chat/lib/common.lib.php3' library.
   */
+ $retVar					= array($defaultChatRooms, $defaultPrivateRooms);
  $toGrab = array('dbSessionId', '%POST', 'cookieColor');
  pmcGrabGlobals($toGrab);
+ $defaultChatRooms		= $retVar[0];
+ $defaultPrivateRooms	= $retVar[1];
+ unset($retVar);
  if (!empty($msgTo))
! 	$msgTo				= pmcHandleMagicQuotes($msgTo, 1, '', 'del');
  if (!empty($prevMessage))
! 	$prevMessage		= pmcHandleMagicQuotes($prevMessage, 1, '', 'del');
  if (!empty($message))
! 	$message			= pmcHandleMagicQuotes($message, 1, '', 'del');
  
  /**

Index: exit.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/exit.php3,v
retrieving revision 1.16
retrieving revision 1.17
diff -C2 -r1.16 -r1.17
*** exit.php3	2001/05/20 18:56:28	1.16
--- exit.php3	2001/05/30 08:07:12	1.17
***************
*** 45,48 ****
--- 45,49 ----
  pmcGrabGlobals('dbSessionId');
  
+ 
  /**
   * Start the session handler
***************
*** 79,82 ****
--- 80,84 ----
   */
  pmcHttpHeaders(L_CHARSET, false);
+ 
  
  /**

Index: admin.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/admin.php3,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -r1.2 -r1.3
*** admin.php3	2001/05/20 11:48:55	1.2
--- admin.php3	2001/05/30 08:07:12	1.3
***************
*** 49,62 ****
   * the 'chat/lib/common.lib.php3' library
   */
! $toGrab = array('%GET', '%POST');
  pmcGrabGlobals($toGrab);
  
  // Unslashes values of variables sent to this script
  if (!empty($authUsername))
! 	$authUsername	= pmcHandleMagicQuotes($authUsername, '1', '', 'del');
  if (!empty($authPassword))
! 	$authPassword	= pmcHandleMagicQuotes($authPassword, '1', '', 'del');
  if (!empty($submitType))
! 	$submitType		= pmcHandleMagicQuotes($submitType, '1', '', 'del');
  
  
--- 49,66 ----
   * the 'chat/lib/common.lib.php3' library
   */
! $retVar					= array($defaultChatRooms, $defaultPrivateRooms);
! $toGrab 				= array('%GET', '%POST');
  pmcGrabGlobals($toGrab);
+ $defaultChatRooms		= $retVar[0];
+ $defaultPrivateRooms	= $retVar[1];
+ unset($retVar);
  
  // Unslashes values of variables sent to this script
  if (!empty($authUsername))
! 	$authUsername		= pmcHandleMagicQuotes($authUsername, '1', '', 'del');
  if (!empty($authPassword))
! 	$authPassword		= pmcHandleMagicQuotes($authPassword, '1', '', 'del');
  if (!empty($submitType))
! 	$submitType			= pmcHandleMagicQuotes($submitType, '1', '', 'del');