Menu
▾
▴
[phpMyChat CVS] CVS: phpMyChat - 0.14/chat input.php3,1.11,1.12 handle_inputH.php3,1.8,1.9
|
From: Lo?c C. <lo...@us...> - 2001-06-08 08:59:58
|
Update of /cvsroot/phpmychat/phpMyChat - 0.14/chat
In directory usw-pr-cvs1:/tmp/cvs-serv1944/chat
Modified Files:
input.php3 handle_inputH.php3
Log Message:
Fix a security issue (Alexei Shalin patch)
***** Bogus filespec: -
***** Bogus filespec: 0.14/chat
Index: input.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat - 0.14/chat/input.php3,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -r1.11 -r1.12
*** input.php3 2001/05/31 18:05:22 1.11
--- input.php3 2001/06/08 08:59:54 1.12
***************
*** 18,23 ****
};
! // Fix a security hole
! if (isset($L) && !is_dir('./localization/'.$L)) exit();
require("./config/config.lib.php3");
--- 18,31 ----
};
! // Fix some security issues
! if ((empty($From) || trim($From) == '')
! || (empty($U) || trim($U) == '')
! || (empty($R) || trim($R) == '')
! || (empty($Ver) || empty($L) || empty($N))
! || (!isset($T) || !isset($D) || !isset($O) || !isset($ST) || !isset($NT))
! || !is_dir('./localization/'.$L))
! {
! exit();
! }
require("./config/config.lib.php3");
***************
*** 45,55 ****
! // ** Updates user info in connected users tables **
! $DbLink->query("SELECT room,status FROM ".C_USR_TBL." WHERE username = '$U' LIMIT 1");
if ($DbLink->num_rows() != 0)
{
! list($room,$status) = $DbLink->next_record();
$DbLink->clean_results();
$kicked = 0;
if ($room != stripslashes($R)) // Same nick in another room
{
--- 53,70 ----
! // ** Updates user info in connected users tables and fix some security issues **
! $DbLink->query("SELECT room, status, ip FROM ".C_USR_TBL." WHERE username = '$U' LIMIT 1");
if ($DbLink->num_rows() != 0)
{
! list($room, $status, $knownIp) = $DbLink->next_record();
$DbLink->clean_results();
$kicked = 0;
+ // Security issue
+ include("./lib/get_IP.lib.php3");
+ if ($knownIp != $IP)
+ {
+ $kicked = 5;
+ }
+ // Update users info
if ($room != stripslashes($R)) // Same nick in another room
{
***************
*** 74,81 ****
{
// Kick the user from the current room
?>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
<!--
! window.parent.window.location = '<?php echo("$From?L=$L&U=".urlencode(stripslashes($U))."&E=".urlencode(stripslashes($R))."&KICKED=${kicked}"); ?>';
// -->
</SCRIPT>
--- 89,99 ----
{
// Kick the user from the current room
+ $kickedUrl = ($kicked < 5)
+ ? "$From?L=$L&U=".urlencode(stripslashes($U))."&E=".urlencode(stripslashes($R))."&KICKED=$kicked"
+ : "$From?L=$L";
?>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
<!--
! window.parent.window.location = '<?php echo($kickedUrl); ?>';
// -->
</SCRIPT>
***************
*** 88,91 ****
--- 106,119 ----
{
$DbLink->clean_results();
+ // Fix a security issue
+ ?>
+ <SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
+ <!--
+ window.parent.window.location = '<?php echo("$From?L=$L"); ?>';
+ // -->
+ </SCRIPT>
+ <?php
+ $DbLink->close();
+ exit;
};
Index: handle_inputH.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat - 0.14/chat/handle_inputH.php3,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -r1.8 -r1.9
*** handle_inputH.php3 2001/05/31 18:05:22 1.8
--- handle_inputH.php3 2001/06/08 08:59:54 1.9
***************
*** 23,28 ****
};
! // Fix a security hole
! if (isset($L) && !is_dir('./localization/'.$L)) exit();
require("./config/config.lib.php3");
--- 23,36 ----
};
! // Fix some security issues
! if ((empty($From) || trim($From) == '')
! || (empty($U) || trim($U) == '')
! || (empty($R) || trim($R) == '')
! || (empty($Ver) || empty($L) || empty($N))
! || (!isset($T) || !isset($D) || !isset($O) || !isset($ST) || !isset($NT))
! || !is_dir('./localization/'.$L))
! {
! exit();
! }
require("./config/config.lib.php3");
***************
*** 50,61 ****
! // ** Updates user info in connected users tables **
! $DbLink->query("SELECT room,status FROM ".C_USR_TBL." WHERE username = '$U' LIMIT 1");
if ($DbLink->num_rows() != 0)
{
! list($room,$status) = $DbLink->next_record();
$DbLink->clean_results();
$kicked = 0;
! if ($room != stripslashes($R)) // Same nick in another room
{
$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '$R', 'SYS exit', '', ".time().", '', 'sprintf(L_EXIT_ROM, \"".special_char($U,$Latin1)."\")')");
--- 58,76 ----
! // ** Updates user info in connected users tables and fix some security issues **
! $DbLink->query("SELECT room, status, ip FROM ".C_USR_TBL." WHERE username = '$U' LIMIT 1");
if ($DbLink->num_rows() != 0)
{
! list($room, $status, $knownIp) = $DbLink->next_record();
$DbLink->clean_results();
$kicked = 0;
! // Security issue
! include("./lib/get_IP.lib.php3");
! if ($knownIp != $IP)
! {
! $kicked = 5;
! }
! // Update users info
! elseif ($room != stripslashes($R)) // Same nick in another room
{
$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '$R', 'SYS exit', '', ".time().", '', 'sprintf(L_EXIT_ROM, \"".special_char($U,$Latin1)."\")')");
***************
*** 79,86 ****
{
// Kick the user from the current room
?>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
<!--
! window.parent.window.location = '<?php echo("$From?L=$L&U=".urlencode(stripslashes($U))."&E=".urlencode(stripslashes($R))."&KICKED=${kicked}"); ?>';
// -->
</SCRIPT>
--- 94,104 ----
{
// Kick the user from the current room
+ $kickedUrl = ($kicked < 5)
+ ? "$From?L=$L&U=".urlencode(stripslashes($U))."&E=".urlencode(stripslashes($R))."&KICKED=$kicked"
+ : "$From?L=$L";
?>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
<!--
! window.parent.window.location = '<?php echo($kickedUrl); ?>';
// -->
</SCRIPT>
***************
*** 93,96 ****
--- 111,124 ----
{
$DbLink->clean_results();
+ // Fix a security issue
+ ?>
+ <SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
+ <!--
+ window.parent.window.location = '<?php echo("$From?L=$L"); ?>';
+ // -->
+ </SCRIPT>
+ <?php
+ $DbLink->close();
+ exit;
}
|
