From: Lo?c C. <lo...@us...> - 2001-12-03 21:04:40
|
Update of /cvsroot/phpmychat/phpMyChat - 0.14/chat In directory usw-pr-cvs1:/tmp/cvs-serv14507/chat Modified Files: export.php3 Log Message: fixed a security issue ***** Bogus filespec: - ***** Bogus filespec: 0.14/chat Index: export.php3 =================================================================== RCS file: /cvsroot/phpmychat/phpMyChat - 0.14/chat/export.php3,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -r1.3 -r1.4 *** export.php3 2001/05/31 18:05:22 1.3 --- export.php3 2001/12/03 21:04:37 1.4 *************** *** 21,24 **** --- 21,40 ---- set_magic_quotes_runtime(0); + // Get IP address and check for hackers + require("./lib/get_IP.lib.php3"); + $DbLink = new DB; + $DbLink->query("SELECT count(*) FROM ".C_USR_TBL." WHERE username = '$U' AND ip = '$IP' LIMIT 1"); + list($isNotHack) = $DbLink->next_record(); + if (!$isNotHack) + { + echo 'là'; + $DbLink->close(); + exit(); + } + else + { + $DbLink->clean_results(); + } + // Translate to html special characters, and entities if message was sent with a latin 1 charset $Latin1 = ($Charset == "iso-8859-1"); |