Update of /cvsroot/phpmychat/phpMyChat - 0.14/chat/lib
In directory usw-pr-cvs1:/tmp/cvs-serv10957/chat/lib
Modified Files:
index.lib.php3
Log Message:
Important security fix
***** Bogus filespec: -
***** Bogus filespec: 0.14/chat/lib
Index: index.lib.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat - 0.14/chat/lib/index.lib.php3,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -r1.8 -r1.9
*** index.lib.php3 2001/04/11 21:10:51 1.8
--- index.lib.php3 2001/04/20 17:05:27 1.9
***************
*** 136,141 ****
{
$DbLink->query("DELETE FROM ".C_USR_TBL." WHERE username='$U' AND room='$E'");
! if (isset($EN) && $DbLink->affected_rows() > 0) $DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($EN, '$E', 'SYS exit', '', ".time().", '', 'sprintf(L_EXIT_ROM, \"".special_char($U,$Latin1)."\")')");
! };
// If no room is specified but the main form has been posted, define the room to enter
--- 136,151 ----
{
$DbLink->query("DELETE FROM ".C_USR_TBL." WHERE username='$U' AND room='$E'");
! if ($DbLink->affected_rows() == 0)
! {
! // HACKERS Atack !!!
! unset($E);
! $Error = L_ERR_USR_10;
! }
! else
! {
! if (isset($EN))
! $DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($EN, '$E', 'SYS exit', '', ".time().", '', 'sprintf(L_EXIT_ROM, \"".special_char($U,$Latin1)."\")')");
! }
! }
// If no room is specified but the main form has been posted, define the room to enter
|
