Update of /cvsroot/phpmychat/phpMyChat - 0.14/chat/lib
In directory usw-pr-cvs1:/tmp/cvs-serv12939/chat/lib
Modified Files:
banish.lib.php3 connected_users.lib.php3 frameset_def.lib.php3
index.lib.php3 release.lib.php3
Log Message:
Fix a big security hole
***** Bogus filespec: -
***** Bogus filespec: 0.14/chat/lib
Index: banish.lib.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat - 0.14/chat/lib/banish.lib.php3,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -C2 -r1.1.1.1 -r1.2
*** banish.lib.php3 2001/02/25 18:27:35 1.1.1.1
--- banish.lib.php3 2001/05/31 18:06:11 1.2
***************
*** 11,15 ****
// Get the IP of the user
! if (!isset($ChatPath)) $ChatPath = "";
if (!isset($IP) || $IP == "") include("./${ChatPath}lib/get_IP.lib.php3");
--- 11,24 ----
// Get the IP of the user
! if (!isset($ChatPath))
! {
! $ChatPath = "";
! }
! // Fix a security holes
! else if (!is_dir('./'.substr($ChatPath, 0, -1)))
! {
! exit();
! }
!
if (!isset($IP) || $IP == "") include("./${ChatPath}lib/get_IP.lib.php3");
Index: connected_users.lib.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat - 0.14/chat/lib/connected_users.lib.php3,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -r1.2 -r1.3
*** connected_users.lib.php3 2001/04/22 11:29:40 1.2
--- connected_users.lib.php3 2001/05/31 18:06:11 1.3
***************
*** 1,3 ****
--- 1,6 ----
<?php
+ // Fix a security holes
+ if (!is_dir('./'.substr($ChatPath, 0, -1))) exit();
+
require("./${ChatPath}config/config.lib.php3");
require("./${ChatPath}lib/database/".C_DB_TYPE.".lib.php3");
Index: frameset_def.lib.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat - 0.14/chat/lib/frameset_def.lib.php3,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -C2 -r1.1.1.1 -r1.2
*** frameset_def.lib.php3 2001/02/25 18:27:35 1.1.1.1
--- frameset_def.lib.php3 2001/05/31 18:06:11 1.2
***************
*** 6,9 ****
--- 6,12 ----
-------------------------------------------------------------------------------- */
+ // Fix some security holes
+ if (!is_dir('./'.substr($ChatPath, 0, -1))) exit();
+
$U1 = urlencode(stripslashes($U));
$R1 = urlencode(stripslashes($R));
Index: index.lib.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat - 0.14/chat/lib/index.lib.php3,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -r1.11 -r1.12
*** index.lib.php3 2001/05/11 18:42:25 1.11
--- index.lib.php3 2001/05/31 18:06:11 1.12
***************
*** 58,61 ****
--- 58,64 ----
};
+ // Fix some security holes
+ if (!is_dir('./'.substr($ChatPath, 0, -1)) || !is_dir('./'.$ChatPath.'localization/'.$L)) exit();
+
require("./${ChatPath}config/config.lib.php3");
require("./${ChatPath}lib/release.lib.php3");
Index: release.lib.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat - 0.14/chat/lib/release.lib.php3,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -r1.7 -r1.8
*** release.lib.php3 2001/05/15 21:44:56 1.7
--- release.lib.php3 2001/05/31 18:06:11 1.8
***************
*** 1,4 ****
<?php
define("APP_NAME", "phpMyChat"); // Application name
! define("APP_VERSION", "0.14.3"); // Application version number
?>
--- 1,4 ----
<?php
define("APP_NAME", "phpMyChat"); // Application name
! define("APP_VERSION", "0.14.4"); // Application version number
?>
|
