[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] CVS: chat body.php,1.6.2.2,1.6.2.2.2.1 index.php,1.18
From: |
Dave Hall <address@hidden> |
Subject: |
[Phpgroupware-cvs] CVS: chat body.php,1.6.2.2,1.6.2.2.2.1 index.php,1.18.2.3,1.18.2.3.2.1 load.php,1.9.2.2,1.9.2.2.2.1 messages.php,1.6.2.2,1.6.2.2.2.1 sendmsg.php,1.7.2.2,1.7.2.2.2.1 |
Date: |
Wed, 30 Apr 2003 21:19:38 -0400 |
Update of /cvsroot/phpgroupware/chat
In directory subversions:/tmp/cvs-serv26762
Modified Files:
Tag: Version-0_9_16-branch
body.php index.php load.php messages.php sendmsg.php
Log Message:
pgsql and security fixes
Index: body.php
===================================================================
RCS file: /cvsroot/phpgroupware/chat/body.php,v
retrieving revision 1.6.2.2
retrieving revision 1.6.2.2.2.1
diff -C2 -r1.6.2.2 -r1.6.2.2.2.1
*** body.php 24 Nov 2002 15:02:03 -0000 1.6.2.2
--- body.php 1 May 2003 01:19:35 -0000 1.6.2.2.2.1
***************
*** 20,32 ****
include('../header.inc.php');
- function get_var($name,$from) // a simple version
- {
- if (!is_array($from)) $from = explode(',',$from);
- while ((list(,$f) = each($from)) &&
!isset($GLOBALS['HTTP_'.$f.'_VARS'][$name])) ;
- $ret = $GLOBALS['HTTP_'.$f.'_VARS'][$name];
- //echo "HTTP_$f"."_VARS[$name]=$ret<br>\n";
- return $ret;
- }
-
$cannel = get_var('channel',array('POST','GET'));
$action = get_var('action',array('POST','GET'));
--- 20,23 ----
Index: index.php
===================================================================
RCS file: /cvsroot/phpgroupware/chat/index.php,v
retrieving revision 1.18.2.3
retrieving revision 1.18.2.3.2.1
diff -C2 -r1.18.2.3 -r1.18.2.3.2.1
*** index.php 21 Mar 2003 22:49:46 -0000 1.18.2.3
--- index.php 1 May 2003 01:19:35 -0000 1.18.2.3.2.1
***************
*** 22,51 ****
include('../header.inc.php');
! function get_var($name,$from) // a simple version
! {
! if (!is_array($from)) $from = explode(',',$from);
! while ((list(,$f) = each($from)) &&
!isset($GLOBALS['HTTP_'.$f.'_VARS'][$name])) ;
! $ret = $GLOBALS['HTTP_'.$f.'_VARS'][$name];
! //echo "HTTP_$f"."_VARS[$name]=$ret<br>";
! return $ret;
! }
! $cannel = get_var('channel',array('POST','GET'));
$action = get_var('action',array('POST','GET'));
$location = get_var('location',array('POST','GET'));
! $loginid = $GLOBALS['phpgw_info']['user']['userid'];
if ($action=='part')
{
if ($location == 'public')
{
! $GLOBALS['phpgw']->db->query("DELETE FROM
phpgw_chat_currentin WHERE loginid='$loginid' AND channel='$channel'");
}
if ($location == 'private')
{
$user2 = $channel;
! $GLOBALS['phpgw']->db->query("DELETE FROM
phpgw_chat_privatechat WHERE ((user1='$loginid' AND user2='$user2') OR
(user1='$user2' AND user2='$loginid'))");
! $GLOBALS['phpgw']->db->query("INSERT INTO
phpgw_chat_privatechat (user1,user2,sentby,message,messagetype,timesent,closed)
VALUES ('$loginid','$user2','System','This chat has been closed by
$loginid.',0,'" . time() . " ',1)");
}
! $GLOBALS['phpgw']->db->query("SELECT loginid FROM
phpgw_chat_currentin WHERE loginid='$loginid'");
if(!$GLOBALS['phpgw']->db->next_record())
{
--- 22,43 ----
include('../header.inc.php');
! $channel = $GLOBALS['phpgw']->db->db_addslashes(
get_var('channel',array('POST','GET')) );
$action = get_var('action',array('POST','GET'));
$location = get_var('location',array('POST','GET'));
! $loginid = $GLOBALS['phpgw']->db->db_addslashes(
$GLOBALS['phpgw_info']['user']['userid']);
if ($action=='part')
{
if ($location == 'public')
{
! $GLOBALS['phpgw']->db->query("DELETE FROM
phpgw_chat_currentin WHERE loginid='$loginid' AND channel='$channel'",
__LINE__, __FILE__);
}
if ($location == 'private')
{
$user2 = $channel;
! $GLOBALS['phpgw']->db->query("DELETE FROM
phpgw_chat_privatechat WHERE ((user1='$loginid' AND user2='$user2') OR
(user1='$user2' AND user2='$loginid'))", __LINE__, __FILE__);
! $GLOBALS['phpgw']->db->query("INSERT INTO
phpgw_chat_privatechat (user1,user2,sentby,message,messagetype,timesent,closed)
VALUES ('$loginid','$user2','System','This chat has been closed by
$loginid.',0,'" . time() . " ',1)", __LINE__, __FILE__);
}
! $GLOBALS['phpgw']->db->query("SELECT loginid FROM
phpgw_chat_currentin WHERE loginid='$loginid'", __LINE__, __FILE__);
if(!$GLOBALS['phpgw']->db->next_record())
{
***************
*** 100,104 ****
}
! $GLOBALS['phpgw']->db->query("SELECT * FROM phpgw_chat_privatechat
WHERE (user1='$loginid' OR user2='$loginid') AND (closed!='1' AND
messagetype='0')");
while ($GLOBALS['phpgw']->db->next_record())
{
--- 92,96 ----
}
! $GLOBALS['phpgw']->db->query("SELECT * FROM phpgw_chat_privatechat
WHERE (user1='$loginid' OR user2='$loginid') AND (closed!='1' AND
messagetype='0')", __LINE__, __FILE__);
while ($GLOBALS['phpgw']->db->next_record())
{
Index: load.php
===================================================================
RCS file: /cvsroot/phpgroupware/chat/load.php,v
retrieving revision 1.9.2.2
retrieving revision 1.9.2.2.2.1
diff -C2 -r1.9.2.2 -r1.9.2.2.2.1
*** load.php 24 Nov 2002 15:02:03 -0000 1.9.2.2
--- load.php 1 May 2003 01:19:35 -0000 1.9.2.2.2.1
***************
*** 20,31 ****
include('../header.inc.php');
- function get_var($name,$from) // a simple version
- {
- if (!is_array($from)) $from = explode(',',$from);
- while ((list(,$f) = each($from)) &&
!isset($GLOBALS['HTTP_'.$f.'_VARS'][$name])) ;
- $ret = $GLOBALS['HTTP_'.$f.'_VARS'][$name];
- //echo "HTTP_$f"."_VARS[$name]=$ret<br>\n";
- return $ret;
- }
$channel = get_var('channel',array('POST','GET'));
$action = get_var('action',array('POST','GET'));
--- 20,23 ----
***************
*** 57,64 ****
$user2 = $channel;
$location = 'private';
! $GLOBALS['phpgw']->db->query("DELETE FROM
phpgw_chat_privatechat WHERE ((user1='$loginid' AND user2='$user2') OR
(user1='$user2' AND user2='$loginid'))");
if(!$notnew)
{
! $GLOBALS['phpgw']->db->query("INSERT INTO
phpgw_chat_privatechat (user1,user2,sentby,message,messagetype,timesent,closed)
VALUES ('$loginid','$user2','System','New chat with $loginid and $user2','0','"
. $now . "','0')");
}
}
--- 49,56 ----
$user2 = $channel;
$location = 'private';
! $GLOBALS['phpgw']->db->query("DELETE FROM
phpgw_chat_privatechat WHERE ((user1='$loginid' AND user2='$user2') OR
(user1='$user2' AND user2='$loginid'))", __LINE__, __FILE__);
if(!$notnew)
{
! $GLOBALS['phpgw']->db->query("INSERT INTO
phpgw_chat_privatechat (user1,user2,sentby,message,messagetype,timesent,closed)
VALUES ('$loginid','$user2','System','New chat with $loginid and $user2','0','"
. $now . "','0')", __LINE__, __FILE__);
}
}
***************
*** 66,77 ****
if ($location != 'private')
{
! $GLOBALS['phpgw']->db->query("SELECT * FROM
phpgw_chat_currentin WHERE loginid='$loginid' AND channel='$newchannel'");
if ($GLOBALS['phpgw']->db->nf() == 0 && $newchannel)
{
! $GLOBALS['phpgw']->db->query("INSERT INTO
phpgw_chat_currentin (loginid, channel, lastmessage) VALUES
('$loginid','$newchannel','" . $now . "')");
}
else
{
! $GLOBALS['phpgw']->db->query("UPDATE
phpgw_chat_currentin SET lastmessage='" . $now . "' WHERE loginid='$loginid'
AND channel='$newchannel'");
}
}
--- 58,69 ----
if ($location != 'private')
{
! $GLOBALS['phpgw']->db->query("SELECT * FROM
phpgw_chat_currentin WHERE loginid='$loginid' AND channel='$newchannel'",
__LINE__, __FILE__);
if ($GLOBALS['phpgw']->db->nf() == 0 && $newchannel)
{
! $GLOBALS['phpgw']->db->query("INSERT INTO
phpgw_chat_currentin (loginid, channel, lastmessage) VALUES
('$loginid','$newchannel','" . $now . "')", __LINE__, __FILE__);
}
else
{
! $GLOBALS['phpgw']->db->query("UPDATE
phpgw_chat_currentin SET lastmessage='" . $now . "' WHERE loginid='$loginid'
AND channel='$newchannel'", __LINE__, __FILE__);
}
}
Index: messages.php
===================================================================
RCS file: /cvsroot/phpgroupware/chat/messages.php,v
retrieving revision 1.6.2.2
retrieving revision 1.6.2.2.2.1
diff -C2 -r1.6.2.2 -r1.6.2.2.2.1
*** messages.php 24 Nov 2002 15:02:03 -0000 1.6.2.2
--- messages.php 1 May 2003 01:19:35 -0000 1.6.2.2.2.1
***************
*** 23,34 ****
$refresh = 3;
- function get_var($name,$from) // a simple version
- {
- if (!is_array($from)) $from = explode(',',$from);
- while ((list(,$f) = each($from)) &&
!isset($GLOBALS['HTTP_'.$f.'_VARS'][$name])) ;
- $ret = $GLOBALS['HTTP_'.$f.'_VARS'][$name];
- //echo "HTTP_$f"."_VARS[$name]=$ret<br>";
- return $ret;
- }
$cannel = get_var('channel',array('POST','GET'));
$action = get_var('action',array('POST','GET'));
--- 23,26 ----
Index: sendmsg.php
===================================================================
RCS file: /cvsroot/phpgroupware/chat/sendmsg.php,v
retrieving revision 1.7.2.2
retrieving revision 1.7.2.2.2.1
diff -C2 -r1.7.2.2 -r1.7.2.2.2.1
*** sendmsg.php 24 Nov 2002 15:02:03 -0000 1.7.2.2
--- sendmsg.php 1 May 2003 01:19:35 -0000 1.7.2.2.2.1
***************
*** 20,38 ****
include('../header.inc.php');
- function get_var($name,$from) // a simple version
- {
- if (!is_array($from)) $from = explode(',',$from);
- while ((list(,$f) = each($from)) &&
!isset($GLOBALS['HTTP_'.$f.'_VARS'][$name])) ;
- $ret = $GLOBALS['HTTP_'.$f.'_VARS'][$name];
- //echo "HTTP_$f"."_VARS[$name]=$ret<br>\n";
- return $ret;
- }
-
$loginid = $GLOBALS['phpgw_info']['user']['userid'];
! $cannel = get_var('channel',array('GET','POST'));
! $action = get_var('action',array('GET','POST'));
! $location = get_var('location',array('GET','POST'));
! $message = get_var('message',array('POST','GET'));
if ($action=='post' && !empty($message))
--- 20,30 ----
include('../header.inc.php');
$loginid = $GLOBALS['phpgw_info']['user']['userid'];
! $chan_name = get_var('channel',array('GET','POST'));
! $channel = $GLOBALS['phpgw']->db->db_addslashes( $chan_name );
! $action = get_var('action',array('GET','POST'));
! $location = get_var('location',array('GET','POST'));
! $message = $GLOBALS['phpgw']->db->db_addslashes(
get_var('message',array('POST','GET')) );
if ($action=='post' && !empty($message))
***************
*** 45,50 ****
."loginid, message, messagetype,"
."timesent) values ('$channel',"
! ."'$loginid','" . addslashes($message)."','1','"
! . $now . "')");
}
else
--- 37,42 ----
."loginid, message, messagetype,"
."timesent) values ('$channel',"
! ."'$loginid','" . $message."','1','"
! . $now . "')", __LINE__, __FILE__);
}
else
***************
*** 54,59 ****
. "message, messagetype,"
. "timesent) values ('$loginid',"
! . "'$channel','$loginid','" .
addslashes($message)."','1','"
! . $now . "')");
}
}
--- 46,51 ----
. "message, messagetype,"
. "timesent) values ('$loginid',"
! . "'$channel','$loginid','" . $message."','1','"
! . $now . "')", __LINE__, __FILE__);
}
}
***************
*** 61,65 ****
echo '<html><body
onLoad="document.forms[0].message.focus();"><center>'."\n";
echo '<form name="sendmsg" method="post" action="' .
$GLOBALS['phpgw']->link('/chat/sendmsg.php') . '">'."\n";
! echo '<input type="hidden" name="channel" value="' . $channel .
'">'."\n";
echo '<input type="hidden" name="action" value="post">'."\n";
echo '<input type="hidden" name="location" value="' . $location .
'">'."\n";
--- 53,57 ----
echo '<html><body
onLoad="document.forms[0].message.focus();"><center>'."\n";
echo '<form name="sendmsg" method="post" action="' .
$GLOBALS['phpgw']->link('/chat/sendmsg.php') . '">'."\n";
! echo '<input type="hidden" name="channel" value="' . $chan_name .
'">'."\n";
echo '<input type="hidden" name="action" value="post">'."\n";
echo '<input type="hidden" name="location" value="' . $location .
'">'."\n";
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] CVS: chat body.php,1.6.2.2,1.6.2.2.2.1 index.php,1.18.2.3,1.18.2.3.2.1 load.php,1.9.2.2,1.9.2.2.2.1 messages.php,1.6.2.2,1.6.2.2.2.1 sendmsg.php,1.7.2.2,1.7.2.2.2.1,
Dave Hall <address@hidden> <=
- Prev by Date:
[Phpgroupware-cvs] CVS: phpgwapi/setup setup.inc.php,1.37.2.6.2.4,1.37.2.6.2.5 tables_current.inc.php,1.32.2.6.2.3,1.32.2.6.2.4 tables_update.inc.php,1.53.2.9.2.6,1.53.2.9.2.7
- Next by Date:
[Phpgroupware-cvs] CVS: chat index.php,1.18.2.3.2.1,1.18.2.3.2.2
- Previous by thread:
[Phpgroupware-cvs] CVS: phpgwapi/setup setup.inc.php,1.37.2.6.2.4,1.37.2.6.2.5 tables_current.inc.php,1.32.2.6.2.3,1.32.2.6.2.4 tables_update.inc.php,1.53.2.9.2.6,1.53.2.9.2.7
- Next by thread:
[Phpgroupware-cvs] CVS: chat index.php,1.18.2.3.2.1,1.18.2.3.2.2
- Index(es):