danwin1210/le-chat-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix XSS vulnerability in change nickname + make it available for registered users only

Browse Source
This commit is contained in:
Daniel Winzen
2015-12-19 20:05:59 +01:00
parent ea6b97372f
commit 225249bc74
2 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@ -1,3 +1,6 @@
Version 1.15.1 - Dec. 19, 2015
Fix XSS vulnerability in change nickname + make it available for registered users only
Version 1.15 - Dec. 17, 2015
Made code reading easier for newbies
Removed inefficient memcached caching of members and ignored

19
chat.php
View File

@ -1721,13 +1721,13 @@ function send_profile($arg=''){
echo "<tr><td>&nbsp;</td><td>$I[confirmpass]</td><td><input type=\"password\" name=\"confirmpass\" size=\"20\"></td></tr>";
echo '</table></td></tr></table></td></tr>';
thr();
echo "<tr><td><table style=\"width:100%;text-align:left;\"><tr><th>$I[changenickname]</th></tr>";
echo '<tr><td><table style="border-spacing:0px;margin-left:auto;">';
echo "<tr><td>&nbsp;</td><td>$I[newnickname]</td><td><input type=\"text\" name=\"newnickname\" size=\"20\"></td></tr>";
echo "<tr><td>&nbsp;</td><td>$I[newpass]</td><td><input type=\"password\" name=\"new_pass\" size=\"20\"></td></tr>";
echo '</table></td></tr></table></td></tr>';
thr();
}
echo "<tr><td><table style=\"width:100%;text-align:left;\"><tr><th>$I[changenickname]</th></tr>";
echo '<tr><td><table style="border-spacing:0px;margin-left:auto;">';
echo "<tr><td>&nbsp;</td><td>$I[newnickname]</td><td><input type=\"text\" name=\"newnickname\" size=\"20\"></td></tr>";
echo "<tr><td>&nbsp;</td><td>$I[newpass]</td><td><input type=\"password\" name=\"new_pass\" size=\"20\"></td></tr>";
echo '</table></td></tr></table></td></tr>';
thr();
echo '<tr><td>'.submit($I['savechanges'])."</td></tr></table></form><br>$H[backtochat]</div>";
print_end();
}
@ -2432,7 +2432,7 @@ function save_profile(){
$stmt=$db->prepare("INSERT INTO $C[prefix]ignored (ign, ignby) VALUES (?, ?);");
$stmt->execute(array($_REQUEST['ignore'], $U['nickname']));
}
if(!empty($_REQUEST['newnickname'])){
if($U['status']>1 && !empty($_REQUEST['newnickname'])){
set_new_nickname();
}
if(!empty($_REQUEST['newpass']) && !valid_pass($_REQUEST['newpass'])){
@ -2446,6 +2446,9 @@ function set_new_nickname(){
if(!isSet($_REQUEST['new_pass']) || !valid_pass($_REQUEST['new_pass'])){
send_profile(sprintf($I['nopass'], get_setting('minpass')));
}
if(!valid_nick($_REQUEST['newnickname'])){
send_profile(sprintf($I['invalnick'], get_setting('maxname')));
}
$U['passhash']=md5(sha1(md5($_REQUEST['newnickname'].$_REQUEST['new_pass'])));
$stmt=$db->prepare("SELECT id FROM $C[prefix]sessions WHERE nickname=? UNION SELECT id FROM $C[prefix]members WHERE nickname=?;");
$stmt->execute(array($_REQUEST['newnickname'], $_REQUEST['newnickname']));
@ -3369,7 +3372,7 @@ function load_lang(){
function load_config(){
global $C;
$C=array(
'version' =>'1.15', // Script version
'version' =>'1.15.1', // Script version
'dbversion' =>14, // Database version
'keeplimit' =>3, // Amount of messages to keep in the database (multiplied with max messages displayed) - increase if you have many private messages
'msgencrypted' =>false, // Store messages encrypted in the database to prevent other database users from reading them - true/false - visit the setup page after editing!