From 58638ba56ec9c80f4f514d6bdd4d11160a3c2ac8 Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.me>
Date: Sun, 2 May 2021 16:31:18 +0200
Subject: [PATCH] Make sure members can not read private messages of previous
 guests with the same name

---
 chat.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/chat.php b/chat.php
index 9d121ef..8650bda 100644
--- a/chat.php
+++ b/chat.php
@@ -2947,6 +2947,12 @@ function set_new_nickname() : string {
 	if($stmt->fetch(PDO::FETCH_NUM)){
 		return $I['nicknametaken'];
 	}else{
+		// Make sure members can not read private messages of previous guests with the same name
+		$stmt=$db->prepare('UPDATE ' . PREFIX . 'messages SET poster = "" WHERE poster = ? AND poststatus = 9;');
+		$stmt->execute([$_POST['newnickname']]);
+		$stmt=$db->prepare('UPDATE ' . PREFIX . 'messages SET recipient = "" WHERE recipient = ? AND poststatus = 9;');
+		$stmt->execute([$_POST['newnickname']]);
+		// change names in all tables
 		$stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET nickname=? WHERE nickname=?;');
 		$stmt->execute([$_POST['newnickname'], $U['nickname']]);
 		$stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET nickname=? WHERE nickname=?;');