danwin1210/le-chat-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check permission before selectively deleting a message.

Browse Source
This commit is contained in:
Daniel Winzen
2016-07-19 12:52:51 +02:00
parent ba35a1c8d0
commit 5c4586c04e
2 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@ -1,3 +1,6 @@
Version 1.20.5 - Jul. 19, 2016
Check permission before selectively deleting a message.
Version 1.20.4 - Jul. 12, 2016 Version 1.20.4 - Jul. 12, 2016
Third attempt to fix the same bug Third attempt to fix the same bug

18
chat.php
View File

@ -151,7 +151,7 @@ function route_admin(){
if($_REQUEST['what']==='choose'){ if($_REQUEST['what']==='choose'){
send_choose_messages(); send_choose_messages();
}elseif($_REQUEST['what']==='selected'){ }elseif($_REQUEST['what']==='selected'){
clean_selected(); clean_selected($U['status']);
}elseif($_REQUEST['what']==='room'){ }elseif($_REQUEST['what']==='room'){
clean_room(); clean_room();
}elseif($_REQUEST['what']==='nick'){ }elseif($_REQUEST['what']==='nick'){
@ -2935,7 +2935,7 @@ function add_system_message($mes){
'poster' =>'', 'poster' =>'',
'recipient' =>'', 'recipient' =>'',
'text' =>"<span class=\"sysmsg\">$mes</span>", 'text' =>"<span class=\"sysmsg\">$mes</span>",
'delstatus' =>9 'delstatus' =>4
); );
write_message($sysmessage); write_message($sysmessage);
} }
@ -2971,12 +2971,12 @@ function clean_room(){
add_system_message(sprintf($msg, get_setting('chatname'))); add_system_message(sprintf($msg, get_setting('chatname')));
} }
function clean_selected(){ function clean_selected($status){
global $db; global $db;
if(isSet($_REQUEST['mid'])){ if(isSet($_REQUEST['mid'])){
$stmt=$db->prepare('DELETE FROM ' . PREFIX . 'messages WHERE id=?;'); $stmt=$db->prepare('DELETE FROM ' . PREFIX . 'messages WHERE id=? AND (delstatus=9 OR delstatus<?);');
foreach($_REQUEST['mid'] as $mid){ foreach($_REQUEST['mid'] as $mid){
$stmt->execute(array($mid)); $stmt->execute(array($mid, $status));
} }
} }
} }
@ -3054,9 +3054,9 @@ function print_messages($delstatus=''){
$db->exec('DELETE FROM ' . PREFIX . 'messages WHERE id IN (SELECT * FROM (SELECT id FROM ' . PREFIX . "messages WHERE postdate<$expire) AS t);"); $db->exec('DELETE FROM ' . PREFIX . 'messages WHERE id IN (SELECT * FROM (SELECT id FROM ' . PREFIX . "messages WHERE postdate<$expire) AS t);");
if(!empty($delstatus)){ if(!empty($delstatus)){
$stmt=$db->prepare('SELECT postdate, id, text FROM ' . PREFIX . 'messages WHERE '. $stmt=$db->prepare('SELECT postdate, id, text FROM ' . PREFIX . 'messages WHERE '.
'id IN (SELECT * FROM (SELECT id FROM ' . PREFIX . "messages WHERE poststatus=1 ORDER BY id DESC LIMIT $messagelimit) AS t) ". '(id IN (SELECT * FROM (SELECT id FROM ' . PREFIX . "messages WHERE poststatus=1 ORDER BY id DESC LIMIT $messagelimit) AS t) ".
'OR (poststatus>1 AND (poststatus<? OR poster=? OR recipient=?) ) ORDER BY id DESC;'); 'OR (poststatus>1 AND (poststatus<? OR poster=? OR recipient=?) ) ) AND (poster=? OR recipient=? OR delstatus<?) ORDER BY id DESC;');
$stmt->execute(array($U['status'], $U['nickname'], $U['nickname'])); $stmt->execute(array($U['status'], $U['nickname'], $U['nickname'], $U['nickname'], $U['nickname'], $delstatus));
while($message=$stmt->fetch(PDO::FETCH_ASSOC)){ while($message=$stmt->fetch(PDO::FETCH_ASSOC)){
prepare_message_print($message, $injectRedirect, $redirect, $removeEmbed); prepare_message_print($message, $injectRedirect, $redirect, $removeEmbed);
echo "<div class=\"msg\"><input type=\"checkbox\" name=\"mid[]\" id=\"$message[id]\" value=\"$message[id]\"><label for=\"$message[id]\">"; echo "<div class=\"msg\"><input type=\"checkbox\" name=\"mid[]\" id=\"$message[id]\" value=\"$message[id]\"><label for=\"$message[id]\">";
@ -3748,7 +3748,7 @@ function load_lang(){
function load_config(){ function load_config(){
date_default_timezone_set('UTC'); date_default_timezone_set('UTC');
define('VERSION', '1.20.4'); // Script version define('VERSION', '1.20.5'); // Script version
define('DBVERSION', 23); // Database version define('DBVERSION', 23); // Database version
define('MSGENCRYPTED', false); // Store messages encrypted in the database to prevent other database users from reading them - true/false - visit the setup page after editing! define('MSGENCRYPTED', false); // Store messages encrypted in the database to prevent other database users from reading them - true/false - visit the setup page after editing!
define('ENCRYPTKEY', 'MY_KEY'); // Encryption key for messages define('ENCRYPTKEY', 'MY_KEY'); // Encryption key for messages