danwin1210/le-chat-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

For dangerous and only-POST routes check if it is POST request.

Browse Source
This commit is contained in:
cypherbits
2020-08-05 19:15:37 +02:00
parent 463d66e11e
commit b7ff7c9eb7
1 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
chat.php
View File

@ -78,7 +78,7 @@ function route(){
send_post(validate_input()); send_post(validate_input());
} }
send_post(); send_post();
}elseif($_REQUEST['action']==='login'){ }elseif($_REQUEST['action']==='login' && isPOST()){
check_login(); check_login();
send_frameset(); send_frameset();
}elseif($_REQUEST['action']==='controls'){ }elseif($_REQUEST['action']==='controls'){
@ -87,7 +87,7 @@ function route(){
}elseif($_REQUEST['action']==='greeting'){ }elseif($_REQUEST['action']==='greeting'){
check_session(); check_session();
send_greeting(); send_greeting();
}elseif($_REQUEST['action']==='delete'){ }elseif($_REQUEST['action']==='delete' && isPOST()){
check_session(); check_session();
if($_REQUEST['what']==='all'){ if($_REQUEST['what']==='all'){
if(isset($_REQUEST['confirm'])){ if(isset($_REQUEST['confirm'])){
@ -99,7 +99,7 @@ function route(){
del_last_message(); del_last_message();
} }
send_post(); send_post();
}elseif($_REQUEST['action']==='profile'){ }elseif($_REQUEST['action']==='profile' && isPOST()){
check_session(); check_session();
$arg=''; $arg='';
if(!isset($_REQUEST['do'])){ if(!isset($_REQUEST['do'])){
@ -113,13 +113,13 @@ function route(){
} }
} }
send_profile($arg); send_profile($arg);
}elseif($_REQUEST['action']==='logout'){ }elseif($_REQUEST['action']==='logout' && isPOST()){
kill_session(); kill_session();
send_logout(); send_logout();
}elseif($_REQUEST['action']==='colours'){ }elseif($_REQUEST['action']==='colours'){
check_session(); check_session();
send_colours(); send_colours();
}elseif($_REQUEST['action']==='notes'){ }elseif($_REQUEST['action']==='notes' && isPOST()){
check_session(); check_session();
if(isset($_REQUEST['do']) && $_REQUEST['do']==='admin' && $U['status']>6){ if(isset($_REQUEST['do']) && $_REQUEST['do']==='admin' && $U['status']>6){
send_notes(0); send_notes(0);
@ -133,7 +133,7 @@ function route(){
}elseif($_REQUEST['action']==='help'){ }elseif($_REQUEST['action']==='help'){
check_session(); check_session();
send_help(); send_help();
}elseif($_REQUEST['action']==='inbox'){ }elseif($_REQUEST['action']==='inbox' && isPOST()){
check_session(); check_session();
if(isset($_REQUEST['do'])){ if(isset($_REQUEST['do'])){
clean_inbox_selected(); clean_inbox_selected();
@ -141,10 +141,10 @@ function route(){
send_inbox(); send_inbox();
}elseif($_REQUEST['action']==='download'){ }elseif($_REQUEST['action']==='download'){
send_download(); send_download();
}elseif($_REQUEST['action']==='admin'){ }elseif($_REQUEST['action']==='admin' && isPOST()){
check_session(); check_session();
send_admin(route_admin()); send_admin(route_admin());
}elseif($_REQUEST['action']==='setup'){ }elseif($_REQUEST['action']==='setup' && isPOST()){
route_setup(); route_setup();
}else{ }else{
send_login(); send_login();
@ -4205,6 +4205,10 @@ function load_lang(){
} }
} }
function isPOST(){
return $_SERVER['REQUEST_METHOD'] === 'POST';
}
function load_config(){ function load_config(){
mb_internal_encoding('UTF-8'); mb_internal_encoding('UTF-8');
define('VERSION', '1.24'); // Script version define('VERSION', '1.24'); // Script version