From db86cb984bbd2ebbd7aa4d33c12196b5482361f4 Mon Sep 17 00:00:00 2001
From: Daniel Winzen <d@winzen4.de>
Date: Fri, 15 Apr 2016 16:07:15 +0200
Subject: [PATCH] Fix a few forms to be used cookie-less

---
 CHANGELOG |  2 ++
 chat.php  | 16 ++++++++--------
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 281f254..5fa4146 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,8 @@
+Version 1.16.4 - Apr. 15, 2016
 Properly escape some parameters
 Add caching hack for aggressively caching browsers (e.g. links)
 Improve invalid filter handling + allow new line match with \n
+Fix a few forms to be used cookie-less
 
 Version 1.16.3 - Apr. 14, 2016
 Fix warning on redirection of links without a scheme
diff --git a/chat.php b/chat.php
index 87b56d8..720742e 100644
--- a/chat.php
+++ b/chat.php
@@ -366,7 +366,7 @@ function send_access_denied(){
 	echo "<h1>$I[accessdenied]</h1>".sprintf($I['loggedinas'], style_this($U['nickname'], $U['style']));
 	echo "<br><$H[form]>$H[commonform]".hidden('action', 'logout');
 	if(!isSet($_REQUEST['session'])){
-		hidden('session', $U['session']);
+		echo hidden('session', $U['session']);
 	}
 	echo submit($I['logout'], 'id="exitbutton"')."</form>";
 	print_end();
@@ -652,18 +652,18 @@ function send_setup(){
 		echo '<table class="center-table"><tr>';
 		echo "<td><$H[form]>$H[commonform]".hidden('action', 'setup').hidden('do', 'backup');
 		if(!isSet($_REQUEST['session'])){
-			hidden('session', $U['session']);
+			echo hidden('session', $U['session']);
 		}
 		echo submit($I['backuprestore']).'</form></td>';
 		echo "<td><$H[form]>$H[commonform]".hidden('action', 'setup').hidden('do', 'destroy');
 		if(!isSet($_REQUEST['session'])){
-			hidden('session', $U['session']);
+			echo hidden('session', $U['session']);
 		}
 		echo submit($I['destroy'], 'class="delbutton"').'</form></td></tr></table><br>';
 	}
 	echo "<$H[form]>$H[commonform]".hidden('action', 'logout');
 	if(!isSet($_REQUEST['session'])){
-		hidden('session', $U['session']);
+		echo hidden('session', $U['session']);
 	}
 	echo submit($I['logout'], 'id="exitbutton"')."</form>$H[credit]";
 	print_end();
@@ -1468,12 +1468,12 @@ function send_waiting_room(){
 		echo '</p><br><br>';
 		echo "<hr><$H[form]>$H[commonform]";
 		if(!isSet($_REQUEST['session'])){
-			hidden('session', $U['session']);
+			echo hidden('session', $U['session']);
 		}
-		echo hidden('action', 'wait').submit($I['reload']).'</form><br>';
+		echo hidden('nocache', substr(time(), -6)).hidden('action', 'wait').submit($I['reload']).'</form><br>';
 		echo "<$H[form]>$H[commonform]";
 		if(!isSet($_REQUEST['session'])){
-			hidden('session', $U['session']);
+			echo hidden('session', $U['session']);
 		}
 		echo hidden('action', 'logout').submit($I['exit'], 'id="exitbutton"').'</form>';
 		$rulestxt=get_setting('rulestxt');
@@ -3493,7 +3493,7 @@ function load_lang(){
 }
 
 function load_config(){
-	define('VERSION', '1.16.3'); // Script version
+	define('VERSION', '1.16.4'); // Script version
 	define('DBVERSION', 16); // Database version
 	define('MSGENCRYPTED', false); // Store messages encrypted in the database to prevent other database users from reading them - true/false - visit the setup page after editing!
 	define('ENCRYPTKEY', 'MY_KEY'); // Encryption key for messages