chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Security issue: Adding intval function. Headers are updated

Browse Source
skala
Julio Montoya 15 years ago
parent 36c75f1bea
commit 8d258a94f5
5 changed files with 29 additions and 24 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      main/chat/chat.php
  2. 7
      main/chat/chat_banner.php
  3. 18
      main/chat/chat_chat.php
  4. 12
      main/chat/chat_functions.lib.php
  5. 12
      main/chat/chat_message.php

4
main/chat/chat.php
Unescape View File

@ -79,7 +79,7 @@ if (api_get_setting('show_navigation_menu') != 'false') {
break;
}
}
$cidreq = $_GET['cidReq'];
$cidreq = Security::remove_XSS($_GET['cidReq']);
?>
<!DOCTYPE html
@ -103,7 +103,7 @@ if (api_get_setting('show_navigation_menu') == 'false' || !empty($open_chat_wind
}
echo '<frame src="chat_whoisonline.php?cidReq='.$cidreq.'" name="chat_whoisonline" scrolling="auto">';
echo'<frameset rows="25,15" border="1" frameborder="1" framespacing="1">';
echo '<frame src="chat_chat.php?origin='.$_GET["origin"].'&target='.$_GET["target"].'&amp;cidReq='.$cidreq.'" name="chat_chat" scrolling="auto">';
echo '<frame src="chat_chat.php?origin='.Security::remove_XSS($_GET['origin']).'&target='.Security::remove_XSS($_GET['target']).'&amp;cidReq='.$cidreq.'" name="chat_chat" scrolling="auto">';
echo '<frame src="chat_message.php?cidReq='.$cidreq.'" name="chat_message" scrolling="no">';
echo '</frameset>';
echo '<frame src="chat_hidden.php?cidReq='.$cidreq.'" name="chat_hidden" >';

7
main/chat/chat_banner.php
Unescape View File

@ -5,7 +5,7 @@
* Chamilo banner
*
* @author Olivier Brouckaert
* @chamilo chamilo.chat
* @package chamilo.chat
*/
$language_file = array ('chat');
@ -13,11 +13,6 @@ require_once '../inc/global.inc.php';
require_once api_get_path(LIBRARY_PATH).'groupmanager.lib.php';
$this_section = SECTION_COURSES;
//$interbreadcrumb[] = array ('url' => 'chat.php', 'name' => get_lang('Chat'));
//$noPHP_SELF = true;
//$shortBanner = false;
//Display::display_header(null, 'Chat');
$tool_name = get_lang('ToolChat');
// If it is a group chat then the breadcrumbs.

18
main/chat/chat_chat.php
Unescape View File

@ -24,7 +24,7 @@ $group_id = intval($_SESSION['_gid']);
if (!empty($course)) {
$reset = (bool)$_GET['reset'];
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$query = "SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$query = "SELECT username FROM $tbl_user WHERE user_id='".intval($_user['user_id'])."'";
$result = Database::query($query);
list($pseudo_user) = Database::fetch_row($result);
@ -70,7 +70,7 @@ if (!empty($course)) {
} else {
$filename_chat = 'messages-'.$date_now.'.log.html';
}
if (!file_exists($chat_path.$filename_chat)) {
@fclose(fopen($chat_path.$filename_chat, 'w'));
if (!api_is_anonymous()) {
@ -111,10 +111,14 @@ if (!empty($course)) {
update_existing_document($_course, $doc_id, 0);
}
$content = file($chat_path.$basename_chat.'.log.html');
$nbr_lines = sizeof($content);
$remove = $nbr_lines - 100;
$remove = 0;
$content = array();
if (file_exists($chat_path.$basename_chat.'.log.html')) {
$content = file($chat_path.$basename_chat.'.log.html');
$nbr_lines = sizeof($content);
$remove = $nbr_lines - 100;
}
if ($remove < 0) {
$remove = 0;
@ -128,7 +132,7 @@ if (!empty($course)) {
}
if ($_GET['origin'] == 'whoisonlinejoin') { //the joiner (we have to delete the chat request to him when he joins the chat)
$track_user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql = "update $track_user_table set chatcall_user_id = '', chatcall_date = '', chatcall_text='' where (user_id = ".$_user['user_id'].")";
$sql = "UPDATE $track_user_table set chatcall_user_id = '', chatcall_date = '', chatcall_text='' where (user_id = ".$_user['user_id'].")";
$result = Database::query($sql);
}

12
main/chat/chat_functions.lib.php
Unescape View File

@ -1,17 +1,21 @@
<?php
/* For licensing terms, see /license.txt */
/**
* @author isaac flores paz
* @package chamilo.chat
*/
/**
* @param integer
* @return void
*/
function exit_of_chat($user_id) {
$user_id = intval($user_id);
$list_course = array();
$list_course = CourseManager::get_courses_list_by_user_id($user_id);
$group_id = intval($_SESSION['id_group']);
$session_id = intval($_SESSION['id_session']);
$extra_condition = '';
if (!empty($group_id)) {
$extra_condition = " AND to_group_id = '$group_id'";
@ -38,9 +42,11 @@ function exit_of_chat($user_id) {
function user_connected_in_chat ($user_id, $database_name) {
$tbl_chat_connected = Database::get_course_chat_connected_table($database_name);
$group_id = intval($_SESSION['id_group']);
$group_id = intval($_SESSION['id_group']);
$session_id = intval($_SESSION['id_session']);
$user_id = intval($user_id);
$extra_condition = '';
if (!empty($group_id)) {
$extra_condition = " AND to_group_id = '$group_id'";
} else {

12
main/chat/chat_message.php
Unescape View File

@ -16,6 +16,7 @@ $language_file = array('chat');
require_once '../inc/global.inc.php';
require_once api_get_path(LIBRARY_PATH).'groupmanager.lib.php';
$course = api_get_course_id();
$session_id = intval($_SESSION['id_session']);
$group_id = intval($_SESSION['_gid']);
@ -66,11 +67,11 @@ if (!empty($course) && !empty($_user['user_id'])) {
/* Constants and variables */
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$sent = $_REQUEST['sent'];
$sent = $_REQUEST['sent'];
/* MAIN CODE */
$query = "SELECT lastname, firstname, username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$query = "SELECT lastname, firstname, username FROM $tbl_user WHERE user_id='".intval($_user['user_id'])."'";
$result = Database::query($query);
list($pseudo_user) = Database::fetch_row($result);
@ -79,7 +80,7 @@ if (!empty($course) && !empty($_user['user_id'])) {
$isMaster = (bool)$is_courseAdmin;
$firstname = Database::result($result, 0, 'firstname');
$lastname = Database::result($result, 0, 'lastname');
$lastname = Database::result($result, 0, 'lastname');
$date_now = date('Y-m-d');
@ -243,7 +244,7 @@ if (!empty($course) && !empty($_user['user_id'])) {
<table border="0" cellpadding="5" cellspacing="0" width="100%">
<tr>
<td width="320" valign="middle">
<textarea name="message" style="width: 320px; height: 35px" onkeydown="send_message(event);" onclick="javascript: insert_smile(this);"></textarea>
<textarea name="message" style="width: 500px; height: 35px" onkeydown="send_message(event);" onclick="javascript: insert_smile(this);"></textarea>
</td>
<td>
<button type="submit" value="<?php echo get_lang('Send'); ?>" class="background_submit"><?php echo get_lang('Send'); ?></button>
@ -287,5 +288,4 @@ if (!empty($course) && !empty($_user['user_id'])) {
</form>
<?php
}
require 'footer_frame.inc.php';
require 'footer_frame.inc.php';
Write Preview
Loading…
Cancel
Save