diff --git a/main/inc/ajax/social.ajax.php b/main/inc/ajax/social.ajax.php
index 55275edf3f..e41dff1fd8 100755
--- a/main/inc/ajax/social.ajax.php
+++ b/main/inc/ajax/social.ajax.php
@@ -249,7 +249,7 @@ switch ($action) {
$messageId = isset($_GET['id']) ? (int) $_GET['id'] : 0;
if (empty($messageId)) {
- break;
+ exit;
}
$userId = api_get_user_id();
diff --git a/main/inc/lib/chat.lib.php b/main/inc/lib/chat.lib.php
index 6a1e19f47d..868c11ce8c 100755
--- a/main/inc/lib/chat.lib.php
+++ b/main/inc/lib/chat.lib.php
@@ -510,7 +510,6 @@ class Chat extends Model
return true;
}
-
/**
* Close chat - disconnects the user.
*/
diff --git a/main/inc/lib/message.lib.php b/main/inc/lib/message.lib.php
index 82ac96f8e3..f573b5ab08 100755
--- a/main/inc/lib/message.lib.php
+++ b/main/inc/lib/message.lib.php
@@ -978,7 +978,11 @@ class MessageManager
*/
public static function update_message($user_id, $message_id)
{
- if ($message_id != strval(intval($message_id)) || $user_id != strval(intval($user_id))) {
+ $user_id = (int) $user_id;
+ $message_id = (int) $message_id;
+
+ if (empty($user_id) || empty($message_id)) {
+
return false;
}
@@ -987,32 +991,37 @@ class MessageManager
msg_status = '".MESSAGE_STATUS_NEW."'
WHERE
msg_status <> ".MESSAGE_STATUS_OUTBOX." AND
- user_receiver_id = ".intval($user_id)." AND
- id = '".intval($message_id)."'";
+ user_receiver_id = ".$user_id." AND
+ id = '".$message_id."'";
Database::query($sql);
return true;
}
/**
- * @param int $user_id
- * @param int $message_id
- * @param string $type
+ * @param int $user_id
+ * @param int $message_id
+ * @param int $type
*
* @return bool
*/
public static function update_message_status($user_id, $message_id, $type)
{
- $type = intval($type);
- if ($message_id != strval(intval($message_id)) || $user_id != strval(intval($user_id))) {
+ $user_id = (int) $user_id;
+ $message_id = (int) $message_id;
+ $type = (int) $type;
+
+ if (empty($user_id) || empty($message_id) || empty($type)) {
+
return false;
}
+
$table_message = Database::get_main_table(TABLE_MESSAGE);
$sql = "UPDATE $table_message SET
msg_status = '$type'
WHERE
- user_receiver_id = ".intval($user_id)." AND
- id = '".intval($message_id)."'";
+ user_receiver_id = ".$user_id." AND
+ id = '".$message_id."'";
Database::query($sql);
}
@@ -1026,12 +1035,17 @@ class MessageManager
*/
public static function get_message_by_user($user_id, $message_id)
{
- if ($message_id != strval(intval($message_id)) || $user_id != strval(intval($user_id))) {
+ $user_id = (int) $user_id;
+ $message_id = (int) $message_id;
+
+ if (empty($user_id) || empty($message_id)) {
+
return false;
}
+
$table = Database::get_main_table(TABLE_MESSAGE);
$query = "SELECT * FROM $table
- WHERE user_receiver_id=".intval($user_id)." AND id='".intval($message_id)."'";
+ WHERE user_receiver_id=".$user_id." AND id='".$message_id."'";
$result = Database::query($query);
return $row = Database::fetch_array($result);
@@ -1227,7 +1241,8 @@ class MessageManager
$title = Security::remove_XSS($title);
$userInfo = api_get_user_info($senderId);
if ($request === true) {
- $message[1] = ''.$userInfo['complete_name_with_username'].'';
+ $message[1] = ''.
+ $userInfo['complete_name_with_username'].'';
$message[2] = ''.str_replace(
"\\",
"",
diff --git a/main/social/download.php b/main/social/download.php
index fd14750609..9995f74d5f 100644
--- a/main/social/download.php
+++ b/main/social/download.php
@@ -52,7 +52,7 @@ if (empty($dir)) {
$file = $dir.'message_attachments/'.$attachmentInfo['path'];
$title = api_replace_dangerous_char($attachmentInfo['filename']);
-var_dump($file);
+
if (Security::check_abs_path($file, $dir.'message_attachments/')) {
// launch event
Event::event_download($file);