aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul S. Owen <psotfx@users.sourceforge.net>2001-06-13 23:46:00 +0000
committerPaul S. Owen <psotfx@users.sourceforge.net>2001-06-13 23:46:00 +0000
commit2aa9f560456140e6e2dd7b262f8d5224d925b2b0 (patch)
treefa0595ffd0d3138b2af54b3b5738ce9780480d12
parent3c1611283640c6e8b5d318de944d29dcb4a892af (diff)
downloadforums-2aa9f560456140e6e2dd7b262f8d5224d925b2b0.tar
forums-2aa9f560456140e6e2dd7b262f8d5224d925b2b0.tar.gz
forums-2aa9f560456140e6e2dd7b262f8d5224d925b2b0.tar.bz2
forums-2aa9f560456140e6e2dd7b262f8d5224d925b2b0.tar.xz
forums-2aa9f560456140e6e2dd7b262f8d5224d925b2b0.zip
Possible security hole closed and a couple of fixes
git-svn-id: file:///svn/phpbb/trunk@491 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat
-rw-r--r--phpBB/privmsg.php52
1 files changed, 43 insertions, 9 deletions
diff --git a/phpBB/privmsg.php b/phpBB/privmsg.php
index b07b594f6e..2d4437d755 100644
--- a/phpBB/privmsg.php
+++ b/phpBB/privmsg.php
@@ -64,14 +64,24 @@ if($mode == "read")
// Error out
}
+
+ if(!$userdata['session_logged_in'])
+ {
+ header("Location: " . append_sid("login.$phpEx?forward_page=privmsg.$phpEx&folder=$folder&mode=$mode&" . POST_POST_URL . "=$privmsgs_id"));
+ }
+
if(!empty($HTTP_GET_VARS['folder']))
{
- $folder = $HTTP_GET_VARS['folder'];
- if($folder == "inbox" || $folder == "saved")
+ if($folder == "inbox")
{
$user_to_sql = "AND pm.privmsgs_to_userid = " . $userdata['user_id'];
$user_from_sql = "AND u.user_id = pm.privmsgs_from_userid";
}
+ else if($folder == "savebox")
+ {
+ $user_to_sql = "AND ( (pm.privmsgs_to_userid = " . $userdata['user_id'] . " AND u.user_id = pm.privmsgs_from_userid) ";
+ $user_from_sql = "OR (u.user_id = pm.privmsgs_to_userid AND pm.privmsgs_from_userid = " . $userdata['user_id'] . ") )";
+ }
else
{
$user_to_sql = "AND u.user_id = pm.privmsgs_to_userid";
@@ -274,9 +284,21 @@ else if($mode == "post" || $mode == "reply" || $mode == "edit")
if(!$userdata['session_logged_in'])
{
- header(append_sid("Location: login.$phpEx?forward_page=privmsg.$phpEx&folder=$folder&mode=$mode"));
+ header("Location: " . append_sid("login.$phpEx?forward_page=privmsg.$phpEx&folder=$folder&mode=$mode"));
}
+ //
+ // When we get to the point of a code review
+ // we really really really need to look at
+ // combining the following fragments with the
+ // posting routine. I don't think or see it
+ // necessary to actually use posting for privmsgs
+ // but I'm sure more can be combined in common
+ // functions ... not that I think all functions are
+ // common, some functions are actually quite classy
+ // and sophisticated, champagne, caviar and all that
+ //
+
$disable_html = (isset($HTTP_POST_VARS['disable_html'])) ? $HTTP_POST_VARS['disable_html'] : !$userdata['user_allowhtml'];
$disable_bbcode = (isset($HTTP_POST_VARS['disable_bbcode'])) ? $HTTP_POST_VARS['disable_bbcode'] : !$userdata['user_allowbbcode'];
$disable_smilies = (isset($HTTP_POST_VARS['disable_smile'])) ? $HTTP_POST_VARS['disable_smile'] : !$userdata['user_allowsmile'];
@@ -622,11 +644,13 @@ else if( ( isset($HTTP_POST_VARS['delete']) && !empty($HTTP_POST_VARS['mark']) )
{
if(!$userdata['session_logged_in'])
{
- header(append_sid("Location: login.$phpEx?forward_page=privmsg.$phpEx&folder=inbox"));
+ header("Location: " . append_sid("login.$phpEx?forward_page=privmsg.$phpEx&folder=inbox"));
}
$delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
WHERE ";
+ $delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
+ WHERE ";
if(isset($HTTP_POST_VARS['delete']))
{
@@ -635,9 +659,12 @@ else if( ( isset($HTTP_POST_VARS['delete']) && !empty($HTTP_POST_VARS['mark']) )
for($i = 0; $i < count($delete_ary); $i++)
{
$delete_sql .= "privmsgs_id = " . $delete_ary[$i] . " ";
+ $delete_text_sql .= "privmsgs_text_id = " . $delete_ary[$i] . " ";
+
if($i < count($delete_ary) -1)
{
$delete_sql .= "OR ";
+ $delete_text_sql . "OR ";
}
}
@@ -664,7 +691,14 @@ else if( ( isset($HTTP_POST_VARS['delete']) && !empty($HTTP_POST_VARS['mark']) )
if(!$del_status = $db->sql_query($delete_sql))
{
- error_die(SQL_QUERY, "Could not delete private messages.", __LINE__, __FILE__);
+ error_die(SQL_QUERY, "Could not delete private message info.", __LINE__, __FILE__);
+ }
+ else
+ {
+ if(!$del_text_status = $db->sql_query($delete_text_sql))
+ {
+ error_die(SQL_QUERY, "Could not delete private message text.", __LINE__, __FILE__);
+ }
}
}
@@ -672,7 +706,7 @@ else if(isset($HTTP_POST_VARS['save']) && $folder != "savebox" && $folder != "ou
{
if(!$userdata['session_logged_in'])
{
- header(append_sid("Location: login.$phpEx?forward_page=privmsg.$phpEx&folder=inbox"));
+ header("Location: " . append_sid("login.$phpEx?forward_page=privmsg.$phpEx&folder=inbox"));
}
$saved_sql = "UPDATE " . PRIVMSGS_TABLE . "
@@ -728,7 +762,7 @@ else if($HTTP_POST_VARS['cancel'])
if(!$userdata['session_logged_in'])
{
- header(append_sid("Location: login.$phpEx?forward_page=privmsg.$phpEx&folder=inbox"));
+ header("Location: " . append_sid("login.$phpEx?forward_page=privmsg.$phpEx&folder=inbox"));
}
include('includes/page_header.'.$phpEx);
@@ -853,10 +887,10 @@ for($i = 0; $i < count($pm_list); $i++)
$msg_userid = $pm_list[$i]['user_id'];
$msg_username = stripslashes($pm_list[$i]['username']);
- $u_from_user_profile = "profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$msg_userid";
+ $u_from_user_profile = append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$msg_userid");
$msg_subject = stripslashes($pm_list[$i]['privmsgs_subject']);
- $u_subject = "privmsg.$phpEx?folder=$folder&mode=read&" . POST_POST_URL . "=$privmsg_id";
+ $u_subject = append_sid("privmsg.$phpEx?folder=$folder&mode=read&" . POST_POST_URL . "=$privmsg_id");
$msg_date = create_date($board_config['default_dateformat'], $pm_list[$i]['privmsgs_date'], $board_config['default_timezone']);
generated by cgit v1.2.1 (git 2.21.0) at 2025-03-21 16:55:37 +0000