From 85045c43e6453d5242b89e50dac1b8021c4ad5f5 Mon Sep 17 00:00:00 2001 From: causefx Date: Sat, 5 May 2018 13:34:44 -0700 Subject: [PATCH 01/12] delete old upload file --- chat/uploadimage.php | 176 +------------------------------------------ 1 file changed, 1 insertion(+), 175 deletions(-) diff --git a/chat/uploadimage.php b/chat/uploadimage.php index d06f743cf..3875f8abd 100644 --- a/chat/uploadimage.php +++ b/chat/uploadimage.php @@ -1,177 +1,3 @@ 0 && strlen($imagename) > 0 && $size > 0 && $uploaddirexists ) -{ - if( ($type == "image/gif") || ($type == "image/jpeg") || ($type == "image/jpg") || ($type == "image/png") ) - { - if( $size < 5000000 ) - { - if( $_FILES["image"]["error"] == 0 ) - { - if( !file_exists($path) ) - { - if( copy($tempname, $path) ) // upload image - { - // thumbnail - - $sizedata = getimagesize($tempname); - - if( $type == "image/gif" ) - { - $imagetoupload = @imagecreatefromgif($tempname); - } - elseif( $type == "image/jpeg" || $type == "image/jpg" ) - { - $imagetoupload = @imagecreatefromjpeg($tempname); - } - elseif( $type == "image/png" ) - { - $imagetoupload = @imagecreatefrompng($tempname); - } - - if( $imagetoupload ) // imagecreatefromX - { - $width = imagesx($imagetoupload); - $height = imagesy($imagetoupload); - $div = $width / $height; - $newwidth = 150; - $newheight = 150 / $div; - - $newimage = @imageCreateTrueColor($newwidth, $newheight); - - if( $newimage ) // imagecreatetruecolor - { - // upload thumbnail - - $imagecopy = @imagecopyresized($newimage, $imagetoupload, 0, 0, 0, 0, - $newwidth, $newheight, $sizedata[0], $sizedata[1]); - - if( $imagecopy ) // imagecopyresized - { - if( $type == "image/gif" ) - { - $img = @imagegif($newimage, $thumbpath); - } - elseif( $type == "image/jpeg" || $type1 == "image/jpg" ) - { - $img = @imagejpeg($newimage, $thumbpath); - } - elseif( $type == "image/png" ) - { - $img = @imagepng($newimage, $thumbpath); - } - - if( $img ) // imageX - { - @imagedestroy($newimage); - - // db entry - - include("connect.php"); - - $timestamp = time(); - $message = "specialcharimg" . $thumbname; - - if( !$db->exec("INSERT INTO chatpack_log (timestamp, user, avatar, message) - VALUES ('$timestamp', '$user', '$avatar', '$message')") ) - { - cleanup($path, $thumbpath, $filename); // clean up on error - } - - $db->close(); - } - } - } - } - } - else // error upload - { - cleanup($path, $thumbpath, $filename); - } - } - else // error exists - { - cleanup($path, $thumbpath, $filename); - } - } - } - else // error size - { - cleanup($path, $thumbpath, $filename); - } - } - else // error type - { - cleanup($path, $thumbpath, $filename); - } -} - -function cleanup($path, $thumbpath, $filename) -{ - // delete image - - if( file_exists($path) ) - { - unlink($path); - } - - // delete thumbnail - - if( file_exists($thumbpath) ) - { - unlink($thumbpath); - } - - // delete db entry - - include("connect.php"); - - $message = "specialcharimg" . $thumbname; - $db->exec("DELETE FROM chatpack_log WHERE message='$message'"); - - $db->close(); -} - -?> \ No newline at end of file +//Depreciated From 53f041d9445f81df7486f6fdb62a43386ef4c33c Mon Sep 17 00:00:00 2001 From: causefx Date: Sat, 5 May 2018 13:59:21 -0700 Subject: [PATCH 02/12] fix security on invite and user upgrade --- user.php | 66 ++++++++++++++++++++++++++++++-------------------------- 1 file changed, 35 insertions(+), 31 deletions(-) diff --git a/user.php b/user.php index 316c5ce2f..df530b9cd 100755 --- a/user.php +++ b/user.php @@ -792,6 +792,7 @@ function login_user($username, $sha1, $remember, $password, $surface = true) { function update_user($username, $email, $sha1, $role) { //Admin bypass + $trueAdmin = false; if(!in_arrayi($_SESSION["username"], $this->get_admin_list())){ // logged in, but do the tokens match? $token = $this->get_user_token($username); @@ -810,6 +811,7 @@ function update_user($username, $email, $sha1, $role) if(isset($_COOKIE['Organizr_Token'])) { if($this->jwtParse()){ $override = true; + $trueAdmin = true; } } if($override){ @@ -822,7 +824,7 @@ function update_user($username, $email, $sha1, $role) if($email !="") { $update = "UPDATE users SET email = '$email' WHERE username = '$username' COLLATE NOCASE"; $this->database->exec($update); } - if($role !="") { + if($role !="" && $trueAdmin) { $update = "UPDATE users SET role = '$role' WHERE username = '$username' COLLATE NOCASE"; $this->database->exec($update); } if($sha1 !="") { @@ -850,36 +852,38 @@ function deleteInvite() */ function invite_user($username = "none", $email, $server) { - //lang shit - $language = new setLanguage; - $domain = getServerPath(); - $topImage = $domain."images/organizr-logo-h.png"; - $uServer = strtoupper($server); - $now = date("Y-m-d H:i:s"); - $inviteCode = randomCode(6); - $username = (!empty($username) ? $username : strtoupper($server) . " User"); - $link = getServerPath()."?inviteCode=".$inviteCode; - if($email !="") { - $insert = "INSERT INTO invites (username, email, code, valid, date) "; - $insert .= "VALUES ('".strtolower($username)."', '$email', '$inviteCode', 'Yes', '$now') "; - $this->database->exec($insert); - } - writeLog("success", "$email has been invited to the $server server"); - $this->info("$email has been invited to the $server server"); - if($insert && User::use_mail) - { - $emailTemplate = array( - 'type' => 'invite', - 'body' => emailTemplateInviteUser, - 'subject' => emailTemplateInviteUserSubject, - 'user' => $username, - 'password' => null, - 'inviteCode' => $inviteCode, - ); - $emailTemplate = emailTemplate($emailTemplate); - $subject = $emailTemplate['subject']; - $body = buildEmail($emailTemplate); - $this->startEmail($email, $username, $subject, $body); + if(in_arrayi($_SESSION["username"], $this->get_admin_list())){ + //lang shit + $language = new setLanguage; + $domain = getServerPath(); + $topImage = $domain."images/organizr-logo-h.png"; + $uServer = strtoupper($server); + $now = date("Y-m-d H:i:s"); + $inviteCode = randomCode(6); + $username = (!empty($username) ? $username : strtoupper($server) . " User"); + $link = getServerPath()."?inviteCode=".$inviteCode; + if($email !="") { + $insert = "INSERT INTO invites (username, email, code, valid, date) "; + $insert .= "VALUES ('".strtolower($username)."', '$email', '$inviteCode', 'Yes', '$now') "; + $this->database->exec($insert); + } + writeLog("success", "$email has been invited to the $server server"); + $this->info("$email has been invited to the $server server"); + if($insert && User::use_mail) + { + $emailTemplate = array( + 'type' => 'invite', + 'body' => emailTemplateInviteUser, + 'subject' => emailTemplateInviteUserSubject, + 'user' => $username, + 'password' => null, + 'inviteCode' => $inviteCode, + ); + $emailTemplate = emailTemplate($emailTemplate); + $subject = $emailTemplate['subject']; + $body = buildEmail($emailTemplate); + $this->startEmail($email, $username, $subject, $body); + } } } /** From eb37c503ec379d986c7b144770c92b4a6fb6f0e1 Mon Sep 17 00:00:00 2001 From: causefx Date: Sat, 5 May 2018 15:33:20 -0700 Subject: [PATCH 03/12] fix getping inject --- functions.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/functions.php b/functions.php index bf562102b..3f35e1102 100755 --- a/functions.php +++ b/functions.php @@ -4754,7 +4754,9 @@ function getPing($url, $style, $refresh = null){ $class .= " animated flash loop-animation-timeout"; } } - echo ' '; + if (strpos($style, '<') === false && strpos($style, '>') === false) { + echo ' '; + } } function speedTestData(){ From 2223b3b5649b101ea07b8f98337eefcd279f8acf Mon Sep 17 00:00:00 2001 From: causefx Date: Sat, 5 May 2018 15:36:26 -0700 Subject: [PATCH 04/12] more fix on getping --- functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/functions.php b/functions.php index 3f35e1102..5060abbc4 100755 --- a/functions.php +++ b/functions.php @@ -4754,7 +4754,7 @@ function getPing($url, $style, $refresh = null){ $class .= " animated flash loop-animation-timeout"; } } - if (strpos($style, '<') === false && strpos($style, '>') === false) { + if (strpos($style, '<') === false && strpos($style, '>') === false && strpos($style, 'script') === false) { echo ' '; } } From 36dc7d25bf7b3d4f35bcdf24e4d6b985adcba495 Mon Sep 17 00:00:00 2001 From: causefx Date: Sat, 5 May 2018 15:42:06 -0700 Subject: [PATCH 05/12] fix my mistake --- functions.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/functions.php b/functions.php index 5060abbc4..556b9ef41 100755 --- a/functions.php +++ b/functions.php @@ -4754,9 +4754,8 @@ function getPing($url, $style, $refresh = null){ $class .= " animated flash loop-animation-timeout"; } } - if (strpos($style, '<') === false && strpos($style, '>') === false && strpos($style, 'script') === false) { - echo ' '; - } + $style = htmlspecialchars($style, ENT_QUOTES); + echo ' '; } function speedTestData(){ From c2f74705dc359c8a2b2b05ee4f9142efe47aca0a Mon Sep 17 00:00:00 2001 From: causefx Date: Sat, 5 May 2018 15:44:54 -0700 Subject: [PATCH 06/12] fix showfile type --- functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/functions.php b/functions.php index 556b9ef41..450f11b30 100755 --- a/functions.php +++ b/functions.php @@ -4253,7 +4253,7 @@ function getExtension($string) { function showFile(){ $file = $_GET['file']; $fileType = getExtension($file); - if($fileType != 'php'){ + if($fileType == 'css' || $fileType == 'js'){ header("Content-type: ".mimeTypes()[$fileType]); @readfile($file); } From 2bfcbe80ef2ca750b6be5f200eaacea6cedfe137 Mon Sep 17 00:00:00 2001 From: causefx Date: Sat, 5 May 2018 15:54:16 -0700 Subject: [PATCH 07/12] fix remove file --- functions.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/functions.php b/functions.php index 450f11b30..df975ebf4 100755 --- a/functions.php +++ b/functions.php @@ -1756,8 +1756,14 @@ function uploadAvatar($path, $ext_mask = null) { // Remove file function removeFiles($path) { if(is_file($path)) { - writeLog("success", "file was removed"); - unlink($path); + $fileType = getExtension($path); + if(in_arrayi($fileType, array('jpg','jpeg','png','json','db','gif'))){ + writeLog("success", "file was removed"); + unlink($path); + } else{ + writeLog("error", "file was not removed"); + echo json_encode('Invalid File Type'); + } } else { writeLog("error", "file was not removed"); echo json_encode('No file specified for removal!'); From 00aec0fd442537999b55ecbbdf0f764428850fc1 Mon Sep 17 00:00:00 2001 From: causefx Date: Sat, 5 May 2018 15:56:52 -0700 Subject: [PATCH 08/12] Update refreshmessages.php --- chat/refreshmessages.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/chat/refreshmessages.php b/chat/refreshmessages.php index 03d6fc808..4857e1277 100644 --- a/chat/refreshmessages.php +++ b/chat/refreshmessages.php @@ -128,7 +128,7 @@ function decryptmessage($msg) if( count($newmessages) == 1 ) { - echo $newmessages[0]; + echo htmlspecialchars($newmessages[0], ENT_QUOTES); } else { @@ -136,11 +136,11 @@ function decryptmessage($msg) { if( $i == count($newmessages) - 1 ) { - echo $newmessages[$i]; + echo htmlspecialchars($newmessages[$i], ENT_QUOTES); } else { - echo $newmessages[$i] . "###endofmessage###"; + echo htmlspecialchars($newmessages[$i], ENT_QUOTES) . "###endofmessage###"; } } } From 679eb646d4597cb0d86874abaeb26d9499ef4c2e Mon Sep 17 00:00:00 2001 From: causefx Date: Sat, 5 May 2018 15:58:45 -0700 Subject: [PATCH 09/12] Update refreshmessages.php --- chat/refreshmessages.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/chat/refreshmessages.php b/chat/refreshmessages.php index 4857e1277..0d33da2fe 100644 --- a/chat/refreshmessages.php +++ b/chat/refreshmessages.php @@ -128,7 +128,7 @@ function decryptmessage($msg) if( count($newmessages) == 1 ) { - echo htmlspecialchars($newmessages[0], ENT_QUOTES); + echo $newmessages[0]; } else { @@ -136,11 +136,11 @@ function decryptmessage($msg) { if( $i == count($newmessages) - 1 ) { - echo htmlspecialchars($newmessages[$i], ENT_QUOTES); + echo $newmessages[$i]; } else { - echo htmlspecialchars($newmessages[$i], ENT_QUOTES) . "###endofmessage###"; + echo $newmessages[$i]. "###endofmessage###"; } } } From c5c752949484580999238b8d32de842fc8737999 Mon Sep 17 00:00:00 2001 From: causefx Date: Sat, 5 May 2018 16:00:26 -0700 Subject: [PATCH 10/12] Update logmessage.php --- chat/logmessage.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chat/logmessage.php b/chat/logmessage.php index 13b2fac51..6fbebb2e7 100644 --- a/chat/logmessage.php +++ b/chat/logmessage.php @@ -28,7 +28,7 @@ $message = ""; } }else{ - $message = $_GET["message"]; + $message = htmlspecialchars($_GET["message"], ENT_QUOTES); } $user = $_GET["user"]; $avatar = $_GET["avatar"]; @@ -78,4 +78,4 @@ function encryptmessage($msg) $db->close(); -?> \ No newline at end of file +?> From 2c217fab0ba130f35a9c598682da6ff2f0ca3dce Mon Sep 17 00:00:00 2001 From: causefx Date: Sat, 5 May 2018 16:05:10 -0700 Subject: [PATCH 11/12] Update refreshmessages.php --- chat/refreshmessages.php | 1 + 1 file changed, 1 insertion(+) diff --git a/chat/refreshmessages.php b/chat/refreshmessages.php index 0d33da2fe..aacaa3327 100644 --- a/chat/refreshmessages.php +++ b/chat/refreshmessages.php @@ -83,6 +83,7 @@ "$1", $message); $message = preg_replace("/\*(.*?)\*/", "$1", $message); + $message = htmlspecialchars($message, ENT_QUOTES); // user online avatar From f6c73efae4314ce7042d4f9828f0cbf96b7f8b47 Mon Sep 17 00:00:00 2001 From: causefx Date: Wed, 9 May 2018 11:09:24 -0700 Subject: [PATCH 12/12] update to 1.80 --- functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/functions.php b/functions.php index df975ebf4..d19ede6d6 100755 --- a/functions.php +++ b/functions.php @@ -2,7 +2,7 @@ // =================================== // Define Version - define('INSTALLEDVERSION', '1.75'); + define('INSTALLEDVERSION', '1.80'); // =================================== $debugOrganizr = true; if($debugOrganizr == true && file_exists('debug.php')){ require_once('debug.php'); }