Merge pull request #861 from causefx/develop

Develop

chat/logmessage.php

@@ -28,7 +28,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                 $message = "";
             }
         }else{
-           $message = $_GET["message"]; 
+           $message = htmlspecialchars($_GET["message"], ENT_QUOTES); 
         }
         $user = $_GET["user"];
         $avatar = $_GET["avatar"];
@@ -78,4 +78,4 @@ function encryptmessage($msg)
 
 $db->close();
 
-?>
+?>

chat/refreshmessages.php

@@ -83,6 +83,7 @@ if( $result = $db->query("SELECT * FROM
                                     "<span style=\"font-size: 20px; color: #b77fdb;\"><em>$1</em></span>", $message);
             $message = preg_replace("/\*(.*?)\*/",
                                     "<span style=\"color: #d89334;\"><strong>$1</strong></span>", $message);
+            $message = htmlspecialchars($message, ENT_QUOTES);
 
             // user online avatar
 
@@ -140,7 +141,7 @@ else
         }
         else
         {
-            echo $newmessages[$i] . "###endofmessage###";
+            echo $newmessages[$i]. "###endofmessage###";
         }
     }
 }

chat/uploadimage.php

@@ -1,177 +1,3 @@
 <?php
 
-$data = $_POST["datavars"];
-$dataarray = explode("###", $data);
-$user = $dataarray[0];
-$avatar = $dataarray[1];
-$imagename = $_FILES["image"]["name"];
-$size = $_FILES["image"]["size"];
-$tempname = $_FILES["image"]["tmp_name"];
-$type = $_FILES["image"]["type"];
-$endtemp = explode(".", $_FILES["image"]["name"]);
-$ending = end($endtemp);
-
-// unique image filename
-                
-$unique = md5($imagename . $tempname . time());
-$filename = $unique . "." . $ending;
-                
-// thumbnail
-
-$thumbname = $unique . "t" . "." . $ending;
-            
-// path
-
-$uploaddir = "../uploads";
-$uploaddirexists = false;
-
-if( !is_dir($uploaddir) )  // check if upload directory exists
-{
-    if( mkdir($uploaddir, 0705, true) )  // create upload directory
-    {
-        $uploaddirexists = true;
-    }
-}
-else
-{
-    $uploaddirexists = true;
-}
-
-$path = "../uploads/" . $filename;
-$thumbpath = "../uploads/" . $thumbname;
-
-// upload
-
-if( strlen($user) > 0 && strlen($imagename) > 0 && $size > 0 && $uploaddirexists )
-{
-    if( ($type == "image/gif") || ($type == "image/jpeg") || ($type == "image/jpg") || ($type == "image/png") )
-    {   
-        if( $size < 5000000 )
-        {   
-            if( $_FILES["image"]["error"] == 0 )
-            {   
-                if( !file_exists($path) )
-                {   
-                    if( copy($tempname, $path) )  // upload image
-                    {   
-                        // thumbnail	
-
-                        $sizedata = getimagesize($tempname);
-
-                        if( $type == "image/gif" )
-                        {
-                            $imagetoupload = @imagecreatefromgif($tempname);
-                        }
-                        elseif( $type == "image/jpeg" || $type == "image/jpg" )
-                        {   
-                            $imagetoupload = @imagecreatefromjpeg($tempname);
-                        }
-                        elseif( $type == "image/png" )
-                        {
-                            $imagetoupload = @imagecreatefrompng($tempname);
-                        }
-
-                        if( $imagetoupload )  // imagecreatefromX
-                        {
-                            $width = imagesx($imagetoupload);
-                            $height = imagesy($imagetoupload);
-                            $div = $width / $height;
-                            $newwidth = 150;
-                            $newheight = 150 / $div;
-
-                            $newimage = @imageCreateTrueColor($newwidth, $newheight);
-
-                            if( $newimage )  // imagecreatetruecolor
-                            {   
-                                // upload thumbnail
-
-                                $imagecopy = @imagecopyresized($newimage, $imagetoupload, 0, 0, 0, 0,
-                                                               $newwidth, $newheight, $sizedata[0], $sizedata[1]);
-
-                                if( $imagecopy )  // imagecopyresized
-                                {   
-                                    if( $type == "image/gif" )
-                                    {
-                                        $img = @imagegif($newimage, $thumbpath);
-                                    }
-                                    elseif( $type == "image/jpeg" || $type1 == "image/jpg" )
-                                    {
-                                        $img = @imagejpeg($newimage, $thumbpath);
-                                    }
-                                    elseif( $type == "image/png" )
-                                    {
-                                        $img = @imagepng($newimage, $thumbpath);
-                                    }
-
-                                    if( $img )  // imageX
-                                    {   
-                                        @imagedestroy($newimage);
-
-                                        // db entry
-
-                                        include("connect.php");
-                                        
-                                        $timestamp = time();
-                                        $message = "specialcharimg" . $thumbname;
-
-                                        if( !$db->exec("INSERT INTO chatpack_log (timestamp, user, avatar, message)
-                                                        VALUES ('$timestamp', '$user', '$avatar', '$message')") )
-                                        {
-                                            cleanup($path, $thumbpath, $filename);  // clean up on error
-                                        }
-
-                                        $db->close();
-                                    }
-                                }
-                            }
-                        }
-                    }
-                    else  // error upload
-                    {
-                        cleanup($path, $thumbpath, $filename);
-                    }
-                }
-                else  // error exists
-                {
-                    cleanup($path, $thumbpath, $filename);
-                }
-            }
-        }
-        else  // error size
-        {
-            cleanup($path, $thumbpath, $filename);
-        }
-    }
-    else  // error type
-    {
-        cleanup($path, $thumbpath, $filename);
-    }
-}
-
-function cleanup($path, $thumbpath, $filename)
-{	
-    // delete image
-
-    if( file_exists($path) )
-    {
-        unlink($path);
-    }
-
-    // delete thumbnail
-
-    if( file_exists($thumbpath) )
-    {
-        unlink($thumbpath);
-    }
-    
-    // delete db entry
-    
-    include("connect.php");
-    
-    $message = "specialcharimg" . $thumbname;
-    $db->exec("DELETE FROM chatpack_log WHERE message='$message'");
-
-    $db->close();
-}
-
-?>
+//Depreciated

functions.php

@@ -2,7 +2,7 @@
 
 // ===================================
 // Define Version
- define('INSTALLEDVERSION', '1.75');
+ define('INSTALLEDVERSION', '1.80');
 // ===================================
 $debugOrganizr = true;
 if($debugOrganizr == true && file_exists('debug.php')){ require_once('debug.php'); }
@@ -1756,8 +1756,14 @@ function uploadAvatar($path, $ext_mask = null) {
 // Remove file
 function removeFiles($path) {
     if(is_file($path)) {
-        writeLog("success", "file was removed");
-        unlink($path);
+	    $fileType = getExtension($path);
+	    if(in_arrayi($fileType, array('jpg','jpeg','png','json','db','gif'))){
+		    writeLog("success", "file was removed");
+		unlink($path);
+	    } else{
+		 writeLog("error", "file was not removed");
+		 echo json_encode('Invalid File Type');   
+	    }
     } else {
   		writeLog("error", "file was not removed");
 		echo json_encode('No file specified for removal!');
@@ -4253,7 +4259,7 @@ function getExtension($string) {
 function showFile(){
 	$file = $_GET['file'];
 	$fileType = getExtension($file);
-	if($fileType != 'php'){
+	if($fileType == 'css' || $fileType == 'js'){
 		header("Content-type: ".mimeTypes()[$fileType]);
 		@readfile($file);
 	}
@@ -4754,6 +4760,7 @@ function getPing($url, $style, $refresh = null){
 			$class .= " animated flash loop-animation-timeout";
 		}
 	}
+	$style = htmlspecialchars($style, ENT_QUOTES);
 	echo '<span class="pingcheck badge ping-'.$class.'" style="position: absolute;z-index: 100;right: 5px; padding: 0px 0px;'.$style.';font-size: 10px;">&nbsp;</span>';
 }
 

user.php

@@ -792,6 +792,7 @@
 		function update_user($username, $email, $sha1, $role)
 		{
 			//Admin bypass
+			$trueAdmin = false;
 			if(!in_arrayi($_SESSION["username"], $this->get_admin_list())){
 				// logged in, but do the tokens match?
 				$token = $this->get_user_token($username);
@@ -810,6 +811,7 @@
 				if(isset($_COOKIE['Organizr_Token'])) {
 					if($this->jwtParse()){
 						$override = true;
+						$trueAdmin = true;
 					}
 				}
 				if($override){
@@ -822,7 +824,7 @@
 			if($email !="") {
 				$update = "UPDATE users SET email = '$email' WHERE username = '$username' COLLATE NOCASE";
 				$this->database->exec($update); }
-            if($role !="") {
+			if($role !="" && $trueAdmin) {
 				$update = "UPDATE users SET role = '$role' WHERE username = '$username' COLLATE NOCASE";
 				$this->database->exec($update); }
 			if($sha1 !="") {
@@ -850,36 +852,38 @@
 		 */
 		function invite_user($username = "none", $email, $server)
 		{
-			//lang shit
-			$language = new setLanguage;
-			$domain = getServerPath();
-			$topImage = $domain."images/organizr-logo-h.png";
-			$uServer = strtoupper($server);
-			$now = date("Y-m-d H:i:s");
-			$inviteCode = randomCode(6);
-			$username = (!empty($username) ? $username : strtoupper($server) . " User");
-			$link = getServerPath()."?inviteCode=".$inviteCode;
-			if($email !="") {
-				$insert = "INSERT INTO invites (username, email, code, valid, date) ";
-				$insert .= "VALUES ('".strtolower($username)."', '$email', '$inviteCode', 'Yes', '$now') ";
-				$this->database->exec($insert);
-			}
-   			writeLog("success", "$email has been invited to the $server server");
-			$this->info("$email has been invited to the $server server");
-			if($insert && User::use_mail)
-			{
-				$emailTemplate = array(
-					'type' => 'invite',
-					'body' => emailTemplateInviteUser,
-					'subject' => emailTemplateInviteUserSubject,
-					'user' => $username,
-					'password' => null,
-					'inviteCode' => $inviteCode,
-				);
-				$emailTemplate = emailTemplate($emailTemplate);
-				$subject = $emailTemplate['subject'];
-				$body = buildEmail($emailTemplate);
-                $this->startEmail($email, $username, $subject, $body);
+			if(in_arrayi($_SESSION["username"], $this->get_admin_list())){
+				//lang shit
+				$language = new setLanguage;
+				$domain = getServerPath();
+				$topImage = $domain."images/organizr-logo-h.png";
+				$uServer = strtoupper($server);
+				$now = date("Y-m-d H:i:s");
+				$inviteCode = randomCode(6);
+				$username = (!empty($username) ? $username : strtoupper($server) . " User");
+				$link = getServerPath()."?inviteCode=".$inviteCode;
+				if($email !="") {
+					$insert = "INSERT INTO invites (username, email, code, valid, date) ";
+					$insert .= "VALUES ('".strtolower($username)."', '$email', '$inviteCode', 'Yes', '$now') ";
+					$this->database->exec($insert);
+				}
+				writeLog("success", "$email has been invited to the $server server");
+				$this->info("$email has been invited to the $server server");
+				if($insert && User::use_mail)
+				{
+					$emailTemplate = array(
+						'type' => 'invite',
+						'body' => emailTemplateInviteUser,
+						'subject' => emailTemplateInviteUserSubject,
+						'user' => $username,
+						'password' => null,
+						'inviteCode' => $inviteCode,
+					);
+					$emailTemplate = emailTemplate($emailTemplate);
+					$subject = $emailTemplate['subject'];
+					$body = buildEmail($emailTemplate);
+			$this->startEmail($email, $username, $subject, $body);
+				}
 			}
 		}
 		/**