--- a/ajim/ajim.php Wed Jun 13 22:33:00 2007 -0400
+++ b/ajim/ajim.php Sat Dec 08 13:25:13 2007 -0500
@@ -177,7 +177,7 @@
<tr><td><span style="font-family: arial; font-size: 7pt; ">Name:</span></td> <td><input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px; padding: 1px;" id="'.$this->id.'_name" name="name"'.$enstr.' /></td></tr>
<tr><td><span style="font-family: arial; font-size: 7pt; ">Website:</span></td><td><input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px; padding: 1px;" id="'.$this->id.'_website" name="website"'.$enstr.' /></td></tr>
<tr><td colspan="2"><span style="font-family: arial; font-size: 7pt; ">Message:</span></td></tr>
- <tr><td colspan="2"><textarea'.$enstr.' rows="2" cols="16" style="width: auto; margin: 0 auto;" id="'.$this->id.'_post" name="post" onkeyup="'.$this->id.'_keyhandler();"></textarea></td></tr>
+ <tr><td colspan="2"><textarea'.$enstr.' rows="2" cols="16" style="width: auto; margin: 0 auto;" id="'.$this->id.'_post" name="post"></textarea></td></tr>
<tr><td colspan="2" align="center"><input'.$enstr.' type="submit" value="Submit post" /><br />
<span style="font-family: arial; font-size: 6pt; color: #000000;">AjIM powered</span></td></tr>
';
@@ -486,6 +486,8 @@
// The client-side javascript and CSS code
if(isset($_GET['js']) && isset($_GET['id']) && isset($_GET['path']) && isset($_GET['pfx'])) {
+ if ( !preg_match('/^([a-z0-9_]+)$/', $_GET['id']) )
+ die('XSS');
header('Content-type: text/javascript');
?>
// <script>
@@ -514,18 +516,14 @@
head = head[0];
head.appendChild(link);
- if(typeof window.onload == 'function')
- var __ajim_oltemp = window.onload;
- else
- var __ajim_oltemp = function(e) { };
- window.onload = function(e)
+ var <?php echo $_GET['id']; ?>_onload = function(e)
{
if(document.getElementById('<?php echo $_GET['id']; ?>_post'))
{
- document.getElementById('<?php echo $_GET['id']; ?>_post').onkeyup = function(e) { <?php echo $_GET['id']; ?>_keyhandler(e); };
+ document.getElementById('<?php echo $_GET['id']; ?>_post').onkeyup = <?php echo $_GET['id']; ?>_keyhandler;
}
- __ajim_oltemp(e);
}
+ addOnloadHook(<?php echo $_GET['id']; ?>_onload);
function <?php echo $_GET['id']; ?>readCookie(name) {var nameEQ = name + "=";var ca = document.cookie.split(';');for(var i=0;i < ca.length;i++){var c = ca[i];while (c.charAt(0)==' ') c = c.substring(1,c.length);if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);}return null;}
function <?php echo $_GET['id']; ?>setCookie(name,value,days){if (days){var date = new Date();date.setTime(date.getTime()+(days*24*60*60*1000));var expires = "; expires="+date.toGMTString();}else var expires = "";document.cookie = name+"="+value+expires+"; path=/";}
@@ -634,8 +632,9 @@
function <?php echo $_GET['id']; ?>_keyhandler(e)
{
- if(!e) e = window.event;
- if(e.keyCode == 13)
+ if ( !e )
+ return false;
+ if ( e.keyCode == 13 )
{
val = document.getElementById(<?php echo $_GET['id']; ?>id+'_post').value;
if(!shift)
--- a/plugins/ajim.php Wed Jun 13 22:33:00 2007 -0400
+++ b/plugins/ajim.php Sat Dec 08 13:25:13 2007 -0500
@@ -17,9 +17,9 @@
if(defined('scriptPath'))
define('ajimClientPath', scriptPath.'/ajim');
- if(!defined('ENANO_ROOT'))
- define('ENANO_ROOT', dirname(dirname(__FILE__)));
- define('ajimServerPath', ENANO_ROOT.'/ajim');
+ // if(!defined('ENANO_ROOT'))
+ // define('ENANO_ROOT', dirname(dirname(__FILE__)));
+
global $db, $session, $paths, $template, $plugins; // Common objects
$__ajim_config = Array(
'sb_color_background'=>'#FFF',
@@ -27,56 +27,63 @@
);
if(defined('ENANO_INSTALLED') || defined('MIDGET_INSTALLED'))
{
- if(!isset($_GET['admin']))
+ define('ajimServerPath', ENANO_ROOT.'/ajim');
+
+ $plugins->attachHook('compile_template', 'AjIM_SideBar();');
+ $plugins->attachHook('acl_rule_init', 'global $session; $session->register_acl_type(\'ajim_post\', AUTH_ALLOW, \'Submit AjIM posts\');');
+ require_once(ajimServerPath . '/ajim.php');
+
+ function AjIM_SideBar()
{
- $plugins->attachHook('compile_template', 'AjIM_SideBar();');
- $plugins->attachHook('acl_rule_init', 'global $session; $session->register_acl_type(\'ajim_post\', AUTH_ALLOW, \'Submit AjIM posts\');');
- include(ajimServerPath . '/ajim.php');
-
- function AjIM_SideBar()
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ global $__ajim_config;
+ $paths->addAdminNode('Plugin configuration', 'AjIM configuration', 'AjIM_Config');
+ $dir = getcwd();
+ chdir(ENANO_ROOT);
+ include('config.php');
+ chdir($dir);
+ unset($dir);
+ if($session->user_level >= USER_LEVEL_ADMIN)
{
- global $db, $session, $paths, $template, $plugins; // Common objects
- global $__ajim_config;
- $paths->addAdminNode('Plugin configuration', 'AjIM configuration', 'AjIM_Config');
- $dir = getcwd();
- chdir(ENANO_ROOT);
- include('config.php');
- chdir($dir);
- unset($dir);
- if($session->user_level >= USER_LEVEL_ADMIN)
- {
- $r = $db->sql_query('SELECT password FROM '.table_prefix.'users WHERE username=\''.$session->username.'\'');
- $p = $db->fetchrow_num($r);
- $admin = $p[0];
- }
- else
- {
- $admin = false;
- }
- $__ajim_config['db_connection_handle'] = $db->_conn;
- if(!$session->user_logged_in)
- {
- $__ajim_config['cant_post_notice'] = 'The administrator requires that you <a href="'.makeUrlNS('Special', 'Login/'.$paths->page, null, true).'">log in</a> to post messages.';
- }
- else
- {
- $__ajim_config['cant_post_notice'] = 'The administrator has disallowed message posting for your user account.';
- }
- $canpost = ( $session->get_permissions('ajim_post') ) ? true : false;
- $ajim = new ajim($__ajim_config, table_prefix, scriptPath.'/plugins/ajim.php', $admin, false, $canpost, array('RenderMan', 'render'));
- $template->sidebar_widget('Shoutbox', $ajim->html(ajimClientPath));
- $template->additional_headers .= '<link rel="stylesheet" type="text/css" href="'.ajimClientPath.'/ajim.php?css&id='.$ajim->id.'&pfx='.table_prefix.'&path='.scriptPath.'/plugins/ajim.php" />';
+ $r = $db->sql_query('SELECT password FROM '.table_prefix.'users WHERE username=\''.$session->username.'\'');
+ $p = $db->fetchrow_num($r);
+ $admin = $p[0];
+ }
+ else
+ {
+ $admin = false;
+ }
+ $__ajim_config['db_connection_handle'] = $db->_conn;
+ if(!$session->user_logged_in)
+ {
+ $__ajim_config['cant_post_notice'] = 'The administrator requires that you <a href="'.makeUrlNS('Special', 'Login/'.$paths->page, null, true).'">log in</a> to post messages.';
}
+ else
+ {
+ $__ajim_config['cant_post_notice'] = 'The administrator has disallowed message posting for your user account.';
+ }
+ $canpost = ( $session->get_permissions('ajim_post') ) ? true : false;
+ $ajim = new ajim($__ajim_config, table_prefix, scriptPath.'/plugins/ajim.php', $admin, false, $canpost, array('RenderMan', 'render'));
+ $template->sidebar_widget('Shoutbox', $ajim->html(ajimClientPath));
+ $template->additional_headers .= '<link rel="stylesheet" type="text/css" href="'.ajimClientPath.'/ajim.php?css&id='.$ajim->id.'&pfx='.table_prefix.'&path='.scriptPath.'/plugins/ajim.php" />';
}
- } elseif(isset($_GET['ajimmode'])) {
+ }
+ elseif ( isset($_GET['ajimmode']) )
+ {
global $db, $session, $paths, $template, $plugins, $dbhost, $dbname, $dbuser, $dbpasswd;
require_once('../includes/common.php');
+ define('ajimServerPath', ENANO_ROOT.'/ajim');
require_once(ajimServerPath . '/ajim.php');
header('HTTP/1.1 200 OK');
define('ajimClientPath', scriptPath.'/ajim');
- if($session->user_level >= USER_LEVEL_ADMIN) {
+ if ( $session->user_level >= USER_LEVEL_ADMIN )
+ {
$admin = $session->grab_password_hash();
- } else $admin = false;
+ }
+ else
+ {
+ $admin = false;
+ }
require('../config.php');
$canpost = (getConfig('ajim_require_login') != '1' || $session->user_logged_in) ? true : false;
$__ajim_config['db_connection_handle'] = $db->_conn;