diff -r a78b0798a116 -r 7e6537fd4730 plugins/PrivateMessages.php --- a/plugins/PrivateMessages.php Tue Nov 16 12:44:22 2010 -0500 +++ b/plugins/PrivateMessages.php Tue Jul 12 22:13:37 2011 -0400 @@ -96,6 +96,7 @@ die_friendly('Message status', '<p>Your message has been moved to the folder "'.$fname.'".</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>'); break; case 'Delete': + csrf_request_confirm(); $id = $argv[1]; if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '<p>Invalid message ID</p>'); $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); @@ -111,6 +112,7 @@ if($argv[1]=='Send' && isset($_POST['_send'])) { // Check each POST DATA parameter... + csrf_request_confirm(); if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>'); if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>'); if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>'); @@ -133,6 +135,7 @@ return; } elseif($argv[1]=='Send' && isset($_POST['_savedraft'])) { // Check each POST DATA parameter... + csrf_request_confirm(); if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>'); if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>'); if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>'); @@ -192,11 +195,12 @@ <br /> <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> <tr><th colspan="2">Compose new private message</th></tr> - <tr><td class="row1">To:<br /><small>Separate multiple names with a single comma; you<br />can send this message to up to <b><?php echo (string)MAX_PMS_PER_BATCH; ?></b> users.</small></td><td class="row1"><?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?></td></tr> - <tr><td class="row2">Subject:</td><td class="row2"><input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo $_POST['subject']; else echo $subj; ?>" /></td></tr> - <tr><td class="row1">Message:</td><td class="row1" style="min-width: 80%;"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo $_POST['message']; else echo $text; ?></textarea></td></tr> + <tr><td class="row1">To:<br /><small>Separate multiple names with a single comma; you<br />can send this message to up to <b><?php echo (string)MAX_PMS_PER_BATCH; ?></b> users.</small></td><td class="row1"><?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? htmlspecialchars($_POST['to']) : $to ); ?></td></tr> + <tr><td class="row2">Subject:</td><td class="row2"><input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $subj; ?>" /></td></tr> + <tr><td class="row1">Message:</td><td class="row1" style="min-width: 80%;"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['message']); else echo $text; ?></textarea></td></tr> <tr><th colspan="2"><input type="submit" name="_send" value="Send message" /> <input type="submit" name="_savedraft" value="Save as draft" /> <input type="submit" name="_inbox" value="Back to Inbox" /></th></tr> </table></div> + <input type="hidden" name="cstok" value="<?php echo $session->csrf_token; ?>" /> <?php echo '</form>'; $template->footer(); @@ -214,6 +218,7 @@ if(isset($_POST['_send'])) { // Check each POST DATA parameter... + csrf_request_confirm(); if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>'); if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>'); if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>'); @@ -231,6 +236,7 @@ return; } elseif(isset($_POST['_savedraft'])) { // Check each POST DATA parameter... + csrf_request_confirm(); if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>'); if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>'); if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>'); @@ -251,6 +257,7 @@ userprefs_show_menu(); echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Edit/'.$id).'" method="post">'; ?> + <input type="hidden" name="cstok" value="<?php echo $session->csrf_token; ?>" /> <br /> <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> <tr><th colspan="2">Edit draft</th></tr> @@ -317,6 +324,7 @@ if(!$q) $db->_die('The private message data could not be selected.'); echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/PostHandler').'" method="post"><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="4" style="text-align: left;">Folder: '.$argv[1].'</th></tr><tr><th class="subhead">'; if($fname == 'drafts' || $fname == 'Outbox') echo 'To'; else echo 'From'; + ?><input type="hidden" name="cstok" value="<?php echo $session->csrf_token; ?>" /><?php echo '</th><th class="subhead">Subject</th><th class="subhead">Date</th><th class="subhead">Mark</th></tr>'; if($db->numrows() < 1) echo '<tr><td style="text-align: center;" class="row1" colspan="4">No messages in this folder.</td></tr>'; @@ -351,12 +359,16 @@ $fname = $db->escape(strtolower($_POST['folder'])); if($fname=='drafts' || $fname=='outbox') { - $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;'); + $fname = $fname == 'outbox' ? 'inbox' : $fname; + $readsnip = $fname == 'inbox' ? ' AND message_read = 0' : ''; + $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\'' . $readsnip . ' ORDER BY date DESC;'); } else { $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;'); } if(!$q) $db->_die('The private message data could not be selected.'); - + + csrf_request_confirm(); + if(isset($_POST['archive'])) { while($row = $db->fetchrow($q)) { @@ -373,7 +385,7 @@ if(isset($_POST['marked_'.$row['message_id']])) { $e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';'); - if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); + if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully removed.'); $db->free_result(); } }