MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Made chat xss prove

Browse Source
This commit is contained in:
Lars van Hijfte
2017-01-20 13:30:40 +01:00
parent 28578adb11
commit 61c148e127
3 changed files with 11 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
website/public/API/loadMessages.php
View File

@@ -3,11 +3,10 @@
session_start();
require_once("../../queries/connect.php");
require_once("../../queries/private_message.php");
require_once("../../queries/checkInput.php");
if (isset($_POST["lastID"]) && $_POST["lastID"] != "") {
echo getNewChatMessages($_POST["lastID"], $_POST["destination"]);
echo getNewChatMessages(test_input($_POST["lastID"]), test_input($_POST["destination"]));
} else {
echo getOldChatMessages($_POST["destination"]);
echo getOldChatMessages(test_input($_POST["destination"]));
}

15
website/public/API/sendMessage.php
View File

@@ -3,16 +3,15 @@
session_start();
require_once("../../queries/connect.php");
require_once("../../queries/private_message.php");
require_once("../../queries/checkInput.php");
if (isset($_POST["destination"]) &&
isset($_POST["content"])) {
if (sendMessage($_POST["destination"], $_POST["content"])) {
echo $_POST["content"] . " is naar " . $_POST["destination"] . " gestuurd";
if (!empty(test_input($_POST["destination"])) &&
!empty(test_input($_POST["content"]))) {
if (sendMessage(test_input($_POST["destination"]), test_input($_POST["content"]))) {
echo 1;
} else {
echo "YOU FAILED!!!";
echo 0;
}
} else {
echo "maybe dont try to hax the system?";
echo 0;
}