MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Merge branch 'lars-algemeen' into 'master'

Browse Source 
Made chat xss prove

See merge request !82
This commit was merged in pull request #86.
This commit is contained in:
Lars van Hijfte
2017-01-20 13:33:35 +01:00
parent 28578adb11 61c148e127
commit 756589b323
3 changed files with 11 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
website/public/API/loadMessages.php
View File

@@ -3,11 +3,10 @@
session_start();
require_once("../../queries/connect.php");
require_once("../../queries/private_message.php");
require_once("../../queries/checkInput.php");
if (isset($_POST["lastID"]) && $_POST["lastID"] != "") {
echo getNewChatMessages($_POST["lastID"], $_POST["destination"]);
echo getNewChatMessages(test_input($_POST["lastID"]), test_input($_POST["destination"]));
} else {
echo getOldChatMessages($_POST["destination"]);
echo getOldChatMessages(test_input($_POST["destination"]));
}

15
website/public/API/sendMessage.php
View File

@@ -3,16 +3,15 @@
session_start();
require_once("../../queries/connect.php");
require_once("../../queries/private_message.php");
require_once("../../queries/checkInput.php");
if (isset($_POST["destination"]) &&
isset($_POST["content"])) {
if (sendMessage($_POST["destination"], $_POST["content"])) {
echo $_POST["content"] . " is naar " . $_POST["destination"] . " gestuurd";
if (!empty(test_input($_POST["destination"])) &&
!empty(test_input($_POST["content"]))) {
if (sendMessage(test_input($_POST["destination"]), test_input($_POST["content"]))) {
echo 1;
} else {
echo "YOU FAILED!!!";
echo 0;
}
} else {
echo "maybe dont try to hax the system?";
echo 0;
}

6
website/public/js/chat.js
View File

@@ -10,7 +10,6 @@ function loadMessages() {
$("#lastIDForm").serialize()
).done(function(data) {
if (data && data != "[]") {
console.log(data);
messages = JSON.parse(data);
addMessages(messages);
$("#lastID").val(messages[messages.length - 1].messageID);
@@ -23,13 +22,10 @@ function loadMessages() {
function sendMessage() {
console.log($("#sendMessageForm").serialize());
$.post(
"API/sendMessage.php",
$("#sendMessageForm").serialize()
).done(function( data ) {
console.log(data);
});
);
$("#newContent").val("");
}