Permalink
Commits on Jan 6, 2017
  1. Merge pull request #252 from Jugolo/patch-1

    Remove get_magic_quotes_gpc
    committed on GitHub Jan 6, 2017
Commits on Dec 20, 2016
  1. Remove get_magic_quotes_gpc

    From 5.4.0 get_magic_quotes_gpc allways return false
    Jugolo committed on GitHub Dec 20, 2016
Commits on Aug 23, 2016
  1. Merge pull request #246 from Jugolo/patch-2

    Update da.js
    committed on GitHub Aug 23, 2016
  2. Update da.js

    Jugolo committed on GitHub Aug 23, 2016
Commits on May 4, 2016
  1. language key for audio support

    committed May 4, 2016
  2. cs, whitespace tabs

    committed May 4, 2016
  3. Merge branch 'Jugolo-patch-1'

    committed May 4, 2016
Commits on May 3, 2016
  1. Update chat.js

    Jugolo committed May 3, 2016
  2. Update AJAXChatTemplate.php

    Jugolo committed May 3, 2016
  3. Update loggedIn.html

    Jugolo committed May 3, 2016
  4. Update AJAXChat.php

    Jugolo committed May 3, 2016
Commits on May 1, 2016
  1. Merge pull request #199 from jsebean/master

    Prevent malicious user from forcing Logout
    committed May 1, 2016
  2. Merge branch 'jamrial-html5audio'

    committed May 1, 2016
  3. update changelog

    committed May 1, 2016
Commits on Apr 30, 2016
  1. cs, closing bracket

    committed Apr 30, 2016
  2. Merge branch 'html5audio' of https://github.com/jamrial/AJAX-Chat int…

    …o jamrial-html5audio
    
    Conflicts:
    	chat/js/chat.js
    	chat/lib/template/loggedIn.html
    committed Apr 30, 2016
  3. Display install errors

    committed Apr 30, 2016
  4. CS fixes, remove closing tags

    committed Apr 30, 2016
Commits on Apr 26, 2016
  1. French lang typo. Closes #229

    committed Apr 26, 2016
Commits on Apr 20, 2016
  1. Update readme.md

    committed Apr 20, 2016
Commits on Apr 17, 2016
  1. Finally gonna tag 0.8.8

    committed Apr 17, 2016
Commits on Mar 27, 2015
  1. Prevent malicious user from forcing Logout

    Due to the fact that AjaxChat does not use tokens to verify logouts were
    authorized by a chat user, a CSRF vulnerability was discovered that
    permitted a malicious chatter to post the chat's logout URL inside the
    img tags of a chat room, forcing all users, including moderators and
    administrators to log out. It also prevents further users to log in for
    a period of time due to the log inside the chat, until the image
    disappears from the log.
    
    This simple modification simple checks the URL inside the img code,
    checks for ?logout=true (part of the URL in ajax chat for logging out)
    and strips it. Ugly hack, but does the job. If one wanted to make it
    more complex they could also write it to check the domain and path of
    the chat, but doing so would allow someone to logout a user in one chat
    room who is logged in at the same time in another.
    jsebean committed Mar 27, 2015
Commits on Feb 22, 2015
  1. Turn error reporting back off

    committed Feb 22, 2015
  2. Changelog update for mybb

    committed Feb 22, 2015
Commits on Jul 22, 2014
  1. Merge pull request #170 from bomdia/patch-1

    corrected error of language translation :D
    committed Jul 22, 2014
Commits on Jul 21, 2014
Commits on Jul 20, 2014
  1. Update changelog.txt

    committed Jul 20, 2014
  2. Merge branch 'master' of https://github.com/VillainyStudios/AJAX-Chat

    …into VillainyStudios-master
    
    Conflicts:
    	chat/lib/class/AJAXChat.php
    committed Jul 20, 2014