Permalink
Browse files

fix bugs and security issue. See Read me for more details

  • Loading branch information...
1 parent 7a8cf90 commit c5775a905c0633f00cd9836a97043afce6380e72 @beechannels committed Aug 9, 2010
Showing with 56 additions and 51 deletions.
  1. +18 −0 README
  2. +2 −2 disablechat.php
  3. +2 −2 enablechat.php
  4. +6 −2 languages/fr.php
  5. +20 −36 views/default/beechat/beechat.js.php
  6. +8 −9 views/default/beechat/beechat.php
View
18 README
@@ -21,3 +21,21 @@ We are relying on the [GitHub issues tracker][issues] linked from above for
feedback. File bugs or other issues [here][issues].
[issues]: http://github.com/beechannels/beechat/issues
+
+Changes
+-------
+
+August 9th, 2010
+
+- cooked js doesn't cook tokens or languages (separated now to another file)
+- db data now can be set from the admin panel
+- users can disable the chat in their settings
+- migrate.php added that will make the initial sync
+- make the get roster js action asynchronous
+- fix buddy list issue when changing page
+- fix security issues (XSS)
+
+Thanks
+------
+
+We'd like to thank Pablo Martin ( http://github.com/caedesvvv ) and Benjamin H. Graham ( http://github.com/bhgraham ) for their help on Beechat.
View
@@ -1,8 +1,8 @@
<?php
require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
if (isloggedin()) {
- get_loggedin_user()->chatenabled = false;
+ get_loggedin_user()->chatdisabled = true;
system_message(elgg_echo("beechat:disabled"));
}
forward($_SERVER['HTTP_REFERER']);
-?>
+?>
View
@@ -1,8 +1,8 @@
<?php
require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
if (isloggedin()) {
- get_loggedin_user()->chatenabled = true;
+ get_loggedin_user()->chatdisabled = false;
system_message(elgg_echo("beechat:enabled"));
}
forward($_SERVER['HTTP_REFERER']);
-?>
+?>
View
@@ -23,10 +23,14 @@
'beechat:box:minimize' => 'Diminuer',
'beechat:box:close' => 'Fermer',
- 'beechat:box:showhide' => 'Montrer/Cacher cette fenêtre de chat'
+ 'beechat:box:showhide' => 'Montrer/Cacher cette fenêtre de chat',
+ 'beechat:enabled' => 'Chat activé',
+ 'beechat:disabled' => 'Chat désactivté',
+ 'beechat:enablechat' => 'Activer le chat',
+ 'beechat:disablechat' => 'Désactivé le chat',
);
add_translation('fr', $fr_array);
-?>
+?>
@@ -14,15 +14,6 @@
g_beechat_user = null;
g_beechat_roster_items = null;
-function debugXMPP(msg) {
- try {
- console.log(msg)
- }
- catch (err) {
- }
- //$('#layout_footer').html($('#layout_footer').html()+'<br/>'+msg);
-}
-
/** Class: BeeChat
* An object container for all BeeChat mod functions
*
@@ -248,7 +239,6 @@ function debugXMPP(msg) {
*/
this.connect = function(password)
{
- debugXMPP('connect');
if (_connection == null)
_connection = new Strophe.Connection(BeeChat.BOSH_SERVICE);
_connection.connect(_jid, password, _onConnect);
@@ -277,7 +267,6 @@ function debugXMPP(msg) {
*/
this.disconnect = function()
{
- debugXMPP('disconnect');
if (_connection != null) {
_connection.disconnect();
_connection = null;
@@ -473,7 +462,7 @@ function _onMessageChat(message)
msg: message
};
_msgTemp.push(data);
- //alert("message");
+
if (_initialized == true) {
for (var key in _msgTemp) {
if (typeof _msgTemp[key] != 'object')
@@ -546,9 +535,7 @@ function _onMessageChat(message)
this.setStatuses = function(statuses)
{
-//alert(statuses);
for (var key in statuses) {
-//alert(statuses);
_items[key + '@' + BeeChat.DOMAIN].status = statuses[key];
}
}
@@ -610,8 +597,6 @@ function _onMessageChat(message)
attr.presences[jid] = {};
attr.presences[jid].type = (!$(presence).attr('type')) ? 'available' : $(presence).attr('type');
- //alert($(presence).attr('from')+presence.toString());
- //alert("presencetype"+attr.presences[jid].type);
if (attr.presences[jid].type == 'available') {
$(presence).children().each(function() {
@@ -1008,7 +993,6 @@ function statusSort(x, y)
password: null
}
var self = this;
- //alert("connect");
if (conn == null || (conn != null && conn.attached)) {
BeeChat.UI.getUserDetails(function(retrievedUserDetails) {
userDetails.jid = retrievedUserDetails.username + '@' + BeeChat.DOMAIN + '/' + BeeChat.RESOURCE;
@@ -1101,12 +1085,13 @@ function statusSort(x, y)
};
}
var self = this;
-
+
$.ajax({
type: 'POST',
async: false,
url: self.addActionTokens('<?php echo $vars['url'] . "action/beechat/save_state"; ?>'),
- data: { beechat_conn: JSON.stringify(conn) }
+ data: { beechat_conn: JSON.stringify(conn) },
+ async:false
});
/*
@@ -1189,7 +1174,8 @@ function statusSort(x, y)
type: 'POST',
async: false,
url: self.addActionTokens('<?php echo $vars['url'] . "action/beechat/save_state"; ?>'),
- data: { beechat_state: JSON.stringify(data) }
+ data: { beechat_state: JSON.stringify(data) },
+ async:false
});
},
@@ -1210,8 +1196,8 @@ function statusSort(x, y)
BeeChat.UI.AvailabilitySwitcher.initialize(json.availability);
if (!json.contacts_list.minimized) {
- $('#' + BeeChat.UI.Resources.Elements.ID_DIV_CONTACTS).show();
- BeeChat.UI.ContactsList.showedStyle();
+ $('#' + BeeChat.UI.Resources.Elements.ID_DIV_CONTACTS).show();
+ BeeChat.UI.ContactsList.showedStyle();
}
g_beechat_user.getRoster().setItems(json.contacts);
@@ -1289,7 +1275,7 @@ function statusSort(x, y)
loadRosterItemsStatuses: function()
{
var data = g_beechat_user.getRoster().getItemsUsernamesAsList();
-//alert(data)
+
var self = this;
$.ajax({
type: 'POST',
@@ -1312,9 +1298,9 @@ function statusSort(x, y)
onRosterUpdate: function(rosterItems)
{
g_beechat_roster_items = rosterItems;
- //alert("get roster");
+
if (!g_beechat_user.isInitialized()) {
- //alert("load roster" + rosterItems.length);
+
BeeChat.UI.loadRosterItemsIcons();
BeeChat.UI.loadRosterItemsStatuses();
g_beechat_user.sendInitialPresence();
@@ -1326,12 +1312,10 @@ function statusSort(x, y)
*/
onChatMessage: function(data)
{
- debugXMPP('message arrived');
if ($(data.msg).find('body').length == 0) {
BeeChat.UI.ChatBoxes.updateChatState(data.contactBareJid, data.msg);
}
else {
- debugXMPP(Strophe.getText($(data.msg).find('body')[0]));
BeeChat.UI.ChatBoxes.update(data.contactBareJid, BeeChat.UI.Utils.getContactName(data.contactBareJid), Strophe.getText($(data.msg).find('body')[0]));
}
}
@@ -1901,7 +1885,6 @@ function statusSort(x, y)
*/
update: function(contactBareJid, fromName, msg)
{
- debugXMPP("chatboxes update "+msg+" "+fromName+" "+contactBareJid);
var chatBoxElm = BeeChat.UI.ChatBoxes.getChatBoxElm(contactBareJid);
if (chatBoxElm.length == 0) {
@@ -1910,14 +1893,12 @@ function statusSort(x, y)
}
var chatBoxContentElm = chatBoxElm.children().filter('[bareJid=' + contactBareJid + ']');
- debugXMPP("chatboxes update "+msg+" "+fromName+" "+chatBoxContentElm);
chatBoxContentElm.find('p').filter('[class=' + BeeChat.UI.Resources.StyleClasses.ChatBox.STATE + ']').remove();
var chatBoxLastMessageElm = $(chatBoxContentElm).find('div').filter('[class=' + BeeChat.UI.Resources.StyleClasses.ChatBox.MESSAGE + ']').filter(':last');
if (chatBoxLastMessageElm && chatBoxLastMessageElm.find('span').filter('[class=' + BeeChat.UI.Resources.StyleClasses.ChatBox.MESSAGE_SENDER + ']').text() == fromName) {
- debugXMPP("one " + chatBoxLastMessageElm + " " + fromName);
chatBoxLastMessageElm.append('<p>' + BeeChat.UI.Utils.getPrintableChatMessage(msg) + '</p>');
} else {
chatBoxContentElm.append($('<div></div>')
@@ -2096,11 +2077,15 @@ function statusSort(x, y)
*/
getPrintableChatMessage: function(msg)
{
- msg = jQuery.trim(msg);
- msg = BeeChat.UI.Utils.replaceLinks(msg);
- msg = BeeChat.UI.Utils.replaceSmileys(msg);
+ var val = new String;
+ val = $('<div>' + msg + '</div>');
+ msg = val.text();
+
+ msg = jQuery.trim(msg);
+ msg = BeeChat.UI.Utils.replaceLinks(msg);
+ msg = BeeChat.UI.Utils.replaceSmileys(msg);
- return msg;
+ return msg;
},
/** Function: getNowFormattedTime
@@ -2217,7 +2202,6 @@ function init_beechat(ts, token) {
g_beechat_user.requestSessionPause();
BeeChat.UI.saveState();
}
-
BeeChat.UI.saveConnection();
});
@@ -2231,4 +2215,4 @@ function init_beechat(ts, token) {
$(window).bind('focus', function() {
BeeChat.UI.HAS_FOCUS = true;
- });
+ });
@@ -9,12 +9,11 @@
* @link http://beechannels.com/
*/
-if (isloggedin() && get_loggedin_user()->chatenabled) {
-
-?>
+if (isloggedin() && !get_loggedin_user()->chatdisabled) {
+?>
<div id="beechat">
<div id="beechat_left">
- <a id="beechat_tooltip_trigger" href="<?php echo $vars['url']; ?>"><img src="<?php echo $vars['config']->staticurl; ?>mod/theme_beebac2/graphics/favicon.ico" /></a>
+ <a id="beechat_tooltip_trigger" href="<?php echo $vars['url']; ?>"></a>
<div class="tooltip tooltipchat">
<h3><?php echo elgg_echo('beechat:icons:home'); ?></h3>
</div>
@@ -70,16 +69,16 @@
?>
<script>
- $(window).load(function () {
+ $(function () {
var e = document.createElement('script');
e.async = true;
e.type = 'text/javascript';
- e.innerHTML = 'init_beechat("<?php echo $ts; ?>","<?php echo $token; ?>");';
- document.getElementById('beechat').appendChild(e);
+ e.innerHTML = 'init_beechat("<?php echo $ts; ?>","<?php echo $token; ?>");';
+ document.getElementById('beechat').appendChild(e);
- })
+ });
</script>
<?php
}
-?>
+?>

0 comments on commit c5775a9

Please sign in to comment.