Fix html leaking through messages

2020-12-09 22:44:04 -08:00 · 2020-12-09 22:44:04 -08:00 · ccb64537dc
commit ccb64537dc
parent 71410de412
2 changed files with 7 additions and 5 deletions
--- a/irc.php
+++ b/irc.php
@ -128,7 +128,7 @@ while($bytes = socket_recv($socket, $r_data, 2048, MSG_DONTWAIT) !== '') {
 			$nickMsg = explode('NICK', $data);
                        $msgline = "<tr><td class='userinfo'><b>$senderNick</b><br /><span style='color:$ipcolor;'>$senderIp</span></td><td> $senderNick is now known as" . $nickMsg[1] . "</td></tr>\n";
 			file_put_contents("$username.log", $socketFileContents . $msgline);
-                } else if ($ex[2] == $username && (count(explode(":", $stringMsg[1])) > 1)) {
+                } else if ($ex[2] == $username && (count(explode(":", $stringMsg[1])) > 2)) {
 			$senderNick = get_string_between($data, ":", "!");
 			$senderIp = get_string_between($data, "@", " ");
 			$privMsg = explode(":", $stringMsg[1]);
@ -139,7 +139,7 @@ while($bytes = socket_recv($socket, $r_data, 2048, MSG_DONTWAIT) !== '') {
 				$msg .= $msgchunk;
 			}
 			
-			$msgline = "<tr><td class='userinfo'>PM from: <b>$senderNick</b><br /><span style='color:$ipcolor;'>$senderIp</span></td><td> " . stripslashes(trim($msg)) . "</td></tr>\n";
+			$msgline = "<tr><td class='userinfo'>PM from: <b>$senderNick</b><br /><span style='color:$ipcolor;'>$senderIp</span></td><td> " . htmlentities(stripslashes(trim($msg))) . "</td></tr>\n";
                        file_put_contents("$username.log", $socketFileContents . $msgline);
 			$msg = "";
 		} else if ($stringMsg[1] != "") {
@ -147,7 +147,7 @@ while($bytes = socket_recv($socket, $r_data, 2048, MSG_DONTWAIT) !== '') {
 			$senderIp = get_string_between($data, "@", " ");
 			$channel = explode(" :", $stringMsg[1]);
 			$msg = explode($channel[0] . " :", $stringMsg[1]);
-			$msgline = "<tr><td class='userinfo'><b>$senderNick</b>:" . $channel[0] . "<br /><span style='color:$ipcolor;'>$senderIp</span></td><td> " . stripslashes(trim($msg[1])) . "</td></tr>\n";
+			$msgline = "<tr><td class='userinfo'><b>$senderNick</b>:" . $channel[0] . "<br /><span style='color:$ipcolor;'>$senderIp</span></td><td> " . htmlentities(stripslashes(trim($msg[1]))) . "</td></tr>\n";
                        file_put_contents("$username.log", $socketFileContents . $msgline);
 		} else if ($ex[0] != "PING") {
 			$msgline = "<tr><td class='userinfo'><span style='color:$ipcolor;'>" . $server_address . "</span> ~ </td><td> " . $data . "</td></tr>\n";
--- a/server.php
+++ b/server.php
@ -86,7 +86,9 @@ if (isset($_GET['msg']) && $_GET['msg']!="" && isset($_GET['nick']) && $_GET['ni
 		if($cmd[1]!="") {
 			doLog("$username: listing users for " . $cmd[1]);
 			$line .= "NAMES " . trim($cmd[1]) . "\n"; // set for push
-			//$logline .= "<tr><td class='userinfo'><b>$nick</b>:</td><td>Joining " . $cmd[1] . "</td></tr>\n"; // push to client
+                } else {
+			doLog("$username: listing users for $channel");
+                        $line .= "NAMES $channel\n"; // set for push
 		}
        } else if ($cmd[0] == "/rejoin") {
 		doLog("$username: rejoining channel");