Warning: The author of this contribution does not provide support for it anymore.

phpBB mChat

Edit & Delete Bug - phpBB mChat

Edit & Delete Bug

by ThomassPWA » Mon Mar 12, 2012 10:34 pm

Hi,
mChat has a little bug, which allow everyone to delete and edit others messages, how?
For example, in browser console type:

Code: Select all

mChat.edit('63612');

and change the message ID you want to edit. Then just enter the new text and the message will change.
Please fix it.

@EDIT
Problem solved.
Below is patch made by RMcGirr83.
Thanks. : )
Last edited by ThomassPWA on Sun Mar 18, 2012 10:10 am
ThomassPWA
Registered User
Posts: 2
Joined: Mon Mar 12, 2012 10:07 pm

Re: Edit & Delete Bug

by RMcGirr83 » Mon Mar 12, 2012 11:33 pm

Then remove their permission to edit messages. This is no different than phpBB behavior. If a user has the auths to edit a message then they will be able to edit it.

I'll take a look at it when I get a chance but pretty sure it works the way it is supposed to.
Appreciate the extensions/mods/support then buy me a beer Image
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions | My extensions are updated regularly on github
All requests for support via PM will be ignored
User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21284
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Edit & Delete Bug

by RMcGirr83 » Tue Mar 13, 2012 1:03 am

Sorry after looking at it for quite a while the easiest thing to do would be to only give those you trust edit and delete auths for the chat.
Appreciate the extensions/mods/support then buy me a beer Image
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions | My extensions are updated regularly on github
All requests for support via PM will be ignored
User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21284
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Edit & Delete Bug

by ThomassPWA » Tue Mar 13, 2012 4:04 pm

If I remove their permission to edit/delete messages - it will be uncomfortable.
Everyone can make mistakes and I want them to be able to make corrections.
Last edited by ThomassPWA on Tue Jan 08, 2019 12:42 pm
ThomassPWA
Registered User
Posts: 2
Joined: Mon Mar 12, 2012 10:07 pm

Re: Edit & Delete Bug

by RMcGirr83 » Tue Mar 13, 2012 6:16 pm

I may take a look but am not promising anything.
Appreciate the extensions/mods/support then buy me a beer Image
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions | My extensions are updated regularly on github
All requests for support via PM will be ignored
User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21284
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Edit & Delete Bug

by RMcGirr83 » Thu Mar 15, 2012 11:00 am

Please do this

OPEN mchat.php

FIND

Code: Select all

   // Edit function...
   case 'edit':

      // edit and delete auths
      $mchat_edit = $auth->acl_get('u_mchat_edit') ? true : false;
      $mchat_del = $auth->acl_get('u_mchat_delete') ? true : false;   
      // If mChat disabled and not edit
      if (!$config['mchat_enable'] || !$mchat_edit)
      {
         // Forbidden (for jQ AJAX request)
         header('HTTP/1.0 403 Forbidden');
         exit_handler();
      }
      
      // Reguest...
      $message_id = request_var('message_id', 0);


REPLACE WITH

Code: Select all

   // Edit function...
   case 'edit':
   
      $message_id = request_var('message_id', 0);
      // check for the correct user
      $sql = 'SELECT *
         FROM ' . MCHAT_TABLE . '
         WHERE message_id = ' . (int) $message_id;      
      $result = $db->sql_query($sql);
      $row = $db->sql_fetchrow($result);
      $db->sql_freeresult($result);
      // edit and delete auths
      $mchat_edit = $auth->acl_get('u_mchat_edit')&& ($auth->acl_get('m_') || $user->data['user_id'] == $row['user_id']) ? true : false;
      $mchat_del = $auth->acl_get('u_mchat_delete') && ($auth->acl_get('m_') || $user->data['user_id'] == $row['user_id']) ? true : false;   
      // If mChat disabled and not edit
      if (!$config['mchat_enable'] || !$mchat_edit)
      {
         // Forbidden (for jQ AJAX request)
         header('HTTP/1.0 403 Forbidden');
         exit_handler();
      }
      
      // Reguest...
      


FIND

Code: Select all

   // Delete function...
   case 'delete':
      
      // must have auths to delete
      $mchat_del = ($auth->acl_get('u_mchat_delete')) ? true : false;
      // Reguest...
      $message_id = request_var('message_id', 0);


REPLACE WITH

Code: Select all

   // Delete function...
   case 'delete':
      
      $message_id = request_var('message_id', 0);
      // check for the correct user
      $sql = 'SELECT *
         FROM ' . MCHAT_TABLE . '
         WHERE message_id = ' . (int) $message_id;      
      $result = $db->sql_query($sql);
      $row = $db->sql_fetchrow($result);
      $db->sql_freeresult($result);
      // edit and delete auths
      $mchat_edit = $auth->acl_get('u_mchat_edit')&& ($auth->acl_get('m_') || $user->data['user_id'] == $row['user_id']) ? true : false;
      $mchat_del = $auth->acl_get('u_mchat_delete') && ($auth->acl_get('m_') || $user->data['user_id'] == $row['user_id']) ? true : false;


..and that should fix that.
Appreciate the extensions/mods/support then buy me a beer Image
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions | My extensions are updated regularly on github
All requests for support via PM will be ignored
User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21284
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Edit & Delete Bug

by newsbee » Thu Mar 15, 2012 7:42 pm

Hadn't seen a problem before, but have changed the file just in case. Thanks, Rich!
User avatar
newsbee
Registered User
Posts: 279
Joined: Sat Mar 29, 2003 1:07 pm
Location: Moscow
Contact:

Re: Edit & Delete Bug

by LordGabriel » Sat Jul 07, 2012 9:10 am

Why don't you repack the mod with these edits?
It's an important BUG...
LordGabriel
Registered User
Posts: 31
Joined: Tue Jul 26, 2011 10:30 am
Contact:

Re: Edit & Delete Bug

by RMcGirr83 » Sat Jul 07, 2012 9:55 am

Because, like those who can't search for already asked and answered questions, I am lazy.
Appreciate the extensions/mods/support then buy me a beer Image
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions | My extensions are updated regularly on github
All requests for support via PM will be ignored
User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21284
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Edit & Delete Bug

by Mess » Mon Dec 17, 2012 1:02 pm

RMcGirr83 wrote:Because, like those who can't search for already asked and answered questions, I am lazy.


:lol:
User avatar
Mess
Registered User
Posts: 985
Joined: Wed Jul 01, 2009 6:37 am
Name: Kim

Re: Edit & Delete Bug

by RMcGirr83 » Mon Sep 08, 2014 7:54 pm

Fixed in version 1.3.8
Appreciate the extensions/mods/support then buy me a beer Image
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions | My extensions are updated regularly on github
All requests for support via PM will be ignored
User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21284
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr