Warning: The author of this contribution does not provide support for it anymore.

phpBB mChat

Edit & Delete Bug - phpBB mChat

Edit & Delete Bug

by ThomassPWA » Mon Mar 12, 2012 10:34 pm

Hi,
mChat has a little bug, which allow everyone to delete and edit others messages, how?
For example, in browser console type:

Code: Select all

mChat.edit('63612');

and change the message ID you want to edit. Then just enter the new text and the message will change.
Please fix it.

@EDIT
Problem solved.
Below is patch made by RMcGirr83.
Thanks. : )
Last edited by ThomassPWA on Sun Mar 18, 2012 10:10 am
ThomassPWA
Registered User
Posts: 2
Joined: Mon Mar 12, 2012 10:07 pm

Re: Edit & Delete Bug

by RMcGirr83 » Mon Mar 12, 2012 11:33 pm

Then remove their permission to edit messages. This is no different than phpBB behavior. If a user has the auths to edit a message then they will be able to edit it.

I'll take a look at it when I get a chance but pretty sure it works the way it is supposed to.
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions
Appreciate the extensions/mods/support then buy me a beer
All requests for support via PM will be ignored
User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21034
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr
Contact:

Re: Edit & Delete Bug

by RMcGirr83 » Tue Mar 13, 2012 1:03 am

Sorry after looking at it for quite a while the easiest thing to do would be to only give those you trust edit and delete auths for the chat.
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions
Appreciate the extensions/mods/support then buy me a beer
All requests for support via PM will be ignored
User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21034
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr
Contact:

Re: Edit & Delete Bug

by ThomassPWA » Tue Mar 13, 2012 4:04 pm

If I remove their permission to edit/delete messages - it will be uncomfortable.
Everyone can make mistakes and I want them to be able to make corrections.
Last edited by ThomassPWA on Tue Jan 08, 2019 12:42 pm
ThomassPWA
Registered User
Posts: 2
Joined: Mon Mar 12, 2012 10:07 pm

Re: Edit & Delete Bug

by RMcGirr83 » Tue Mar 13, 2012 6:16 pm

I may take a look but am not promising anything.
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions
Appreciate the extensions/mods/support then buy me a beer
All requests for support via PM will be ignored
User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21034
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr
Contact:

Re: Edit & Delete Bug

by RMcGirr83 » Thu Mar 15, 2012 11:00 am

Please do this

OPEN mchat.php

FIND

Code: Select all

   // Edit function...
   case 'edit':

      // edit and delete auths
      $mchat_edit = $auth->acl_get('u_mchat_edit') ? true : false;
      $mchat_del = $auth->acl_get('u_mchat_delete') ? true : false;   
      // If mChat disabled and not edit
      if (!$config['mchat_enable'] || !$mchat_edit)
      {
         // Forbidden (for jQ AJAX request)
         header('HTTP/1.0 403 Forbidden');
         exit_handler();
      }
      
      // Reguest...
      $message_id = request_var('message_id', 0);


REPLACE WITH

Code: Select all

   // Edit function...
   case 'edit':
   
      $message_id = request_var('message_id', 0);
      // check for the correct user
      $sql = 'SELECT *
         FROM ' . MCHAT_TABLE . '
         WHERE message_id = ' . (int) $message_id;      
      $result = $db->sql_query($sql);
      $row = $db->sql_fetchrow($result);
      $db->sql_freeresult($result);
      // edit and delete auths
      $mchat_edit = $auth->acl_get('u_mchat_edit')&& ($auth->acl_get('m_') || $user->data['user_id'] == $row['user_id']) ? true : false;
      $mchat_del = $auth->acl_get('u_mchat_delete') && ($auth->acl_get('m_') || $user->data['user_id'] == $row['user_id']) ? true : false;   
      // If mChat disabled and not edit
      if (!$config['mchat_enable'] || !$mchat_edit)
      {
         // Forbidden (for jQ AJAX request)
         header('HTTP/1.0 403 Forbidden');
         exit_handler();
      }
      
      // Reguest...
      


FIND

Code: Select all

   // Delete function...
   case 'delete':
      
      // must have auths to delete
      $mchat_del = ($auth->acl_get('u_mchat_delete')) ? true : false;
      // Reguest...
      $message_id = request_var('message_id', 0);


REPLACE WITH

Code: Select all

   // Delete function...
   case 'delete':
      
      $message_id = request_var('message_id', 0);
      // check for the correct user
      $sql = 'SELECT *
         FROM ' . MCHAT_TABLE . '
         WHERE message_id = ' . (int) $message_id;      
      $result = $db->sql_query($sql);
      $row = $db->sql_fetchrow($result);
      $db->sql_freeresult($result);
      // edit and delete auths
      $mchat_edit = $auth->acl_get('u_mchat_edit')&& ($auth->acl_get('m_') || $user->data['user_id'] == $row['user_id']) ? true : false;
      $mchat_del = $auth->acl_get('u_mchat_delete') && ($auth->acl_get('m_') || $user->data['user_id'] == $row['user_id']) ? true : false;


..and that should fix that.
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions
Appreciate the extensions/mods/support then buy me a beer
All requests for support via PM will be ignored
User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21034
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr
Contact:

Re: Edit & Delete Bug

by newsbee » Thu Mar 15, 2012 7:42 pm

Hadn't seen a problem before, but have changed the file just in case. Thanks, Rich!
User avatar
newsbee
Registered User
Posts: 279
Joined: Sat Mar 29, 2003 1:07 pm
Location: Moscow
Contact:

Re: Edit & Delete Bug

by LordGabriel » Sat Jul 07, 2012 9:10 am

Why don't you repack the mod with these edits?
It's an important BUG...
LordGabriel
Registered User
Posts: 31
Joined: Tue Jul 26, 2011 10:30 am
Contact:

Re: Edit & Delete Bug

by RMcGirr83 » Sat Jul 07, 2012 9:55 am

Because, like those who can't search for already asked and answered questions, I am lazy.
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions
Appreciate the extensions/mods/support then buy me a beer
All requests for support via PM will be ignored
User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21034
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr
Contact:

Re: Edit & Delete Bug

by Mess » Mon Dec 17, 2012 1:02 pm

RMcGirr83 wrote:Because, like those who can't search for already asked and answered questions, I am lazy.


:lol:
User avatar
Mess
Registered User
Posts: 985
Joined: Wed Jul 01, 2009 6:37 am
Name: Kim

Re: Edit & Delete Bug

by RMcGirr83 » Mon Sep 08, 2014 7:54 pm

Fixed in version 1.3.8
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions
Appreciate the extensions/mods/support then buy me a beer
All requests for support via PM will be ignored
User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21034
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr
Contact: