Updated for compatibility with newer Enano releases. Oops.
authorDan
Sat, 08 Dec 2007 13:25:13 -0500
changeset 1 7785b3e99977
parent 0 2f9b67edc9b1
child 2 b0e58c67304b
Updated for compatibility with newer Enano releases. Oops.
ajim/ajim.php
plugins/ajim.php
--- a/ajim/ajim.php	Wed Jun 13 22:33:00 2007 -0400
+++ b/ajim/ajim.php	Sat Dec 08 13:25:13 2007 -0500
@@ -177,7 +177,7 @@
               <tr><td><span style="font-family: arial; font-size: 7pt; ">Name:</span></td>   <td><input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px; padding: 1px;" id="'.$this->id.'_name" name="name"'.$enstr.' /></td></tr>
               <tr><td><span style="font-family: arial; font-size: 7pt; ">Website:</span></td><td><input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px; padding: 1px;" id="'.$this->id.'_website" name="website"'.$enstr.' /></td></tr>
               <tr><td colspan="2"><span style="font-family: arial; font-size: 7pt; ">Message:</span></td></tr>
-              <tr><td colspan="2"><textarea'.$enstr.' rows="2" cols="16" style="width: auto; margin: 0 auto;" id="'.$this->id.'_post" name="post" onkeyup="'.$this->id.'_keyhandler();"></textarea></td></tr>
+              <tr><td colspan="2"><textarea'.$enstr.' rows="2" cols="16" style="width: auto; margin: 0 auto;" id="'.$this->id.'_post" name="post"></textarea></td></tr>
               <tr><td colspan="2" align="center"><input'.$enstr.' type="submit" value="Submit post" /><br />
               <span style="font-family: arial; font-size: 6pt; color: #000000;">AjIM powered</span></td></tr>
               ';
@@ -486,6 +486,8 @@
 // The client-side javascript and CSS code
 
 if(isset($_GET['js']) && isset($_GET['id']) && isset($_GET['path']) && isset($_GET['pfx'])) {
+  if ( !preg_match('/^([a-z0-9_]+)$/', $_GET['id']) )
+    die('XSS');
   header('Content-type: text/javascript');
   ?>
   // <script>
@@ -514,18 +516,14 @@
   head = head[0];
   head.appendChild(link);
   
-  if(typeof window.onload == 'function')
-    var __ajim_oltemp = window.onload;
-  else
-    var __ajim_oltemp = function(e) { };
-  window.onload = function(e)
+  var <?php echo $_GET['id']; ?>_onload = function(e)
   {
     if(document.getElementById('<?php echo $_GET['id']; ?>_post'))
     {
-      document.getElementById('<?php echo $_GET['id']; ?>_post').onkeyup = function(e) { <?php echo $_GET['id']; ?>_keyhandler(e); };
+      document.getElementById('<?php echo $_GET['id']; ?>_post').onkeyup = <?php echo $_GET['id']; ?>_keyhandler;
     }
-    __ajim_oltemp(e);
   }
+  addOnloadHook(<?php echo $_GET['id']; ?>_onload);
   
   function <?php echo $_GET['id']; ?>readCookie(name) {var nameEQ = name + "=";var ca = document.cookie.split(';');for(var i=0;i < ca.length;i++){var c = ca[i];while (c.charAt(0)==' ') c = c.substring(1,c.length);if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);}return null;}
   function <?php echo $_GET['id']; ?>setCookie(name,value,days){if (days){var date = new Date();date.setTime(date.getTime()+(days*24*60*60*1000));var expires = "; expires="+date.toGMTString();}else var expires = "";document.cookie = name+"="+value+expires+"; path=/";}
@@ -634,8 +632,9 @@
   
   function <?php echo $_GET['id']; ?>_keyhandler(e)
   {
-    if(!e) e = window.event;
-    if(e.keyCode == 13)
+    if ( !e )
+      return false;
+    if ( e.keyCode == 13 )
     {
       val = document.getElementById(<?php echo $_GET['id']; ?>id+'_post').value;
       if(!shift)
--- a/plugins/ajim.php	Wed Jun 13 22:33:00 2007 -0400
+++ b/plugins/ajim.php	Sat Dec 08 13:25:13 2007 -0500
@@ -17,9 +17,9 @@
   if(defined('scriptPath'))
     define('ajimClientPath', scriptPath.'/ajim');
   
-  if(!defined('ENANO_ROOT'))
-    define('ENANO_ROOT', dirname(dirname(__FILE__)));
-  define('ajimServerPath', ENANO_ROOT.'/ajim');
+  // if(!defined('ENANO_ROOT'))
+  //   define('ENANO_ROOT', dirname(dirname(__FILE__)));
+  
   global $db, $session, $paths, $template, $plugins; // Common objects
   $__ajim_config = Array(
     'sb_color_background'=>'#FFF',
@@ -27,56 +27,63 @@
     );
   if(defined('ENANO_INSTALLED') || defined('MIDGET_INSTALLED'))
   {
-    if(!isset($_GET['admin']))
+    define('ajimServerPath', ENANO_ROOT.'/ajim');
+    
+    $plugins->attachHook('compile_template', 'AjIM_SideBar();');
+    $plugins->attachHook('acl_rule_init', 'global $session; $session->register_acl_type(\'ajim_post\', AUTH_ALLOW, \'Submit AjIM posts\');');
+    require_once(ajimServerPath . '/ajim.php');
+    
+    function AjIM_SideBar()
     {
-      $plugins->attachHook('compile_template', 'AjIM_SideBar();');
-      $plugins->attachHook('acl_rule_init', 'global $session; $session->register_acl_type(\'ajim_post\', AUTH_ALLOW, \'Submit AjIM posts\');');
-      include(ajimServerPath . '/ajim.php');
-      
-      function AjIM_SideBar()
+      global $db, $session, $paths, $template, $plugins; // Common objects
+      global $__ajim_config;
+      $paths->addAdminNode('Plugin configuration', 'AjIM configuration', 'AjIM_Config');
+      $dir = getcwd();
+      chdir(ENANO_ROOT);
+      include('config.php');
+      chdir($dir);
+      unset($dir);
+      if($session->user_level >= USER_LEVEL_ADMIN)
       {
-        global $db, $session, $paths, $template, $plugins; // Common objects
-        global $__ajim_config;
-        $paths->addAdminNode('Plugin configuration', 'AjIM configuration', 'AjIM_Config');
-        $dir = getcwd();
-        chdir(ENANO_ROOT);
-        include('config.php');
-        chdir($dir);
-        unset($dir);
-        if($session->user_level >= USER_LEVEL_ADMIN)
-        {
-          $r = $db->sql_query('SELECT password FROM '.table_prefix.'users WHERE username=\''.$session->username.'\'');
-          $p = $db->fetchrow_num($r);
-          $admin = $p[0];
-        }
-        else 
-        {
-          $admin = false;
-        }
-        $__ajim_config['db_connection_handle'] = $db->_conn;
-        if(!$session->user_logged_in)
-        {
-          $__ajim_config['cant_post_notice'] = 'The administrator requires that you <a href="'.makeUrlNS('Special', 'Login/'.$paths->page, null, true).'">log in</a> to post messages.';
-        }
-        else
-        {
-          $__ajim_config['cant_post_notice'] = 'The administrator has disallowed message posting for your user account.';
-        }
-        $canpost = ( $session->get_permissions('ajim_post') ) ? true : false;
-        $ajim = new ajim($__ajim_config, table_prefix, scriptPath.'/plugins/ajim.php', $admin, false, $canpost, array('RenderMan', 'render'));
-        $template->sidebar_widget('Shoutbox', $ajim->html(ajimClientPath));
-        $template->additional_headers .= '<link rel="stylesheet" type="text/css" href="'.ajimClientPath.'/ajim.php?css&amp;id='.$ajim->id.'&amp;pfx='.table_prefix.'&amp;path='.scriptPath.'/plugins/ajim.php" />';
+        $r = $db->sql_query('SELECT password FROM '.table_prefix.'users WHERE username=\''.$session->username.'\'');
+        $p = $db->fetchrow_num($r);
+        $admin = $p[0];
+      }
+      else 
+      {
+        $admin = false;
+      }
+      $__ajim_config['db_connection_handle'] = $db->_conn;
+      if(!$session->user_logged_in)
+      {
+        $__ajim_config['cant_post_notice'] = 'The administrator requires that you <a href="'.makeUrlNS('Special', 'Login/'.$paths->page, null, true).'">log in</a> to post messages.';
       }
+      else
+      {
+        $__ajim_config['cant_post_notice'] = 'The administrator has disallowed message posting for your user account.';
+      }
+      $canpost = ( $session->get_permissions('ajim_post') ) ? true : false;
+      $ajim = new ajim($__ajim_config, table_prefix, scriptPath.'/plugins/ajim.php', $admin, false, $canpost, array('RenderMan', 'render'));
+      $template->sidebar_widget('Shoutbox', $ajim->html(ajimClientPath));
+      $template->additional_headers .= '<link rel="stylesheet" type="text/css" href="'.ajimClientPath.'/ajim.php?css&amp;id='.$ajim->id.'&amp;pfx='.table_prefix.'&amp;path='.scriptPath.'/plugins/ajim.php" />';
     }
-  } elseif(isset($_GET['ajimmode'])) {
+  }
+  elseif ( isset($_GET['ajimmode']) )
+  {
     global $db, $session, $paths, $template, $plugins, $dbhost, $dbname, $dbuser, $dbpasswd;
     require_once('../includes/common.php');
+    define('ajimServerPath', ENANO_ROOT.'/ajim');
     require_once(ajimServerPath . '/ajim.php');
     header('HTTP/1.1 200 OK');
     define('ajimClientPath', scriptPath.'/ajim');
-    if($session->user_level >= USER_LEVEL_ADMIN) {
+    if ( $session->user_level >= USER_LEVEL_ADMIN )
+    {
       $admin = $session->grab_password_hash(); 
-    } else $admin = false;
+    }
+    else
+    {
+      $admin = false;
+    }
     require('../config.php');
     $canpost = (getConfig('ajim_require_login') != '1' || $session->user_logged_in) ? true : false;
     $__ajim_config['db_connection_handle'] = $db->_conn;