xinyin025/TravianZ
1
0
Fork 0
mirror of https://github.com/Shadowss/TravianZ.git synced 2026-06-28 00:24:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #371 from Shadowss/patch-69

Browse Source 
Vulnerability closed , now you cannot send more then 5 message / minute ...
This commit is contained in:
yi12345
2013-09-29 12:09:24 -07:00
parent 86d1d5f4c3 0df3fc59ee
commit 0c2fa8a9c0
1 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
GameEngine/Message.php
+23 -2
View File
@@ -317,10 +317,20 @@ class Message {
private function sendAMessage($topic,$text) {
global $session,$database;
// Vulnerability closed by Shadow
$q = "SELECT * FROM ".TB_PREFIX."mdata WHERE owner='".$session->uid."' AND time > ".time()." - 60";
$res = mysql_query($q) or die(mysql_error(). " query ".$q);
$flood = mysql_num_rows($res);
if($flood > 5)
return; //flood
// Vulnerability closed by Shadow
$allmembersQ = mysql_query("SELECT id FROM ".TB_PREFIX."users WHERE alliance='".$session->alliance."'");
$userally = $database->getUserField($session->uid,"alliance",0);
$permission=mysql_fetch_array(mysql_query("SELECT opt7 FROM ".TB_PREFIX."ali_permission WHERE uid='".$session->uid."'"));
if(WORD_CENSOR) {
$topic = $this->wordCensor($topic);
$text = $this->wordCensor($text);
@@ -396,6 +406,17 @@ class Message {
private function sendMessage($recieve, $topic, $text) {
global $session, $database;
$user = $database->getUserField($recieve, "id", 1);
// Vulnerability closed by Shadow
$q = "SELECT * FROM ".TB_PREFIX."mdata WHERE owner='".$session->uid."' AND time > ".time()." - 60";
$res = mysql_query($q) or die(mysql_error(). " query ".$q);
$flood = mysql_num_rows($res);
if($flood > 5)
return; //flood
// Vulnerability closed by Shadow
if(WORD_CENSOR) {
$topic = $this->wordCensor($topic);
$text = $this->wordCensor($text);
@@ -478,7 +499,7 @@ class Message {
$welcomemsg = preg_replace("'%ALLI%'", $database->countAlli(), $welcomemsg);
$welcomemsg = preg_replace("'%SERVER_NAME%'", SERVER_NAME, $welcomemsg);
$welcomemsg = "[message]".$welcomemsg."[/message]";
return $database->sendMessage($uid, 5, WEL_TOPIC, addslashes($welcomemsg), 0, 0, 0, 0, 0);
return $database->sendMessage($uid, 1, WEL_TOPIC, addslashes($welcomemsg), 0, 0, 0, 0, 0);
}
private function wordCensor($text) {