diff --git a/GameEngine/Chat.php b/GameEngine/Chat.php index 2aa6bd8a..5d2f9171 100644 --- a/GameEngine/Chat.php +++ b/GameEngine/Chat.php @@ -100,7 +100,7 @@ if (!isset($SAJAX_INCLUDED)) { else $args = array(); } - + if (! in_array($func_name, $sajax_export_list)) echo "-:$func_name not callable"; else { @@ -175,7 +175,7 @@ if (!isset($SAJAX_INCLUDED)) { var uri; var post_data; var target_id; - + sajax_debug("in sajax_do_call().." + sajax_request_type + "/" + sajax_target_id); target_id = sajax_target_id; if (typeof(sajax_request_type) == "undefined" || sajax_request_type == "") @@ -183,7 +183,7 @@ if (!isset($SAJAX_INCLUDED)) { uri = ""; if (sajax_request_type == "GET") { - +// alert(args); if (uri.indexOf("?") == -1) uri += "?rs=" + escape(func_name); else @@ -191,16 +191,16 @@ if (!isset($SAJAX_INCLUDED)) { uri += "&rst=" + escape(sajax_target_id); uri += "&rsrnd=" + new Date().getTime(); - for (i = 0; i < args.length-1; i++) - uri += "&rsargs[]=" + escape(args[i]); - + for (i = 0; i < args.length-1; i++) { + uri += "&rsargs[]=" + args[i]; + } post_data = null; } else if (sajax_request_type == "POST") { post_data = "rs=" + escape(func_name); post_data += "&rst=" + escape(sajax_target_id); post_data += "&rsrnd=" + new Date().getTime(); - + for (i = 0; i < args.length-1; i++) post_data = post_data + "&rsargs[]=" + escape(args[i]); } @@ -352,13 +352,15 @@ if (!isset($SAJAX_INCLUDED)) { function add_data($data) { global $session,$database; - $data = explode("|",$data); + //$data = explode("|",$data); + if (is_array($data)){$msg = htmlspecialchars($data[1]);}else{$msg = htmlspecialchars($data);}; +// $msg=htmlspecialchars($msg); $name = $session->username; - $msg = htmlspecialchars($data[1]); + $id_user = $session->uid; $alliance = $session->alliance; $now = time(); - $q = "INSERT into ".TB_PREFIX."chat (id_user,name,alli,date,msg) values ('$id_user','$name','$alliance','$now','$msg')"; + echo $q = "INSERT into ".TB_PREFIX."chat (id_user,name,alli,date,msg) values ('$id_user','$name','$alliance','$now','$msg')"; mysql_query($q, $database->connection); } diff --git a/GameEngine/Protection.php b/GameEngine/Protection.php index 143b200d..ab74962e 100644 --- a/GameEngine/Protection.php +++ b/GameEngine/Protection.php @@ -17,13 +17,10 @@ if(isset($_POST)){ $_POST = array_map('htmlspecialchars', $_POST); } } + $rsargs=$_GET['rsargs']; $_GET = array_map('mysql_real_escape_string', $_GET); $_GET = array_map('htmlspecialchars', $_GET); + $_GET['rsargs']=$rsargs; $_COOKIE = array_map('mysql_real_escape_string', $_COOKIE); $_COOKIE = array_map('htmlspecialchars', $_COOKIE); - -$rsargs=$_GET['rsargs']; -$_GET = array_map('mysql_real_escape_string', $_GET); -$_GET = array_map('htmlspecialchars', $_GET); -$_GET['rsargs']=$rsargs; ?> \ No newline at end of file diff --git a/Templates/Alliance/chat.tpl b/Templates/Alliance/chat.tpl index 43566ac0..873fdedc 100644 --- a/Templates/Alliance/chat.tpl +++ b/Templates/Alliance/chat.tpl @@ -1,6 +1,6 @@ -access!=BANNED){ -?> +