From a1e7c65d51a6472cf7fe95686883f77953d7dfd7 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 29 Jan 2014 03:39:32 -0800 Subject: chatroom permissions enforcement --- include/chat.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/include/chat.php b/include/chat.php index 9d90f7970..6bcb003ff 100644 --- a/include/chat.php +++ b/include/chat.php @@ -76,8 +76,27 @@ function chatroom_destroy($channel,$arr) { function chatroom_enter($observer_xchan,$room_id,$status,$client) { + if(! $room_id || ! $observer_xchan) return; + + $r = q("select * from chatroom where cr_id = %d limit 1", + intval($room_id) + ); + if(! $r) + return; + require_once('include/security.php'); + $sql_extra = permissions_sql($r[0]['cr_uid']); + + $x = q("select * from chatroom where cr_id = %d and uid = %d $sql_extra limit 1", + intval($room_id) + intval($r[0]['cr_uid']) + ); + if(! $x) { + notice( t('Permission denied.') . EOL); + return; + } + $r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1", dbesc($observer_xchan), intval($room_id) -- cgit v1.2.3