From c379420a1fb211f5457e08ec286647123eded235 Mon Sep 17 00:00:00 2001
From: jgen <jeffgenovy@gmail.com>
Date: Wed, 8 Mar 2017 01:14:11 -0800
Subject: [PATCH] #597: Fix for XSS issue in chatbox extension.

---
 ext/chatbox/history/index.php | 14 +++++++++++---
 ext/chatbox/php/functions.php |  5 ++++-
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/ext/chatbox/history/index.php b/ext/chatbox/history/index.php
index 4a9a8b04..f3755e98 100644
--- a/ext/chatbox/history/index.php
+++ b/ext/chatbox/history/index.php
@@ -10,15 +10,23 @@
 
 	$admin = loggedIn();
 	
+	$log = 1;
+	
 	if (isset($_GET['log']))
+	{
 		$log = $_GET['log'];
+	}
 	
 	if (isset($_POST['log']))
+	{
 		$log = $_POST['log'];
+	}
 
-	if (!isset($log))
+	if (filter_var($log, FILTER_VALIDATE_INT) === false)
+	{
 		$log = 1;
-		
+	}
+	
 	$ys = ys($log);
 	$posts = $ys->posts();
 
@@ -132,4 +140,4 @@ if (isset($_POST['p'])) {
 			<a id="to-top" href="#top">Back to top</a>
 		</div>
 	</body>
-</html>
\ No newline at end of file
+</html>
diff --git a/ext/chatbox/php/functions.php b/ext/chatbox/php/functions.php
index 2966ce7d..23eca1c1 100644
--- a/ext/chatbox/php/functions.php
+++ b/ext/chatbox/php/functions.php
@@ -89,7 +89,10 @@
 		global $yShout, $prefs;
 		if ($yShout) return $yShout;
 
-		if ($log > $prefs['logs'] || $log < 0 || !is_numeric($log)) $log = 1;
+		if (filter_var($log, FILTER_VALIDATE_INT, array("options" => array("min_range" => 0, "max_range" => $prefs['logs']))) === false)
+		{
+		  $log = 1;
+		}
 		
 		$log = 'log.' . $log;
 		return new YShout($log, loggedIn());