phpFreeChat 1.2 on July 30, 2008

  • Security hole fixes:
    • This revision fixes a big security hole. The nickid is a public identifier shared between all the chatters. Before this patch, the nickid was equal to the session_id without any shadow. Malicious users were able to take control on other chatters session (admins included). The nickid is not anymore the sessionid. It fixes the security hole. (Many thanks to Cerberus for the report) ; Rev 1244
  • Bug fixes:
    • Change the default timeout value to a higher value than all the possible refresh_delay steps: 35 seconds ; Rev 1239
    • Fixes the timeout problem for special servers which do not update the file timestamp when the content doesn't change ; Rev 1240
    • Add a test on the LOCK_EX feature in the initialization process. This feature doesn't work on file systems like NFS. ; Rev 1241
Fork me on GitHub