From b720e6670edb0f3a4d5044170cadace512f537c5 Mon Sep 17 00:00:00 2001
From: Roman Kelesidis <roman25052006.kelesh@gmail.com>
Date: Tue, 14 Nov 2023 20:50:10 +0700
Subject: [PATCH] Security measures (#330)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Cønstantine Kovalensky <45331093+kovalensky@users.noreply.github.com>
---
 library/includes/functions.php | 2 +-
 privmsg.php                    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/includes/functions.php b/library/includes/functions.php
index 235e37c9..b9187cb7 100644
--- a/library/includes/functions.php
+++ b/library/includes/functions.php
@@ -2811,7 +2811,7 @@ function hash_search ($hash)
 
 	$hash = htmlCHR(trim($hash));
 
-	if (!isset($hash) || mb_strlen($hash, 'UTF-8') != 40)
+	if (!isset($hash) || mb_strlen($hash, 'UTF-8') != 40 || !ctype_xdigit($hash))
 	{
 		bb_die(sprintf($lang['HASH_INVALID'], $hash));
 	}
diff --git a/privmsg.php b/privmsg.php
index 57c4f619..029d5f08 100644
--- a/privmsg.php
+++ b/privmsg.php
@@ -33,7 +33,7 @@ $confirmed = ( isset($_POST['confirm']) ) ? TRUE : 0;
 $delete = ( isset($_POST['delete']) ) ? TRUE : 0;
 $delete_all = ( isset($_POST['deleteall']) ) ? TRUE : 0;
 $save = ( isset($_POST['save']) ) ? TRUE : 0;
-$mode = isset($_REQUEST['mode']) ? (string) $_REQUEST['mode'] : '';
+$mode = isset($_REQUEST['mode']) ? htmlCHR($_REQUEST['mode']) : '';
 
 $refresh = $preview || $submit_search;