? base-url.patch
Index: chatroom.block.js
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/chatroom/Attic/chatroom.block.js,v
retrieving revision 1.7.2.9
diff -u -p -r1.7.2.9 chatroom.block.js
--- chatroom.block.js	10 Jul 2007 03:00:20 -0000	1.7.2.9
+++ chatroom.block.js	17 Jul 2007 17:49:35 -0000
@@ -239,6 +239,7 @@ function chatroomBlockGetUpdates() {
   var postData = {
     block_update:1,
     drupal_base:chatroomBlock.drupalBase,
+    base_url:chatroomBlock.baseUrl,
     chatroom_base:chatroomBlock.moduleBase,
     user_base:chatroomBlock.userBase
   };
Index: chatroom.js
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/chatroom/Attic/chatroom.js,v
retrieving revision 1.48.2.14
diff -u -p -r1.48.2.14 chatroom.js
--- chatroom.js	16 Jul 2007 14:51:55 -0000	1.48.2.14
+++ chatroom.js	17 Jul 2007 17:49:35 -0000
@@ -138,6 +138,7 @@ function chatroomPrepareMsg(msg) {
     msg.online_list = 1;
   }
   msg.drupal_base = chatroom.drupalBase;
+  msg.base_url = chatroom.baseUrl;
   msg.chatroom_base = chatroom.chatroomBase;
   msg.update_count = chatroom.updateCount;
   msg.user_base = chatroom.userBase;
Index: chatroom.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/chatroom/Attic/chatroom.module,v
retrieving revision 1.59.2.32
diff -u -p -r1.59.2.32 chatroom.module
--- chatroom.module	16 Jul 2007 16:28:10 -0000	1.59.2.32
+++ chatroom.module	17 Jul 2007 17:49:36 -0000
@@ -796,6 +796,7 @@ function chatroom_block_add_state_js() {
 
   $js = array(
     'drupalBase' => realpath('.'),
+    'baseUrl' => $base_url,
     'blockUrl' => $base_url .'/'. $module_base .'/chatroomread.php',
     'moduleBase' => $module_base,
     'roomBase' => url('node/'),
@@ -1039,6 +1040,7 @@ function chatroom_chat_add_state_js($cha
     'kickUrl' => url('chatrooms/kicked/user'),
     'banUrl' => url('chatrooms/banned/user'),
     'drupalBase' => realpath('.'),
+    'baseUrl' => $base_url,
     'userBase' => drupal_get_path('module', 'user'),
     'chatroomBase' => $chatroom_base,
     'smileysBase' => drupal_get_path('module', 'smileys'),
Index: chatroomread.php
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/chatroom/Attic/chatroomread.php,v
retrieving revision 1.27.2.9
diff -u -p -r1.27.2.9 chatroomread.php
--- chatroomread.php	9 Jul 2007 17:49:31 -0000	1.27.2.9
+++ chatroomread.php	17 Jul 2007 17:49:36 -0000
@@ -25,6 +25,15 @@ function chatroom_get_directories() {
     exit; // Suspicious; do not respond.
   }
   chdir($drupal_base); // Switch to Drupal root directory.
+  if (!isset($_POST['base_url'])) { // Is Drupal base url known?
+    exit; // Suspicious; do not respond.
+  }
+  $base_url = urldecode($_POST['base_url']);
+  if (
+    strpos($base_url, '..') !== FALSE // Path contains "..".
+  ) {
+    exit; // Suspicious; do not respond.
+  }
   if (!isset($_POST['chatroom_base'])) { // Is chat room directory known?
     exit; // Suspicious; do not respond.
   }
@@ -229,6 +238,9 @@ function chatroom_bootstrap_drupal() {
   require './includes/bootstrap.inc';
   require "./$user_base/user.module";
   require "./$chatroom_base/chatroom.module";
+  drupal_bootstrap(DRUPAL_BOOTSTRAP_CONFIGURATION);
+  globals $base_url;
+  $base_url = urldecode($_POST['base_url']);
   drupal_bootstrap(DRUPAL_BOOTSTRAP_SESSION);
   return;
 }