diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2013-06-02 11:18:19 -0700 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2013-06-02 11:18:19 -0700 |
| commit | 007becf8ef443a6da5c94e5d53cf4e92cb4b44cc (patch) | |
| tree | 5caa4ab839cf9f91c31767b6b4ec1148724dfc5f /inc/common.php | |
| parent | b9cf8ad44bcbbbded9d6e991f96b0d5f36310a9b (diff) | |
| parent | 183a7b8845875e4a6b67e466cfff9f5163da3f17 (diff) | |
| download | rpg-007becf8ef443a6da5c94e5d53cf4e92cb4b44cc.tar.gz rpg-007becf8ef443a6da5c94e5d53cf4e92cb4b44cc.tar.bz2 | |
Merge pull request #226 from splitbrain/hmac
Implement HMAC for signature tokens
Diffstat (limited to 'inc/common.php')
| -rw-r--r-- | inc/common.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/inc/common.php b/inc/common.php index 4d939ac77..55c5b5ac4 100644 --- a/inc/common.php +++ b/inc/common.php @@ -56,7 +56,7 @@ function stripctl($string) { * @return string */ function getSecurityToken() { - return md5(auth_cookiesalt().session_id().$_SERVER['REMOTE_USER']); + return PassHash::hmac('md5', session_id().$_SERVER['REMOTE_USER'], auth_cookiesalt()); } /** @@ -470,7 +470,7 @@ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) if(preg_match('#^(https?|ftp)://#i', $id)) { $xlink .= 'lib/exe/fetch.php'; // add hash: - $xlink .= '?hash='.substr(md5(auth_cookiesalt().$id), 0, 6); + $xlink .= '?hash='.substr(PassHash::hmac('md5', $id, auth_cookiesalt()), 0, 6); if($more) { $xlink .= $sep.$more; $xlink .= $sep.'media='.rawurlencode($id); |