diff options
| author | Klap-in <klapinklapin@gmail.com> | 2013-06-09 22:21:37 +0200 |
|---|---|---|
| committer | Klap-in <klapinklapin@gmail.com> | 2013-06-09 22:21:37 +0200 |
| commit | 3faed524fdb5c7c51a60a92e9715dd5425389c35 (patch) | |
| tree | b37b25628bdf2fde079c4f2800d2fc118d726d0e /inc/common.php | |
| parent | 3e7e6067571e660cd835164c22d0973aa6343408 (diff) | |
| parent | 62765857f84626449d6c53b1a46c462a37e5083a (diff) | |
| download | rpg-3faed524fdb5c7c51a60a92e9715dd5425389c35.tar.gz rpg-3faed524fdb5c7c51a60a92e9715dd5425389c35.tar.bz2 | |
Merge remote-tracking branch 'origin/master' into fetchftp
Diffstat (limited to 'inc/common.php')
| -rw-r--r-- | inc/common.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/inc/common.php b/inc/common.php index 4d939ac77..59ceb0c0d 100644 --- a/inc/common.php +++ b/inc/common.php @@ -56,7 +56,7 @@ function stripctl($string) { * @return string */ function getSecurityToken() { - return md5(auth_cookiesalt().session_id().$_SERVER['REMOTE_USER']); + return PassHash::hmac('md5', session_id().$_SERVER['REMOTE_USER'], auth_cookiesalt()); } /** @@ -435,6 +435,11 @@ function exportlink($id = '', $format = 'raw', $more = '', $abs = false, $sep = */ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) { global $conf; + $isexternalimage = preg_match('#^(https?|ftp)://#i', $id); + if(!$isexternalimage) { + $id = cleanID($id); + } + if(is_array($more)) { // add token for resized images if($more['w'] || $more['h']){ @@ -467,10 +472,10 @@ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) } // external URLs are always direct without rewriting - if(preg_match('#^(https?|ftp)://#i', $id)) { + if($isexternalimage) { $xlink .= 'lib/exe/fetch.php'; // add hash: - $xlink .= '?hash='.substr(md5(auth_cookiesalt().$id), 0, 6); + $xlink .= '?hash='.substr(PassHash::hmac('md5', $id, auth_cookiesalt()), 0, 6); if($more) { $xlink .= $sep.$more; $xlink .= $sep.'media='.rawurlencode($id); |