summaryrefslogtreecommitdiff
path: root/inc/common.php
diff options
context:
space:
mode:
authorAndreas Gohr <andi@splitbrain.org>2009-10-06 20:20:01 +0200
committerAndreas Gohr <andi@splitbrain.org>2009-10-06 20:20:01 +0200
commit69d17d94c50857e95e30b3becdb2c068f9c764b9 (patch)
tree00c28a0d5fce9f1c06bbe5f2e2c41b1f51d04f88 /inc/common.php
parentc6df68d5fbaeb5339ebd7ac8d5b480595519670e (diff)
downloadrpg-69d17d94c50857e95e30b3becdb2c068f9c764b9.tar.gz
rpg-69d17d94c50857e95e30b3becdb2c068f9c764b9.tar.bz2
require a hash in fetch.php for external URLs FS#1769
Ignore-this: a66fc8874fb8e04b1258f2e71e35ed90 To avoid fetch.php being abused as anonymous forwarder or even proxy, now a hash is needed for external ressources. This hash is automatically added by the ml() function. darcs-hash:20091006182001-7ad00-adf5f6275b0d7f76543f76d6196f1531b8c09e1c.gz
Diffstat (limited to 'inc/common.php')
-rw-r--r--inc/common.php6
1 files changed, 4 insertions, 2 deletions
diff --git a/inc/common.php b/inc/common.php
index f8a8f4e77..f5635d523 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -456,11 +456,13 @@ function ml($id='',$more='',$direct=true,$sep='&amp;',$abs=false){
// external URLs are always direct without rewriting
if(preg_match('#^(https?|ftp)://#i',$id)){
$xlink .= 'lib/exe/fetch.php';
+ // add hash:
+ $xlink .= '?hash='.substr(md5(auth_cookiesalt().$id),0,6);
if($more){
- $xlink .= '?'.$more;
+ $xlink .= $sep.$more;
$xlink .= $sep.'media='.rawurlencode($id);
}else{
- $xlink .= '?media='.rawurlencode($id);
+ $xlink .= $sep.'media='.rawurlencode($id);
}
return $xlink;
}