diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2013-06-02 11:18:19 -0700 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2013-06-02 11:18:19 -0700 |
| commit | 007becf8ef443a6da5c94e5d53cf4e92cb4b44cc (patch) | |
| tree | 5caa4ab839cf9f91c31767b6b4ec1148724dfc5f /inc/fetch.functions.php | |
| parent | b9cf8ad44bcbbbded9d6e991f96b0d5f36310a9b (diff) | |
| parent | 183a7b8845875e4a6b67e466cfff9f5163da3f17 (diff) | |
| download | rpg-007becf8ef443a6da5c94e5d53cf4e92cb4b44cc.tar.gz rpg-007becf8ef443a6da5c94e5d53cf4e92cb4b44cc.tar.bz2 | |
Merge pull request #226 from splitbrain/hmac
Implement HMAC for signature tokens
Diffstat (limited to 'inc/fetch.functions.php')
| -rw-r--r-- | inc/fetch.functions.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/inc/fetch.functions.php b/inc/fetch.functions.php index 5801e96fa..ea524a37a 100644 --- a/inc/fetch.functions.php +++ b/inc/fetch.functions.php @@ -99,7 +99,7 @@ function checkFileStatus(&$media, &$file, $rev = '', $width=0, $height=0) { //media to local file if(preg_match('#^(https?)://#i', $media)) { //check hash - if(substr(md5(auth_cookiesalt().$media), 0, 6) !== $INPUT->str('hash')) { + if(substr(PassHash::hmac('md5', $media, auth_cookiesalt()), 0, 6) !== $INPUT->str('hash')) { return array(412, 'Precondition Failed'); } //handle external images |