diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2013-08-03 01:38:30 -0700 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2013-08-03 01:38:30 -0700 |
| commit | cab505616ec9b8ef3cd671e7337c91d065745932 (patch) | |
| tree | 14a4ac45167bc164d91b0fee468f574ff3f6c53c /inc/fetch.functions.php | |
| parent | 4918284f94b8e3aca2f4db13f5a751811e113061 (diff) | |
| parent | 795fb356a622ef80f6486d2016b0c7643f46c1d7 (diff) | |
| download | rpg-cab505616ec9b8ef3cd671e7337c91d065745932.tar.gz rpg-cab505616ec9b8ef3cd671e7337c91d065745932.tar.bz2 | |
Merge pull request #224 from splitbrain/fetchimagetokexternal
Added check of token in fetch.php for external images.
Diffstat (limited to 'inc/fetch.functions.php')
| -rw-r--r-- | inc/fetch.functions.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/inc/fetch.functions.php b/inc/fetch.functions.php index 53ade3555..207ad9e5f 100644 --- a/inc/fetch.functions.php +++ b/inc/fetch.functions.php @@ -101,8 +101,8 @@ function checkFileStatus(&$media, &$file, $rev = '', $width=0, $height=0) { //media to local file if(media_isexternal($media)) { - //check hash - if(substr(PassHash::hmac('md5', $media, auth_cookiesalt()), 0, 6) !== $INPUT->str('hash')) { + //check token for external image and additional for resized and cached images + if(media_get_token($media, $width, $height) !== $INPUT->str('tok')) { return array(412, 'Precondition Failed'); } //handle external images |