diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2013-05-31 09:22:45 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2013-05-31 09:22:45 +0200 |
| commit | cdcd66dfc2bcf16e481d10bfa2d3ff1b4d433f99 (patch) | |
| tree | 33dd2352f449ea0dd7f89d244ed59412bf0819c9 /inc/fetch.functions.php | |
| parent | 3c124064ad6f670d52c3678335caa57892408362 (diff) | |
| download | rpg-cdcd66dfc2bcf16e481d10bfa2d3ff1b4d433f99.tar.gz rpg-cdcd66dfc2bcf16e481d10bfa2d3ff1b4d433f99.tar.bz2 | |
use hmac for external ressource hash FS#2794
Diffstat (limited to 'inc/fetch.functions.php')
| -rw-r--r-- | inc/fetch.functions.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/inc/fetch.functions.php b/inc/fetch.functions.php index 5801e96fa..ea524a37a 100644 --- a/inc/fetch.functions.php +++ b/inc/fetch.functions.php @@ -99,7 +99,7 @@ function checkFileStatus(&$media, &$file, $rev = '', $width=0, $height=0) { //media to local file if(preg_match('#^(https?)://#i', $media)) { //check hash - if(substr(md5(auth_cookiesalt().$media), 0, 6) !== $INPUT->str('hash')) { + if(substr(PassHash::hmac('md5', $media, auth_cookiesalt()), 0, 6) !== $INPUT->str('hash')) { return array(412, 'Precondition Failed'); } //handle external images |