diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2013-05-31 09:22:45 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2013-05-31 09:22:45 +0200 |
| commit | cdcd66dfc2bcf16e481d10bfa2d3ff1b4d433f99 (patch) | |
| tree | 33dd2352f449ea0dd7f89d244ed59412bf0819c9 /inc | |
| parent | 3c124064ad6f670d52c3678335caa57892408362 (diff) | |
| download | rpg-cdcd66dfc2bcf16e481d10bfa2d3ff1b4d433f99.tar.gz rpg-cdcd66dfc2bcf16e481d10bfa2d3ff1b4d433f99.tar.bz2 | |
use hmac for external ressource hash FS#2794
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/common.php | 2 | ||||
| -rw-r--r-- | inc/fetch.functions.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/inc/common.php b/inc/common.php index 4d939ac77..e096d8b30 100644 --- a/inc/common.php +++ b/inc/common.php @@ -470,7 +470,7 @@ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) if(preg_match('#^(https?|ftp)://#i', $id)) { $xlink .= 'lib/exe/fetch.php'; // add hash: - $xlink .= '?hash='.substr(md5(auth_cookiesalt().$id), 0, 6); + $xlink .= '?hash='.substr(PassHash::hmac('md5', $id, auth_cookiesalt()), 0, 6); if($more) { $xlink .= $sep.$more; $xlink .= $sep.'media='.rawurlencode($id); diff --git a/inc/fetch.functions.php b/inc/fetch.functions.php index 5801e96fa..ea524a37a 100644 --- a/inc/fetch.functions.php +++ b/inc/fetch.functions.php @@ -99,7 +99,7 @@ function checkFileStatus(&$media, &$file, $rev = '', $width=0, $height=0) { //media to local file if(preg_match('#^(https?)://#i', $media)) { //check hash - if(substr(md5(auth_cookiesalt().$media), 0, 6) !== $INPUT->str('hash')) { + if(substr(PassHash::hmac('md5', $media, auth_cookiesalt()), 0, 6) !== $INPUT->str('hash')) { return array(412, 'Precondition Failed'); } //handle external images |