From 826d276602b191ee09d3450f7a8f9476c0e787b1 Mon Sep 17 00:00:00 2001 From: Klap-in Date: Tue, 21 May 2013 12:06:16 +0200 Subject: Clean internal ids in ml(), that it matches with fetch.php The resize token was broken because fetch.php cleans the id before the token calculation, while ml() uses the raw id --- inc/common.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'inc/common.php') diff --git a/inc/common.php b/inc/common.php index 4d939ac77..03236f7d4 100644 --- a/inc/common.php +++ b/inc/common.php @@ -435,6 +435,11 @@ function exportlink($id = '', $format = 'raw', $more = '', $abs = false, $sep = */ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) { global $conf; + $isexternalimage = preg_match('#^(https?|ftp)://#i', $id); + if(!$isexternalimage) { + $id = cleanID($id); + } + if(is_array($more)) { // add token for resized images if($more['w'] || $more['h']){ @@ -467,7 +472,7 @@ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) } // external URLs are always direct without rewriting - if(preg_match('#^(https?|ftp)://#i', $id)) { + if($isexternalimage) { $xlink .= 'lib/exe/fetch.php'; // add hash: $xlink .= '?hash='.substr(md5(auth_cookiesalt().$id), 0, 6); -- cgit v1.2.3 From cdcd66dfc2bcf16e481d10bfa2d3ff1b4d433f99 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 31 May 2013 09:22:45 +0200 Subject: use hmac for external ressource hash FS#2794 --- inc/common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/common.php') diff --git a/inc/common.php b/inc/common.php index 4d939ac77..e096d8b30 100644 --- a/inc/common.php +++ b/inc/common.php @@ -470,7 +470,7 @@ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) if(preg_match('#^(https?|ftp)://#i', $id)) { $xlink .= 'lib/exe/fetch.php'; // add hash: - $xlink .= '?hash='.substr(md5(auth_cookiesalt().$id), 0, 6); + $xlink .= '?hash='.substr(PassHash::hmac('md5', $id, auth_cookiesalt()), 0, 6); if($more) { $xlink .= $sep.$more; $xlink .= $sep.'media='.rawurlencode($id); -- cgit v1.2.3 From a132f948f22ae344760ee3da82f9f92cf0f18b7b Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 31 May 2013 09:25:43 +0200 Subject: use HMAC for CSRF security tokens FS#2794 --- inc/common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/common.php') diff --git a/inc/common.php b/inc/common.php index e096d8b30..55c5b5ac4 100644 --- a/inc/common.php +++ b/inc/common.php @@ -56,7 +56,7 @@ function stripctl($string) { * @return string */ function getSecurityToken() { - return md5(auth_cookiesalt().session_id().$_SERVER['REMOTE_USER']); + return PassHash::hmac('md5', session_id().$_SERVER['REMOTE_USER'], auth_cookiesalt()); } /** -- cgit v1.2.3