From 5373d8473e7ebb71c7d2b85a36a511358343d1ac Mon Sep 17 00:00:00 2001 From: Hakan Sandell Date: Sat, 8 Sep 2012 15:03:03 +0200 Subject: Replacing $_REQUEST variables with $INPUT wrapper, fetch.php --- lib/exe/fetch.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/exe/fetch.php') diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php index 150812b55..e8f189256 100644 --- a/lib/exe/fetch.php +++ b/lib/exe/fetch.php @@ -152,12 +152,12 @@ function sendFile($file,$mime,$dl,$cache){ * @returns array(STATUS, STATUSMESSAGE) */ function checkFileStatus(&$media, &$file, $rev='') { - global $MIME, $EXT, $CACHE; + global $MIME, $EXT, $CACHE, $INPUT; //media to local file if(preg_match('#^(https?)://#i',$media)){ //check hash - if(substr(md5(auth_cookiesalt().$media),0,6) != $_REQUEST['hash']){ + if(substr(md5(auth_cookiesalt().$media),0,6) != $INPUT->str('hash')){ return array( 412, 'Precondition Failed'); } //handle external images -- cgit v1.2.3 From 58789954a7642c133920f37a51fd3dbb5d76cbde Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Tue, 23 Oct 2012 18:08:57 +0200 Subject: correctly check hash parameter in media dispatcher FS#2648 --- lib/exe/fetch.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/exe/fetch.php') diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php index e8f189256..52e7ebe1e 100644 --- a/lib/exe/fetch.php +++ b/lib/exe/fetch.php @@ -157,7 +157,7 @@ function checkFileStatus(&$media, &$file, $rev='') { //media to local file if(preg_match('#^(https?)://#i',$media)){ //check hash - if(substr(md5(auth_cookiesalt().$media),0,6) != $INPUT->str('hash')){ + if(substr(md5(auth_cookiesalt().$media),0,6) !== $INPUT->str('hash')){ return array( 412, 'Precondition Failed'); } //handle external images -- cgit v1.2.3