diff options
| author | Bruno Ribas <brunoribas@gmail.com> | 2020-11-16 18:25:04 +0000 |
|---|---|---|
| committer | Bruno Ribas <brunoribas@gmail.com> | 2020-11-16 18:25:04 +0000 |
| commit | ef742cb0a6f9cb92749337804900c8df304ba6a8 (patch) | |
| tree | 86afde1c341f1f8c66f3cbbd3011b52ef715e96a /src | |
| parent | 4e92fd902583003f392cafdb56149ca2e193d6a6 (diff) | |
| download | boca-ef742cb0a6f9cb92749337804900c8df304ba6a8.tar.gz boca-ef742cb0a6f9cb92749337804900c8df304ba6a8.zip | |
$ugly salt to fix download problem on multilogin
Signed-off-by: Bruno Ribas <brunoribas@gmail.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/filedownload.php | 6 | ||||
| -rw-r--r-- | src/filewindow.php | 4 | ||||
| -rwxr-xr-x | src/globals.php | 6 |
3 files changed, 9 insertions, 7 deletions
diff --git a/src/filedownload.php b/src/filedownload.php index e1ef6b9..df45beb 100644 --- a/src/filedownload.php +++ b/src/filedownload.php @@ -34,12 +34,12 @@ if(!isset($_GET["oid"]) || !is_numeric($_GET["oid"]) || !isset($_GET["filename"] } $cf = globalconf(); -$fname = decryptData(myrawurldecode($_GET["filename"]), session_id() . $cf["key"]); +$fname = decryptData(myrawurldecode($_GET["filename"]), $uglysalt . $cf["key"]); if(isset($_GET["msg"])) - $p = myhash($_GET["oid"] . $fname . myrawurldecode($_GET["msg"]) . session_id() . $cf["key"]); + $p = myhash($_GET["oid"] . $fname . myrawurldecode($_GET["msg"]) . $uglysalt . $cf["key"]); else - $p = myhash($_GET["oid"] . $fname . session_id() . $cf["key"]); + $p = myhash($_GET["oid"] . $fname . $uglysalt . $cf["key"]); if($p != $_GET["check"]) { echo "<html><head><title>View Page</title>"; diff --git a/src/filewindow.php b/src/filewindow.php index 375fac0..e685792 100644 --- a/src/filewindow.php +++ b/src/filewindow.php @@ -36,12 +36,12 @@ if(!isset($_GET["oid"]) || !is_numeric($_GET["oid"]) || !isset($_GET["filename"] } $cf = globalconf(); -$fname = decryptData(myrawurldecode($_GET["filename"]), session_id() . $cf["key"]); +$fname = decryptData(myrawurldecode($_GET["filename"]), $uglysalt . $cf["key"]); $msg = ''; if(isset($_GET["msg"])) $msg = myrawurldecode($_GET["msg"]); -$p = myhash($_GET["oid"] . $fname . $msg . session_id() . $cf["key"]); +$p = myhash($_GET["oid"] . $fname . $msg . $uglysalt . $cf["key"]); if($p != $_GET["check"]) { echo "<html><head><title>View Page</title>"; diff --git a/src/globals.php b/src/globals.php index da34c1a..63d4adc 100755 --- a/src/globals.php +++ b/src/globals.php @@ -19,6 +19,8 @@ require_once('db.php'); define("dbcompat_1_4_1",true); +$uglysalt="30a2224c82dcf42e497e2a1f6bd6516b"; + // sanitization function sanitizeVariables(&$item, $key) { @@ -42,8 +44,8 @@ function myrawurldecode($txt) { function filedownload($oid,$fname,$msg='') { $cf = globalconf(); - $if = myrawurlencode(encryptData($fname, session_id() . $cf['key'],false)); - $p = myhash($oid . $fname . $msg . session_id() . $cf["key"]); + $if = myrawurlencode(encryptData($fname, $uglysalt . $cf['key'],false)); + $p = myhash($oid . $fname . $msg . $uglysalt . $cf["key"]); $str = "oid=". $oid . "&filename=". $if . "&check=" . $p; if($msg != '') $str .= "&msg=" . myrawurlencode($msg); return $str; |