diff options
| -rw-r--r-- | src/filedownload.php | 6 | ||||
| -rw-r--r-- | src/filewindow.php | 4 | ||||
| -rwxr-xr-x | src/globals.php | 6 |
3 files changed, 9 insertions, 7 deletions
diff --git a/src/filedownload.php b/src/filedownload.php index e1ef6b9..df45beb 100644 --- a/src/filedownload.php +++ b/src/filedownload.php @@ -34,12 +34,12 @@ if(!isset($_GET["oid"]) || !is_numeric($_GET["oid"]) || !isset($_GET["filename"] } $cf = globalconf(); -$fname = decryptData(myrawurldecode($_GET["filename"]), session_id() . $cf["key"]); +$fname = decryptData(myrawurldecode($_GET["filename"]), $uglysalt . $cf["key"]); if(isset($_GET["msg"])) - $p = myhash($_GET["oid"] . $fname . myrawurldecode($_GET["msg"]) . session_id() . $cf["key"]); + $p = myhash($_GET["oid"] . $fname . myrawurldecode($_GET["msg"]) . $uglysalt . $cf["key"]); else - $p = myhash($_GET["oid"] . $fname . session_id() . $cf["key"]); + $p = myhash($_GET["oid"] . $fname . $uglysalt . $cf["key"]); if($p != $_GET["check"]) { echo "<html><head><title>View Page</title>"; diff --git a/src/filewindow.php b/src/filewindow.php index 375fac0..e685792 100644 --- a/src/filewindow.php +++ b/src/filewindow.php @@ -36,12 +36,12 @@ if(!isset($_GET["oid"]) || !is_numeric($_GET["oid"]) || !isset($_GET["filename"] } $cf = globalconf(); -$fname = decryptData(myrawurldecode($_GET["filename"]), session_id() . $cf["key"]); +$fname = decryptData(myrawurldecode($_GET["filename"]), $uglysalt . $cf["key"]); $msg = ''; if(isset($_GET["msg"])) $msg = myrawurldecode($_GET["msg"]); -$p = myhash($_GET["oid"] . $fname . $msg . session_id() . $cf["key"]); +$p = myhash($_GET["oid"] . $fname . $msg . $uglysalt . $cf["key"]); if($p != $_GET["check"]) { echo "<html><head><title>View Page</title>"; diff --git a/src/globals.php b/src/globals.php index da34c1a..63d4adc 100755 --- a/src/globals.php +++ b/src/globals.php @@ -19,6 +19,8 @@ require_once('db.php'); define("dbcompat_1_4_1",true); +$uglysalt="30a2224c82dcf42e497e2a1f6bd6516b"; + // sanitization function sanitizeVariables(&$item, $key) { @@ -42,8 +44,8 @@ function myrawurldecode($txt) { function filedownload($oid,$fname,$msg='') { $cf = globalconf(); - $if = myrawurlencode(encryptData($fname, session_id() . $cf['key'],false)); - $p = myhash($oid . $fname . $msg . session_id() . $cf["key"]); + $if = myrawurlencode(encryptData($fname, $uglysalt . $cf['key'],false)); + $p = myhash($oid . $fname . $msg . $uglysalt . $cf["key"]); $str = "oid=". $oid . "&filename=". $if . "&check=" . $p; if($msg != '') $str .= "&msg=" . myrawurlencode($msg); return $str; |