From ef742cb0a6f9cb92749337804900c8df304ba6a8 Mon Sep 17 00:00:00 2001
From: Bruno Ribas <brunoribas@gmail.com>
Date: Mon, 16 Nov 2020 15:25:04 -0300
Subject: $ugly salt to fix download problem on multilogin

Signed-off-by: Bruno Ribas <brunoribas@gmail.com>
---
 src/filedownload.php | 6 +++---
 src/filewindow.php   | 4 ++--
 src/globals.php      | 6 ++++--
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/filedownload.php b/src/filedownload.php
index e1ef6b9..df45beb 100644
--- a/src/filedownload.php
+++ b/src/filedownload.php
@@ -34,12 +34,12 @@ if(!isset($_GET["oid"]) || !is_numeric($_GET["oid"]) || !isset($_GET["filename"]
 }
 
 $cf = globalconf();
-$fname = decryptData(myrawurldecode($_GET["filename"]), session_id() . $cf["key"]);
+$fname = decryptData(myrawurldecode($_GET["filename"]), $uglysalt . $cf["key"]);
 
 if(isset($_GET["msg"]))
-	$p = myhash($_GET["oid"] . $fname . myrawurldecode($_GET["msg"]) . session_id() . $cf["key"]);
+	$p = myhash($_GET["oid"] . $fname . myrawurldecode($_GET["msg"]) . $uglysalt . $cf["key"]);
 else
-	$p = myhash($_GET["oid"] . $fname . session_id() . $cf["key"]);
+	$p = myhash($_GET["oid"] . $fname . $uglysalt . $cf["key"]);
 
 if($p != $_GET["check"]) {
         echo "<html><head><title>View Page</title>";
diff --git a/src/filewindow.php b/src/filewindow.php
index 375fac0..e685792 100644
--- a/src/filewindow.php
+++ b/src/filewindow.php
@@ -36,12 +36,12 @@ if(!isset($_GET["oid"]) || !is_numeric($_GET["oid"]) || !isset($_GET["filename"]
 }
 
 $cf = globalconf();
-$fname = decryptData(myrawurldecode($_GET["filename"]), session_id() . $cf["key"]);
+$fname = decryptData(myrawurldecode($_GET["filename"]), $uglysalt . $cf["key"]);
 $msg = '';
 if(isset($_GET["msg"]))
 	$msg = myrawurldecode($_GET["msg"]);
 
-$p = myhash($_GET["oid"] . $fname . $msg . session_id() . $cf["key"]);
+$p = myhash($_GET["oid"] . $fname . $msg . $uglysalt . $cf["key"]);
 
 if($p != $_GET["check"]) {
 	echo "<html><head><title>View Page</title>";
diff --git a/src/globals.php b/src/globals.php
index da34c1a..63d4adc 100755
--- a/src/globals.php
+++ b/src/globals.php
@@ -19,6 +19,8 @@
 require_once('db.php');
 define("dbcompat_1_4_1",true);
 
+$uglysalt="30a2224c82dcf42e497e2a1f6bd6516b";
+
 // sanitization 
 function sanitizeVariables(&$item, $key) 
 { 
@@ -42,8 +44,8 @@ function myrawurldecode($txt) {
 
 function filedownload($oid,$fname,$msg='') {
 	$cf = globalconf();
-	$if = myrawurlencode(encryptData($fname, session_id() . $cf['key'],false));
-	$p = myhash($oid . $fname . $msg . session_id() . $cf["key"]);
+	$if = myrawurlencode(encryptData($fname, $uglysalt . $cf['key'],false));
+	$p = myhash($oid . $fname . $msg . $uglysalt . $cf["key"]);
 	$str = "oid=". $oid . "&filename=". $if . "&check=" . $p;
 	if($msg != '') $str .= "&msg=" . myrawurlencode($msg);
 	return $str;
-- 
cgit v1.2.3