Don't abuse isValidSqlLink() for checking results

[mailer.git] / inc / modules / loader.php

diff --git a/inc/modules/loader.php b/inc/modules/loader.php
index 006559f5eb95342caa6660fbf7c78440f68e635a..2216d8ac012dd843c40fa5eeeb68f1471291504d 100644 (file)
--- a/inc/modules/loader.php
+++ b/inc/modules/loader.php
@@ -16,7 +16,7 @@
  * $Author::                                                          $ *
  * -------------------------------------------------------------------- *
  * Copyright (c) 2003 - 2009 by Roland Haeder                           *
- * Copyright (c) 2009 - 2012 by Mailer Developer Team                   *
+ * Copyright (c) 2009 - 2016 by Mailer Developer Team                   *
  * For more information visit: http://mxchange.org                      *
  *                                                                      *
  * This program is free software; you can redistribute it and/or modify *
@@ -41,7 +41,7 @@ if (!defined('__SECURITY')) {
 } // END - if
 
 // Is an URL specified?
-if ((isGetRequestElementSet('url')) && (isGetRequestElementSet('hash'))) {
+if ((isGetRequestElementSet('url')) && (isGetRequestElementSet('hash')) && (isGetRequestElementSet('salt'))) {
        // Decode URL
        $decodedUrl = decodeString(str_replace(' ', '+', compileUriCode(urldecode(getRequestElement('url')))));
 
@@ -49,7 +49,7 @@ if ((isGetRequestElementSet('url')) && (isGetRequestElementSet('hash'))) {
        //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'decodedUrl=' . $decodedUrl . ',hash=' . getRequestElement('hash'));
 
        // Generate hash for comparing it
-       $hash = encodeHashForCookie(generateHash($decodedUrl . getSiteKey() . getDateKey(), getRequestElement('hash')));
+       $hash = encodeHashForCookie(generateHash($decodedUrl . getSiteKey() . getDateKey(), getRequestElement('salt')));
 
        // Debug message
        //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'decodedUrl=' . $decodedUrl . ',hash=' . $hash);