Some improvements:

[mailer.git] / inc / modules / loader.php

diff --git a/inc/modules/loader.php b/inc/modules/loader.php
index 3ff6d6d8d7df5efcde4821dcf7225927a754f95a..e154a9395b23bb9a815e37247502dd697fc87871 100644 (file)
--- a/inc/modules/loader.php
+++ b/inc/modules/loader.php
@@ -41,12 +41,18 @@ if (!defined('__SECURITY')) {
 } // END - if
 
 // Is an URL specified?
-if ((isGetRequestElementSet('url')) && (isGetRequestElementSet('hash'))) {
+if ((isGetRequestElementSet('url')) && (isGetRequestElementSet('hash')) && (isGetRequestElementSet('salt'))) {
        // Decode URL
        $decodedUrl = decodeString(str_replace(' ', '+', compileUriCode(urldecode(getRequestElement('url')))));
 
+       // Debug message
+       //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'decodedUrl=' . $decodedUrl . ',hash=' . getRequestElement('hash'));
+
        // Generate hash for comparing it
-       $hash = encodeHashForCookie(generateHash($decodedUrl, getRequestElement('hash')));
+       $hash = encodeHashForCookie(generateHash($decodedUrl . getSiteKey() . getDateKey(), getRequestElement('salt')));
+
+       // Debug message
+       //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'decodedUrl=' . $decodedUrl . ',hash=' . $hash);
 
        // Validate the URL and hash
        if ($hash != getRequestElement('hash')) {
@@ -57,7 +63,7 @@ if ((isGetRequestElementSet('url')) && (isGetRequestElementSet('hash'))) {
                logDebugMessage(__FILE__, __LINE__, 'Hash ' . getRequestElement('hash') . ' does not match URL ' . $decodedUrl);
        } elseif (isUrlValid($decodedUrl)) {
                // Generate a JavaScript that redirects us
-               loadTemplate('loader', false, $decodedUrl);
+               loadTemplate('loader', FALSE, $decodedUrl);
        } else {
                // URL invalid
                redirectToUrl('modules.php?module=index');