} // END - if
// Is an URL specified?
-if ((isGetRequestElementSet('url')) && (isGetRequestElementSet('hash'))) {
+if ((isGetRequestElementSet('url')) && (isGetRequestElementSet('hash')) && (isGetRequestElementSet('salt'))) {
// Decode URL
$decodedUrl = decodeString(str_replace(' ', '+', compileUriCode(urldecode(getRequestElement('url')))));
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'decodedUrl=' . $decodedUrl . ',hash=' . getRequestElement('hash'));
+
// Generate hash for comparing it
- $hash = encodeHashForCookie(generateHash($decodedUrl, getRequestElement('hash')));
+ $hash = encodeHashForCookie(generateHash($decodedUrl . getSiteKey() . getDateKey(), getRequestElement('salt')));
+
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'decodedUrl=' . $decodedUrl . ',hash=' . $hash);
// Validate the URL and hash
if ($hash != getRequestElement('hash')) {
logDebugMessage(__FILE__, __LINE__, 'Hash ' . getRequestElement('hash') . ' does not match URL ' . $decodedUrl);
} elseif (isUrlValid($decodedUrl)) {
// Generate a JavaScript that redirects us
- loadTemplate('loader', false, $decodedUrl);
+ loadTemplate('loader', FALSE, $decodedUrl);
} else {
// URL invalid
redirectToUrl('modules.php?module=index');
}
} else {
+ // Is the hash not provided?
+ if (!isGetRequestElementSet('hash')) {
+ // Very old (external!) call
+ logDebugMessage(__FUNCTION__, __LINE__, 'Possible old call on loader.php detected. Redirecting to index.php anyway ...');
+ } // END - if
+
// Invalid or no URL entered!
redirectToUrl('modules.php?module=index');
}