From: quix0r <quix0r@mxchange.org>
Date: Wed, 24 Oct 2012 21:25:46 +0000 (+0000)
Subject: Added site and date key for improved security
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=16ad844342356908f53913f9d639c79588927741;p=mailer.git

Added site and date key for improved security
---

diff --git a/inc/functions.php b/inc/functions.php
index d69c1abdd0..1c555e08ac 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -339,7 +339,7 @@ function generateDereferrerUrl ($url) {
 		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'url=' . $url);
 
 		// De-refer this URL
-		$url = '{%url=modules.php?module=loader&amp;url=' . $encodedUrl . '&amp;hash=' . encodeHashForCookie(generateHash($url)) . '%}';
+		$url = '{%url=modules.php?module=loader&amp;url=' . $encodedUrl . '&amp;hash=' . encodeHashForCookie(generateHash($url . getSiteKey() . getDateKey())) . '%}';
 	} // END - if
 
 	// Return link
diff --git a/inc/modules/loader.php b/inc/modules/loader.php
index b3395fa389..006559f5eb 100644
--- a/inc/modules/loader.php
+++ b/inc/modules/loader.php
@@ -45,8 +45,14 @@ if ((isGetRequestElementSet('url')) && (isGetRequestElementSet('hash'))) {
 	// Decode URL
 	$decodedUrl = decodeString(str_replace(' ', '+', compileUriCode(urldecode(getRequestElement('url')))));
 
+	// Debug message
+	//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'decodedUrl=' . $decodedUrl . ',hash=' . getRequestElement('hash'));
+
 	// Generate hash for comparing it
-	$hash = encodeHashForCookie(generateHash($decodedUrl, getRequestElement('hash')));
+	$hash = encodeHashForCookie(generateHash($decodedUrl . getSiteKey() . getDateKey(), getRequestElement('hash')));
+
+	// Debug message
+	//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'decodedUrl=' . $decodedUrl . ',hash=' . $hash);
 
 	// Validate the URL and hash
 	if ($hash != getRequestElement('hash')) {