From: Roland Häder Date: Sun, 4 Nov 2012 00:03:14 +0000 (+0000) Subject: Temporary configuration 'RAND_NUMBER' is now 'cached' in session variable, possibly... X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=ad97b034f89416e998f04e045d7f37009e5d1b80;p=mailer.git Temporary configuration 'RAND_NUMBER' is now 'cached' in session variable, possibly fixed handling of hash (wrong salt) --- diff --git a/inc/filters.php b/inc/filters.php index d512328709..83019226a2 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -863,7 +863,10 @@ function FILTER_CHECK_ADMIN_ACL () { // Init random number/cache buster function FILTER_INIT_RANDOM_NUMBER () { // Is the extension ext-sql_patches installed and at least 0.3.6? - if ((isExtensionInstalledAndNewer('sql_patches', '0.3.6')) && (isExtensionInstalledAndNewer('other', '0.2.5'))) { + if (isSessionVariableSet('random_number')) { + // Then set it + setConfigEntry('RAND_NUMBER', getSession('random_number')); + } elseif ((isExtensionInstalledAndNewer('sql_patches', '0.3.6')) && (isExtensionInstalledAndNewer('other', '0.2.5'))) { // Generate random number setConfigEntry('RAND_NUMBER', generateRandomCode(10, mt_rand(10000, 99999), getMemberId(), '')); } else { @@ -871,6 +874,9 @@ function FILTER_INIT_RANDOM_NUMBER () { setConfigEntry('RAND_NUMBER', mt_rand(1000000, 9999999)); } + // Set it in session for faster script execusion + setSession('random_number', getConfig('RAND_NUMBER')); + // Copy it to CACHE_BUSTER setConfigEntry('CACHE_BUSTER', getConfig('RAND_NUMBER')); } diff --git a/inc/functions.php b/inc/functions.php index 33acd8c1c7..b6083824ef 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -335,11 +335,14 @@ function generateDereferrerUrl ($url) { // Encode URL $encodedUrl = encodeString(compileUriCode($url)); - // Log plain URL - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'url=' . $url); + // Generate hash + $hash = generateHash($url . getSiteKey() . getDateKey()); + + // Log plain URL and hash + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'url=' . $url . ',hash=' . $hash . '(' . strlen($hash) . ')'); // De-refer this URL - $url = '{%url=modules.php?module=loader&url=' . $encodedUrl . '&hash=' . encodeHashForCookie(generateHash($url . getSiteKey() . getDateKey())) . '%}'; + $url = '{%url=modules.php?module=loader&url=' . $encodedUrl . '&hash=' . encodeHashForCookie($hash) . '&salt=' . substr($hash, 0, getSaltLength()) . '%}'; } // END - if // Return link diff --git a/inc/modules/loader.php b/inc/modules/loader.php index 006559f5eb..e154a9395b 100644 --- a/inc/modules/loader.php +++ b/inc/modules/loader.php @@ -41,7 +41,7 @@ if (!defined('__SECURITY')) { } // END - if // Is an URL specified? -if ((isGetRequestElementSet('url')) && (isGetRequestElementSet('hash'))) { +if ((isGetRequestElementSet('url')) && (isGetRequestElementSet('hash')) && (isGetRequestElementSet('salt'))) { // Decode URL $decodedUrl = decodeString(str_replace(' ', '+', compileUriCode(urldecode(getRequestElement('url'))))); @@ -49,7 +49,7 @@ if ((isGetRequestElementSet('url')) && (isGetRequestElementSet('hash'))) { //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'decodedUrl=' . $decodedUrl . ',hash=' . getRequestElement('hash')); // Generate hash for comparing it - $hash = encodeHashForCookie(generateHash($decodedUrl . getSiteKey() . getDateKey(), getRequestElement('hash'))); + $hash = encodeHashForCookie(generateHash($decodedUrl . getSiteKey() . getDateKey(), getRequestElement('salt'))); // Debug message //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'decodedUrl=' . $decodedUrl . ',hash=' . $hash);