* $Author:: $ *
* -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2009 by Roland Haeder *
- * Copyright (c) 2009 - 2011 by Mailer Developer Team *
- * For more information visit: http://www.mxchange.org *
+ * Copyright (c) 2009 - 2012 by Mailer Developer Team *
+ * For more information visit: http://mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
// Some security stuff...
if (!defined('__SECURITY')) {
- die();
+ exit();
} // END - if
// Is an URL specified?
-if (isGetRequestParameterSet('url')) {
+if ((isGetRequestElementSet('url')) && (isGetRequestElementSet('hash'))) {
// Decode URL
- $url = decodeString(str_replace(' ', '+', compileUriCode(urldecode(getRequestParameter('url')))));
+ $decodedUrl = decodeString(str_replace(' ', '+', compileUriCode(urldecode(getRequestElement('url')))));
- // Validate the URL
- if (isUrlValid($url)) {
+ // Generate hash for comparing it
+ $hash = encodeHashForCookie(generateHash($decodedUrl, getRequestElement('hash')));
+
+ // Validate the URL and hash
+ if ($hash != getRequestElement('hash')) {
+ // Hash doesn't match
+ displayMessage('{--LOADER_SECURITY_HASH_MISMATCH--}');
+
+ // Log this event
+ logDebugMessage(__FILE__, __LINE__, 'Hash ' . getRequestElement('hash') . ' does not match URL ' . $decodedUrl);
+ } elseif (isUrlValid($decodedUrl)) {
// Generate a JavaScript that redirects us
- loadTemplate('loader', false, $url);
+ loadTemplate('loader', false, $decodedUrl);
} else {
// URL invalid
redirectToUrl('modules.php?module=index');
projects / mailer.git / blobdiff