]> source.dussan.org Git - nextcloud-server.git/commitdiff
projects / nextcloud-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8a7f236)
use better tokens for public links
authorRobin Appelman <icewind1991@gmail.com>
Mon, 18 Apr 2011 08:31:20 +0000 (10:31 +0200)
committerRobin Appelman <icewind1991@gmail.com>
Mon, 18 Apr 2011 08:31:20 +0000 (10:31 +0200)
plugins/publiclink/lib_public.php patch | blob | history

diff --git a/plugins/publiclink/lib_public.php b/plugins/publiclink/lib_public.php
index 436dddeef222c94ae0b0d56cb3d4477c23e0cf22..20b538d3ac9bb819f81c7acb0266665ce6deaabd 100644 (file)
--- a/plugins/publiclink/lib_public.php
+++ b/plugins/publiclink/lib_public.php
@@ -6,9 +6,9 @@ class OC_PublicLink{
         * @param int (optional) expiretime time the link expires, as timestamp
         */
        public function __construct($path,$expiretime=0){
-               if($path && OC_FILESYSTEM::file_exists($path)){
-                       $token=sha1("$path-$expiretime");
+               if($path and  OC_FILESYSTEM::file_exists($path) and OC_FILESYSTEM::is_readable($path)){
                        $user=$_SESSION['user_id'];
+                       $token=sha1("$user-$path-$expiretime");
                        $query=OC_DB::prepare("INSERT INTO *PREFIX*publiclink VALUES(?,?,?,?)");
                        $result=$query->execute(array($token,$path,$user,$expiretime));
                        if( PEAR::isError($result)) {
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server