From: Robin Appelman <icewind1991@gmail.com>
Date: Mon, 18 Apr 2011 08:31:20 +0000 (+0200)
Subject: use better tokens for public links
X-Git-Tag: v3.0~267^2~558^2~67^2~6
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=743896010932e1ef2d2d1db898d4365f65116c3c;p=nextcloud-server.git

use better tokens for public links
---

diff --git a/plugins/publiclink/lib_public.php b/plugins/publiclink/lib_public.php
index 436dddeef22..20b538d3ac9 100644
--- a/plugins/publiclink/lib_public.php
+++ b/plugins/publiclink/lib_public.php
@@ -6,9 +6,9 @@ class OC_PublicLink{
 	 * @param int (optional) expiretime time the link expires, as timestamp
 	 */
 	public function __construct($path,$expiretime=0){
-		if($path && OC_FILESYSTEM::file_exists($path)){
-			$token=sha1("$path-$expiretime");
+		if($path and  OC_FILESYSTEM::file_exists($path) and OC_FILESYSTEM::is_readable($path)){
 			$user=$_SESSION['user_id'];
+			$token=sha1("$user-$path-$expiretime");
 			$query=OC_DB::prepare("INSERT INTO *PREFIX*publiclink VALUES(?,?,?,?)");
 			$result=$query->execute(array($token,$path,$user,$expiretime));
 			if( PEAR::isError($result)) {