fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 11:44:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

랜덤 파일명 및 sid를 생성할 때 Password 클래스의 난수 생성기를 활용하도록 변경

Browse source
This commit is contained in:
Kijin Sung 2015-03-06 15:19:00 +09:00
parent aa7db04a91
commit 6e363f41fc
1 changed files with 16 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

24
modules/file/file.controller.php
View file

@ -277,7 +277,8 @@ class fileController extends file
// Call a trigger (after)
$output = ModuleHandler::triggerCall('file.downloadFile', 'after', $file_obj);
$file_key = $_SESSION['__XE_FILE_KEY__'][$file_srl] = hash('md5',rand());
$random = new Password();
$file_key = $_SESSION['__XE_FILE_KEY__'][$file_srl] = $random->createSecureSalt(32, 'hex');
header('Location: '.getNotEncodedUrl('', 'act', 'procFileOutput','file_srl',$file_srl,'file_key',$file_key));
Context::close();
exit();
@ -662,6 +663,9 @@ class fileController extends file
}
}
// Get random number generator
$random = new Password();
// Set upload path by checking if the attachement is an image or other kinds of file
if(preg_match("/\.(jpe?g|gif|png|wm[va]|mpe?g|avi|swf|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)$/i", $file_info['name']))
{
@ -672,10 +676,10 @@ class fileController extends file
$path = sprintf("./files/attach/images/%s/%s", $module_srl,getNumberingPath($upload_target_srl,3));
// special character to '_'
// change to md5 file name. because window php bug. window php is not recognize unicode character file name - by cherryfilter
// change to random file name. because window php bug. window php is not recognize unicode character file name - by cherryfilter
$ext = substr(strrchr($file_info['name'],'.'),1);
//$_filename = preg_replace('/[#$&*?+%"\']/', '_', $file_info['name']);
$_filename = md5(crypt(rand(1000000,900000), rand(0,100))).'.'.$ext;
$_filename = $random->createSecureSalt(32, 'hex').'.'.$ext;
$filename = $path.$_filename;
$idx = 1;
while(file_exists($filename))
@ -688,7 +692,7 @@ class fileController extends file
else
{
$path = sprintf("./files/attach/binaries/%s/%s", $module_srl, getNumberingPath($upload_target_srl,3));
$filename = $path.md5(crypt(rand(1000000,900000), rand(0,100)));
$filename = $path.$random->createSecureSalt(32, 'hex');
$direct_download = 'N';
}
// Create a directory
@ -697,13 +701,16 @@ class fileController extends file
// Check uploaded file
if(!checkUploadedFile($file_info['tmp_name'])) return new Object(-1,'msg_file_upload_error');
// Get random number generator
$random = new Password();
// Move the file
if($manual_insert)
{
@copy($file_info['tmp_name'], $filename);
if(!file_exists($filename))
{
$filename = $path. md5(crypt(rand(1000000,900000).$file_info['name'])).'.'.$ext;
$filename = $path.$random->createSecureSalt(32, 'hex').'.'.$ext;
@copy($file_info['tmp_name'], $filename);
}
}
@ -711,7 +718,7 @@ class fileController extends file
{
if(!@move_uploaded_file($file_info['tmp_name'], $filename))
{
$filename = $path. md5(crypt(rand(1000000,900000).$file_info['name'])).'.'.$ext;
$filename = $path.$random->createSecureSalt(32, 'hex').'.'.$ext;
if(!@move_uploaded_file($file_info['tmp_name'], $filename)) return new Object(-1,'msg_file_upload_error');
}
}
@ -730,7 +737,7 @@ class fileController extends file
$args->file_size = @filesize($filename);
$args->comment = NULL;
$args->member_srl = $member_srl;
$args->sid = md5(rand(rand(1111111,4444444),rand(4444445,9999999)));
$args->sid = $random->createSecureSalt(32, 'hex');
$output = executeQuery('file.insertFile', $args);
if(!$output->toBool()) return $output;
@ -910,7 +917,8 @@ class fileController extends file
else
{
$path = sprintf("./files/attach/binaries/%s/%s/", $target_module_srl, $target_srl);
$new_file = $path.md5(crypt(rand(1000000,900000), rand(0,100)));
$random = new Password();
$new_file = $path.$random->createSecureSalt(32, 'hex');
}
// Pass if a target document to move is same
if($old_file == $new_file) continue;