From 89f01b64b3863a75ea1ca0f22b79c867a299898f Mon Sep 17 00:00:00 2001
From: Jiyong Youn <hletrd@users.noreply.github.com>
Date: Mon, 8 Feb 2016 02:34:06 +0900
Subject: [PATCH] =?UTF-8?q?=ED=8C=8C=EC=9D=BC=EB=AA=85=EC=9D=98=20?=
 =?UTF-8?q?=EC=97=94=ED=8A=B8=EB=A1=9C=ED=94=BC=20=ED=96=A5=EC=83=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

파일명의 엔트로피 향상 (md5 대신 createSecureSalt 이용)
---
 modules/importer/importer.admin.controller.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/modules/importer/importer.admin.controller.php b/modules/importer/importer.admin.controller.php
index a442c80bb..030b0b700 100644
--- a/modules/importer/importer.admin.controller.php
+++ b/modules/importer/importer.admin.controller.php
@@ -1054,6 +1054,7 @@ class importerAdminController extends importer
 
 				if(file_exists($file_obj->file))
 				{
+					$random = new Password();
 					// Set upload path by checking if the attachement is an image or other kind of file
 					if(preg_match("/\.(jpe?g|gif|png|wm[va]|mpe?g|avi|swf|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)$/i", $file_obj->source_filename))
 					{
@@ -1064,7 +1065,7 @@ class importerAdminController extends importer
 						$path = sprintf("./files/attach/images/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3));
 
 						$ext = substr(strrchr($file_obj->source_filename,'.'),1);
-						$_filename = md5(crypt(rand(1000000, 900000), rand(0, 100))).'.'.$ext;
+						$_filename = $random->createSecureSalt(32, 'hex').'.'.$ext;
 						$filename  = $path.$_filename;
 
 						$idx = 1;
@@ -1079,7 +1080,7 @@ class importerAdminController extends importer
 					else
 					{
 						$path = sprintf("./files/attach/binaries/%s/%s", $module_srl, getNumberingPath($upload_target_srl,3));
-						$filename = $path.md5(crypt(rand(1000000,900000), rand(0,100)));
+						$filename = $path.$random->createSecureSalt(32, 'hex');
 						$file_obj->direct_download = 'N';
 					}
 					// Create a directory
@@ -1102,7 +1103,7 @@ class importerAdminController extends importer
 						$file_obj->file_size = filesize($filename);
 						$file_obj->comment = NULL;
 						$file_obj->member_srl = 0;
-						$file_obj->sid = md5(rand(rand(1111111,4444444),rand(4444445,9999999)));
+						$file_obj->sid = $random->createSecureSalt(32, 'hex');
 						$file_obj->isvalid = 'Y';
 						$output = executeQuery('file.insertFile', $file_obj);