From e36b029f7851cc852c113b0ba80d76774a101b03 Mon Sep 17 00:00:00 2001 From: Nick Liu Date: Tue, 1 May 2018 05:26:40 -0500 Subject: [PATCH] Fixed Downloads security NGINX MD5 generation - FIX: Blocker bug generating the wrong MD5 string for NGINX secure_link_md5 - FIX: Bad instructions in LAN_DL_SECURITY_DESCRIPTION --- e107_plugins/download/handlers/NginxSecureLinkMd5Decorator.php | 2 +- e107_plugins/download/languages/English/English_admin.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/e107_plugins/download/handlers/NginxSecureLinkMd5Decorator.php b/e107_plugins/download/handlers/NginxSecureLinkMd5Decorator.php index 7ce9ffcca..603ce55f2 100644 --- a/e107_plugins/download/handlers/NginxSecureLinkMd5Decorator.php +++ b/e107_plugins/download/handlers/NginxSecureLinkMd5Decorator.php @@ -43,7 +43,7 @@ class NginxSecureLinkMd5Decorator implements SecureLinkDecorator ); $query_string = $url_parts['query']; parse_str($query_string, $query_args); - $query_args['md5'] = md5($evaluation); + $query_args['md5'] = str_replace(array('+', '/', '='), array('-', '_', ''), base64_encode(md5($evaluation, true))); if (strpos($prefs['download_security_expression'], '$secure_link_expires') !== false) $query_args['expires'] = $expiry; require_once(__DIR__.'/../includes/shim_http_build_url.php'); diff --git a/e107_plugins/download/languages/English/English_admin.php b/e107_plugins/download/languages/English/English_admin.php index d3a6d1d33..a59d794dc 100644 --- a/e107_plugins/download/languages/English/English_admin.php +++ b/e107_plugins/download/languages/English/English_admin.php @@ -231,7 +231,7 @@ define("DOWLAN_HELP_10", "Help for upload options"); // define("DOWLAN_CAPTION", "Configure Download"); define("LAN_DL_SECURITY_DESCRIPTION", "Downloads can make use of server-side URL protection features to prevent hotlinking and/or enforce link expiry. " . - "The download server needs to be configured first before setting the options below."); + "This section should be configured before the download server is configured to reduce the chance of disruption to downloaders."); define("LAN_DL_SECURITY_MODE", "URL protection mode"); define("LAN_DL_SECURITY_MODE_NONE", "None (Default)"); define("LAN_DL_SECURITY_MODE_NGINX_SECURELINKMD5", "NGINX secure_link_md5");