Use random id instead of sha1 for uniqueFileId

See #2825

diff --git a/wcfsetup/install/files/lib/system/file/upload/UploadFile.class.php b/wcfsetup/install/files/lib/system/file/upload/UploadFile.class.php
index e0fdb1f0c4d51adafd034f2820a156c12d0d4a34..615e8642da574eac8be46d4c3f63a85ac891c18b 100644 (file)
--- a/wcfsetup/install/files/lib/system/file/upload/UploadFile.class.php
+++ b/wcfsetup/install/files/lib/system/file/upload/UploadFile.class.php
@@ -1,6 +1,7 @@
 <?php
 namespace wcf\system\file\upload;
 use wcf\util\FileUtil;
+use wcf\util\StringUtil;
 
 /**
  * An specific upload file.
@@ -72,7 +73,7 @@ class UploadFile {
                $this->filesize = filesize($location);
                $this->processed = $processed;
                $this->viewableImage = $viewableImage;
-               $this->uniqueId = sha1(sha1_file($location) . sha1($location));
+               $this->uniqueId = StringUtil::getRandomID();
                
                if (@getimagesize($location) !== false) {
                        $this->isImage = true;

diff --git a/wcfsetup/install/files/lib/system/file/upload/UploadHandler.class.php b/wcfsetup/install/files/lib/system/file/upload/UploadHandler.class.php
index 3b169813bee6fa2f1802ddc5b5b311e9f9c96235..d9a7dc47365474e335f686b8e5c8f395aa3d9a6e 100644 (file)
--- a/wcfsetup/install/files/lib/system/file/upload/UploadHandler.class.php
+++ b/wcfsetup/install/files/lib/system/file/upload/UploadHandler.class.php
@@ -209,7 +209,7 @@ class UploadHandler extends SingletonFactory {
                }
                
                foreach ($this->getFilesForInternalId($internalId) as $file) {
-                       if ($file->getUniqueFileId() === $uniqueFileId) {
+                       if (hash_equals($file->getUniqueFileId(), $uniqueFileId)) {
                                return $file;
                        }
                }