From 00a9c7ec687ca725d958693f9f3f25f538b6ed03 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Joshua=20R=C3=BCsweg?= Date: Tue, 15 Jan 2019 22:54:13 +0100 Subject: [PATCH] Use random id instead of sha1 for uniqueFileId See #2825 --- .../install/files/lib/system/file/upload/UploadFile.class.php | 3 ++- .../files/lib/system/file/upload/UploadHandler.class.php | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/wcfsetup/install/files/lib/system/file/upload/UploadFile.class.php b/wcfsetup/install/files/lib/system/file/upload/UploadFile.class.php index e0fdb1f0c4..615e8642da 100644 --- a/wcfsetup/install/files/lib/system/file/upload/UploadFile.class.php +++ b/wcfsetup/install/files/lib/system/file/upload/UploadFile.class.php @@ -1,6 +1,7 @@ filesize = filesize($location); $this->processed = $processed; $this->viewableImage = $viewableImage; - $this->uniqueId = sha1(sha1_file($location) . sha1($location)); + $this->uniqueId = StringUtil::getRandomID(); if (@getimagesize($location) !== false) { $this->isImage = true; diff --git a/wcfsetup/install/files/lib/system/file/upload/UploadHandler.class.php b/wcfsetup/install/files/lib/system/file/upload/UploadHandler.class.php index 3b169813be..d9a7dc4736 100644 --- a/wcfsetup/install/files/lib/system/file/upload/UploadHandler.class.php +++ b/wcfsetup/install/files/lib/system/file/upload/UploadHandler.class.php @@ -209,7 +209,7 @@ class UploadHandler extends SingletonFactory { } foreach ($this->getFilesForInternalId($internalId) as $file) { - if ($file->getUniqueFileId() === $uniqueFileId) { + if (hash_equals($file->getUniqueFileId(), $uniqueFileId)) { return $file; } } -- 2.20.1