From: Patrick Canterino Date: Fri, 5 Jun 2026 14:01:33 +0000 (+0200) Subject: Merge branch 'md5_to_sha256' into 'next-release' X-Git-Tag: 4.7.2~10 X-Git-Url: https://git.p6c8.net/jirafeau/pcanterino.git/commitdiff_plain/1733d88de2fe686cf95ef396eb1566e7db336b0a?hp=146ce80b73e7c0e8533d445e8464862a44117295 Merge branch 'md5_to_sha256' into 'next-release' Md5 to sha256 See merge request jirafeau/Jirafeau!33 --- diff --git a/f.php b/f.php index 269b10b..870b4bd 100644 --- a/f.php +++ b/f.php @@ -171,7 +171,9 @@ if (!empty($link['key'])) { require(JIRAFEAU_ROOT.'lib/template/footer.php'); exit; } else { - if (hash_equals($link['key'], md5($_POST['key']))) { + if (strpos($link['key'], '[SHA256]') == 0 && hash_equals(substr($link['key'], 8), hash('sha256', $_POST['key']))) { + $password_challenged = true; + } elseif (hash_equals($link['key'], md5($_POST['key']))) { $password_challenged = true; } else { sleep(2); diff --git a/lib/functions.php b/lib/functions.php index 84bcea8..833e21b 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -544,7 +544,7 @@ function jirafeau_add_file($file, $one_time_download, $key, $time, $ip, $crypt, /* hash password or empty. */ $password = ''; if (!empty($key)) { - $password = md5($key); + $password = '[SHA256]' . hash('sha256', $key); } /* create link file */ @@ -1088,10 +1088,10 @@ function jirafeau_async_init($filename, $type, $one_time, $key, $time, $ip) $w_path = $p . $ref . '_data'; touch($w_path); - /* md5 password or empty */ + /* sha256 password or empty */ $password = ''; if (!empty($key)) { - $password = md5($key); + $password = '[SHA256]' . hash('sha256', $key); } /* Store information. */ @@ -1642,7 +1642,7 @@ function jirafeau_escape($string) function jirafeau_admin_session_start() { $_SESSION['admin_auth'] = true; - $_SESSION['admin_csrf'] = md5(uniqid(mt_rand(), true)); + $_SESSION['admin_csrf'] = hash('sha256', uniqid(mt_rand(), true)); } function jirafeau_session_end() diff --git a/script.php b/script.php index ae57449..301ebe8 100644 --- a/script.php +++ b/script.php @@ -183,7 +183,7 @@ if (isset($_FILES['file']) && is_writable(VAR_FILES) echo 'Error 9'; exit; } - if (strlen($link['key']) > 0 && md5($key) != $link['key']) { + if (strlen($link['key']) > 0 && hash('sha256', $key) != $link['key']) { sleep(2); echo 'Error 10'; exit;