From 743896010932e1ef2d2d1db898d4365f65116c3c Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind1991@gmail.com>
Date: Mon, 18 Apr 2011 10:31:20 +0200
Subject: [PATCH] use better tokens for public links

---
 plugins/publiclink/lib_public.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/publiclink/lib_public.php b/plugins/publiclink/lib_public.php
index 436dddeef22..20b538d3ac9 100644
--- a/plugins/publiclink/lib_public.php
+++ b/plugins/publiclink/lib_public.php
@@ -6,9 +6,9 @@ class OC_PublicLink{
 	 * @param int (optional) expiretime time the link expires, as timestamp
 	 */
 	public function __construct($path,$expiretime=0){
-		if($path && OC_FILESYSTEM::file_exists($path)){
-			$token=sha1("$path-$expiretime");
+		if($path and  OC_FILESYSTEM::file_exists($path) and OC_FILESYSTEM::is_readable($path)){
 			$user=$_SESSION['user_id'];
+			$token=sha1("$user-$path-$expiretime");
 			$query=OC_DB::prepare("INSERT INTO *PREFIX*publiclink VALUES(?,?,?,?)");
 			$result=$query->execute(array($token,$path,$user,$expiretime));
 			if( PEAR::isError($result)) {
-- 
GitLab