'file_id'
);
list($path) = CRM_Core_BAO_File::path($fileID, $entityId);
- $fileHash = CRM_Core_BAO_File::generateFileHash($eid, $fileID);
+ $fileHash = CRM_Core_BAO_File::generateFileHash($entityId, $fileID);
$url = CRM_Utils_System::url('civicrm/file',
"reset=1&id=$fileID&eid=$contactID&fcs=$fileHash",
$absolute, NULL, TRUE, TRUE
$fileDAO->id = $dao->$fieldName;
if ($fileDAO->find(TRUE)) {
- $fileHash = CRM_Core_BAO_File::generateFileHash($dao->$entityIDName, $fileDAO->id);
$entityIDName = "{$table}_entity_id";
+ $fileHash = CRM_Core_BAO_File::generateFileHash($dao->$entityIDName, $fileDAO->id);
$customValue['id'] = $dao->$idName;
$customValue['data'] = $fileDAO->uri;
$customValue['fid'] = $fileDAO->id;
/**
* Generates a MD5 Hash to be appended to file URLS to be checked when trying to download the file.
- * @param int $eid entity id the file is attached to
- * @param int $fid file ID
+ * @param int $entityId entity id the file is attached to
+ * @param int $fileId file ID
* @return string
*/
- public static function generateFileHash($eid = NULL, $fid = NULL, $genTs = NULL, $life = NULL) {
+ public static function generateFileHash($entityId = NULL, $fileId = NULL, $genTs = NULL, $life = NULL) {
// Use multiple (but stable) inputs for hash information.
$siteKey = CRM_Utils_Constant::value('CIVICRM_SITE_KEY');
if (!$siteKey) {
}
if (!$life) {
$days = Civi::settings()->get('checksum_timeout');
- $live = 24 * $days;
+ $life = 24 * $days;
}
// Trim 8 chars off the string, make it slightly easier to find
// but reveals less information from the hash.
- $cs = hash_hmac('sha256', "{$fid}_{$life}", $siteKey);
+ $cs = hash_hmac('sha256', "entity={$entityId}&file={$fileId}&life={$life}", $siteKey);
return "{$cs}_{$genTs}_{$life}";
}
$download = CRM_Utils_Request::retrieve('download', 'Integer', $this, FALSE, 1);
$disposition = $download == 0 ? 'inline' : 'download';
- $eid = CRM_Utils_Request::retrieve('eid', 'Positive', $this, TRUE);
- $fid = CRM_Utils_Request::retrieve('fid', 'Positive', $this, FALSE);
- $id = CRM_Utils_Request::retrieve('id', 'Positive', $this, TRUE);
+ $eid = CRM_Utils_Request::retrieve('eid', 'Positive', $this, TRUE); // Entity ID (e.g. Contact ID)
+ $fid = CRM_Utils_Request::retrieve('fid', 'Positive', $this, FALSE); // Field ID
+ $id = CRM_Utils_Request::retrieve('id', 'Positive', $this, TRUE); // File ID
$hash = CRM_Utils_Request::retrieve('fcs', 'Alphanumeric', $this);
- if (!CRM_Core_BAO_File::validateFileHash($hash, $eid, $fid)) {
+ if (!CRM_Core_BAO_File::validateFileHash($hash, $eid, $id)) {
CRM_Core_Error::statusBounce('URL for file is not valid');
}
projects / civicrm-core.git / commitdiff