From 6585b3124d137ab1cceac30225cb2f0824461b66 Mon Sep 17 00:00:00 2001 From: Roman Kelesidis Date: Thu, 8 Feb 2024 15:25:05 +0700 Subject: [PATCH] Used hashing for filenames generation (#1385) * Some code cleanup... * Used hashing for filenames generation * Revert "Some code cleanup..." This reverts commit 2dca4c3fb3300fcefde3723fec59976f210f63fb. * Update Attach.php * Update Attach.php * Update Attach.php --- library/attach_mod/posting_attachments.php | 4 --- src/Legacy/Attach.php | 37 ++-------------------- 2 files changed, 2 insertions(+), 39 deletions(-) diff --git a/library/attach_mod/posting_attachments.php b/library/attach_mod/posting_attachments.php index e175ac7fa..94ea47ebb 100644 --- a/library/attach_mod/posting_attachments.php +++ b/library/attach_mod/posting_attachments.php @@ -11,10 +11,6 @@ if (!defined('BB_ROOT')) { die(basename(__FILE__)); } -define('FILENAME_PREFIX', true); -define('FILENAME_PREFIX_LENGTH', 6); -define('FILENAME_MAX_LENGTH', 128); - /** * Entry Point */ diff --git a/src/Legacy/Attach.php b/src/Legacy/Attach.php index 264916ee5..dc827d5ef 100644 --- a/src/Legacy/Attach.php +++ b/src/Legacy/Attach.php @@ -852,41 +852,8 @@ class Attach $this->filetime = TIMENOW; $this->filename = $r_file; - // physical filename - $this->attach_filename = $this->filename; - - //bt - $this->attach_filename = html_entity_decode(trim(stripslashes($this->attach_filename))); - $this->attach_filename = pathinfo($this->attach_filename, PATHINFO_FILENAME); - $this->attach_filename = str_replace([' ', '-'], '_', $this->attach_filename); - $this->attach_filename = str_replace('__', '_', $this->attach_filename); - $this->attach_filename = str_replace([',', '.', '!', '?', 'ь', 'Ь', 'ц', 'Ц', 'д', 'Д', ';', ':', '@', "'", '"', '&'], ['', '', '', '', 'ue', 'ue', 'oe', 'oe', 'ae', 'ae', '', '', '', '', '', 'and'], $this->attach_filename); - $this->attach_filename = str_replace(['$', 'Я', '>', '<', '§', '%', '=', '/', '(', ')', '#', '*', '+', "\\", '{', '}', '[', ']'], ['dollar', 'ss', 'greater', 'lower', 'paragraph', 'percent', 'equal', '', '', '', '', '', '', '', '', '', '', ''], $this->attach_filename); - // Remove non-latin characters - $this->attach_filename = preg_replace('#([\xC2\xC3])([\x80-\xBF])#', 'chr(ord(\'$1\')<<6&0xC0|ord(\'$2\')&0x3F)', $this->attach_filename); - $this->attach_filename = rawurlencode($this->attach_filename); - $this->attach_filename = preg_replace("/(%[0-9A-F]{1,2})/i", '', $this->attach_filename); - $this->attach_filename = trim($this->attach_filename . '_' . make_rand_str(13)); - $this->attach_filename = str_replace(['&', '&', ' '], '_', $this->attach_filename); - $this->attach_filename = str_replace('php', '_php_', $this->attach_filename); - - $new_physical_filename = null; - for ($i = 0, $max_try = 5; $i <= $max_try; $i++) { - $fn_prefix = FILENAME_PREFIX ? (make_rand_str(FILENAME_PREFIX_LENGTH) . '_') : ''; - $new_physical_filename = clean_filename($fn_prefix . $this->attach_filename); - - if (!physical_filename_already_stored($new_physical_filename)) { - break; - } - if ($i === $max_try) { - bb_die('Could not create filename for attachment'); - } - } - - $this->attach_filename = $new_physical_filename; - if (!empty($this->attach_filename)) { - $this->attach_filename = substr(trim($this->attach_filename), 0, FILENAME_MAX_LENGTH); - } + // Generate hashed filename + $this->attach_filename = TIMENOW . hash('xxh128', $this->filename); // Do we have to create a thumbnail ? if ($cat_id == IMAGE_CAT && (int)$attach_config['img_create_thumbnail'] && (int)$attach_config['img_display_inlined']) {