From 9f120280a2f4b8fbec75bec8b546e90709fd04d1 Mon Sep 17 00:00:00 2001
From: Jose Gonzalez <jose.gonzalez@artica.es>
Date: Tue, 8 Jun 2021 14:21:33 +0200
Subject: [PATCH] Change token for hash generation

---
 .../include/functions_filemanager.php         | 24 +++++++++----------
 pandora_console/include/get_file.php          |  2 +-
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/pandora_console/include/functions_filemanager.php b/pandora_console/include/functions_filemanager.php
index 4265566116..b8d7598d12 100644
--- a/pandora_console/include/functions_filemanager.php
+++ b/pandora_console/include/functions_filemanager.php
@@ -330,7 +330,7 @@ if ($create_dir === true) {
 
     $directory = filemanager_safe_directory((string) get_parameter('directory', '/'));
     $hash      = (string) get_parameter('hash');
-    $testHash  = md5($directory.$config['dbpass']);
+    $testHash  = md5($directory.$config['server_unique_identifier']);
 
     if ($hash !== $testHash) {
          ui_print_error_message(__('Security error.'));
@@ -363,7 +363,7 @@ if ($delete_file === true) {
     $filename = (string) get_parameter('filename');
     $filename = io_safe_output($filename);
     $hash     = get_parameter('hash', '');
-    $testHash = md5($filename.$config['dbpass']);
+    $testHash = md5($filename.$config['server_unique_identifier']);
 
     if ($hash !== $testHash) {
         $config['filemanager']['message'] = ui_print_error_message(__('Security error'), '', true);
@@ -645,7 +645,7 @@ function filemanager_file_explorer(
 
         if (($prev_dir_str != '') && ($father != $relative_directory)) {
             $table->data[0][0] = html_print_image('images/go_previous.png', true, ['class' => 'invert_filter']);
-            $table->data[0][1] = '<a href="'.$url.'&directory='.$prev_dir_str.'&hash2='.md5($prev_dir_str.$config['dbpass']).'">';
+            $table->data[0][1] = '<a href="'.$url.'&directory='.$prev_dir_str.'&hash2='.md5($prev_dir_str.$config['server_unique_identifier']).'">';
             $table->data[0][1] .= __('Parent directory');
             $table->data[0][1] .= '</a>';
 
@@ -696,7 +696,7 @@ function filemanager_file_explorer(
             }
 
             if ($fileinfo['is_dir']) {
-                $data[1] = '<a href="'.$url.'&directory='.$relative_directory.'/'.$fileinfo['name'].'&hash2='.md5($relative_directory.'/'.$fileinfo['name'].$config['dbpass']).'">'.$fileinfo['name'].'</a>';
+                $data[1] = '<a href="'.$url.'&directory='.$relative_directory.'/'.$fileinfo['name'].'&hash2='.md5($relative_directory.'/'.$fileinfo['name'].$config['server_unique_identifier']).'">'.$fileinfo['name'].'</a>';
             } else if (!empty($url_file)) {
                 // Set the custom url file
                 $url_file_clean = str_replace('[FILE_FULLPATH]', $fileinfo['realpath'], $url_file);
@@ -704,7 +704,7 @@ function filemanager_file_explorer(
                 $data[1] = '<a href="'.$url_file_clean.'">'.$fileinfo['name'].'</a>';
             } else {
                 $filename = base64_encode($relative_directory.'/'.$fileinfo['name']);
-                $hash = md5($filename.$config['dbpass']);
+                $hash = md5($filename.$config['server_unique_identifier']);
                 $data[1] = '<a href="'.$hack_metaconsole.'include/get_file.php?file='.urlencode($filename).'&hash='.$hash.'">'.$fileinfo['name'].'</a>';
             }
 
@@ -739,7 +739,7 @@ function filemanager_file_explorer(
                 $data[4] .= '<form method="post" action="'.$url.'" style="">';
                 $data[4] .= '<input type="image" class="invert_filter" src="images/cross.png" onClick="if (!confirm(\' '.__('Are you sure?').'\')) return false;">';
                 $data[4] .= html_print_input_hidden('filename', $fileinfo['realpath'], true);
-                $data[4] .= html_print_input_hidden('hash', md5($fileinfo['realpath'].$config['dbpass']), true);
+                $data[4] .= html_print_input_hidden('hash', md5($fileinfo['realpath'].$config['server_unique_identifier']), true);
                 $data[4] .= html_print_input_hidden('delete_file', 1, true);
 
                 $relative_dir = str_replace($homedir_filemanager, '', str_replace('\\', '/', dirname($fileinfo['realpath'])));
@@ -748,7 +748,7 @@ function filemanager_file_explorer(
                     $relative_dir = substr($relative_dir, 1);
                 }
 
-                $hash2 = md5($relative_dir.$config['dbpass']);
+                $hash2 = md5($relative_dir.$config['server_unique_identifier']);
 
                 $data[4] .= html_print_input_hidden('directory', $relative_dir, true);
                 $data[4] .= html_print_input_hidden('hash2', $hash2, true);
@@ -758,7 +758,7 @@ function filemanager_file_explorer(
                     if (($typefile != 'bin') && ($typefile != 'pdf') && ($typefile != 'png') && ($typefile != 'jpg')
                         && ($typefile != 'iso') && ($typefile != 'docx') && ($typefile != 'doc') && ($fileinfo['mime'] != MIME_DIR)
                     ) {
-                        $hash = md5($fileinfo['realpath'].$config['dbpass']);
+                        $hash = md5($fileinfo['realpath'].$config['server_unique_identifier']);
                         $data[4] .= "<a style='vertical-align: top;' href='$url&edit_file=1&hash=".$hash.'&location_file='.$fileinfo['realpath']."' style='float: left;'>".html_print_image('images/edit.png', true, ['style' => 'margin-top: 2px;', 'title' => __('Edit file'), 'class' => 'invert_filter']).'</a>';
                     }
                 }
@@ -766,7 +766,7 @@ function filemanager_file_explorer(
 
             if ((!$fileinfo['is_dir']) && ($download_button)) {
                 $filename = base64_encode($fileinfo['name']);
-                $hash = md5($filename.$config['dbpass']);
+                $hash = md5($filename.$config['server_unique_identifier']);
                 $data[4] .= '<a href="include/get_file.php?file='.urlencode($filename).'&hash='.$hash.'" style="vertical-align: 25%;">';
                 $data[4] .= html_print_image('images/file.png', true, ['class' => 'invert_filter']);
                 $data[4] .= '</a>';
@@ -824,13 +824,13 @@ function filemanager_file_explorer(
             </li></ul>';
 
             echo '<div id="create_folder" class="invisible">'.$tabs_dialog.'
-            <form method="post" action="'.$url.'">'.html_print_input_text('dirname', '', '', 30, 255, true).html_print_submit_button(__('Create'), 'crt', false, 'class="sub next"', true).html_print_input_hidden('directory', $relative_directory, true).html_print_input_hidden('create_dir', 1, true).html_print_input_hidden('hash', md5($relative_directory.$config['dbpass']), true).html_print_input_hidden('hash2', md5($relative_directory.$config['dbpass']), true).'</form></div>';
+            <form method="post" action="'.$url.'">'.html_print_input_text('dirname', '', '', 30, 255, true).html_print_submit_button(__('Create'), 'crt', false, 'class="sub next"', true).html_print_input_hidden('directory', $relative_directory, true).html_print_input_hidden('create_dir', 1, true).html_print_input_hidden('hash', md5($relative_directory.$config['server_unique_identifier']), true).html_print_input_hidden('hash2', md5($relative_directory.$config['server_unique_identifier']), true).'</form></div>';
 
             echo '<div id="upload_file" class="invisible"> '.$tabs_dialog.'
-            <form method="post" action="'.$url.'" enctype="multipart/form-data">'.ui_print_help_tip(__('The zip upload in this dir, easy to upload multiple files.'), true).html_print_input_file('file', true, false).html_print_input_hidden('umask', $umask, true).html_print_checkbox('decompress', 1, false, true).__('Decompress').html_print_submit_button(__('Go'), 'go', false, 'class="sub next"', true).html_print_input_hidden('real_directory', $real_directory, true).html_print_input_hidden('directory', $relative_directory, true).html_print_input_hidden('hash', md5($real_directory.$relative_directory.$config['dbpass']), true).html_print_input_hidden('hash2', md5($relative_directory.$config['dbpass']), true).html_print_input_hidden('upload_file_or_zip', 1, true).'</form></div>';
+            <form method="post" action="'.$url.'" enctype="multipart/form-data">'.ui_print_help_tip(__('The zip upload in this dir, easy to upload multiple files.'), true).html_print_input_file('file', true, false).html_print_input_hidden('umask', $umask, true).html_print_checkbox('decompress', 1, false, true).__('Decompress').html_print_submit_button(__('Go'), 'go', false, 'class="sub next"', true).html_print_input_hidden('real_directory', $real_directory, true).html_print_input_hidden('directory', $relative_directory, true).html_print_input_hidden('hash', md5($real_directory.$relative_directory.$config['server_unique_identifier']), true).html_print_input_hidden('hash2', md5($relative_directory.$config['server_unique_identifier']), true).html_print_input_hidden('upload_file_or_zip', 1, true).'</form></div>';
 
             echo ' <div id="create_text_file" class="invisible">'.$tabs_dialog.'
-            <form method="post" action="'.$url.'">'.html_print_input_text('name_file', '', '', 30, 50, true).html_print_submit_button(__('Create'), 'create', false, 'class="sub next"', true).html_print_input_hidden('real_directory', $real_directory, true).html_print_input_hidden('directory', $relative_directory, true).html_print_input_hidden('hash', md5($real_directory.$relative_directory.$config['dbpass']), true).html_print_input_hidden('umask', $umask, true).html_print_input_hidden('create_text_file', 1, true).'</form></div>';
+            <form method="post" action="'.$url.'">'.html_print_input_text('name_file', '', '', 30, 50, true).html_print_submit_button(__('Create'), 'create', false, 'class="sub next"', true).html_print_input_hidden('real_directory', $real_directory, true).html_print_input_hidden('directory', $relative_directory, true).html_print_input_hidden('hash', md5($real_directory.$relative_directory.$config['server_unique_identifier']), true).html_print_input_hidden('umask', $umask, true).html_print_input_hidden('create_text_file', 1, true).'</form></div>';
 
             echo "<div style='width: ".$table->width.";' class='file_table_buttons'>";
 
diff --git a/pandora_console/include/get_file.php b/pandora_console/include/get_file.php
index f5ccaecd99..8de031a79b 100644
--- a/pandora_console/include/get_file.php
+++ b/pandora_console/include/get_file.php
@@ -35,7 +35,7 @@ $file = base64_decode(urldecode($file_raw));
 
 $hash = get_parameter('hash', null);
 
-if ($file === '' || $hash === '' || $hash !== md5($file_raw.$config['dbpass']) || !isset($_SERVER['HTTP_REFERER'])) {
+if ($file === '' || $hash === '' || $hash !== md5($file_raw.$config['server_unique_identifier']) || !isset($_SERVER['HTTP_REFERER'])) {
     echo "<h3 style='".$styleError."'>".__('Security error. Please contact the administrator.').'</h3>';
 } else {
     $downloadable_file = '';