From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 plugins/redundant_attachments/redundant_attachments.php |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/plugins/redundant_attachments/redundant_attachments.php b/plugins/redundant_attachments/redundant_attachments.php
index fc7e06e..52a7ea3 100644
--- a/plugins/redundant_attachments/redundant_attachments.php
+++ b/plugins/redundant_attachments/redundant_attachments.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Redundant attachments
  *
@@ -30,6 +31,10 @@
  * with this program; if not, write to the Free Software Foundation, Inc.,
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
+
+if (class_exists('filesystem_attachments', false) && !defined('TESTS_DIR')) {
+    die("Configuration issue. There can be only one enabled plugin for attachments handling");
+}
 
 require_once(RCUBE_PLUGINS_DIR . 'filesystem_attachments/filesystem_attachments.php');
 
@@ -85,8 +90,8 @@
      */
     private function _key($args)
     {
-        $uname = $args['path'] ? $args['path'] : $args['name'];
-        return $args['group'] . md5(mktime() . $uname . $_SESSION['user_id']);
+        $uname = $args['path'] ?: $args['name'];
+        return $args['group'] . md5(time() . $uname . $_SESSION['user_id']);
     }
 
     /**

--
Gitblit v1.9.1