check checksum of document version

2024-11-26 07:22:11 +00:00 · 2021-01-26 13:30:15 +01:00 · 2021-01-26 13:30:15 +01:00 · 8a2224b669
commit 8a2224b669
parent 4b91c390c3
2 changed files with 7 additions and 0 deletions
--- a/2
+++ b/2
@ -6,6 +6,8 @@
 - fix potential clickjacking attack with manipulated email address of a user
 - loading more items on ViewFolder page obeys sort order
 - fix possible csrf attacks due to missing form token
+- show an error msg on the documents detail page if the checksum of version
+  mismatch

 --------------------------------------------------------------------------------
                     Changes in version 5.1.21
--- a/views/bootstrap/class.ViewDocument.php
+++ b/views/bootstrap/class.ViewDocument.php
@ -588,6 +588,11 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style {
 			exit;
 		}

+		$checksum = SeedDMS_Core_File::checksum($dms->contentDir, $latestContent->getPath());
+		if($checksum != $latestContent->getChecksum()) {
+			$this->errorMsg(getMLText('wrong_checksum'));
+		}
+
 		$txt = $this->callHook('preLatestVersionTab', $latestContent);
 		if(is_string($txt))
 			echo $txt;