* Security enhancement: Prevent image access through thumbs.php. For details...
[Packages/TYPO3.CMS.git] / typo3 / sysext / cms / tslib / class.tslib_content.php
index 24575f3..94691cb 100755 (executable)
@@ -3902,7 +3902,9 @@ class tslib_cObj {
                                                if ($GLOBALS['TYPO3_CONF_VARS']['GFX']['thumbnails'])   {
                                                        $thumbSize = '';
                                                        if ($conf['icon_thumbSize'] || $conf['icon_thumbSize.'])        { $thumbSize = '&size='.$this->stdWrap($conf['icon_thumbSize'], $conf['icon_thumbSize.']); }
-                                                       $icon = 't3lib/thumbs.php?dummy='.$GLOBALS['EXEC_TIME'].'&file='.rawurlencode('../'.$theFile).$thumbSize;
+                                                       $check = basename($theFile).':'.filemtime($theFile).':'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'];
+                                                       $md5sum = '&md5sum='.t3lib_div::shortMD5($check);
+                                                       $icon = 't3lib/thumbs.php?dummy='.$GLOBALS['EXEC_TIME'].'&file='.rawurlencode('../'.$theFile).$thumbSize.$md5sum;
                                                } else {
                                                        $icon = t3lib_extMgm::siteRelPath('cms').'tslib/media/miscicons/notfound_thumb.gif';
                                                }