diff --git a/include/class.attachment.php b/include/class.attachment.php
index 09d9826fd0444748830e63b18e5caf9bb5441f54..937d09edd5346d331170752077e1b00f9a354e51 100644
--- a/include/class.attachment.php
+++ b/include/class.attachment.php
@@ -175,6 +175,7 @@ class GenericAttachments {
         foreach ($this->attachments as $a) {
             if ($a['inline'] != $separate || $a['inline'] == $inlines) {
                 $a['file_id'] = $a['id'];
+                $a['hash'] = md5($a['file_id'].session_id().strtolower($a['key']));
                 $attachments[] = $a;
             }
         }
diff --git a/kb/file.php b/kb/file.php
index 21336765817fa588a82a983af5e8b52dc8da2a85..b06b256a35a6ebdd9c40137f9fec0b6a2f797343 100644
--- a/kb/file.php
+++ b/kb/file.php
@@ -23,7 +23,7 @@ $h=trim($_GET['h']);
 //basic checks
 if(!$h  || strlen($h)!=64  //32*2
         || !($file=AttachmentFile::lookup(substr($h,0,32))) //first 32 is the file hash.
-        || strcasecmp(substr($h,-32),md5($file->getId().session_id().$file->getKey()))) //next 32 is file id + session hash.
+        || strcasecmp($h, $file->getDownloadHash())) //next 32 is file id + session hash.
     die('Unknown or invalid file. #'.Format::htmlchars($_GET['h']));
 
 $file->download();
diff --git a/scp/file.php b/scp/file.php
index 9d6518d0ae4f4d53656389503bb83c71682a8963..68197cc566cf05f707d7d0d458b7097422b7b8ae 100644
--- a/scp/file.php
+++ b/scp/file.php
@@ -23,7 +23,7 @@ $h=trim($_GET['h']);
 //basic checks
 if(!$h  || strlen($h)!=64  //32*2
         || !($file=AttachmentFile::lookup(substr($h,0,32))) //first 32 is the file hash.
-        || $file->getDownloadHash() != $h) //next 32 is file id + session hash.
+        || strcasecmp($file->getDownloadHash(), $h)) //next 32 is file id + session hash.
     die('Unknown or invalid file. #'.Format::htmlchars($_GET['h']));
 
 $file->download();
diff --git a/scp/js/scp.js b/scp/js/scp.js
index 33839e80c39174391d9d10e9e2c2029a44af9221..780d4c41a95e3f1c3bac50c0038cfd93558a0123 100644
--- a/scp/js/scp.js
+++ b/scp/js/scp.js
@@ -213,7 +213,7 @@ $(document).ready(function(){
                             if(!$('.canned_attachments #f'+j.id,fObj).length) {
                                 var file='<span><label><input type="checkbox" name="cannedattachments[]" value="' + j.id+'" id="f'+j.id+'" checked="checked">';
                                     file+= ' '+ j.name + '</label>';
-                                    file+= ' (<a href="file.php?h=' + j.hash + j.key+ '">view</a>) </span>';
+                                    file+= ' (<a href="file.php?h=' + j.key + j.hash + '">view</a>) </span>';
                                 $('.canned_attachments', fObj).append(file);
                             }