From b5299ea11c2c6ce50099b1758873e59a612be16e Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Tue, 1 Apr 2014 10:00:37 -0500
Subject: [PATCH] Fix several bugs preventing file downloads

This is a regression introduced somewhere along the way in the new storage
API system for osTicket.
---
 include/class.attachment.php | 1 +
 kb/file.php                  | 2 +-
 scp/file.php                 | 2 +-
 scp/js/scp.js                | 2 +-
 4 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/include/class.attachment.php b/include/class.attachment.php
index 09d9826fd..937d09edd 100644
--- a/include/class.attachment.php
+++ b/include/class.attachment.php
@@ -175,6 +175,7 @@ class GenericAttachments {
         foreach ($this->attachments as $a) {
             if ($a['inline'] != $separate || $a['inline'] == $inlines) {
                 $a['file_id'] = $a['id'];
+                $a['hash'] = md5($a['file_id'].session_id().strtolower($a['key']));
                 $attachments[] = $a;
             }
         }
diff --git a/kb/file.php b/kb/file.php
index 213367658..b06b256a3 100644
--- a/kb/file.php
+++ b/kb/file.php
@@ -23,7 +23,7 @@ $h=trim($_GET['h']);
 //basic checks
 if(!$h  || strlen($h)!=64  //32*2
         || !($file=AttachmentFile::lookup(substr($h,0,32))) //first 32 is the file hash.
-        || strcasecmp(substr($h,-32),md5($file->getId().session_id().$file->getKey()))) //next 32 is file id + session hash.
+        || strcasecmp($h, $file->getDownloadHash())) //next 32 is file id + session hash.
     die('Unknown or invalid file. #'.Format::htmlchars($_GET['h']));
 
 $file->download();
diff --git a/scp/file.php b/scp/file.php
index 9d6518d0a..68197cc56 100644
--- a/scp/file.php
+++ b/scp/file.php
@@ -23,7 +23,7 @@ $h=trim($_GET['h']);
 //basic checks
 if(!$h  || strlen($h)!=64  //32*2
         || !($file=AttachmentFile::lookup(substr($h,0,32))) //first 32 is the file hash.
-        || $file->getDownloadHash() != $h) //next 32 is file id + session hash.
+        || strcasecmp($file->getDownloadHash(), $h)) //next 32 is file id + session hash.
     die('Unknown or invalid file. #'.Format::htmlchars($_GET['h']));
 
 $file->download();
diff --git a/scp/js/scp.js b/scp/js/scp.js
index 33839e80c..780d4c41a 100644
--- a/scp/js/scp.js
+++ b/scp/js/scp.js
@@ -213,7 +213,7 @@ $(document).ready(function(){
                             if(!$('.canned_attachments #f'+j.id,fObj).length) {
                                 var file='<span><label><input type="checkbox" name="cannedattachments[]" value="' + j.id+'" id="f'+j.id+'" checked="checked">';
                                     file+= ' '+ j.name + '</label>';
-                                    file+= ' (<a href="file.php?h=' + j.hash + j.key+ '">view</a>) </span>';
+                                    file+= ' (<a href="file.php?h=' + j.key + j.hash + '">view</a>) </span>';
                                 $('.canned_attachments', fObj).append(file);
                             }
 
-- 
GitLab