diff --git a/admin_autoupdate.php b/admin_autoupdate.php index 87f6a462..a6d47dc2 100644 --- a/admin_autoupdate.php +++ b/admin_autoupdate.php @@ -22,9 +22,9 @@ define('AREA', 'admin'); require './lib/init.php'; // define update-uri -define('UPDATE_URI', "http://version.froxlor.org/Froxlor/legacy/" . $version); -define('RELEASE_URI', "http://autoupdate.froxlor.org/froxlor-{version}.zip"); -define('MD5SUM_URI', "http://autoupdate.froxlor.org/froxlor-{version}.zip.md5"); +define('UPDATE_URI', "https://version.froxlor.org/Froxlor/legacy/" . $version); +define('RELEASE_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip"); +define('CHECKSUM_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip.sha256"); // check for allow_url_fopen if (ini_get('allow_url_fopen') === false) { @@ -105,8 +105,8 @@ elseif ($page == 'getdownload') { // define files to get $toLoad = str_replace('{version}', $newversion, RELEASE_URI); - $toCheck = str_replace('{version}', $newversion, MD5SUM_URI); - + $toCheck = str_replace('{version}', $newversion, CHECKSUM_URI); + // get archive data $newArchive = @file_get_contents($toLoad); @@ -133,8 +133,8 @@ elseif ($page == 'getdownload') { // close file-handle fclose($fh); - - // validate MD5 + + // validate the integrity of the downloaded file $_shouldsum = @file_get_contents($toCheck); if (!empty($_shouldsum)) { $_t = explode(" ", $_shouldsum); @@ -142,8 +142,8 @@ elseif ($page == 'getdownload') { } else { $shouldsum = null; } - $filesum = md5_file($localArchive); - + $filesum = hash_file('sha256', $localArchive); + if ($filesum != $shouldsum) { redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 9)); } @@ -204,6 +204,6 @@ elseif ($page == 'error') { // 6 = download without valid version // 7 = local archive does not exist // 8 = could not extract archive - // 9 = md5 mismatch + // 9 = checksum mismatch standard_error ('autoupdate_'.$errno); } diff --git a/lng/english.lng.php b/lng/english.lng.php index 7a430ed4..060f6464 100644 --- a/lng/english.lng.php +++ b/lng/english.lng.php @@ -1954,14 +1954,14 @@ $lng['domains']['ssl_redirect_temporarilydisabled'] = "
The SSL redirect is t $lng['admin']['autoupdate'] = 'Auto-Update'; $lng['error']['customized_version'] = 'It looks like your Froxlor installation has been customized, no support sorry.'; $lng['error']['autoupdate_0'] = 'Unknown error'; -$lng['error']['autoupdate_1'] = 'PHP setting allow_url_fopen is disabled. Autoupdate needs this setting to be enabled in the php.ini'; +$lng['error']['autoupdate_1'] = 'PHP setting allow_url_fopen is disabled. Autoupdate needs this setting to be enabled in php.ini'; $lng['error']['autoupdate_2'] = 'PHP extension Zlib not found, please ensure it is installed and activated'; $lng['error']['autoupdate_4'] = 'The froxlor archive could not be stored to the disk :('; $lng['error']['autoupdate_5'] = 'version.froxlor.org returned inacceptable values :('; $lng['error']['autoupdate_6'] = 'Woops, there was no (valid) version given to download :('; $lng['error']['autoupdate_7'] = 'The downloaded archive could not be found :('; -$lng['error']['autoupdate_8'] = 'The archive could not be extraxted :('; -$lng['error']['autoupdate_9'] = 'The MD5 sum of the downloaded file is not correct. Please try to update again.'; +$lng['error']['autoupdate_8'] = 'The archive could not be extracted :('; +$lng['error']['autoupdate_9'] = 'The downloaded file did not pass the integrity check. Please try to update again.'; $lng['admin']['server_php'] = 'PHP';