|
@@ -22,10 +22,11 @@ if __name__ == '__main__':
|
22
|
22
|
from os.path import realpath, dirname
|
23
|
23
|
path.append(realpath(dirname(realpath(__file__)) + '/../'))
|
24
|
24
|
|
25
|
|
-import json
|
26
|
25
|
import cStringIO
|
27
|
|
-import os
|
28
|
26
|
import hashlib
|
|
27
|
+import hmac
|
|
28
|
+import json
|
|
29
|
+import os
|
29
|
30
|
import requests
|
30
|
31
|
|
31
|
32
|
from searx import logger
|
|
@@ -250,8 +251,7 @@ def image_proxify(url):
|
250
|
251
|
if not request.preferences.get_value('image_proxy'):
|
251
|
252
|
return url
|
252
|
253
|
|
253
|
|
- hash_string = url + settings['server']['secret_key']
|
254
|
|
- h = hashlib.sha256(hash_string.encode('utf-8')).hexdigest()
|
|
254
|
+ h = hmac.new(settings['server']['secret_key'], url, hashlib.sha256).hexdigest()
|
255
|
255
|
|
256
|
256
|
return '{0}?{1}'.format(url_for('image_proxy'),
|
257
|
257
|
urlencode(dict(url=url.encode('utf-8'), h=h)))
|
|
@@ -599,7 +599,7 @@ def image_proxy():
|
599
|
599
|
if not url:
|
600
|
600
|
return '', 400
|
601
|
601
|
|
602
|
|
- h = hashlib.sha256(url + settings['server']['secret_key'].encode('utf-8')).hexdigest()
|
|
602
|
+ h = hmac.new(settings['server']['secret_key'], url, hashlib.sha256).hexdigest()
|
603
|
603
|
|
604
|
604
|
if h != request.args.get('h'):
|
605
|
605
|
return '', 400
|