New: add function dol_hash

htdocs/lib/security.lib.php

@@ -558,4 +558,17 @@ function getRandomPassword()
 	return $generated_password;
 }
 
+/**
+ * 	Returns a hash of a string
+ * 	@param 	chain	String to hash
+ * 	@param	type	Type of hash (0:md5, 1:sha1, 2:sha1+md5)
+ * 	@return	hash	hash of string
+ */
+function dol_hash($chain,$type=0)
+{
+	if ($type == 1) return sha1($chain);
+	else if ($type == 2) return sha1(md5($chain));
+	else return md5($chain);
+}
+
 ?>

htdocs/paypal/admin/paypal.php

@@ -26,6 +26,7 @@
 
 require("../../main.inc.php");
 require_once(DOL_DOCUMENT_ROOT."/lib/admin.lib.php");
+require_once(DOL_DOCUMENT_ROOT."/lib/security.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/lib/doleditor.class.php");
 
 $servicename='PayPal';
@@ -215,7 +216,7 @@ print '</div>';
 print '<br><br>';
 
 $token='';
-if (! empty($conf->global->PAYPAL_SECURITY_TOKEN)) $token='&securekey='.md5($conf->global->PAYPAL_SECURITY_TOKEN);
+if (! empty($conf->global->PAYPAL_SECURITY_TOKEN)) $token='&securekey='.dol_hash($conf->global->PAYPAL_SECURITY_TOKEN, 2);
 
 // Url list
 print '<u>'.$langs->trans("FollowingUrlAreAvailableToMakePayments").':</u><br>';

htdocs/public/paypal/newpayment.php

@@ -33,6 +33,7 @@ require("../../main.inc.php");
 require_once(DOL_DOCUMENT_ROOT."/paypal/lib/paypal.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/paypal/lib/paypalfunctions.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
+require_once(DOL_DOCUMENT_ROOT."/lib/security.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/lib/functions2.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/product/class/product.class.php");
 
@@ -303,7 +304,7 @@ $var=false;
 $valid=true;
 if (! empty($conf->global->PAYPAL_SECURITY_TOKEN) )
 {
-	$token = md5($conf->global->PAYPAL_SECURITY_TOKEN . $ref);
+	$token = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . $ref, 2);
 	if ($SECUREKEY != $token) $valid=false;
 }