2014-09-01, 05:02 PM
Currently in MyBB 1.6.x and 1.8.x when a file is uploaded to the system you are using the md5 of a random string to generate the filename as seen on line 491 of functions_upload.php
$filename = "post_".$mybb->user['uid']."_".TIME_NOW."_".md5(random_str()).".attach";
My suggestion is when a file is uploaded it should be saved to a temporary location and then the filename should be generated using sha1_file(...) instead of md5(random_str())
This would provide a path to allow for a plugin or core feature to detect duplicates by scanning the attachments table looking for a match in the filename column for a given sha1 hash.
$filename = "post_".$mybb->user['uid']."_".TIME_NOW."_".md5(random_str()).".attach";
My suggestion is when a file is uploaded it should be saved to a temporary location and then the filename should be generated using sha1_file(...) instead of md5(random_str())
This would provide a path to allow for a plugin or core feature to detect duplicates by scanning the attachments table looking for a match in the filename column for a given sha1 hash.