URI.SecureMunge
TYPE: string/null
VERSION: 3.1.1
DEFAULT: NULL
--DESCRIPTION--
<p>
    Like %URI.Munge, this directive munges browsable external resources
    into another URI redirection service. %URI.SecureMunge accepts a URI
    with a %s located where the original URI should be substituted in,
    and %t located where the secure checksum should be provided.
    However, this directive affords
    an additional level of protection by generating a secure checksum from
    the URI as well as a secret key provided by %URI.SecureMungeSecretKey.
    Any redirector script can check this key by using:
</p>

<pre>$checksum === sha1($secret_key . ':' . $url)</pre>

<p>
    If the output is TRUE, the redirector script should accept the URI.
</p>

<p>
    Please note that it would still be possible for an attacker to procure
    secure hashes en-mass by abusing your website's Preview feature or the
    like, but this service affords an additional level of protection
    that should be combined with website blacklisting.
</p>

<p>
    <strong>This is a post-filter.</strong> This filter may conflict with other
    post-filters that deal with external links.
</p>