X-Git-Url: https://git.p6c8.net/jirafeau/jirafeau.git/blobdiff_plain/21301c45dfc7b95be8c0f5fd32674aa246d06cab..b2a6694cd0bb0d0e07610cd408e80698f62680c4:/f.php diff --git a/f.php b/f.php index 922668f..f0a3d12 100644 --- a/f.php +++ b/f.php @@ -171,7 +171,7 @@ if (!empty($link['key'])) { require(JIRAFEAU_ROOT.'lib/template/footer.php'); exit; } else { - if (hash_equals($link['key'], md5($_POST['key']))) { + if (hash_equals($link['key'], hash('sha256', $_POST['key']))) { $password_challenged = true; } else { sleep(2); @@ -231,6 +231,7 @@ if (!jirafeau_is_viewable($link['mime_type']) || !$cfg['preview'] || $do_downloa header('Content-Disposition: attachment; filename="' . $link['file_name'] . '"'); } else { header('Content-Disposition: filename="' . $link['file_name'] . '"'); + header('X-Content-Type-Options: nosniff'); } header('Content-Type: ' . $link['mime_type']); if ($cfg['file_hash'] == "md5") {