X-Git-Url: https://git.p6c8.net/jirafeau/jirafeau.git/blobdiff_plain/8c8f88ec2104ab0a12ceec4f5a8e2ebeb72758cc..cffb5d5b1fd755e60431cb361b796ba3c251426d:/f.php diff --git a/f.php b/f.php index a93ec98..870b4bd 100644 --- a/f.php +++ b/f.php @@ -98,7 +98,7 @@ if (!empty($delete_code) && $delete_code == $link['link_code']) { - + ' . t('TOS') . '.' ?> @@ -143,7 +143,7 @@ if (!empty($link['key'])) { t('GIMME_PSW') . ' : ' . '' . '' . - '' . + '' . t('USING_SERVICE'). ' ' . t('TOS') . '.' . ''; @@ -171,7 +171,9 @@ if (!empty($link['key'])) { require(JIRAFEAU_ROOT.'lib/template/footer.php'); exit; } else { - if (hash_equals($link['key'], md5($_POST['key']))) { + if (strpos($link['key'], '[SHA256]') == 0 && hash_equals(substr($link['key'], 8), hash('sha256', $_POST['key']))) { + $password_challenged = true; + } elseif (hash_equals($link['key'], md5($_POST['key']))) { $password_challenged = true; } else { sleep(2); @@ -193,7 +195,7 @@ if (!$password_challenged && !$do_download && !$do_preview) { '' . t('NOW_DOWNLOADING') . ' "' . jirafeau_escape($link['file_name']) . '" (' . jirafeau_human_size($link['file_size']) . ').' . '' . - '' . + '' . t('USING_SERVICE'). ' ' . t('TOS') . '.' . ''; @@ -231,6 +233,7 @@ if (!jirafeau_is_viewable($link['mime_type']) || !$cfg['preview'] || $do_downloa header('Content-Disposition: attachment; filename="' . $link['file_name'] . '"'); } else { header('Content-Disposition: filename="' . $link['file_name'] . '"'); + header('X-Content-Type-Options: nosniff'); } header('Content-Type: ' . $link['mime_type']); if ($cfg['file_hash'] == "md5") {