require(JIRAFEAU_ROOT.'lib/template/footer.php');
exit;
} else {
- if (hash_equals($link['key'], md5($_POST['key']))) {
+ if (strpos($link['key'], '[SHA256]') == 0 && hash_equals(substr($link['key'], 8), hash('sha256', $_POST['key']))) {
+ $password_challenged = true;
+ }
+ elseif (hash_equals($link['key'], md5($_POST['key']))) {
$password_challenged = true;
} else {
sleep(2);
header('Content-Disposition: attachment; filename="' . $link['file_name'] . '"');
} else {
header('Content-Disposition: filename="' . $link['file_name'] . '"');
+ header('X-Content-Type-Options: nosniff');
}
header('Content-Type: ' . $link['mime_type']);
if ($cfg['file_hash'] == "md5") {