X-Git-Url: https://git.p6c8.net/jirafeau/pcanterino.git/blobdiff_plain/42fe0291ef650140d5c712932d496c81fac18933..747afb20bfcff14bb67e40e7035d47a6311ba3e1:/f.php?ds=sidebyside
diff --git a/f.php b/f.php
index f523f72..269b10b 100644
--- a/f.php
+++ b/f.php
@@ -98,7 +98,7 @@ if (!empty($delete_code) && $delete_code == $link['link_code']) {
|
|
- |
+ |
|
' . t('TOS') . '.' ?>
|
|
@@ -143,7 +143,7 @@ if (!empty($link['key'])) {
t('GIMME_PSW') . ' : ' .
'' .
' |
' .
- '| ' .
+ ' |
| ' .
t('USING_SERVICE'). ' ' . t('TOS') . '.' .
' |
';
@@ -171,7 +171,7 @@ if (!empty($link['key'])) {
require(JIRAFEAU_ROOT.'lib/template/footer.php');
exit;
} else {
- if ($link['key'] == md5($_POST['key'])) {
+ if (hash_equals($link['key'], md5($_POST['key']))) {
$password_challenged = true;
} else {
sleep(2);
@@ -193,7 +193,7 @@ if (!$password_challenged && !$do_download && !$do_preview) {
'| ' .
t('NOW_DOWNLOADING') . ' "' . jirafeau_escape($link['file_name']) . '" (' . jirafeau_human_size($link['file_size']) . ').' .
' |
' .
- '| ' .
+ ' |
| ' .
t('USING_SERVICE'). ' ' . t('TOS') . '.' .
' |
';
@@ -231,6 +231,7 @@ if (!jirafeau_is_viewable($link['mime_type']) || !$cfg['preview'] || $do_downloa
header('Content-Disposition: attachment; filename="' . $link['file_name'] . '"');
} else {
header('Content-Disposition: filename="' . $link['file_name'] . '"');
+ header('X-Content-Type-Options: nosniff');
}
header('Content-Type: ' . $link['mime_type']);
if ($cfg['file_hash'] == "md5") {