-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathindex.php
39 lines (37 loc) · 1.49 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<?php
/**
* @copyright Copyright (c) 2016 Lukas Reschke <[email protected]>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
header('Content-Security-Policy: default-src \'none\'');
header('X-Frame-Options: deny');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
header('Strict-Transport-Security: max-age=15768000; includeSubDomains; preload');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment');
$cacheItem = substr($_SERVER['REQUEST_URI'], 1);
if (strpos($cacheItem, '/../') !== false || strrchr($cacheItem, '/') === '/..') {
die('Traversal detected');
}
if (file_exists(__DIR__ . '/cache/' . $cacheItem)) {
header('Expires: Sun, 17 Jan 2038 19:14:07 GMT');
echo file_get_contents(__DIR__ . '/cache/' . $cacheItem);
} else {
die('File not found');
}