[SECURITY] Open shockwave inclusion in flvplayer.swf
[Packages/TYPO3.CMS.git] / typo3 / sysext / cms / tslib / PHP / ValidateHashEID.php
1 <?php
2 /**
3 * This file is part of the TYPO3 CMS project.
4 *
5 * It is free software; you can redistribute it and/or modify it under
6 * the terms of the GNU General Public License, either version 2
7 * of the License, or any later version.
8 *
9 * For the full copyright and license information, please read the
10 * LICENSE.txt file that was distributed with this source code.
11 *
12 * The TYPO3 project - inspiring people to share!
13 */
14
15 call_user_func(function() {
16 $value = \TYPO3\CMS\Core\Utility\GeneralUtility::_GET('value');
17 $addition = \TYPO3\CMS\Core\Utility\GeneralUtility::_GET('addition');
18 $scope = \TYPO3\CMS\Core\Utility\GeneralUtility::_GET('scope');
19
20 $content = \TYPO3\CMS\Core\Utility\GeneralUtility::hmac($value, $addition);
21
22 if ($scope === 'flashvars') {
23 header('Content-type: application/x-www-form-urlencoded');
24 $content = 'hash=' . $content;
25 } else {
26 header('Content-type: text/plain');
27 }
28
29 header('Pragma: no-cache');
30 header('Cache-control: no-cache');
31
32 echo $content;
33 });