* Security enhancement: Prevent image access through thumbs.php. For details...
[Packages/TYPO3.CMS.git] / typo3 / show_item.php
index b9a1b9b..e24d82c 100755 (executable)
@@ -428,7 +428,9 @@ class SC_show_item {
                                // Font files:
                        if ($ext=='ttf')        {
                                $thumbScript = 'thumbs.php';
+                               $check = basename($this->file).':'.filemtime($this->file).':'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'];
                                $params = '&file='.rawurlencode($this->file);
+                               $params.= '&md5sum='.t3lib_div::shortMD5($check);
                                $url = $thumbScript.'?&dummy='.$GLOBALS['EXEC_TIME'].$params;
                                $thumb = '<br />
                                        <div align="center">'.$returnLinkTag.'<img src="'.htmlspecialchars($url).'" border="0" title="'.htmlspecialchars(trim($this->file)).'" alt="" /></a></div>';