diff options
Diffstat (limited to 'apps/files/ajax/download.php')
| -rw-r--r-- | apps/files/ajax/download.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/files/ajax/download.php b/apps/files/ajax/download.php index e6be330c9b3..25d70c7ebcf 100644 --- a/apps/files/ajax/download.php +++ b/apps/files/ajax/download.php @@ -46,7 +46,7 @@ if (!is_array($files_list)) { * the content must not be longer than 32 characters and must only contain * alphanumeric characters */ -if(isset($_GET['downloadStartSecret']) +if (isset($_GET['downloadStartSecret']) && !isset($_GET['downloadStartSecret'][32]) && preg_match('!^[a-zA-Z0-9]+$!', $_GET['downloadStartSecret']) === 1) { setcookie('ocDownloadStarted', $_GET['downloadStartSecret'], time() + 20, '/'); |