Dotclear

Changeset 2793:11edb05292c1 for admin


Ignore:
Timestamp:
11/15/14 18:48:03 (11 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
default
Message:

Prevents Clickjacking as far as possible (see  https://www.owasp.org/index.php/Clickjacking), thanks Narendra Bhati ( http://hacktivity.websecgeeks.com/) for reporting this.

Location:
admin
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • admin/auth.php

    r2787 r2792  
    264264 
    265265header('Content-Type: text/html; charset=UTF-8'); 
     266 
     267// Prevents Clickjacking as far as possible 
     268header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+ 
     269 
    266270?> 
    267271<!DOCTYPE html> 

  • admin/install/index.php

    r2787 r2792  
    239239} 
    240240header('Content-Type: text/html; charset=UTF-8'); 
     241 
     242// Prevents Clickjacking as far as possible 
     243header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+ 
     244 
    241245?> 
    242246<!DOCTYPE html> 

  • admin/install/wizard.php

    r2787 r2792  
    136136 
    137137header('Content-Type: text/html; charset=UTF-8'); 
     138 
     139// Prevents Clickjacking as far as possible 
     140header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+ 
     141 
    138142?> 
    139143<!DOCTYPE html> 
Note: See TracChangeset for help on using the changeset viewer.

Sites map