- File:
-
- 1 edited
-
inc/admin/lib.dc.page.php (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
inc/admin/lib.dc.page.php
r2871 r2909 17 17 { 18 18 private static $loaded_js = array(); 19 private static $xframe_loaded = false; 19 20 private static $N_TYPES = array( 20 21 "success" => "success", … … 54 55 55 56 # Top of admin page 56 public static function open($title='',$head='',$breadcrumb='' )57 public static function open($title='',$head='',$breadcrumb='',$options=array()) 57 58 { 58 59 global $core; … … 91 92 92 93 // Prevents Clickjacking as far as possible 93 header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+ 94 94 if (isset($options['x-frame-allow'])) { 95 self::setXFrameOptions($options['x-frame-allow']); 96 } else { 97 self::setXFrameOptions(); 98 } 95 99 echo 96 100 '<!DOCTYPE html>'. … … 919 923 return $GLOBALS['core']->adminurl->get('load.plugin.file',array('pf' => $file)); 920 924 } 925 926 public static function setXFrameOptions($origin=null) { 927 if (self::$xframe_loaded) { 928 return; 929 } 930 if ($origin !== null) { 931 $url = parse_url($origin); 932 header(sprintf('X-Frame-Options: %s', is_array($url)?($url['scheme'].'://'.$url['host']):'SAMEORIGIN')); 933 } else { 934 header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+ 935 } 936 self::$xframe_loaded = true; 937 938 } 921 939 }
Note: See TracChangeset
for help on using the changeset viewer.