Changeset 2911:5434e75ad738 for inc/public/lib.urlhandlers.php

Timestamp:

01/07/15 12:55:08 (11 years ago)

Author:

Dsls

Branch:

twig

Parents:

2715:a87ddf7dbfb5 (diff), 2910:69efb1571e90 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merge with default

File:

• inc/public/lib.urlhandlers.php (modified) (2 diffs)

inc/public/lib.urlhandlers.php

@@ -110 +110 @@
 
           header('Content-Type: '.$_ctx->content_type.'; charset=UTF-8');
+
+          if ($core->blog->settings->system->prevents_clickjacking) {
+               // Prevents Clickjacking as far as possible
+               header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
+          }
+
           $result['content'] = $core->tpl->getData($_ctx->current_tpl);
           $result['content_type'] = $_ctx->content_type;
@@ -385 +391 @@
 
                          # Check for match
+                         # Note: We must prefix post_id key with '#'' in pwd_cookie array in order to avoid integer conversion
+                         # because MyArray["12345"] is treated as MyArray[12345]
                          if ((!empty($_POST['password']) && $_POST['password'] == $post_password)
-                         || (isset($pwd_cookie[$post_id]) && $pwd_cookie[$post_id] == $post_password))
+                         || (isset($pwd_cookie['#'.$post_id]) && $pwd_cookie['#'.$post_id] == $post_password))
                          {
-                              $pwd_cookie[$post_id] = $post_password;
+                              $pwd_cookie['#'.$post_id] = $post_password;
                               setcookie('dc_passwd',json_encode($pwd_cookie),0,'/');
                          }