Dotclear


Ignore:
Timestamp:
12/19/17 06:50:17 (8 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
default
Parents:
3621:e1a3f3cf4930 (diff), 3611:e8ccb1c08e9f (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Merge 2.12 commits since 2.12.1 in default branch

Files:
2 edited

Legend:

Unmodified
Added
Removed
  • inc/admin/lib.dc.page.php

    r3599 r3622  
    9494          # Content-Type 
    9595          $headers['content-type'] = 'Content-Type: text/html; charset=UTF-8'; 
     96 
     97          # Referrer Policy for admin pages 
     98          $headers['referrer'] = 'Referrer-Policy: strict-origin'; 
    9699 
    97100          # Prevents Clickjacking as far as possible 
     
    352355 
    353356          if (!$GLOBALS['__resources']['ctxhelp']) { 
    354                echo 
    355                '<p id="help-button"><a href="'.$core->adminurl->get("admin.help").'" class="outgoing" title="'. 
    356                __('Global help').'">'.__('Global help').'</a></p>'; 
     357               if (!$core->auth->user_prefs->interface->hidehelpbutton) { 
     358                    echo 
     359                    '<p id="help-button"><a href="'.$core->adminurl->get("admin.help").'" class="outgoing" title="'. 
     360                    __('Global help').'">'.__('Global help').'</a></p>'; 
     361               } 
    357362          } 
    358363 
     
    419424          header('Content-Type: text/html; charset=UTF-8'); 
    420425 
    421           // Prevents Clickjacking as far as possible 
     426          # Referrer Policy for admin pages 
     427          header('Referrer-Policy: strict-origin'); 
     428 
     429          # Prevents Clickjacking as far as possible 
    422430          header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+ 
    423431 
     
    596604     { 
    597605          global $core; 
     606 
     607          if ($core->auth->user_prefs->interface->hidehelpbutton) { 
     608               return; 
     609          } 
     610 
    598611          $args = func_get_args(); 
    599  
    600612          $args = new ArrayObject($args); 
    601613 
  • inc/admin/lib.dc.page.php

    r3619 r3622  
    122122                    $csp_prefix."'self' 'unsafe-inline'".$csp_suffix; 
    123123               $csp['img-src'] = $core->blog->settings->system->csp_admin_img ?: 
    124                     $csp_prefix."'self' data: media.dotaddict.org blob:"; 
     124                    $csp_prefix."'self' data: http://media.dotaddict.org blob:"; 
    125125 
    126126               # Cope with blog post preview (via public URL in iframe) 
Note: See TracChangeset for help on using the changeset viewer.

Sites map