lib.dc.page.php

Timestamp:

08/18/15 21:25:27 (10 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

2.8

Children:

3081:2d7b794a32c3, 3085:b8c98f60c4d7

Message:

Cope with "unknown" scheme in url (ie nor http: neither https: is defined in origin url)

File:

inc/admin/lib.dc.page.php

-                      r3060
+                      r3080
+     }
+     public static function getPF($file) {
+     public static function getPF($file)
+     {
           return $GLOBALS['core']->adminurl->get('load.plugin.file',array('pf' => $file));
+     }
+     public static function setXFrameOptions($origin=null) {
+     public static function setXFrameOptions($origin = null)
+     {
           if (self::$xframe_loaded) {
                return;
 …
           if ($origin !== null) {
                $url = parse_url($origin);
+               header(sprintf('X-Frame-Options: %s', is_array($url)?("ALLOW-FROM ".$url['scheme'].'://'.$url['host']):'SAMEORIGIN'));
+               header(sprintf('X-Frame-Options: %s',is_array($url) ?
+                    ("ALLOW-FROM ".(isset($url['scheme']) ? $url['scheme'].':' : '' ).'//'.$url['host']) :
+                    'SAMEORIGIN'));
           } else {
                header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
+          }
           self::$xframe_loaded = true;
+     }
+}

Note: See TracChangeset for help on using the changeset viewer.