Changeset 2909:531b7a053458
- Timestamp:
- 01/07/15 08:45:37 (11 years ago)
- Branch:
- 2.7
- Children:
- 2910:69efb1571e90, 2912:ece65b251f7a
- Files:
-
- 2 edited
-
inc/admin/lib.dc.page.php (modified) (3 diffs)
-
plugins/pages/page.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
inc/admin/lib.dc.page.php
r2908 r2909 17 17 { 18 18 private static $loaded_js = array(); 19 private static $xframe_loaded = false; 19 20 private static $N_TYPES = array( 20 21 "success" => "success", … … 92 93 // Prevents Clickjacking as far as possible 93 94 if (isset($options['x-frame-allow'])) { 94 $url = parse_url($options['x-frame-allow']); 95 header(sprintf('X-Frame-Options: %s', is_array($url)?($url['scheme'].'://'.$url['host']):'SAMEORIGIN')); 95 self::setXFrameOptions($options['x-frame-allow']); 96 96 } else { 97 header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+97 self::setXFrameOptions(); 98 98 } 99 99 echo … … 923 923 return $GLOBALS['core']->adminurl->get('load.plugin.file',array('pf' => $file)); 924 924 } 925 926 public static function setXFrameOptions($origin=null) { 927 if (self::$xframe_loaded) { 928 return; 929 } 930 if ($origin !== null) { 931 $url = parse_url($origin); 932 header(sprintf('X-Frame-Options: %s', is_array($url)?($url['scheme'].'://'.$url['host']):'SAMEORIGIN')); 933 } else { 934 header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+ 935 } 936 self::$xframe_loaded = true; 937 938 } 925 939 } -
plugins/pages/page.php
r2856 r2909 304 304 } 305 305 306 dcPage::setXFrameOptions($core->blog->url); 306 307 ?> 307 308 <html>
Note: See TracChangeset
for help on using the changeset viewer.