Changes in [2910:69efb1571e90:2906:6e7e433ef6d3]

Files:

• admin/post.php (modified) (1 diff)
• inc/admin/lib.dc.page.php (modified) (4 diffs)
• plugins/pages/page.php (modified) (1 diff)

admin/post.php

@@ -411 +411 @@
                ($post_id ? $page_title_edit : $page_title) => ''
           ))
-     , array(
-          'x-frame-allow' => $core->blog->url
-     )
 );
 

inc/admin/lib.dc.page.php

@@ -17 +17 @@
 {
      private static $loaded_js = array();
-     private static $xframe_loaded = false;
      private static $N_TYPES = array(
           "success" => "success",
@@ -55 +54 @@
 
      # Top of admin page
-     public static function open($title='',$head='',$breadcrumb='',$options=array())
+     public static function open($title='',$head='',$breadcrumb='')
      {
           global $core;
@@ -92 +91 @@
 
           // Prevents Clickjacking as far as possible
-          if (isset($options['x-frame-allow'])) {
-               self::setXFrameOptions($options['x-frame-allow']);
-          } else {
-               self::setXFrameOptions();
-          }
+          header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
+
           echo
           '<!DOCTYPE html>'.
@@ -923 +919 @@
           return $GLOBALS['core']->adminurl->get('load.plugin.file',array('pf' => $file));
      }
-
-     public static function setXFrameOptions($origin=null) {
-          if (self::$xframe_loaded) {
-               return;
-          }
-          if ($origin !== null) {
-               $url = parse_url($origin);
-               header(sprintf('X-Frame-Options: %s', is_array($url)?($url['scheme'].'://'.$url['host']):'SAMEORIGIN'));
-          } else {
-               header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
-          }
-          self::$xframe_loaded = true;
-
-     }
 }

plugins/pages/page.php

@@ -304 +304 @@
 }
 
-dcPage::setXFrameOptions($core->blog->url);
 ?>
 <html>