Changeset 2907:d5da0414c363 for inc
- Timestamp:
- 01/06/15 19:38:51 (11 years ago)
- Branch:
- 2.7
- File:
-
- 1 edited
-
inc/admin/lib.dc.page.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
inc/admin/lib.dc.page.php
r2871 r2907 54 54 55 55 # Top of admin page 56 public static function open($title='',$head='',$breadcrumb='' )56 public static function open($title='',$head='',$breadcrumb='',$options=array()) 57 57 { 58 58 global $core; … … 91 91 92 92 // Prevents Clickjacking as far as possible 93 header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+ 94 93 if (isset($options['x-frame-allow'])) { 94 $host = parse_url($options['x-frame-allow'], PHP_URL_HOST); 95 $scheme = parse_url($options['x-frame-allow'], PHP_URL_SCHEME); 96 header(sprintf('X-Frame-Options: %s', ($host !== null)?($scheme.'://'.$host):'SAMEORIGIN')); 97 } else { 98 header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+ 99 } 95 100 echo 96 101 '<!DOCTYPE html>'.
Note: See TracChangeset
for help on using the changeset viewer.