Dotclear

Changeset 2908:850dbd7afacb


Ignore:
Timestamp:
01/06/15 19:40:17 (9 years ago)
Author:
Dsls
Branch:
2.7
Message:

simplified url parsing, see #2049

File:
1 edited

Legend:

Unmodified
Added
Removed
  • inc/admin/lib.dc.page.php

    r2907 r2908  
    9292          // Prevents Clickjacking as far as possible 
    9393          if (isset($options['x-frame-allow'])) { 
    94                $host = parse_url($options['x-frame-allow'], PHP_URL_HOST); 
    95                $scheme = parse_url($options['x-frame-allow'], PHP_URL_SCHEME); 
    96                header(sprintf('X-Frame-Options: %s', ($host !== null)?($scheme.'://'.$host):'SAMEORIGIN')); 
     94               $url = parse_url($options['x-frame-allow']); 
     95               header(sprintf('X-Frame-Options: %s', is_array($url)?($url['scheme'].'://'.$url['host']):'SAMEORIGIN')); 
    9796          } else { 
    9897               header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+ 
Note: See TracChangeset for help on using the changeset viewer.

Sites map