protection against cross-frame scripting

2008-07-24 17:12:32 +00:00
parent 37b3fbb8e3
commit 152a7342fd
4 changed files with 36 additions and 0 deletions
--- a/libraries/header_scripts.inc.php
+++ b/libraries/header_scripts.inc.php
@@ -13,6 +13,27 @@ if (! defined('PHPMYADMIN')) {
 */
 require_once './libraries/common.inc.php';

+
+// Cross-framing protection
+if ( false === $GLOBALS['cfg']['AllowThirdPartyFraming']) {
+?>
+<script type="text/javascript">
+try {
+    // can't access this if on a different domain
+    var topdomain = top.document.domain;
+    // double-check just for sure
+    if (topdomain != self.document.domain) {
+        alert("Redirecting...");
+        top.location.replace(self.document.URL.substring(0, self.document.URL.lastIndexOf("/")+1));
+    }
+}
+catch(e) {
+    alert("Redirecting... (error: " + e);
+    top.location.replace(self.document.URL.substring(0, self.document.URL.lastIndexOf("/")+1));
+}
+</script>
+<?php
+}
 // generate title
 $title = str_replace(
            array(