nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use X-Frame-Options header to protect against ClickJacking.

Browse Source
This commit is contained in:
Michal Čihař
2010-01-13 13:03:56 +00:00
parent bf7b74e941
commit cf3f73f5d0
2 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -53,6 +53,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
+ [lang] Greek update, thanks to Panagiotis Papazoglou + [lang] Greek update, thanks to Panagiotis Papazoglou
+ [lang] Norwegian update, thanks to Sven-Erik Andersen + [lang] Norwegian update, thanks to Sven-Erik Andersen
- bug #2929958 [import] Cannot import (French interface) - bug #2929958 [import] Cannot import (French interface)
- [security] Use X-Frame-Options header to protect against ClickJacking.
3.2.6.0 (not yet released) 3.2.6.0 (not yet released)

4
libraries/header_http.inc.php
View File

@@ -20,6 +20,10 @@ if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
* Sends http headers * Sends http headers
*/ */
$GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT'; $GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT';
/* Prevent against ClickJacking by allowing frames only from same origin */
if (!$GLOBALS['cfg']['AllowThirdPartyFraming']) {
header('X-Frame-Options: SAMEORIGIN');
}
header('Expires: ' . $GLOBALS['now']); // rfc2616 - Section 14.21 header('Expires: ' . $GLOBALS['now']); // rfc2616 - Section 14.21
header('Last-Modified: ' . $GLOBALS['now']); header('Last-Modified: ' . $GLOBALS['now']);
header('Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0'); // HTTP/1.1 header('Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0'); // HTTP/1.1