diff options
author | thomascube <thomas@roundcube.net> | 2011-09-05 08:49:04 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2011-09-05 08:49:04 +0000 |
commit | 853696b15a11708e04412001f68a516f2332363c (patch) | |
tree | 0efe4416325ddc6872fc5d568d1fdf32e9b7662f /program/include/rcube_template.php | |
parent | b08caf5813c43e8648cdf5db1e003b3046a37c2c (diff) |
Backport changes from trunk up to r5164
Diffstat (limited to 'program/include/rcube_template.php')
-rwxr-xr-x | program/include/rcube_template.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/program/include/rcube_template.php b/program/include/rcube_template.php index c4dd73b23..1ec8e7dd3 100755 --- a/program/include/rcube_template.php +++ b/program/include/rcube_template.php @@ -356,6 +356,11 @@ class rcube_template extends rcube_html_page // make sure all <form> tags have a valid request token $template = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $template); $this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer); + + // send clickjacking protection headers + $iframe = $this->framed || !empty($_REQUEST['_framed']); + if (!headers_sent() && ($xframe = $this->app->config->get('x_frame_options', 'sameorigin'))) + header('X-Frame-Options: ' . ($iframe && $xframe == 'deny' ? 'sameorigin' : $xframe)); // call super method parent::write($template, $this->config['skin_path']); |