r79566 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r79565‎ \| r79566 \| r79567 >
Date:	07:06, 4 January 2011
Author:	tstarling
Status:	ok
Tags:
Comment:	(bug 26561) Simplified clickjacking patch.
Modified paths:	/branches/REL1_15/phase3/config/index.php (modified) (history) /branches/REL1_15/phase3/includes/OutputPage.php (modified) (history)

Diff [purge]

Index: branches/REL1_15/phase3/includes/OutputPage.php
—	—	@@ -957,6 +957,9 @@
958	958	$wgRequest->response()->header( "Content-type: $wgMimeType; charset={$wgOutputEncoding}" );
959	959	$wgRequest->response()->header( 'Content-language: '.$wgContLanguageCode );
960	960
	961	+ # To prevent clickjacking, do not allow this page to be inside a frame.
	962	+ $wgRequest->response()->header( 'X-Frame-Options: DENY' );
	963	+
961	964	if ($this->mArticleBodyOnly) {
962	965	$this->out($this->mBodytext);
963	966	} else {
Index: branches/REL1_15/phase3/config/index.php
—	—	@@ -21,6 +21,7 @@
22	22
23	23	error_reporting( E_ALL );
24	24	header( "Content-type: text/html; charset=utf-8" );
	25	+header( 'X-Frame-Options: DENY' );
25	26	@ini_set( "display_errors", true );
26	27
27	28	# In case of errors, let output be clean.

Revision	Commit summary	Author	Date
r79561	Fix for bug 26561: clickjacking attacks. See the bug report for full document...	tstarling	06:12, 4 January 2011
r79562	MFT r79561, bug 26561: fix clickjacking vulnerabilities.	tstarling	06:15, 4 January 2011
r79563	Merge r79562 from REL1_16: bug 26561, clickjacking defences.	tstarling	06:26, 4 January 2011

13:37, 2 February 2011 😂 (talk | contribs) changed the status of r79566 [removed: deferred added: ok]
01:19, 8 January 2011 Reedy (talk | contribs) changed the status of r79566 [removed: new added: deferred]