r79566 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r79565‎ | r79566 | r79567 >
Date:07:06, 4 January 2011
Author:tstarling
Status:ok
Tags:
Comment:
(bug 26561) Simplified clickjacking patch.
Modified paths:
  • /branches/REL1_15/phase3/config/index.php (modified) (history)
  • /branches/REL1_15/phase3/includes/OutputPage.php (modified) (history)

Diff [purge]

Index: branches/REL1_15/phase3/includes/OutputPage.php
@@ -957,6 +957,9 @@
958958 $wgRequest->response()->header( "Content-type: $wgMimeType; charset={$wgOutputEncoding}" );
959959 $wgRequest->response()->header( 'Content-language: '.$wgContLanguageCode );
960960
 961+ # To prevent clickjacking, do not allow this page to be inside a frame.
 962+ $wgRequest->response()->header( 'X-Frame-Options: DENY' );
 963+
961964 if ($this->mArticleBodyOnly) {
962965 $this->out($this->mBodytext);
963966 } else {
Index: branches/REL1_15/phase3/config/index.php
@@ -21,6 +21,7 @@
2222
2323 error_reporting( E_ALL );
2424 header( "Content-type: text/html; charset=utf-8" );
 25+header( 'X-Frame-Options: DENY' );
2526 @ini_set( "display_errors", true );
2627
2728 # In case of errors, let output be clean.

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r79561Fix for bug 26561: clickjacking attacks. See the bug report for full document...tstarling06:12, 4 January 2011
r79562MFT r79561, bug 26561: fix clickjacking vulnerabilities.tstarling06:15, 4 January 2011
r79563Merge r79562 from REL1_16: bug 26561, clickjacking defences.tstarling06:26, 4 January 2011

Status & tagging log