Skip to content
Permalink
Browse files
Only allow iFrame integration within the same domain #1114
  • Loading branch information
Fasse committed Oct 17, 2021
1 parent a71534e commit 2f4520dba90a3615dbb3d5e978dad44438fa9241
Showing with 10 additions and 1 deletion.
  1. +1 −1 adm_program/system/bootstrap/constants.php
  2. +3 −0 adm_program/system/classes/HtmlPage.php
  3. +6 −0 adm_program/system/classes/HtmlPageInstallation.php
@@ -24,7 +24,7 @@

define('ADMIDIO_VERSION_MAIN', 4);
define('ADMIDIO_VERSION_MINOR', 0);
define('ADMIDIO_VERSION_PATCH', 10);
define('ADMIDIO_VERSION_PATCH', 11);
define('ADMIDIO_VERSION_BETA', 0);
define('ADMIDIO_VERSION', ADMIDIO_VERSION_MAIN . '.' . ADMIDIO_VERSION_MINOR . '.' . ADMIDIO_VERSION_PATCH);

@@ -449,6 +449,9 @@ public function show()
$hasPreviousUrl = true;
}

// disallow iFrame integration from other domains to avoid clickjacking attacks
header('X-Frame-Options: SAMEORIGIN');

// add page functions menu to global menu
$gMenu->addFunctionsNode($this->menuNodePageFunctions);

@@ -114,6 +114,9 @@ public function setUpdateModus()
*/
public function show()
{
// disallow iFrame integration from other domains to avoid clickjacking attacks
header('X-Frame-Options: SAMEORIGIN');

$this->assignDefaultVariables();
$this->display('index.tpl');
}
@@ -132,6 +135,9 @@ public function show()
*/
public function showMessage($outputMode, $headline, $text, $buttonText, $buttonIcon, $destinationUrl)
{
// disallow iFrame integration from other domains to avoid clickjacking attacks
header('X-Frame-Options: SAMEORIGIN');

$this->assign('outputMode', $outputMode);
$this->assign('messageHeadline', $headline);
$this->assign('messageText', $text);

0 comments on commit 2f4520d

Please sign in to comment.