Skip to content

Commit

Permalink
Prevent admin pages from being displayed in iframes. Also a bit of co…
Browse files Browse the repository at this point in the history
…ding standards tidying up.

Hopefully this does not break anything within Habari.  All my testing indicates nothing breaks with this change. If something does, blame me and I will look into it.
  • Loading branch information
lildude committed Oct 20, 2011
1 parent 04cd07a commit d8a544e
Showing 1 changed file with 29 additions and 23 deletions.
52 changes: 29 additions & 23 deletions admin/header.php
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
<?php if ( !defined( 'HABARI_PATH' ) ) { die('No direct access'); } ?>
<?php if ( !defined( 'HABARI_PATH' ) ) { die( 'No direct access' ); }
header( 'X-Frame-Options: DENY' );
?>
<!doctype html>
<html>
<head>
Expand All @@ -7,26 +9,30 @@
<script type="text/javascript">
var habari = {
url: {
habari: '<?php Site::out_url('habari'); ?>',
ajaxDashboard: '<?php echo URL::get('admin_ajax', array('context' => 'dashboard')); ?>',
ajaxUpdatePosts: '<?php echo URL::get('admin_ajax', array('context' => 'update_posts')); ?>',
ajaxLogDelete: '<?php echo URL::get('admin_ajax', array('context' => 'delete_logs')); ?>',
ajaxUpdateUsers: '<?php echo URL::get('admin_ajax', array('context' => 'update_users')); ?>',
ajaxUpdateGroups: '<?php echo URL::get('admin_ajax', array('context' => 'update_groups')); ?>',
ajaxUpdateComment: '<?php echo URL::get('admin_ajax', array('context' => 'update_comment')); ?>',
ajaxAddBlock: '<?php echo URL::get('admin_ajax', array('context' => 'add_block')); ?>',
ajaxDeleteBlock: '<?php echo URL::get('admin_ajax', array('context' => 'delete_block')); ?>',
ajaxSaveAreas: '<?php echo URL::get('admin_ajax', array('context' => 'save_areas')); ?>'
habari: '<?php Site::out_url( 'habari' ); ?>',
ajaxDashboard: '<?php echo URL::get( 'admin_ajax', array( 'context' => 'dashboard' ) ); ?>',
ajaxUpdatePosts: '<?php echo URL::get( 'admin_ajax', array( 'context' => 'update_posts' ) ); ?>',
ajaxLogDelete: '<?php echo URL::get( 'admin_ajax', array( 'context' => 'delete_logs' ) ); ?>',
ajaxUpdateUsers: '<?php echo URL::get( 'admin_ajax', array( 'context' => 'update_users' ) ); ?>',
ajaxUpdateGroups: '<?php echo URL::get( 'admin_ajax', array( 'context' => 'update_groups' ) ); ?>',
ajaxUpdateComment: '<?php echo URL::get( 'admin_ajax', array( 'context' => 'update_comment' ) ); ?>',
ajaxAddBlock: '<?php echo URL::get( 'admin_ajax', array( 'context' => 'add_block' ) ); ?>',
ajaxDeleteBlock: '<?php echo URL::get( 'admin_ajax', array( 'context' => 'delete_block' ) ); ?>',
ajaxSaveAreas: '<?php echo URL::get( 'admin_ajax', array( 'context' => 'save_areas' ) ); ?>'
}
};
// An almost "catch all" for those old browsers that don't support the X-Frame-Options header. We don't bust out, we just don't show any content
if ( top != self ) {
self.location.replace( 'about:blank' );
}
</script>
<?php
Plugins::act( 'admin_header', $this );
Stack::out( 'admin_header_javascript', array('Stack', 'scripts') );
Stack::out( 'admin_stylesheet', array('Stack', 'styles') );
Stack::out( 'admin_header_javascript', array( 'Stack', 'scripts' ) );
Stack::out( 'admin_stylesheet', array( 'Stack', 'styles' ) );
?>
<!--[if IE 7]>
<link rel="stylesheet" type="text/css" href="<?php Site::out_url('admin_theme'); ?>/css/ie.css" media="screen">
<link rel="stylesheet" type="text/css" href="<?php Site::out_url( 'admin_theme' ); ?>/css/ie.css" media="screen">
<![endif]-->

<?php
Expand All @@ -43,15 +49,15 @@

<div id="menulist" class="dropbuttonlist">
<ul>
<?php foreach($mainmenu as $menu_id => $menu): ?>
<li id="link-<?php echo $menu_id ?>" class="<?php if ($menu['selected'] == true) { echo 'selected'; } ?><?php if (isset($menu['submenu'])): ?> submenu<?php endif; ?>" title="<?php echo $menu['title']; ?>"><a class="top" href="<?php echo $menu['url']; ?>"><?php echo $menu['text']; ?>
<?php if ( isset($menu['hotkey']) && $menu['hotkey'] != '' ): ?><span class="hotkey"><?php echo $menu['hotkey']; ?></span><?php endif; ?>
<?php foreach ( $mainmenu as $menu_id => $menu ): ?>
<li id="link-<?php echo $menu_id ?>" class="<?php if ( $menu['selected'] == true ) { echo 'selected'; } ?><?php if ( isset( $menu['submenu'] ) ): ?> submenu<?php endif; ?>" title="<?php echo $menu['title']; ?>"><a class="top" href="<?php echo $menu['url']; ?>"><?php echo $menu['text']; ?>
<?php if ( isset( $menu['hotkey'] ) && $menu['hotkey'] != '' ): ?><span class="hotkey"><?php echo $menu['hotkey']; ?></span><?php endif; ?>
</a>
<?php if ( isset($menu['submenu']) ): ?>
<?php if ( isset( $menu['submenu'] ) ): ?>
<ul class="submenu">
<?php foreach($menu['submenu'] as $submenu_id => $submenu_item): ?>
<li id="link-<?php echo $submenu_id ?>" title="<?php echo $submenu_item['title']; ?>" class="sub<?php if (isset($submenu_item['hotkey']) && $submenu_item['hotkey'] != ''): ?> hotkey-<?php echo $submenu_item['hotkey']; ?><?php endif; ?>"><a href="<?php echo $submenu_item['url']; ?>"><?php echo $submenu_item['text']; ?>
<?php if ( isset($submenu_item['hotkey']) && $submenu_item['hotkey'] != '' ): ?><span class="hotkey"><?php echo $submenu_item['hotkey']; ?></span><?php endif; ?>
<?php foreach ( $menu['submenu'] as $submenu_id => $submenu_item ): ?>
<li id="link-<?php echo $submenu_id ?>" title="<?php echo $submenu_item['title']; ?>" class="sub<?php if ( isset($submenu_item['hotkey'] ) && $submenu_item['hotkey'] != '' ): ?> hotkey-<?php echo $submenu_item['hotkey']; ?><?php endif; ?>"><a href="<?php echo $submenu_item['url']; ?>"><?php echo $submenu_item['text']; ?>
<?php if ( isset( $submenu_item['hotkey'] ) && $submenu_item['hotkey'] != '' ): ?><span class="hotkey"><?php echo $submenu_item['hotkey']; ?></span><?php endif; ?>
</a></li>
<?php endforeach; ?>
</ul>
Expand All @@ -62,12 +68,12 @@
</div>
</div>

<a href="<?php Site::out_url('habari'); ?>" id="site" title="<?php _e('Go to Site'); ?>"><?php Options::out('title'); ?></a>
<a href="<?php Site::out_url( 'habari' ); ?>" id="site" title="<?php _e( 'Go to Site' ); ?>"><?php Options::out( 'title' ); ?></a>

</div>

<div id="spinner"></div>

<div id="page">

<?php Plugins::act('admin_info', $theme, $page); ?>
<?php Plugins::act( 'admin_info', $theme, $page ); ?>

0 comments on commit d8a544e

Please sign in to comment.