Skip to content
Newer
Older
100644 33 lines (30 sloc) 846 Bytes
35702c9 Hooray for stylesheets.
Garvin Hicking authored Mar 10, 2003
1 <?php
817e790 synced/fixed vim line
Sebastian Mendel authored Mar 19, 2007
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
374abd5 fixed/added page level docblock
Sebastian Mendel authored Mar 20, 2007
3 /**
4 *
e56949f @nijel Use package name PhpMyAdmin
nijel authored Oct 25, 2011
5 * @package PhpMyAdmin
374abd5 fixed/added page level docblock
Sebastian Mendel authored Mar 20, 2007
6 */
afbb2a9 @lem9 protection against XSS when register_globals is on and .htaccess has …
lem9 authored Jun 21, 2008
7 if (! defined('PHPMYADMIN')) {
8 exit;
9 }
35702c9 Hooray for stylesheets.
Garvin Hicking authored Mar 10, 2003
10
374abd5 fixed/added page level docblock
Sebastian Mendel authored Mar 20, 2007
11 /**
12 *
13 */
05c719a @nijel Fix XSS on some libraries (CVE-2005-3665).
nijel authored Nov 24, 2005
14 if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
5c751cd @ruleant make die() messages translatable, where possible
ruleant authored Aug 25, 2011
15 die(__("GLOBALS overwrite attempt"));
05c719a @nijel Fix XSS on some libraries (CVE-2005-3665).
nijel authored Nov 24, 2005
16 }
17
35702c9 Hooray for stylesheets.
Garvin Hicking authored Mar 10, 2003
18 /**
19 * Sends http headers
20 */
0ccc8c8 @nijel Allways send text/html content type.
nijel authored Nov 15, 2005
21 $GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT';
88af8f2 @nijel Use X-Frame-Options header to protect against ClickJacking.
nijel authored Jan 13, 2010
22 /* Prevent against ClickJacking by allowing frames only from same origin */
23 if (!$GLOBALS['cfg']['AllowThirdPartyFraming']) {
24 header('X-Frame-Options: SAMEORIGIN');
612598f @Crack Fix CSP header:
Crack authored Mar 4, 2011
25 header('X-Content-Security-Policy: allow \'self\'; options inline-script eval-script; frame-ancestors \'self\'; img-src \'self\' data:; script-src \'self\' www.phpmyadmin.net');
88af8f2 @nijel Use X-Frame-Options header to protect against ClickJacking.
nijel authored Jan 13, 2010
26 }
a2fc059 @nijel Fix syntax error
nijel authored Aug 4, 2011
27 PMA_no_cache_header();
9435588 @nijel Use define rather than variable for conditional paths.
nijel authored Nov 15, 2005
28 if (!defined('IS_TRANSFORMATION_WRAPPER')) {
0ccc8c8 @nijel Allways send text/html content type.
nijel authored Nov 15, 2005
29 // Define the charset to be used
bbbf2c4 @nijel Drop $GLOBALS['charset'].
nijel authored Jun 3, 2011
30 header('Content-Type: text/html; charset=utf-8');
35702c9 Hooray for stylesheets.
Garvin Hicking authored Mar 10, 2003
31 }
928a8b3 @nijel Be valid XHTML
nijel authored Apr 27, 2004
32 ?>
Something went wrong with that request. Please try again.