← Back to branch summary

~ubuntu-branches/ubuntu/saucy/phpmyadmin/saucy-proposed

« back to all changes in this revision

Viewing changes to libraries/Header.class.php

  • Committer: Package Import Robot
  • Author(s): Thijs Kinkhorst
  • Date: 2013-08-04 13:24:37 UTC
  • mfrom: (1.2.44)
  • Revision ID: package-import@ubuntu.com-20130804132437-jznw8efwy4hr1nms
Tags: 4:4.0.5-1
* New upstream release.
  - Fixes security issue PMASA-2013-10.

Show diffs side-by-side

added added

removed removed

Lines of Context:
libraries/Header.class.php
146
146
     */
147
147
    private function _addDefaultScripts()
148
148
    {
149
 
        $this->_scripts->addFile('jquery/jquery-1.8.3.js');
 
149
        $this->_scripts->addFile('jquery/jquery-1.8.3.min.js');
150
150
        $this->_scripts->addFile('ajax.js');
151
151
        $this->_scripts->addFile('keyhandler.js');
152
 
        $this->_scripts->addFile('jquery/jquery-ui-1.9.2.custom.js');
 
152
        $this->_scripts->addFile('jquery/jquery-ui-1.9.2.custom.min.js');
153
153
        $this->_scripts->addFile('jquery/jquery.sprintf.js');
154
154
        $this->_scripts->addFile('jquery/jquery.cookie.js');
155
155
        $this->_scripts->addFile('jquery/jquery.mousewheel.js');
158
158
        $this->_scripts->addFile('jquery/jquery.ba-hashchange-1.3.js');
159
159
        $this->_scripts->addFile('jquery/jquery.debounce-1.0.5.js');
160
160
        $this->_scripts->addFile('jquery/jquery.menuResizer-1.0.js');
 
161
 
 
162
        // Cross-framing protection
 
163
        if ($GLOBALS['cfg']['AllowThirdPartyFraming'] === false) {
 
164
            $this->_scripts->addFile('cross_framing_protection.js');
 
165
        }
 
166
 
161
167
        $this->_scripts->addFile('rte.js');
162
168
 
163
169
        // Here would not be a good place to add CodeMirror because
449
455
         */
450
456
        $GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT';
451
457
        if (! defined('TESTSUITE')) {
 
458
            /* Prevent against ClickJacking by disabling framing */
 
459
            if (! $GLOBALS['cfg']['AllowThirdPartyFraming']) {
 
460
                header(
 
461
                    'X-Frame-Options: DENY'
 
462
                );
 
463
            }
452
464
            header(
453
465
                "X-Content-Security-Policy: default-src 'self' "
454
466
                . $GLOBALS['cfg']['CSPAllow'] . ';'
519
531
        $retval  = '<meta charset="utf-8" />';
520
532
        $retval .= '<meta name="robots" content="noindex,nofollow" />';
521
533
        $retval .= '<meta http-equiv="X-UA-Compatible" content="IE=Edge">';
 
534
        if (! $GLOBALS['cfg']['AllowThirdPartyFraming']) {
 
535
            $retval .= '<style>html{display: none;}</style>';
 
536
        }
522
537
        return $retval;
523
538
    }
524
539