Send X-Frame-Options: SAMEORIGIN for admin and login pages. see #12293
git-svn-id: http://svn.automattic.com/wordpress/trunk@17826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
5e8db32ede
commit
b58636e914
|
@ -215,6 +215,7 @@ add_action( 'template_redirect', 'wp_shortlink_header', 11, 0 );
|
||||||
// Login actions
|
// Login actions
|
||||||
add_action( 'login_head', 'wp_print_head_scripts', 9 );
|
add_action( 'login_head', 'wp_print_head_scripts', 9 );
|
||||||
add_action( 'login_footer', 'wp_print_footer_scripts' );
|
add_action( 'login_footer', 'wp_print_footer_scripts' );
|
||||||
|
add_action( 'login_form', 'send_frame_options_header', 10, 0 );
|
||||||
|
|
||||||
// Feed Generator Tags
|
// Feed Generator Tags
|
||||||
foreach ( array( 'rss2_head', 'commentsrss2_head', 'rss_head', 'rdf_header', 'atom_head', 'comments_atom_head', 'opml_head', 'app_head' ) as $action ) {
|
foreach ( array( 'rss2_head', 'commentsrss2_head', 'rss_head', 'rdf_header', 'atom_head', 'comments_atom_head', 'opml_head', 'app_head' ) as $action ) {
|
||||||
|
@ -248,6 +249,7 @@ add_action( 'comment_form', 'wp_comment_form_unfiltered_html_nonce' );
|
||||||
add_action( 'wp_scheduled_delete', 'wp_scheduled_delete' );
|
add_action( 'wp_scheduled_delete', 'wp_scheduled_delete' );
|
||||||
add_action( 'before_wp_tiny_mce', 'wp_print_editor_js' );
|
add_action( 'before_wp_tiny_mce', 'wp_print_editor_js' );
|
||||||
add_action( 'after_wp_tiny_mce', 'wp_preload_dialogs', 10, 1 );
|
add_action( 'after_wp_tiny_mce', 'wp_preload_dialogs', 10, 1 );
|
||||||
|
add_action( 'admin_init', 'send_frame_options_header', 10, 0 );
|
||||||
|
|
||||||
// Navigation menu actions
|
// Navigation menu actions
|
||||||
add_action( 'delete_post', '_wp_delete_post_menu_item' );
|
add_action( 'delete_post', '_wp_delete_post_menu_item' );
|
||||||
|
|
|
@ -4534,4 +4534,16 @@ function wp_find_hierarchy_loop_tortoise_hare( $callback, $start, $override = ar
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Send a HTTP header to limit rendering of pages to same origin iframes.
|
||||||
|
*
|
||||||
|
* @link https://developer.mozilla.org/en/the_x-frame-options_response_header
|
||||||
|
*
|
||||||
|
* @since 3.2.0
|
||||||
|
* @return none
|
||||||
|
*/
|
||||||
|
function send_frame_options_header() {
|
||||||
|
@header( 'X-Frame-Options: SAMEORIGIN' );
|
||||||
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -368,7 +368,8 @@ if ( SITECOOKIEPATH != COOKIEPATH )
|
||||||
setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
|
setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
|
||||||
|
|
||||||
// allow plugins to override the default actions, and to add extra actions if they want
|
// allow plugins to override the default actions, and to add extra actions if they want
|
||||||
do_action('login_form_' . $action);
|
do_action( 'login_form' );
|
||||||
|
do_action( 'login_form_' . $action );
|
||||||
|
|
||||||
$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
|
$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
|
||||||
switch ($action) {
|
switch ($action) {
|
||||||
|
|
Loading…
Reference in New Issue