diff --git a/adm_program/system/bootstrap/constants.php b/adm_program/system/bootstrap/constants.php index 88f8e7edb..b432186ec 100755 --- a/adm_program/system/bootstrap/constants.php +++ b/adm_program/system/bootstrap/constants.php @@ -24,7 +24,7 @@ define('ADMIDIO_VERSION_MAIN', 4); define('ADMIDIO_VERSION_MINOR', 0); -define('ADMIDIO_VERSION_PATCH', 10); +define('ADMIDIO_VERSION_PATCH', 11); define('ADMIDIO_VERSION_BETA', 0); define('ADMIDIO_VERSION', ADMIDIO_VERSION_MAIN . '.' . ADMIDIO_VERSION_MINOR . '.' . ADMIDIO_VERSION_PATCH); diff --git a/adm_program/system/classes/HtmlPage.php b/adm_program/system/classes/HtmlPage.php index e0ea42d0a..bf6b06e7d 100644 --- a/adm_program/system/classes/HtmlPage.php +++ b/adm_program/system/classes/HtmlPage.php @@ -449,6 +449,9 @@ public function show() $hasPreviousUrl = true; } + // disallow iFrame integration from other domains to avoid clickjacking attacks + header('X-Frame-Options: SAMEORIGIN'); + // add page functions menu to global menu $gMenu->addFunctionsNode($this->menuNodePageFunctions); diff --git a/adm_program/system/classes/HtmlPageInstallation.php b/adm_program/system/classes/HtmlPageInstallation.php index e7d4ee546..ef9bf26b5 100644 --- a/adm_program/system/classes/HtmlPageInstallation.php +++ b/adm_program/system/classes/HtmlPageInstallation.php @@ -114,6 +114,9 @@ public function setUpdateModus() */ public function show() { + // disallow iFrame integration from other domains to avoid clickjacking attacks + header('X-Frame-Options: SAMEORIGIN'); + $this->assignDefaultVariables(); $this->display('index.tpl'); } @@ -132,6 +135,9 @@ public function show() */ public function showMessage($outputMode, $headline, $text, $buttonText, $buttonIcon, $destinationUrl) { + // disallow iFrame integration from other domains to avoid clickjacking attacks + header('X-Frame-Options: SAMEORIGIN'); + $this->assign('outputMode', $outputMode); $this->assign('messageHeadline', $headline); $this->assign('messageText', $text);