Skip to content

Commit

Permalink
avoid a clickjacking attack reported on huntr.dev by @ranjit-git
Browse files Browse the repository at this point in the history
  • Loading branch information
@DavidGoodwin
DavidGoodwin committed Aug 4, 2021
1 parent bf27390 commit 12ed3fb
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions common.php
View file
Expand Up @@ -27,6 +27,9 @@
if (empty($_SESSION['flash'])) {
$_SESSION['flash'] = array();
}

// avoid clickjacking attacks?
header('X-Frame-Options: DENY');
}
}

Expand Down

5 comments on commit 12ed3fb

@ranjit-git
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, i have commented in report https://huntr.dev/bounties/872e57e6-f7ab-4f9b-aa0c-209c8a3f499e/
plz see them

@DavidGoodwin
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image

@DavidGoodwin
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @ranjit-git ! I think I've clicked on everything needed within huntr.....

@heliosyne
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we get a 3.3.10 tag to cover this?

@DavidGoodwin
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@heliosyne - sure .... I've not looked at the 3.3 branch in a bit, so it's probably time to cherry-pick some fixes from master into it!

Please sign in to comment.