1545bba4f5
MediaWiki "Clickjacking" Security Bypass Vulnerability Patches from upstream svn ok stephan@ (MAINTAINER)
21 lines
791 B
Plaintext
21 lines
791 B
Plaintext
$OpenBSD: patch-includes_OutputPage_php,v 1.1 2011/01/05 11:51:57 jasper Exp $
|
|
|
|
Security fix for SA42810
|
|
MediaWiki "Clickjacking" Security Bypass Vulnerability
|
|
|
|
Patch from upstream svn:
|
|
http://www.mediawiki.org/wiki/Special:Code/MediaWiki/79566
|
|
|
|
--- includes/OutputPage.php.orig Wed Jan 5 11:02:13 2011
|
|
+++ includes/OutputPage.php Wed Jan 5 11:02:39 2011
|
|
@@ -957,6 +957,9 @@ class OutputPage {
|
|
$wgRequest->response()->header( "Content-type: $wgMimeType; charset={$wgOutputEncoding}" );
|
|
$wgRequest->response()->header( 'Content-language: '.$wgContLanguageCode );
|
|
|
|
+ # To prevent clickjacking, do not allow this page to be inside a frame.
|
|
+ $wgRequest->response()->header( 'X-Frame-Options: DENY' );
|
|
+
|
|
if ($this->mArticleBodyOnly) {
|
|
$this->out($this->mBodytext);
|
|
} else {
|