}
/** Headers to send before HTML output
- * @return null
+ * @return bool true to send security headers
*/
function headers() {
- header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox 3.6.9
- header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
+ return true;
}
/** Print HTML code inside <head>
function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
global $LANG, $adminer, $connection, $drivers;
header("Content-Type: text/html; charset=utf-8");
- $adminer->headers();
+ if ($adminer->headers()) {
+ header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox 3.6.9
+ header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
+ }
$title_all = $title . ($title2 != "" ? ": " . h($title2) : "");
$title_page = strip_tags($title_all . (SERVER != "" && SERVER != "localhost" ? h(" - " . SERVER) : "") . " - " . $adminer->name());
if (is_ajax()) {
Display name of the referenced record in PostgreSQL (Editor)
Customizable favicon (customization)
Method name can return a link (customization)
+Easier sending of default headers (customization)
Adminer 3.2.2 (released 2011-03-28):
Fix AJAX history after reload
}
function headers() {
- header("X-Frame-Options: deny");
- header("X-XSS-Protection: 0");
+ return true;
}
function head() {
projects / adminer.git / commitdiff