ClickJacking protection

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1150 7c3ca157-0c34-0410-bff1-cbf682f78f5c

diff --git a/adminer/include/design.inc.php b/adminer/include/design.inc.php
index bd63286e2381d008f51a5b3eae631b3af9c5de82..76562d14798474c05f41e08e58e63d00d5818547 100644 (file)
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@@ -2,6 +2,7 @@
 function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
        global $LANG, $VERSION, $adminer;
        header("Content-Type: text/html; charset=utf-8");
+       header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, NoScript plugin
        $title_all = $title . (strlen($title2) ? ": " . h($title2) : "");
        ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">

diff --git a/changes.txt b/changes.txt
index 9c27f336d996bc3fb3957367ddce095f93ee76a6..4eef390b33079658ecab969b25bdc4aeed66ae24 100644 (file)
--- a/changes.txt
+++ b/changes.txt
@@ -3,6 +3,7 @@ Display table links above table structure
 Fix removed default in ALTER
 Display whitespace in texts (bug #2858042)
 Display number of manipulated rows in JS confirm
+ClickJacking protection in modern browsers
 E-mail attachments (Editor)
 Optional year in date (Editor)
 Search operators (Editor)