diff options
| -rw-r--r-- | modules/gallery/controllers/items.php | 10 | ||||
| -rw-r--r-- | themes/admin_wind/views/admin.html.php | 1 | ||||
| -rw-r--r-- | themes/wind/views/page.html.php | 1 |
3 files changed, 7 insertions, 5 deletions
diff --git a/modules/gallery/controllers/items.php b/modules/gallery/controllers/items.php index 0c20803c..318fb431 100644 --- a/modules/gallery/controllers/items.php +++ b/modules/gallery/controllers/items.php @@ -24,15 +24,15 @@ class Items_Controller extends Controller { throw new Kohana_404_Exception(); } - // Redirect to the more specific resource type, since it will render - // differently. We can't delegate here because we may have gotten to this - // page via /items/<id> which means that we don't have a type-specific controller. Also, we - // want to drive a single canonical resource mapping where possible. + // Redirect to the more specific resource type, since it will render differently. We can't + // delegate here because we may have gotten to this page via /items/<id> which means that we + // don't have a type-specific controller. Also, we want to drive a single canonical resource + // mapping where possible. access::required("view", $item); url::redirect($item->abs_url()); } - // Return the width/height dimensinons for the given item + // Return the width/height dimensions for the given item public function dimensions($id) { $item = ORM::factory("item", $id); access::required("view", $item); diff --git a/themes/admin_wind/views/admin.html.php b/themes/admin_wind/views/admin.html.php index 9a149149..0300f7af 100644 --- a/themes/admin_wind/views/admin.html.php +++ b/themes/admin_wind/views/admin.html.php @@ -1,4 +1,5 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> +<?php header("X-Frame-Options: SAMEORIGIN"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" <?= $theme->html_attributes() ?> xml:lang="en" lang="en"> diff --git a/themes/wind/views/page.html.php b/themes/wind/views/page.html.php index 18ade97f..c3e212c5 100644 --- a/themes/wind/views/page.html.php +++ b/themes/wind/views/page.html.php @@ -1,4 +1,5 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> +<?php header("X-Frame-Options: SAMEORIGIN"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" <?= $theme->html_attributes() ?> xml:lang="en" lang="en"> |