summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.build_number2
-rw-r--r--index.php3
-rw-r--r--themes/admin_wind/views/admin.html.php1
-rw-r--r--themes/wind/views/page.html.php3
4 files changed, 5 insertions, 4 deletions
diff --git a/.build_number b/.build_number
index 83ac23ec..d6de6fd9 100644
--- a/.build_number
+++ b/.build_number
@@ -3,4 +3,4 @@
; process. You don't need to edit it. In fact..
;
; DO NOT EDIT THIS FILE BY HAND!
-build_number=255
+build_number=257
diff --git a/index.php b/index.php
index 9a6cc2ea..e6540791 100644
--- a/index.php
+++ b/index.php
@@ -51,6 +51,9 @@ ini_set("display_errors", false);
// Ajax code.
ini_set("session.use_trans_sid", false);
+// Restrict all response frames to the same origin for security
+header("X-Frame-Options: SAMEORIGIN");
+
define("EXT", ".php");
define("DOCROOT", getcwd() . "/");
define("KOHANA", "index.php");
diff --git a/themes/admin_wind/views/admin.html.php b/themes/admin_wind/views/admin.html.php
index 0300f7af..9a149149 100644
--- a/themes/admin_wind/views/admin.html.php
+++ b/themes/admin_wind/views/admin.html.php
@@ -1,5 +1,4 @@
<?php defined("SYSPATH") or die("No direct script access.") ?>
-<?php header("X-Frame-Options: SAMEORIGIN"); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" <?= $theme->html_attributes() ?> xml:lang="en" lang="en">
diff --git a/themes/wind/views/page.html.php b/themes/wind/views/page.html.php
index c3e212c5..23021e4d 100644
--- a/themes/wind/views/page.html.php
+++ b/themes/wind/views/page.html.php
@@ -1,5 +1,4 @@
<?php defined("SYSPATH") or die("No direct script access.") ?>
-<?php header("X-Frame-Options: SAMEORIGIN"); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" <?= $theme->html_attributes() ?> xml:lang="en" lang="en">
@@ -131,7 +130,7 @@
</div>
</div>
<div id="g-sidebar" class="yui-b">
- <? if ($theme->page_subtype != "login"): ?>
+ <? if (!in_array($theme->page_subtype, array("login", "error"))): ?>
<?= new View("sidebar.html") ?>
<? endif ?>
</div>
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 12:55:02 +0000