composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-24 02:58:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°3317 Security hardening

Browse Source
This commit is contained in:
Pierre Goiffon
2020-10-05 14:31:26 +02:00
parent bef1832ac7
commit 1551694198
15 changed files with 23 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
application/ajaxwebpage.class.inc.php
View File

@@ -42,21 +42,22 @@ class ajax_page extends WebPage implements iTabbedPage
*/
function __construct($s_title)
{
$sPrintable = utils::ReadParam('printable', '0');
$bPrintable = ($sPrintable == '1');
$sPrintable = utils::ReadParam('printable', '0');
$bPrintable = ($sPrintable == '1');
parent::__construct($s_title, $bPrintable);
$this->m_sReadyScript = "";
//$this->add_header("Content-type: text/html; charset=utf-8");
$this->add_header('Cache-control: no-cache, no-store, must-revalidate');
parent::__construct($s_title, $bPrintable);
$this->m_sReadyScript = "";
//$this->add_header("Content-type: text/html; charset=utf-8");
$this->add_header('Cache-control: no-cache, no-store, must-revalidate');
$this->add_header('Pragma: no-cache');
$this->add_header('Expires: 0');
$this->m_oTabs = new TabManager();
$this->sContentType = 'text/html';
$this->sContentDisposition = 'inline';
$this->m_sMenu = "";
$this->add_header('X-Frame-Options: deny');
$this->m_oTabs = new TabManager();
$this->sContentType = 'text/html';
$this->sContentDisposition = 'inline';
$this->m_sMenu = "";
utils::InitArchiveMode();
utils::InitArchiveMode();
}
public function AddTabContainer($sTabContainer, $sPrefix = '')

5
application/csvpage.class.inc.php
View File

@@ -31,12 +31,13 @@ class CSVPage extends WebPage
{
function __construct($s_title)
{
parent::__construct($s_title);
parent::__construct($s_title);
$this->add_header("Content-type: text/plain; charset=utf-8");
$this->add_header('Cache-control: no-cache, no-store, must-revalidate');
$this->add_header('Pragma: no-cache');
$this->add_header('Expires: 0');
//$this->add_header("Content-Transfer-Encoding: binary");
$this->add_header('X-Frame-Options: deny');
//$this->add_header("Content-Transfer-Encoding: binary");
}
public function output()

1
application/itopwebpage.class.inc.php
View File

@@ -75,6 +75,7 @@ class iTopWebPage extends NiceWebPage implements iTabbedPage
$this->add_header('Cache-control: no-cache, no-store, must-revalidate');
$this->add_header('Pragma: no-cache');
$this->add_header('Expires: 0');
$this->add_header('X-Frame-Options: deny');
$this->add_linked_stylesheet("../css/jquery.treeview.css");
$this->add_linked_stylesheet("../css/jquery.autocomplete.css");
$this->add_linked_stylesheet("../css/jquery-ui-timepicker-addon.css");

8
application/loginwebpage.class.inc.php
View File

@@ -62,16 +62,16 @@ class LoginWebPage extends NiceWebPage
public function __construct($sTitle = null)
{
if($sTitle === null)
{
$sTitle = Dict::S('UI:Login:Title');
}
if ($sTitle === null) {
$sTitle = Dict::S('UI:Login:Title');
}
parent::__construct($sTitle);
$this->SetStyleSheet();
$this->add_header('Cache-control: no-cache, no-store, must-revalidate');
$this->add_header('Pragma: no-cache');
$this->add_header('Expires: 0');
$this->add_header('X-Frame-Options: deny');
}
public function SetStyleSheet()

1
application/webpage.class.inc.php
View File

@@ -358,6 +358,7 @@ class WebPage implements Page
$this->add_header('Cache-control: no-cache, no-store, must-revalidate');
$this->add_header('Pragma: no-cache');
$this->add_header('Expires: 0');
$this->add_header('X-Frame-Options: deny');
}
/**

3
application/xmlpage.class.inc.php
View File

@@ -46,8 +46,9 @@ class XMLPage extends WebPage
$this->add_header('Cache-control: no-cache, no-store, must-revalidate');
$this->add_header('Pragma: no-cache');
$this->add_header('Expires: 0');
$this->add_header('X-Frame-Options: deny');
$this->add_header("Content-location: export.xml");
}
}
public function output()
{