dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SECURITY: Copy prevent-clickjacking between OutputPage and ParserOutput
[lhc/web/wiklou.git] / includes / OutputPage.php
diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index 566ee87..a64d049 100644 (file)
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -1641,6 +1641,8 @@ class OutputPage extends ContextSource {
                $this->addModuleStyles( $parserOutput->getModuleStyles() );
                $this->addModuleMessages( $parserOutput->getModuleMessages() );
                $this->addJsConfigVars( $parserOutput->getJsConfigVars() );
+               $this->mPreventClickjacking = $this->mPreventClickjacking
+                       || $parserOutput->preventClickjacking();
 
                // Template versioning...
                foreach ( (array)$parserOutput->getTemplateIds() as $ns => $dbks ) {
@@ -1968,6 +1970,16 @@ class OutputPage extends ContextSource {
                $this->mPreventClickjacking = false;
        }
 
+       /**
+        * Get the prevent-clickjacking flag
+        *
+        * @since 1.24
+        * @return boolean
+        */
+       public function getPreventClickjacking() {
+               return $this->mPreventClickjacking;
+       }
+
        /**
         * Get the X-Frame-Options header value (without the name part), or false
         * if there isn't one. This is used by Skin to determine whether to enable
Wiklou, le Wiki du Wiklou