if ( $this->request->getVal( 'SubmitCC' ) ) {
$page = $this->getPageByName( 'Options' );
$this->output->useShortHeader();
+ $this->output->allowFrames();
$page->submitCC();
return $this->finish();
}
if ( $this->request->getVal( 'ShowCC' ) ) {
$page = $this->getPageByName( 'Options' );
$this->output->useShortHeader();
+ $this->output->allowFrames();
$this->output->addHTML( $page->getCCDoneBox() );
return $this->finish();
}
public function getFingerprint() {
// Get the base URL of the installation
$url = $this->request->getFullRequestURL();
+ if ( preg_match( '!^(.*\?)!', $url, $m) ) {
+ // Trim query string
+ $url = $m[1];
+ }
if ( preg_match( '!^(.*)/[^/]*/[^/]*$!', $url, $m ) ) {
+ // This... seems to try to get the base path from
+ // the /mw-config/index.php. Kinda scary though?
$url = $m[1];
}
return md5( serialize( array(
public $redirectTarget;
+ /**
+ * Does the current page need to allow being used as a frame?
+ * If not, X-Frame-Options will be output to forbid it.
+ *
+ * @var bool
+ */
+ public $allowFrames = false;
+
/**
* Whether to use the limited header (used during CC license callbacks)
* @var bool
$this->useShortHeader = $use;
}
+ public function allowFrames( $allow = true ) {
+ $this->allowFrames = $allow;
+ }
+
public function flush() {
if ( !$this->headerDone ) {
$this->outputHeader();
$dbTypes = $this->parent->getDBTypes();
$this->parent->request->response()->header( 'Content-Type: text/html; charset=utf-8' );
- $this->parent->request->response()->header( 'X-Frame-Options: DENY' );
+ if (!$this->allowFrames) {
+ $this->parent->request->response()->header( 'X-Frame-Options: DENY' );
+ }
if ( $this->redirectTarget ) {
$this->parent->request->response()->header( 'Location: '.$this->redirectTarget );
return;