X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=lib%2Fhtmloutputter.php;h=369cd5936e6a5aa9a284ec9ff4bc751758733658;hb=c514cac31d759c89fc6232b385bccaebee408180;hp=3b3c1913a1dc0e427ab4f684a3fde9476a6bbff6;hpb=19b965d99188fde59cdd39b668df8951bc0f180c;p=quix0rs-gnu-social.git

diff --git a/lib/htmloutputter.php b/lib/htmloutputter.php
index 3b3c1913a1..369cd5936e 100644
--- a/lib/htmloutputter.php
+++ b/lib/htmloutputter.php
@@ -108,10 +108,17 @@ class HTMLOutputter extends XMLOutputter
 
         header('Content-Type: '.$type);
 
+	// Output anti-framing headers to prevent clickjacking (respected by newer
+        // browsers).
+	if (common_config('javascript', 'bustframes')) {
+            header('X-XSS-Protection: 1; mode=block'); // detect XSS Reflection attacks
+            header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch
+        }
+
         $this->extraHeaders();
         if (preg_match("/.*\/.*xml/", $type)) {
             // Required for XML documents
-            $this->xw->startDocument('1.0', 'UTF-8');
+            $this->startXML();
         }
         $this->xw->writeDTD('html',
                             '-//W3C//DTD XHTML 1.0 Strict//EN',
@@ -295,7 +302,7 @@ class HTMLOutputter extends XMLOutputter
 
     function hidden($id, $value, $name=null)
     {
-        $this->element('input', array('name' => ($name) ? $name : $id,
+        $this->element('input', array('name' => $name ?: $id,
                                       'type' => 'hidden',
                                       'id' => $id,
                                       'value' => $value));
@@ -344,7 +351,7 @@ class HTMLOutputter extends XMLOutputter
     {
         $this->element('input', array('type' => 'submit',
                                       'id' => $id,
-                                      'name' => ($name) ? $name : $id,
+                                      'name'  => $name ?: $id,
                                       'class' => $cls,
                                       'value' => $label,
                                       'title' => $title));
@@ -370,7 +377,7 @@ class HTMLOutputter extends XMLOutputter
 
                 if (strpos($src, 'plugins/') === 0 || strpos($src, 'local/') === 0) {
 
-                    $src = common_path($src, StatusNet::isHTTPS()) . '?version=' . STATUSNET_VERSION;
+                    $src = common_path($src, StatusNet::isHTTPS()) . '?version=' . GNUSOCIAL_VERSION;
 
                 } else {
 
@@ -421,7 +428,7 @@ class HTMLOutputter extends XMLOutputter
                         $path = '/'.$path;
                     }
 
-                    $src = $protocol.'://'.$server.$path.$src . '?version=' . STATUSNET_VERSION;
+                    $src = $protocol.'://'.$server.$path.$src . '?version=' . GNUSOCIAL_VERSION;
                 }
             }
 
@@ -479,7 +486,7 @@ class HTMLOutputter extends XMLOutputter
                 }else{
                     $src = common_path($src, StatusNet::isHTTPS());
                 }
-                $src.= '?version=' . STATUSNET_VERSION;
+                $src.= '?version=' . GNUSOCIAL_VERSION;
             }
             $this->element('link', array('rel' => 'stylesheet',
                                     'type' => 'text/css',