sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Introduce send_nosniff_header() and use it to turn off content sniffing in supported browsers. Fixes #10671 props chrisscott and niallkennedy.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@13409 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Peter Westwood 2010-02-25 21:41:33 +00:00
parent fcd36216e0
commit 81e711cf87
3 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
wp-admin/admin-ajax.php
View File

@ -21,6 +21,7 @@ if ( ! isset( $_REQUEST['action'] ) )
require_once('includes/admin.php'); require_once('includes/admin.php');
@header('Content-Type: text/html; charset=' . get_option('blog_charset')); @header('Content-Type: text/html; charset=' . get_option('blog_charset'));
send_nosniff_header();
do_action('admin_init'); do_action('admin_init');

13
wp-admin/includes/misc.php
View File

@ -649,4 +649,17 @@ function win_is_writable($path) {
unlink($path); unlink($path);
return true; return true;
} }
/**
* Send a HTTP header to disable content type sniffing in browsers which support it.
*
* @link http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
* @link http://src.chromium.org/viewvc/chrome?view=rev&revision=6985
*
* @since 3.0.0.
* @return none
*/
function send_nosniff_header() {
@header( 'X-Content-Type-Options: nosniff' );
}
?> ?>

1
wp-admin/index-extra.php
View File

@ -13,6 +13,7 @@ require_once( 'admin.php' );
require( 'includes/dashboard.php' ); require( 'includes/dashboard.php' );
@header( 'Content-Type: ' . get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ) ); @header( 'Content-Type: ' . get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ) );
send_nosniff_header();
switch ( $_GET['jax'] ) { switch ( $_GET['jax'] ) {