WordPress.org

Make WordPress Core

Changeset 13409


Ignore:
Timestamp:
02/25/2010 09:41:33 PM (8 years ago)
Author:
westi
Message:

Introduce send_nosniff_header() and use it to turn off content sniffing in supported browsers. Fixes #10671 props chrisscott and niallkennedy.

Location:
trunk/wp-admin
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-ajax.php

    r13360 r13409  
    2222require_once('includes/admin.php');
    2323@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
     24send_nosniff_header();
    2425
    2526do_action('admin_init');
  • trunk/wp-admin/includes/misc.php

    r13382 r13409  
    650650    return true;
    651651}
     652
     653/**
     654 * Send a HTTP header to disable content type sniffing in browsers which support it.
     655 *
     656 * @link http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
     657 * @link http://src.chromium.org/viewvc/chrome?view=rev&revision=6985
     658 *
     659 * @since 3.0.0.
     660 * @return none
     661 */
     662function send_nosniff_header() {
     663    @header( 'X-Content-Type-Options: nosniff' );
     664}
    652665?>
  • trunk/wp-admin/index-extra.php

    r12869 r13409  
    1414
    1515@header( 'Content-Type: ' . get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ) );
     16send_nosniff_header();
    1617
    1718switch ( $_GET['jax'] ) {
Note: See TracChangeset for help on using the changeset viewer.