WordPress.org

Make WordPress Core

Changeset 13409


Ignore:
Timestamp:
02/25/10 21:41:33 (4 years ago)
Author:
westi
Message:

Introduce send_nosniff_header() and use it to turn off content sniffing in supported browsers. Fixes #10671 props chrisscott and niallkennedy.

Location:
trunk/wp-admin
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-ajax.php

    r13360 r13409  
    2222require_once('includes/admin.php'); 
    2323@header('Content-Type: text/html; charset=' . get_option('blog_charset')); 
     24send_nosniff_header(); 
    2425 
    2526do_action('admin_init'); 
  • trunk/wp-admin/includes/misc.php

    r13382 r13409  
    650650    return true; 
    651651} 
     652 
     653/** 
     654 * Send a HTTP header to disable content type sniffing in browsers which support it. 
     655 *  
     656 * @link http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx 
     657 * @link http://src.chromium.org/viewvc/chrome?view=rev&revision=6985 
     658 *  
     659 * @since 3.0.0. 
     660 * @return none 
     661 */ 
     662function send_nosniff_header() { 
     663    @header( 'X-Content-Type-Options: nosniff' );  
     664} 
    652665?> 
  • trunk/wp-admin/index-extra.php

    r12869 r13409  
    1414 
    1515@header( 'Content-Type: ' . get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ) ); 
     16send_nosniff_header(); 
    1617 
    1718switch ( $_GET['jax'] ) { 
Note: See TracChangeset for help on using the changeset viewer.