git.shiar.nl / minimedit.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
page: disallow frame ancestors to prevent clickjacking
[minimedit.git] / page.php
diff --git a/page.php b/page.php
index f4d6057aceac1f7e5570636d30f094476222c188..3dd8cba7f290facb110232f0bbd2f105f95bdb33 100644 (file)
--- a/page.php
+++ b/page.php
@@ -159,6 +159,8 @@ if ($PageAccess = $Article->restricted) {
 
 # prepare page contents
 
+header("Content-Security-Policy: frame-ancestors 'none'");
+
 ob_start(); # page body
 $Place = [
        'user'  => $User ? $User->login : '',
@@ -175,11 +177,13 @@ if (isset($Article->raw)) {
                        ) . $Article->raw;
                }
        }
-       $Article->raw = '<div class="static">'."\n\n".$Article->raw."</div>\n\n";
 }
-elseif (!$Article->raw and $User and $User->admin("edit {$Article->link}")) {
+elseif ($User and $User->admin("edit {$Article->link}")) {
        $Article->raw(file_exists("$Page/template.inc.html") ? "$Page/template.inc.html" : 'template.inc.html');
 }
+if (isset($Article->raw)) {
+       $Article->raw = '<div class="static">'."\n\n".$Article->raw."</div>\n\n";
+}
 
 # output dynamic and/or static html
 
MinimEdit - databaseless cms with only a bit of php