From 9b31f83f6dee1108c5b2b39bcf5b45cd06598d68 Mon Sep 17 00:00:00 2001 From: Lukas Metzger Date: Fri, 29 Jan 2016 15:52:57 +0100 Subject: [PATCH] Added Content-Security-Policy header to prevent XSS attacks --- add-domain.php | 1 + domains.php | 1 + edit-master.php | 3 ++- edit-user.php | 1 + include/custom.css | 4 +++- index.php | 3 +++ install.php | 1 + js/edit-master.js | 2 +- lib/headers.php | 19 +++++++++++++++++++ logout.php | 1 + password.php | 1 + users.php | 1 + 12 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 lib/headers.php diff --git a/add-domain.php b/add-domain.php index dff7390..17b1552 100644 --- a/add-domain.php +++ b/add-domain.php @@ -15,6 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. --> diff --git a/domains.php b/domains.php index 624ee3f..26f8760 100644 --- a/domains.php +++ b/domains.php @@ -15,6 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. --> diff --git a/edit-master.php b/edit-master.php index bffcc7f..0a9b361 100644 --- a/edit-master.php +++ b/edit-master.php @@ -15,6 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. --> @@ -150,7 +151,7 @@ limitations under the License. New - + diff --git a/edit-user.php b/edit-user.php index 3d55143..4219c60 100644 --- a/edit-user.php +++ b/edit-user.php @@ -15,6 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. --> diff --git a/include/custom.css b/include/custom.css index fa1510b..924a383 100644 --- a/include/custom.css +++ b/include/custom.css @@ -20,4 +20,6 @@ .cell-vertical-bottom { vertical-align: bottom !important; } .cell-vertical-middle { vertical-align: middle !important; } -.cell-vertical-top { vertical-align: top !important; } \ No newline at end of file +.cell-vertical-top { vertical-align: top !important; } + +.select-narrow-70 { width: 70%; } \ No newline at end of file diff --git a/index.php b/index.php index 9a07232..452db34 100644 --- a/index.php +++ b/index.php @@ -14,6 +14,9 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> + PDNS Manager diff --git a/install.php b/install.php index 52c124b..3327a79 100644 --- a/install.php +++ b/install.php @@ -15,6 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. --> ').appendTo(tableCells.eq(2)).select2({ + $('').appendTo(tableCells.eq(2)).select2({ data: recordTypes }).val(valueType).trigger("change"); diff --git a/lib/headers.php b/lib/headers.php new file mode 100644 index 0000000..65779db --- /dev/null +++ b/lib/headers.php @@ -0,0 +1,19 @@ +. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +Header("Content-Security-Policy: default-src 'self';"); \ No newline at end of file diff --git a/logout.php b/logout.php index 53dcb32..f10d3af 100644 --- a/logout.php +++ b/logout.php @@ -15,6 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. --> diff --git a/users.php b/users.php index df999bc..8509cfb 100644 --- a/users.php +++ b/users.php @@ -15,6 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. -->