Author: Sara Golemon (sgolemon)
Date: 2021-04-19T15:02:28Z
Commit:
https://github.com/php/web-php/commit/7a66d68a9ce73b5fc6706d8dcb9ee93202c78b7c
Raw diff:
https://github.com/php/web-php/commit/7a66d68a9ce73b5fc6706d8dcb9ee93202c78b7c.diff
Avoid spilling local vars to global scope
Changed paths:
M include/prepend.inc
Diff:
diff --git a/include/prepend.inc b/include/prepend.inc
index 489fc177e..084657b8f 100644
--- a/include/prepend.inc
+++ b/include/prepend.inc
@@ -12,7 +12,11 @@ header("Content-language: en");
header("Content-type: text/html; charset=utf-8");
/* Fix Silly Same Origin Policies */
-if (isset($_SERVER["HTTP_ORIGIN"])) {
+(function() {
+ if (!isset($_SERVER["HTTP_ORIGIN"])) {
+ return;
+ }
+
$host = parse_url($_SERVER["HTTP_ORIGIN"]);
if (strncmp(strrev($host["host"]), strrev("php.net"), strlen("php.net"))
!= 0) {
if ($host["host"] != $_SERVER["SERVER_NAME"]) {
@@ -32,6 +36,8 @@ if (isset($_SERVER["HTTP_ORIGIN"])) {
header("Access-Control-Allow-Headers: $headers");
}
}
+})();
+
/* Clickjacking workaround. Nothing should be in a frame so it could
technically be 'deny'
* but it doesn't make any difference anyway */
header("X-Frame-Options: SAMEORIGIN");
--
PHP Webmaster List Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
