[Phpmyadmin-git] [phpmyadmin/phpmyadmin] 240b83: Readd AllowThirdPartyFraming option

Michal Čihař mcihar at suse.cz
Mon Jul 29 14:56:49 CEST 2013 

  Branch: refs/heads/QA_4_0
  Home:   https://github.com/phpmyadmin/phpmyadmin
  Commit: 240b8332db53dedc27baeec5306dabad3bdece3b
      https://github.com/phpmyadmin/phpmyadmin/commit/240b8332db53dedc27baeec5306dabad3bdece3b
  Author: Michal Čihař <mcihar at suse.cz>
  Date:   2013-07-29 (Mon, 29 Jul 2013)

  Changed paths:
    M doc/config.rst
    A js/cross_framing_protection.js
    M libraries/Header.class.php
    M libraries/Scripts.class.php
    M libraries/config.default.php
    M libraries/config/messages.inc.php
    M libraries/config/setup.forms.php

  Log Message:
  -----------
  Readd AllowThirdPartyFraming option

We want by default no framing of phpMyAdmin, but still some sites might
need to embed it, so configuration option (with appropriate security
warning) is there.

This basically reverts d7e0bed28443e6cf8f41965cc2f27be19c667fa6.


  Commit: 24d0eb55203b029f250c77d63f2900ffbe099e8b
      https://github.com/phpmyadmin/phpmyadmin/commit/24d0eb55203b029f250c77d63f2900ffbe099e8b
  Author: Michal Čihař <mcihar at suse.cz>
  Date:   2013-07-29 (Mon, 29 Jul 2013)

  Changed paths:
    M js/cross_framing_protection.js
    M libraries/Header.class.php

  Log Message:
  -----------
  Improved protection against cross framing

We now include CSS to hide the page and display it conditionally after
checking we're in top frame. This adds extra protection for clients who
do not support X-Frame-Options.

See also http://en.wikipedia.org/wiki/Framekiller and
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet


  Commit: f08ff304f9cbe082a76727ff125580af8efc8f91
      https://github.com/phpmyadmin/phpmyadmin/commit/f08ff304f9cbe082a76727ff125580af8efc8f91
  Author: Michal Čihař <mcihar at suse.cz>
  Date:   2013-07-29 (Mon, 29 Jul 2013)

  Changed paths:
    M doc/config.rst
    A js/cross_framing_protection.js
    M libraries/Header.class.php
    M libraries/Scripts.class.php
    M libraries/config.default.php
    M libraries/config/messages.inc.php
    M libraries/config/setup.forms.php

  Log Message:
  -----------
  Merge branch 'MAINT_4_0_5' into QA_4_0


  Commit: c3fa3233115ee8022c1287cb3da07e67eced69c1
      https://github.com/phpmyadmin/phpmyadmin/commit/c3fa3233115ee8022c1287cb3da07e67eced69c1
  Author: Michal Čihař <mcihar at suse.cz>
  Date:   2013-07-29 (Mon, 29 Jul 2013)

  Changed paths:
    M import.php
    M libraries/import.lib.php

  Log Message:
  -----------
  Merge branch 'QA_4_0' of github.com:phpmyadmin/phpmyadmin into QA_4_0


Compare: https://github.com/phpmyadmin/phpmyadmin/compare/5d590ef3d67b...c3fa3233115e

More information about the Git mailing list