githubFork/roundcubemail.git

			@@ -237,6 +237,10 @@
			// check referer of incoming requests
			$rcmail_config['referer_check'] = false;

			// X-Frame-Options HTTP header value sent to prevent from Clickjacking.
			// Possible values: sameorigin\|deny. Set to false in order to disable sending them
			$rcmail_confoig['x_frame_options'] = 'sameorigin';

			// this key is used to encrypt the users imap password which is stored
			// in the session record (and the client cookie if remember password is enabled).
			// please provide a string of exactly 24 chars.

			@@ -356,6 +356,11 @@
			// make sure all <form> tags have a valid request token
			$template = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $template);
			$this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer);

			// send clickjacking protection headers
			$iframe = $this->framed \|\| !empty($_REQUEST['_framed']);
			if (!headers_sent() && ($xframe = $this->app->config->get('x_frame_options', 'sameorigin')))
			header('X-Frame-Options: ' . ($iframe && $xframe == 'deny' ? 'sameorigin' : $xframe));

			// call super method
			parent::write($template, $this->config['skin_path']);

	config/main.inc.php.dist	4 ●●●●● patch \| view \| raw \| blame \| history
	program/include/rcube_template.php	5 ●●●●● patch \| view \| raw \| blame \| history