diff options
| author | Andrew Dolgov <[email protected]> | 2017-02-08 15:07:05 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2017-02-08 15:07:05 +0300 |
| commit | 829d478f1b054c8ce1eeb4f15170dc4a1abb3e47 (patch) | |
| tree | 799d6af792c6062b1b46ef1ef746e46159a6894e /include | |
| parent | 23c8ef7e360816f6e6d03965303e6a26b54f2287 (diff) | |
add some protection against opener attacks if external site is opened via window.open()
Diffstat (limited to 'include')
| -rw-r--r-- | include/functions2.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/functions2.php b/include/functions2.php index 6017a78f8..6674c7734 100644 --- a/include/functions2.php +++ b/include/functions2.php @@ -1957,7 +1957,7 @@ # $entry .= " <a target=\"_blank\" href=\"" . htmlspecialchars($url) . "\">" . # $filename . " (" . $ctype . ")" . "</a>"; - $entry = "<div onclick=\"window.open('".htmlspecialchars($url)."')\" + $entry = "<div onclick=\"openUrlPopup('".htmlspecialchars($url)."')\" dojoType=\"dijit.MenuItem\">$filename ($ctype)</div>"; array_push($entries_html, $entry); @@ -2038,7 +2038,7 @@ else $filename = ""; - $rv .= "<div onclick='window.open(\"".htmlspecialchars($entry["url"])."\")' + $rv .= "<div onclick='openUrlPopup(\"".htmlspecialchars($entry["url"])."\")' dojoType=\"dijit.MenuItem\">".$filename . $title."</div>"; }; |