Changeset 3293 in subversion


Ignore:
Timestamp:
Feb 26, 2010 3:06:48 AM (4 years ago)
Author:
alec
Message:
  • Fix CVE-2010-0464: Disable DNS prefetching (#1486449)
Location:
trunk/roundcubemail
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/roundcubemail/CHANGELOG

    r3291 r3293  
    22=========================== 
    33 
     4- Fix CVE-2010-0464: Disable DNS prefetching (#1486449) 
    45- Fix Received headers to behave better with SpamAssassin (#1486513) 
    56- Password: Make passwords encoding consistent with core, add 'password_charset' global option (#1486473) 
  • trunk/roundcubemail/program/include/rcube_shared.inc

    r3236 r3293  
    4040  header("Cache-Control: private, must-revalidate, post-check=0, pre-check=0"); 
    4141  header("Pragma: no-cache"); 
     42  // Request browser to disable DNS prefetching (CVE-2010-0464) 
     43  header("X-DNS-Prefetch-Control: off"); 
    4244   
    4345  // We need to set the following headers to make downloads work using IE in HTTPS mode. 
  • trunk/roundcubemail/program/steps/mail/get.inc

    r2979 r3293  
    4242} 
    4343 
     44send_nocacheing_headers(); 
    4445 
    4546// show part page 
     
    6768    $browser = new rcube_browser; 
    6869 
    69     send_nocacheing_headers(); 
    70      
    7170    // send download headers 
    7271    if ($_GET['_download']) { 
Note: See TracChangeset for help on using the changeset viewer.