WordPress.org
Get WordPress

Plugin Directory

Changeset 1512862


Ignore:
Timestamp:
10/11/2016 05:49:32 PM (9 years ago)
Author:
r0bsc0tt
Message:

update to 1.1.0: adds X-XSS Protection Option

Location:
eazy-http-headers
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • eazy-http-headers/trunk/eazy-http-headers-action.php

    r1454957 r1512862  
    66}
    77
     8// send headers with options if option checkbox is checked
     9add_action('send_headers','eazyHTTPHeader',1);
    810function eazyHTTPHeader() {
    9   //if x-frame options checkbox is checked
     11 
     12  //if x-frame checkbox is checked
    1013  if (get_option( 'eazyHTTPhead_checkbox_frame' ) === '1') {
    1114    //use WP  x-frame options header
    1215     send_frame_options_header();
    1316  }
     17
     18  //if X-XSS protection checkbox is checked
     19  if (get_option( 'eazyHTTPhead_checkbox_xss' ) === '1') {
     20    //set X-XSS-Protection header
     21    header("X-XSS-Protection: 1; mode=block;");
     22  } 
     23
    1424  //if 'X-Content-Type checkbox is checked
    1525  if (get_option( 'eazyHTTPhead_checkbox_nosniff' ) === '1') {
     
    1727    send_nosniff_header();
    1828  }
     29
    1930}
    20 
    21 add_action('send_headers','eazyHTTPHeader',1);

  • eazy-http-headers/trunk/eazy-http-headers-settings.php

    r1454957 r1512862  
    77
    88 // Add eazy http settings section to general options page
     9 add_action( 'admin_init', 'eazyHTTPhead_settings_init' );
    910 function eazyHTTPhead_settings_init() {
    1011  // Add the section
     
    1617  );
    1718 
    18   // Add the fields
     19  // Add the field for X-Frame
    1920  add_settings_field(
    2021    'eazyHTTPhead_checkbox_frame',
     
    2526  );
    2627 
     28  // Add the field for X-XSS Protection
     29  add_settings_field(
     30    'eazyHTTPhead_checkbox_xss',
     31    __('X-XSS-Protection', 'ez-http-headers'),
     32    'eazyHTTPhead_xss_callback',
     33    'general',
     34    'eazy_http_settings'
     35  );
     36
     37  //add the field for NoSniff
    2738  add_settings_field(
    2839    'eazyHTTPhead_checkbox_nosniff',
     
    3546  // Register the settings
    3647  register_setting( 'general', 'eazyHTTPhead_checkbox_frame' );
     48  register_setting( 'general', 'eazyHTTPhead_checkbox_xss' ); 
    3749  register_setting( 'general', 'eazyHTTPhead_checkbox_nosniff' ); 
    3850 }
    3951 
    40  add_action( 'admin_init', 'eazyHTTPhead_settings_init' );
     52
    4153 
    4254 
     
    4456 function eazy_http_settings_callback_function() {
    4557  _e('<p>Check the box to apply the corresponding setting.</p>', 'ez-http-headers');
    46   //echo '<p>Check the box to apply the corresponding setting.</p>';
    4758 }
    48  
    4959
    50  // Setting fields callback
     60 // X-Frame callback
    5161 function eazyHTTPhead_frame_callback() {
    5262  _e('<input name="eazyHTTPhead_checkbox_frame" id="eazyHTTPhead_checkbox_frame" type="checkbox" value="1" class="code" ' . checked( 1, get_option( 'eazyHTTPhead_checkbox_frame' ), false ) . ' /> "SAMEORIGIN"', 'ez-http-headers');
    53   //echo '<input name="eazyHTTPhead_checkbox_frame" id="eazyHTTPhead_checkbox_frame" type="checkbox" value="1" class="code" ' . checked( 1, get_option( 'eazyHTTPhead_checkbox_frame' ), false ) . ' /> "SAMEORIGIN"';
    5463 }
    5564
     65 // X-XSS callback
     66 function eazyHTTPhead_xss_callback() {
     67  _e('<input name="eazyHTTPhead_checkbox_xss" id="eazyHTTPhead_checkbox_xss" type="checkbox" value="1" class="code" ' . checked( 1, get_option( 'eazyHTTPhead_checkbox_xss' ), false ) . ' /> "1; mode=block;"', 'ez-http-headers');
     68 }
     69
     70// nosniff callback
    5671function eazyHTTPhead_nosniff_callback() {
    5772  _e('<input name="eazyHTTPhead_checkbox_nosniff" id="eazyHTTPhead_checkbox_nosniff" type="checkbox" value="1" class="code" ' . checked( 1, get_option( 'eazyHTTPhead_checkbox_nosniff' ), false ) . ' /> "nosniff"', 'ez-http-headers');
    58   //echo '<input name="eazyHTTPhead_checkbox_nosniff" id="eazyHTTPhead_checkbox_nosniff" type="checkbox" value="1" class="code" ' . checked( 1, get_option( 'eazyHTTPhead_checkbox_nosniff' ), false ) . ' /> "nosniff"';
    5973 }

  • eazy-http-headers/trunk/eazy-http-headers.php

    r1454957 r1512862  
    11<?php
    2 
    32/*
    43Plugin Name: Eazy HTTP Headers
    54Plugin URI: http://robjscott.com/wordpress/plugins/eazy-http-headers
    6 Description:  Provides settings to activate two functions built into WordPress, send_frame_options_header() & send_nosniff_header(), allowing you to control HTTP Headers for X-Frame-Options & X-Content-Type-Options.
    7 Version: 1.0.0
     5Description: Allows you to control the output of HTTP Headers for X-Frame-Options, X-XSS Protection & X-Content-Type-Options with checkboxes.
     6Version: 1.1.0
    87Author: Rob Scott, LLC
    98Author URI: http://robjscott.com

  • eazy-http-headers/trunk/readme.txt

    r1466343 r1512862  
    11=== Eazy HTTP Headers ===
    22Contributors: r0bsc0tt
    3 Tags: HTTP Headers, nosniff, x-frame, x-content
     3Tags: HTTP Headers, nosniff, x-frame, x-content, security, headers
    44Requires at least: 4.5
    5 Tested up to: 4.6
     5Tested up to: 4.6.1
    66Stable tag: trunk
    77License: GPLv2 or any later version
    88License URI: http://www.gnu.org/licenses/gpl-2.0.txt
    99
    10 Provides settings to activate two functions built into WordPress, send_frame_options_header() & send_nosniff_header(), allowing you to control HTTP Headers for X-Frame-Options & X-Content-Type-Options.
     10Provides settings to activate three HTTP header settings for X-Frame-Options, X-XSS Protection & X-Content-Type-Options.
    1111
    1212== Description ==
    13 Eazy HTTP Headers provides two check boxes for settings on the general settings page.
    14 The check boxes activate two functions built into WordPress, send_frame_options_header() & send_nosniff_header().
    15 This allows you to control your sites HTTP Headers for X-Frame-Options & X-Content-Type-Options.
     13Eazy HTTP Headers provides three check boxes for settings on the general settings page.
     14Two of the check boxes, activate two functions built into WordPress, send_frame_options_header() & send_nosniff_header(), while the other sets a header for X-XSS Protection.
     15This allows you to control your sites HTTP Headers for X-Frame-Options & X-Content-Type-Options using functions built into WordPress functions.
    1616
    1717== Installation ==
     
    3131
    3232== Changelog ==
     33= 1.1.0 =
     34* Added option for X-XSS Protection
     35* Added inline documentation
     36
    3337= 1.0.0 =
    3438* Initial version of plugin.
    3539
    3640== Upgrade Notice ==
     41= 1.1.0 =
     42* Updated to include option for X-XSS Protection
     43
    3744= 1.0.0 =
    3845* Initial version of plugin.
Note: See TracChangeset for help on using the changeset viewer.