From bda2dbec1f45b3aaed93ade98553e71cf1911d68 Mon Sep 17 00:00:00 2001
From: Thomas Mueller <thomas.mueller@tmit.eu>
Date: Mon, 14 May 2012 15:34:28 +0200
Subject: [PATCH] Prevent Clickjacking by adding additional headers:           
      header('X-Frame-Options: Sameorigin');                
 header('X-XSS-Protection: 1; mode=block');                
 header('X-Content-Type-Options: nosniff');

Thanks to Lukas Reschke for reporting this issue (and many more).
---
 lib/template.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/template.php b/lib/template.php
index 57e9c15f5e6..e908c76bfad 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -156,7 +156,10 @@ class OC_Template{
 		$this->application = $app;
 		$this->vars = array();
 		$this->l10n = OC_L10N::get($app);
-
+                header('X-Frame-Options: Sameorigin');
+                header('X-XSS-Protection: 1; mode=block');
+                header('X-Content-Type-Options: nosniff');
+ 
 		$this->findTemplate($name);
 	}
 
-- 
2.39.5