diff --git a/htdocs/core/lib/website2.lib.php b/htdocs/core/lib/website2.lib.php
index bb7217c8df5..48ef724e4dc 100644
--- a/htdocs/core/lib/website2.lib.php
+++ b/htdocs/core/lib/website2.lib.php
@@ -123,14 +123,17 @@ function dolSavePageContent($filetpl, Website $object, WebsitePage $objectpage)
$tplcontent .= ''."\n";
$tplcontent .= ''."\n";
// Add translation reference (main language)
- $translationof = $objectpage->fk_page;
- if ($translationof) {
- $tmppage = new WebsitePage($db);
- $tmppage->fetch($translationof);
- if ($tmppage->id > 0) {
- $tmpshortlangcode = '';
- if ($tmppage->lang) $tmpshortlangcode = preg_replace('/[_-].*$/', '', $tmppage->lang); // en_US or en-US -> en
- $tplcontent .= ''."\n";
+ if ($object->isMultiLang()) {
+ $tplcontent .= ''."\n";
+ $translationof = $objectpage->fk_page;
+ if ($translationof) {
+ $tmppage = new WebsitePage($db);
+ $tmppage->fetch($translationof);
+ if ($tmppage->id > 0) {
+ $tmpshortlangcode = '';
+ if ($tmppage->lang) $tmpshortlangcode = preg_replace('/[_-].*$/', '', $tmppage->lang); // en_US or en-US -> en
+ $tplcontent .= ''."\n";
+ }
}
}
// Add canonical reference
diff --git a/htdocs/core/website.inc.php b/htdocs/core/website.inc.php
index 2cc046ac818..fc6fa02cbec 100644
--- a/htdocs/core/website.inc.php
+++ b/htdocs/core/website.inc.php
@@ -63,6 +63,11 @@ if ($pageid > 0)
if (! defined('USEDOLIBARRSERVER') && ! defined('USEDOLIBARREDITOR')) {
header("X-Content-Type-Options: nosniff");
+ /* TODO Manage allow_frames flag on websitepage.
+ if (empty($websitepage->allow_frames) && empty($conf->global->WEBSITE_ALLOW_FRAMES_ON_ALL_PAGES)) {
+ header("X-Frame-Options: SAMEORIGIN");
+ }
+ */
}
// A lang was forced, so we change weblangs init
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index eae61993dd6..4824ced47db 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -1137,7 +1137,7 @@ function top_httphead($contenttype = 'text/html', $forcenocache = 0)
header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on)
if (!defined('XFRAMEOPTIONS_ALLOWALL')) header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
else header("X-Frame-Options: ALLOWALL");
- //header("X-XSS-Protection: 1"); // XSS protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated.
+ //header("X-XSS-Protection: 1"); // XSS filtering protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated.
if (!defined('FORCECSP'))
{
//if (! isset($conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY))
diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php
index f45298e082a..5c2bf40aa03 100644
--- a/htdocs/website/class/website.class.php
+++ b/htdocs/website/class/website.class.php
@@ -1161,6 +1161,18 @@ class Website extends CommonObject
}
}
+ /**
+ * Return if web site is a multilanguage web site. Return false if there is only 0 or 1 language.
+ *
+ * @return boolean True if web site is a multilanguage web site
+ */
+ public function isMultiLang()
+ {
+ // TODO Can edit list of languages of web site. Return false if there is only 0 or 1 language.
+
+ return true;
+ }
+
/**
* Component to select language inside a container (Full CSS Only)
*
diff --git a/htdocs/website/index.php b/htdocs/website/index.php
index df479f0cd36..3d0d7f25871 100644
--- a/htdocs/website/index.php
+++ b/htdocs/website/index.php
@@ -25,7 +25,7 @@ define('NOSCANPOSTFORINJECTION', 1);
define('NOSTYLECHECK', 1);
define('USEDOLIBARREDITOR', 1);
-header('X-XSS-Protection:0');
+//header('X-XSS-Protection:0'); // Disable XSS filtering protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated.
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';