12 files changed, 62 insertions, 20 deletions
diff --git a/config/global.ini.php b/config/global.ini.php
index 025e265787..56ec7e1194 100644
--- a/config/global.ini.php
+++ b/config/global.ini.php
@@ -173,6 +173,10 @@ login_password_recovery_email_name = Piwik
 ; Default is 0 (i.e., bust frames on the Login forms).
 enable_framed_logins = 0
 
+; Set to 1 to disable the framebuster (a click-jacking countermeasure).
+; Default is 0 (i.e., bust frames on the Settings forms).
+enable_framed_settings = 0
+
 ; language cookie name for session
 language_cookie_name = piwik_lang
 
diff --git a/core/Controller.php b/core/Controller.php
index 9c456f267f..8dceafca59 100644
--- a/core/Controller.php
+++ b/core/Controller.php
@@ -364,17 +364,14 @@ abstract class Piwik_Controller
 	}
 	
 	/**
-	 * Will only set the minimal variables in the view object
-	 * Used by Admin screens
+	 * Set the minimal variables in the view object
 	 * 
 	 * @param Piwik_View $view
 	 */
 	protected function setBasicVariablesView($view)
 	{
 		$view->topMenu = Piwik_GetTopMenu();
-		$view->currentAdminMenuName = Piwik_GetCurrentAdminMenuName();
 		$view->debugTrackVisitsInsidePiwikUI = Zend_Registry::get('config')->Debug->track_visits_inside_piwik_ui;
-
 		$view->isSuperUser = Zend_Registry::get('access')->isSuperUser();
 	}
 	
@@ -562,3 +559,29 @@ abstract class Piwik_Controller
 		}
 	}
 }
+
+/**
+ * Parent class of all plugins Controllers with admin functions
+ * 
+ * @package Piwik
+ */
+abstract class Piwik_Controller_Admin
+{
+	/**
+	 * Used by Admin screens
+	 * 
+	 * @param Piwik_View $view
+	 */
+	protected function setBasicVariablesView($view)
+	{
+		parent::setBasicVariablesView($view);
+
+		$view->currentAdminMenuName = Piwik_GetCurrentAdminMenuName();
+
+		$view->enableFrames = Zend_Registry::get('config')->General->enable_framed_settings;
+		if(!$view->enableFrames)
+		{
+			$view->setXFrameOptions('sameorigin');
+		}
+	}
+}
diff --git a/plugins/CoreAdminHome/Controller.php b/plugins/CoreAdminHome/Controller.php
index 1dbbae3c33..6c7f245c2c 100644
--- a/plugins/CoreAdminHome/Controller.php
+++ b/plugins/CoreAdminHome/Controller.php
@@ -14,7 +14,7 @@
  *
  * @package Piwik_CoreAdminHome
  */
-class Piwik_CoreAdminHome_Controller extends Piwik_Controller
+class Piwik_CoreAdminHome_Controller extends Piwik_Controller_Admin
 {
 	public function index()
 	{
diff --git a/plugins/CoreAdminHome/templates/header.tpl b/plugins/CoreAdminHome/templates/header.tpl
index fd66580d4f..fe95a5cfb1 100644
--- a/plugins/CoreAdminHome/templates/header.tpl
+++ b/plugins/CoreAdminHome/templates/header.tpl
@@ -14,8 +14,25 @@
 <!--[if IE]>
 <link rel="stylesheet" type="text/css" href="themes/default/ieonly.css" />
 <![endif]-->
+{if isset($enableFrames) && !$enableFrames}
+{literal}
+	<style>body { display : none; }</style>
+{/literal}
+{/if}
 </head>
 <body>
+{if isset($enableFrames) && !$enableFrames}
+{literal}
+	<script type="text/javascript">
+		if(self == top) {
+			var theBody = document.getElementsByTagName('body')[0];
+			theBody.style.display = 'block';
+		} else {
+			top.location = self.location;
+		}
+	</script>
+{/literal}
+{/if}
 <div id="root">
 {if !isset($showTopMenu) || $showTopMenu}
 {include file="CoreHome/templates/top_bar.tpl"}
diff --git a/plugins/CorePluginsAdmin/Controller.php b/plugins/CorePluginsAdmin/Controller.php
index f0dd4344e3..3d5accf8a9 100644
--- a/plugins/CorePluginsAdmin/Controller.php
+++ b/plugins/CorePluginsAdmin/Controller.php
@@ -14,7 +14,7 @@
  *
  * @package Piwik_CorePluginsAdmin
  */
-class Piwik_CorePluginsAdmin_Controller extends Piwik_Controller
+class Piwik_CorePluginsAdmin_Controller extends Piwik_Controller_Admin
 {	
 	function index()
 	{
diff --git a/plugins/DBStats/Controller.php b/plugins/DBStats/Controller.php
index 9dea86426f..8feeb6e6a5 100644
--- a/plugins/DBStats/Controller.php
+++ b/plugins/DBStats/Controller.php
@@ -14,7 +14,7 @@
  *
  * @package Piwik_DBStats
  */
-class Piwik_DBStats_Controller extends Piwik_Controller
+class Piwik_DBStats_Controller extends Piwik_Controller_Admin
 {
 	function index()
 	{
diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php
index 8bb3b968c3..e8870dbae6 100644
--- a/plugins/Login/Controller.php
+++ b/plugins/Login/Controller.php
@@ -77,13 +77,14 @@ class Piwik_Login_Controller extends Piwik_Controller
 	{
 		$view->linkTitle = Piwik::getRandomTitle();
 
-		$enableFramedLogins = Zend_Registry::get('config')->General->enable_framed_logins;
-		$view->enableFramedLogins = $enableFramedLogins;
-		if(!$enableFramedLogins)
+		$view->enableFrames = Zend_Registry::get('config')->General->enable_framed_logins;
+		if(!$view->enableFrames)
 		{
 			$view->setXFrameOptions('sameorigin');
 		}
+
 		$view->forceSslLogin = Zend_Registry::get('config')->General->force_ssl_login;
+
 		// crsf token: don't trust the submitted value; generate/fetch it from session data
 		$view->nonce = Piwik_Nonce::getNonce('Piwik_Login.login');
 	}
@@ -232,7 +233,6 @@ class Piwik_Login_Controller extends Piwik_Controller
 		}
 		$this->configureView($view);
 		echo $view->render();
-
 		exit;
 	}
 
@@ -317,9 +317,7 @@ class Piwik_Login_Controller extends Piwik_Controller
 		}
 
 		$this->configureView($view);
-		
 		echo $view->render();
-
 		exit;
 	}
 
diff --git a/plugins/Login/templates/header.tpl b/plugins/Login/templates/header.tpl
index e7e69f97b1..b292613fbd 100644
--- a/plugins/Login/templates/header.tpl
+++ b/plugins/Login/templates/header.tpl
@@ -8,7 +8,7 @@
 	<link rel="stylesheet" type="text/css" href="plugins/Login/templates/login.css" />
 	<meta name="description" content="{'General_OpenSourceWebAnalytics'|translate|escape}" />
 	
-{if isset($enableFramedLogins) && !$enableFramedLogins}
+{if isset($enableFrames) && !$enableFrames}
 {literal}
 	<style>body { display : none; }</style>
 {/literal}
@@ -42,7 +42,7 @@
 {/if}
 </head>
 <body class="login">
-{if isset($enableFramedLogins) && !$enableFramedLogins}
+{if isset($enableFrames) && !$enableFrames}
 {literal}
 	<script type="text/javascript">
 		if(self == top) {
diff --git a/plugins/SecurityInfo/Controller.php b/plugins/SecurityInfo/Controller.php
index 70bb5878fc..a3332a551d 100644
--- a/plugins/SecurityInfo/Controller.php
+++ b/plugins/SecurityInfo/Controller.php
@@ -13,7 +13,7 @@
 /**
  * @package Piwik_SecurityInfo
  */
-class Piwik_SecurityInfo_Controller extends Piwik_Controller
+class Piwik_SecurityInfo_Controller extends Piwik_Controller_Admin
 {
 	function index()
 	{
diff --git a/plugins/SitesManager/Controller.php b/plugins/SitesManager/Controller.php
index c93d09db66..ae98b1f66b 100644
--- a/plugins/SitesManager/Controller.php
+++ b/plugins/SitesManager/Controller.php
@@ -14,7 +14,7 @@
  *
  * @package Piwik_SitesManager
  */
-class Piwik_SitesManager_Controller extends Piwik_Controller
+class Piwik_SitesManager_Controller extends Piwik_Controller_Admin
 {
 	/*
 	 * Main view showing listing of websites and settings
diff --git a/plugins/UsersManager/Controller.php b/plugins/UsersManager/Controller.php
index b5f608b296..e6de17fd81 100644
--- a/plugins/UsersManager/Controller.php
+++ b/plugins/UsersManager/Controller.php
@@ -10,12 +10,11 @@
  * @package Piwik_UsersManager
  */
 
-
 /**
  * 
  * @package Piwik_UsersManager
  */
-class Piwik_UsersManager_Controller extends Piwik_Controller
+class Piwik_UsersManager_Controller extends Piwik_Controller_Admin
 {
 	/**
 	 * The "Manage Users and Permissions" Admin UI screen
diff --git a/plugins/VisitorGenerator/Controller.php b/plugins/VisitorGenerator/Controller.php
index 34373a972b..6253e413d7 100644
--- a/plugins/VisitorGenerator/Controller.php
+++ b/plugins/VisitorGenerator/Controller.php
@@ -14,7 +14,8 @@
  *
  * @package Piwik_VisitorGenerator
  */
-class Piwik_VisitorGenerator_Controller extends Piwik_Controller {
+class Piwik_VisitorGenerator_Controller extends Piwik_Controller_Admin
+{
 
 	public function index() {
 		Piwik::checkUserIsSuperUser();