mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-13 09:28:29 +01:00
setting CSP attributes needed by CKeditor now automatic when egw_ckeditor_config::get_ckeditor_config(_array) get called
This commit is contained in:
parent
69a809cb3f
commit
38504680b7
@ -32,9 +32,6 @@ class etemplate_widget_htmlarea extends etemplate_widget
|
||||
{
|
||||
$form_name = self::form_name($cname, $this->id);
|
||||
|
||||
// tell framework CK Editor needs eval and inline javascript :(
|
||||
egw_framework::csp_script_src_attrs(array('unsafe-eval', 'unsafe-inline'));
|
||||
|
||||
$config = egw_ckeditor_config::get_ckeditor_config_array($this->attrs['mode'], $this->attrs['height'],
|
||||
$this->attrs['expand_toolbar'],$this->attrs['base_href']
|
||||
);
|
||||
|
@ -1,6 +1,6 @@
|
||||
<?php
|
||||
/**
|
||||
* eGroupWare - Class which generates JSON encoded configuration for the ckeditor
|
||||
* EGroupware - Class which generates JSON encoded configuration for the ckeditor
|
||||
*
|
||||
* @link http://www.egroupware.org
|
||||
* @author RalfBecker-AT-outdoor-training.de
|
||||
@ -11,6 +11,9 @@
|
||||
* @version $Id$
|
||||
*/
|
||||
|
||||
/**
|
||||
* CK-Editor configuration
|
||||
*/
|
||||
class egw_ckeditor_config
|
||||
{
|
||||
private static $lang = null;
|
||||
@ -350,6 +353,9 @@ class egw_ckeditor_config
|
||||
*/
|
||||
public static function get_ckeditor_config_array($mode = '', $height = 400, $expanded_toolbar = true, $start_path = '')
|
||||
{
|
||||
// set for CK-Editor necessary CSP script-src attributes
|
||||
self::set_csp_script_src_attrs();
|
||||
|
||||
// If not explicitly set, use preference for toolbar mode
|
||||
if(!$mode || trim($mode) == '') $mode = $GLOBALS['egw_info']['user']['preferences']['common']['rte_features'];
|
||||
$config = array();
|
||||
@ -374,4 +380,23 @@ class egw_ckeditor_config
|
||||
{
|
||||
return json_encode(self::get_ckeditor_config_array($mode, $height, $expanded_toolbar, $start_path));
|
||||
}
|
||||
|
||||
/**
|
||||
* Set for CK-Editor necessary CSP script-src attributes
|
||||
*
|
||||
* Get's called automatic from get_ckeditor_config(_array)
|
||||
*/
|
||||
public static function set_csp_script_src_attrs()
|
||||
{
|
||||
$attrs = array('unsafe-eval', 'unsafe-inline');
|
||||
|
||||
// if webspellchecker is enabled in EGroupware config, allow access to it's url
|
||||
if (in_array($GLOBALS['egw_info']['server']['enabled_spellcheck'], array('True', 'YesUseWebSpellCheck')))
|
||||
{
|
||||
$attrs[] = 'http://svc.webspellchecker.net';
|
||||
}
|
||||
//error_log(__METHOD__."() egw_info[server][enabled_spellcheck]='{$GLOBALS['egw_info']['server']['enabled_spellcheck']}' --> attrs=".array2string($attrs));
|
||||
// tell framework CK Editor needs eval and inline javascript :(
|
||||
egw_framework::csp_script_src_attrs($attrs);
|
||||
}
|
||||
}
|
||||
|
@ -84,11 +84,13 @@ abstract class egw_framework
|
||||
}
|
||||
|
||||
/**
|
||||
* Additional attributes for CSP script-src 'self'
|
||||
* Additional attributes or urls for CSP script-src 'self'
|
||||
*
|
||||
* 'unsafe-eval' is currently allways added, as it is used in a couple of places.
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
private static $csp_script_src_attrs = array('unsafe-eval');
|
||||
private static $csp_script_src_attrs = array("'unsafe-eval'");
|
||||
|
||||
/**
|
||||
* Set/get Content-Security-Policy attributes for script-src: 'unsafe-eval' and/or 'unsafe-inline'
|
||||
@ -106,13 +108,18 @@ abstract class egw_framework
|
||||
{
|
||||
foreach((array)$set as $attr)
|
||||
{
|
||||
if (in_array($attr, array('none', 'self', 'unsafe-eval', 'unsafe-inline')))
|
||||
{
|
||||
$attr = "'$attr'"; // automatic add quotes
|
||||
}
|
||||
if (!in_array($attr, self::$csp_script_src_attrs))
|
||||
{
|
||||
self::$csp_script_src_attrs[] = $attr;
|
||||
//error_log(__METHOD__."() swiching CSP OFF for script-src '$attr' ".function_backtrace());
|
||||
//error_log(__METHOD__."() setting CSP script-src $attr ".function_backtrace());
|
||||
}
|
||||
}
|
||||
return self::$csp_script_src_attrs ? "'".implode("' '", self::$csp_script_src_attrs)."'" : '';
|
||||
//error_log(__METHOD__."(".array2string($set).") returned ".array2string(implode(' ', self::$csp_script_src_attrs)).' '.function_backtrace());
|
||||
return implode(' ', self::$csp_script_src_attrs);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -531,9 +531,6 @@ class html
|
||||
return self::textarea($_name,$_content,'style="width: '.$_width.'; height: '.$_height.';" id="'.htmlspecialchars($_name).'"');
|
||||
}
|
||||
|
||||
// tell framework CK Editor needs eval and inline javascript :(
|
||||
egw_framework::csp_script_src_attrs(array('unsafe-eval', 'unsafe-inline'));
|
||||
|
||||
//include the ckeditor js file
|
||||
egw_framework::validate_file('ckeditor','ckeditor','phpgwapi');
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user