extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2025-03-03 17:41:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

allow to set CSP connect-src and fix all IDE warnings

Browse Source 
r48999: add deprecation note to egw_framework::on_* methods, as they get stoped by CSP (they work for old apps incl. old eTemplate)
This commit is contained in:
Ralf Becker 2014-10-13 12:52:51 +00:00
parent b6f628a66d
commit d12db71dd7
1 changed files with 99 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
phpgwapi/inc/class.egw_framework.inc.php
View File

@ -157,6 +157,33 @@ abstract class egw_framework
return implode(' ', self::$csp_style_src_attrs); return implode(' ', self::$csp_style_src_attrs);
} }
/**
* Additional attributes or urls for CSP connect-src 'self'
*
* @var array
*/
private static $csp_connect_src_attrs = array();
/**
* Set/get Content-Security-Policy attributes for connect-src:
*
* @param string|array $set =array() URL (incl. protocol!)
* @return string with attributes eg. "'unsafe-inline'"
*/
public static function csp_connect_src_attrs($set=null)
{
foreach((array)$set as $attr)
{
if (!in_array($attr, self::$csp_connect_src_attrs))
{
self::$csp_connect_src_attrs[] = $attr;
//error_log(__METHOD__."() setting CSP script-src $attr ".function_backtrace());
}
}
//error_log(__METHOD__."(".array2string($set).") returned ".array2string(implode(' ', self::$csp_script_src_attrs)).' '.function_backtrace());
return implode(' ', self::$csp_connect_src_attrs);
}
/** /**
* Query additional CSP frame-src from current app * Query additional CSP frame-src from current app
* *
@ -184,7 +211,7 @@ abstract class egw_framework
if (($additional = $this->_get_csp_frame_src())) $frame_src = array_unique(array_merge($frame_src, $additional)); if (($additional = $this->_get_csp_frame_src())) $frame_src = array_unique(array_merge($frame_src, $additional));
$csp = "script-src 'self' ".self::csp_script_src_attrs(). $csp = "script-src 'self' ".self::csp_script_src_attrs().
"; connect-src 'self'". "; connect-src 'self'".self::csp_connect_src_attrs().
"; style-src 'self' ".self::csp_style_src_attrs(). "; style-src 'self' ".self::csp_style_src_attrs().
"; frame-src ".implode(' ', $frame_src); "; frame-src ".implode(' ', $frame_src);
@ -234,6 +261,7 @@ abstract class egw_framework
*/ */
static function link($url, $extravars = '', $link_app=null) static function link($url, $extravars = '', $link_app=null)
{ {
unset($link_app); // not used by required by function signature
return $GLOBALS['egw']->session->link($url, $extravars); return $GLOBALS['egw']->session->link($url, $extravars);
} }
@ -311,6 +339,7 @@ abstract class egw_framework
*/ */
public static function refresh_opener($msg, $app, $id=null, $type=null, $targetapp=null, $replace=null, $with=null, $msg_type=null) public static function refresh_opener($msg, $app, $id=null, $type=null, $targetapp=null, $replace=null, $with=null, $msg_type=null)
{ {
unset($msg, $app, $id, $type, $targetapp, $replace, $with, $msg_type); // used only via func_get_args();
//error_log(__METHOD__.'('.array2string(func_get_args()).')'); //error_log(__METHOD__.'('.array2string(func_get_args()).')');
self::$extra['refresh-opener'] = func_get_args(); self::$extra['refresh-opener'] = func_get_args();
} }
@ -325,6 +354,7 @@ abstract class egw_framework
*/ */
public static function message($msg, $type='success') public static function message($msg, $type='success')
{ {
unset($msg, $type); // used only via func_get_args();
self::$extra['message'] = func_get_args(); self::$extra['message'] = func_get_args();
} }
@ -337,6 +367,7 @@ abstract class egw_framework
*/ */
public static function popup($link, $target='_blank', $popup='640x480') public static function popup($link, $target='_blank', $popup='640x480')
{ {
unset($link, $target, $popup); // used only via func_get_args()
// default params are not returned by func_get_args! // default params are not returned by func_get_args!
$args = func_get_args()+array(null, '_blank', '640x480'); $args = func_get_args()+array(null, '_blank', '640x480');
@ -495,7 +526,7 @@ abstract class egw_framework
if($GLOBALS['egw_info']['server']['show_domain_selectbox']) if($GLOBALS['egw_info']['server']['show_domain_selectbox'])
{ {
foreach($GLOBALS['egw_domain'] as $domain => $data) foreach(array_keys($GLOBALS['egw_domain']) as $domain)
{ {
$domains[$domain] = $domain; $domains[$domain] = $domain;
} }
@ -704,7 +735,7 @@ abstract class egw_framework
$GLOBALS['egw_info']['flags']['currentapp'] != 'logout' && $GLOBALS['egw_info']['flags']['currentapp'] != 'logout' &&
!@$GLOBALS['egw_info']['flags']['noappfooter']) !@$GLOBALS['egw_info']['flags']['noappfooter'])
{ {
list($app,$class,$method) = explode('.',(string)$_GET['menuaction']); list(, $class) = explode('.',(string)$_GET['menuaction']);
if ($class && is_object($GLOBALS[$class]) && is_array($GLOBALS[$class]->public_functions) && if ($class && is_object($GLOBALS[$class]) && is_array($GLOBALS[$class]->public_functions) &&
isset($GLOBALS[$class]->public_functions['footer'])) isset($GLOBALS[$class]->public_functions['footer']))
{ {
@ -831,12 +862,6 @@ abstract class egw_framework
$api_messages = lang('it has been more then %1 days since you changed your password',$GLOBALS['egw_info']['server']['change_pwd_every_x_days']); $api_messages = lang('it has been more then %1 days since you changed your password',$GLOBALS['egw_info']['server']['change_pwd_every_x_days']);
} }
// This is gonna change
if(isset($cd))
{
$var['messages'] = $api_messages . '<br />' . checkcode($cd);
}
if (substr($GLOBALS['egw_info']['server']['login_logo_file'],0,4) == 'http' || if (substr($GLOBALS['egw_info']['server']['login_logo_file'],0,4) == 'http' ||
$GLOBALS['egw_info']['server']['login_logo_file'][0] == '/') $GLOBALS['egw_info']['server']['login_logo_file'][0] == '/')
{ {
@ -1285,7 +1310,7 @@ if ($app == 'home') continue;
$base_path = $GLOBALS['egw_info']['server']['webserver_url']; $base_path = $GLOBALS['egw_info']['server']['webserver_url'];
if ($base_path[0] != '/') $base_path = parse_url($base_path, PHP_URL_PATH); if ($base_path[0] != '/') $base_path = parse_url($base_path, PHP_URL_PATH);
$css_files = ''; $css_files = '';
foreach(self::$css_include_files as $n => $path) foreach(self::$css_include_files as $path)
{ {
foreach(self::resolve_css_includes($path) as $path) foreach(self::resolve_css_includes($path) as $path)
{ {
@ -1324,6 +1349,7 @@ if ($app == 'home') continue;
*/ */
protected static function resolve_css_includes($path, &$pathes=array()) protected static function resolve_css_includes($path, &$pathes=array())
{ {
$matches = null;
if (($to_check = file_get_contents (EGW_SERVER_ROOT.$path, false, null, -1, 1024)) && if (($to_check = file_get_contents (EGW_SERVER_ROOT.$path, false, null, -1, 1024)) &&
stripos($to_check, '/*@import') !== false && preg_match_all('|/\*@import url\("([^"]+)"|i', $to_check, $matches)) stripos($to_check, '/*@import') !== false && preg_match_all('|/\*@import url\("([^"]+)"|i', $to_check, $matches))
{ {
@ -1407,7 +1433,7 @@ if ($app == 'home') continue;
if(@isset($_GET['menuaction'])) if(@isset($_GET['menuaction']))
{ {
list($app,$class,$method) = explode('.',$_GET['menuaction']); list(, $class) = explode('.',$_GET['menuaction']);
if(is_array($GLOBALS[$class]->public_functions) && if(is_array($GLOBALS[$class]->public_functions) &&
$GLOBALS[$class]->public_functions['java_script']) $GLOBALS[$class]->public_functions['java_script'])
{ {
@ -1484,8 +1510,8 @@ if ($app == 'home') continue;
} }
$d->close(); $d->close();
// templates packaged like apps in own directories (containing as setup/setup.inc.php file!) // templates packaged like apps in own directories (containing as setup/setup.inc.php file!)
$d = dir(EGW_SERVER_ROOT); $dr = dir(EGW_SERVER_ROOT);
while (($entry=$d->read())) while (($entry=$dr->read()))
{ {
if ($entry != '..' && !isset($GLOBALS['egw_info']['apps'][$entry]) && is_dir(EGW_SERVER_ROOT.'/'.$entry) && if ($entry != '..' && !isset($GLOBALS['egw_info']['apps'][$entry]) && is_dir(EGW_SERVER_ROOT.'/'.$entry) &&
file_exists($f = EGW_SERVER_ROOT . '/' . $entry .'/setup/setup.inc.php')) file_exists($f = EGW_SERVER_ROOT . '/' . $entry .'/setup/setup.inc.php'))
@ -1498,7 +1524,7 @@ if ($app == 'home') continue;
} }
} }
} }
$d->close(); $dr->close();
return array_filter($list); return array_filter($list);
} }
@ -1569,7 +1595,7 @@ if ($app == 'home') continue;
*/ */
protected function add_preferences_topmenu($type='prefs') protected function add_preferences_topmenu($type='prefs')
{ {
static $memberships; static $memberships=null;
if (!isset($memberships)) $memberships = $GLOBALS['egw']->accounts->memberships($GLOBALS['egw_info']['user']['account_id'], true); if (!isset($memberships)) $memberships = $GLOBALS['egw']->accounts->memberships($GLOBALS['egw_info']['user']['account_id'], true);
static $types = array( static $types = array(
'prefs' => array( 'prefs' => array(
@ -1699,6 +1725,7 @@ if ($app == 'home') continue;
/** /**
* Body tags for onLoad, onUnload and onResize * Body tags for onLoad, onUnload and onResize
* *
* @deprecated since 14.1 use app.js et2_ready method instead to execute code or bind a handler (CSP will stop onXXX attributes!)
* @var array * @var array
*/ */
protected static $body_tags = array(); protected static $body_tags = array();
@ -1708,6 +1735,7 @@ if ($app == 'home') continue;
* *
* @param string $code ='' javascript to be used * @param string $code ='' javascript to be used
* @param boolean $replace =false false: append to existing, true: replace existing tag * @param boolean $replace =false false: append to existing, true: replace existing tag
* @deprecated since 14.1 use app.js et2_ready method instead to execute code or bind a handler (CSP will stop onXXX attributes!)
* @return string content of onXXX tag after adding code * @return string content of onXXX tag after adding code
*/ */
static function set_onload($code='',$replace=false) static function set_onload($code='',$replace=false)
@ -1728,6 +1756,7 @@ if ($app == 'home') continue;
* *
* @param string $code ='' javascript to be used * @param string $code ='' javascript to be used
* @param boolean $replace =false false: append to existing, true: replace existing tag * @param boolean $replace =false false: append to existing, true: replace existing tag
* @deprecated since 14.1 use app.js et2_ready method instead to execute code or bind a handler (CSP will stop onXXX attributes!)
* @return string content of onXXX tag after adding code * @return string content of onXXX tag after adding code
*/ */
static function set_onunload($code='',$replace=false) static function set_onunload($code='',$replace=false)
@ -1748,6 +1777,7 @@ if ($app == 'home') continue;
* *
* @param string $code ='' javascript to be used * @param string $code ='' javascript to be used
* @param boolean $replace =false false: append to existing, true: replace existing tag * @param boolean $replace =false false: append to existing, true: replace existing tag
* @deprecated since 14.1 use app.js et2_ready method instead to execute code or bind a handler (CSP will stop onXXX attributes!)
* @return string content of onXXX tag after adding code * @return string content of onXXX tag after adding code
*/ */
static function set_onbeforeunload($code='',$replace=false) static function set_onbeforeunload($code='',$replace=false)
@ -1768,6 +1798,7 @@ if ($app == 'home') continue;
* *
* @param string $code ='' javascript to be used * @param string $code ='' javascript to be used
* @param boolean $replace =false false: append to existing, true: replace existing tag * @param boolean $replace =false false: append to existing, true: replace existing tag
* @deprecated since 14.1 use app.js et2_ready method instead to execute code or bind a handler (CSP will stop onXXX attributes!)
* @return string content of onXXX tag after adding code * @return string content of onXXX tag after adding code
*/ */
static function set_onresize($code='',$replace=false) static function set_onresize($code='',$replace=false)
@ -1786,6 +1817,7 @@ if ($app == 'home') continue;
/** /**
* Adds on(Un)Load= attributes to the body tag of a page * Adds on(Un)Load= attributes to the body tag of a page
* *
* @deprecated since 14.1 use app.js et2_ready method instead to execute code or bind a handler (CSP will stop onXXX attributes!)
* @returns string the attributes to be used * @returns string the attributes to be used
*/ */
static public function _get_body_attribs() static public function _get_body_attribs()
@ -1896,6 +1928,7 @@ if ($app == 'home') continue;
} }
} }
$to_include = $included_bundles = array(); $to_include = $included_bundles = array();
$query = null;
foreach($js_includes as $file) foreach($js_includes as $file)
{ {
if (!isset($to_include[$file])) if (!isset($to_include[$file]))
@ -1918,7 +1951,7 @@ if ($app == 'home') continue;
} }
else else
{ {
$query = ''; unset($query);
list($path, $query) = explode('?', $file, 2); list($path, $query) = explode('?', $file, 2);
$mod = filemtime(EGW_SERVER_ROOT.$path); $mod = filemtime(EGW_SERVER_ROOT.$path);
@ -1945,6 +1978,7 @@ if ($app == 'home') continue;
$debug_minify = $GLOBALS['egw_info']['server']['debug_minify'] === 'True'; $debug_minify = $GLOBALS['egw_info']['server']['debug_minify'] === 'True';
$to_include = $to_minify = array(); $to_include = $to_minify = array();
$max_modified = 0; $max_modified = 0;
$query = null;
foreach($js_includes as $path) foreach($js_includes as $path)
{ {
if ($path == '/phpgwapi/js/jsapi/egw.js') continue; // loaded via own tag, and we must not load it twice! if ($path == '/phpgwapi/js/jsapi/egw.js') continue; // loaded via own tag, and we must not load it twice!
@ -2129,9 +2163,10 @@ if ($app == 'home') continue;
self::includeCSS($app,'app'); self::includeCSS($app,'app');
// add all css files from egw_framework::includeCSS() // add all css files from egw_framework::includeCSS()
$query = null;
foreach(self::$css_include_files as $path) foreach(self::$css_include_files as $path)
{ {
$query = ''; unset($query);
list($path,$query) = explode('?',$path,2); list($path,$query) = explode('?',$path,2);
$path .= '?'. filemtime(EGW_SERVER_ROOT.$path).($query ? '&'.$query : ''); $path .= '?'. filemtime(EGW_SERVER_ROOT.$path).($query ? '&'.$query : '');
$response->includeCSS($GLOBALS['egw_info']['server']['webserver_url'].$path); $response->includeCSS($GLOBALS['egw_info']['server']['webserver_url'].$path);
@ -2141,8 +2176,7 @@ if ($app == 'home') continue;
self::validate_file('.', 'app', $app); self::validate_file('.', 'app', $app);
// add all js files from egw_framework::validate_file() // add all js files from egw_framework::validate_file()
$files = self::$js_include_mgr->get_included_files(); $files = self::bundle_js_includes(self::$js_include_mgr->get_included_files());
$files = self::bundle_js_includes($files);
foreach($files as $path) foreach($files as $path)
{ {
$response->includeScript($GLOBALS['egw_info']['server']['webserver_url'].$path); $response->includeScript($GLOBALS['egw_info']['server']['webserver_url'].$path);
@ -2272,9 +2306,9 @@ if (!function_exists('display_sidebox'))
* *
* @deprecated use $GLOBALS['egw']->framework->sidebox() * @deprecated use $GLOBALS['egw']->framework->sidebox()
*/ */
function display_sidebox($appname,$menu_title,$file) function display_sidebox($appname,$menu_title,$_file)
{ {
$file = str_replace('preferences.uisettings.index', 'preferences.preferences_settings.index', $file); $file = str_replace('preferences.uisettings.index', 'preferences.preferences_settings.index', $_file);
$GLOBALS['egw']->framework->sidebox($appname,$menu_title,$file); $GLOBALS['egw']->framework->sidebox($appname,$menu_title,$file);
} }
} }