extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-01-09 07:28:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix broken setting of CSP via hook since commit a304f34e6b

Browse Source 
(fix PHP Error: [] operator not supported for strings)
This commit is contained in:
ralf 2022-07-08 14:15:30 +02:00
parent bf8dae795d
commit a80d810926
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
api/src/Header/ContentSecurityPolicy.php
View File

@ -52,16 +52,14 @@ class ContentSecurityPolicy
* Calling this method with an empty array for frame-src or connect-src causes the hook to NOT run and just set 'self'! * Calling this method with an empty array for frame-src or connect-src causes the hook to NOT run and just set 'self'!
* *
* @param string $source valid CSP source types like 'script-src', 'style-src', 'connect-src', 'frame-src', ... * @param string $source valid CSP source types like 'script-src', 'style-src', 'connect-src', 'frame-src', ...
* @param string|array $attrs 'unsafe-eval', 'unsafe-inline' (without quotes!), full URLs or protocols (incl. colon!) * @param string|array $_attrs 'unsafe-eval', 'unsafe-inline' (without quotes!), full URLs or protocols (incl. colon!)
* 'none' removes all other attributes, even ones set later! * 'none' removes all other attributes, even ones set later!
* @param bool $reset =false true: remove existing default or hook attributes * @param bool $reset =false true: remove existing default or hook attributes
*/ */
public static function add($source, $attrs, $reset=false) public static function add($source, $_attrs, $reset=false)
{ {
if (!is_array($attrs)) $attrs = (array)$_attrs;
{
$attrs = (array)$attrs;
}
if ($reset) if ($reset)
{ {
self::$sources[$source] = []; self::$sources[$source] = [];
@ -69,7 +67,7 @@ class ContentSecurityPolicy
elseif (!isset(self::$sources[$source])) elseif (!isset(self::$sources[$source]))
{ {
// set frame-src attrs of API and apps via hook // set frame-src attrs of API and apps via hook
if (in_array($source, ['frame-src', 'connect-src']) && $attrs !== []) if (in_array($source, ['frame-src', 'connect-src']) && $_attrs !== [])
{ {
// for regular (non login) pages, call hook allowing apps to add additional frame- and connect-src // for regular (non login) pages, call hook allowing apps to add additional frame- and connect-src
if (basename($_SERVER['PHP_SELF']) !== 'login.php' && if (basename($_SERVER['PHP_SELF']) !== 'login.php' &&