extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-07 16:44:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

allow to set CSP connect-src and fix all IDE warnings

Browse Source
This commit is contained in:
Ralf Becker 2014-10-09 20:32:59 +00:00
parent a35590b8fe
commit db6e2c1ed6
1 changed files with 89 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
phpgwapi/inc/class.egw_framework.inc.php
View File

@ -157,6 +157,33 @@ abstract class egw_framework
return implode(' ', self::$csp_style_src_attrs);
}
/**
* Additional attributes or urls for CSP connect-src 'self'
*
* @var array
*/
private static $csp_connect_src_attrs = array();
/**
* Set/get Content-Security-Policy attributes for connect-src:
*
* @param string|array $set =array() URL (incl. protocol!)
* @return string with attributes eg. "'unsafe-inline'"
*/
public static function csp_connect_src_attrs($set=null)
{
foreach((array)$set as $attr)
{
if (!in_array($attr, self::$csp_connect_src_attrs))
{
self::$csp_connect_src_attrs[] = $attr;
//error_log(__METHOD__."() setting CSP script-src $attr ".function_backtrace());
}
}
//error_log(__METHOD__."(".array2string($set).") returned ".array2string(implode(' ', self::$csp_script_src_attrs)).' '.function_backtrace());
return implode(' ', self::$csp_connect_src_attrs);
}
/**
* Query additional CSP frame-src from current app
*
@ -184,7 +211,7 @@ abstract class egw_framework
if (($additional = $this->_get_csp_frame_src())) $frame_src = array_unique(array_merge($frame_src, $additional));
$csp = "script-src 'self' ".self::csp_script_src_attrs().
"; connect-src 'self'".
"; connect-src 'self'".self::csp_connect_src_attrs().
"; style-src 'self' ".self::csp_style_src_attrs().
"; frame-src ".implode(' ', $frame_src);
@ -234,6 +261,7 @@ abstract class egw_framework
*/
static function link($url, $extravars = '', $link_app=null)
{
unset($link_app); // not used by required by function signature
return $GLOBALS['egw']->session->link($url, $extravars);
}
@ -311,6 +339,7 @@ abstract class egw_framework
*/
public static function refresh_opener($msg, $app, $id=null, $type=null, $targetapp=null, $replace=null, $with=null, $msg_type=null)
{
unset($msg, $app, $id, $type, $targetapp, $replace, $with, $msg_type); // used only via func_get_args();
//error_log(__METHOD__.'('.array2string(func_get_args()).')');
self::$extra['refresh-opener'] = func_get_args();
}
@ -325,6 +354,7 @@ abstract class egw_framework
*/
public static function message($msg, $type='success')
{
unset($msg, $type); // used only via func_get_args();
self::$extra['message'] = func_get_args();
}
@ -337,6 +367,7 @@ abstract class egw_framework
*/
public static function popup($link, $target='_blank', $popup='640x480')
{
unset($link, $target, $popup); // used only via func_get_args()
// default params are not returned by func_get_args!
$args = func_get_args()+array(null, '_blank', '640x480');
@ -495,7 +526,7 @@ abstract class egw_framework
if($GLOBALS['egw_info']['server']['show_domain_selectbox'])
{
foreach($GLOBALS['egw_domain'] as $domain => $data)
foreach(array_keys($GLOBALS['egw_domain']) as $domain)
{
$domains[$domain] = $domain;
}
@ -704,7 +735,7 @@ abstract class egw_framework
$GLOBALS['egw_info']['flags']['currentapp'] != 'logout' &&
!@$GLOBALS['egw_info']['flags']['noappfooter'])
{
list($app,$class,$method) = explode('.',(string)$_GET['menuaction']);
list(, $class) = explode('.',(string)$_GET['menuaction']);
if ($class && is_object($GLOBALS[$class]) && is_array($GLOBALS[$class]->public_functions) &&
isset($GLOBALS[$class]->public_functions['footer']))
{
@ -831,12 +862,6 @@ abstract class egw_framework
$api_messages = lang('it has been more then %1 days since you changed your password',$GLOBALS['egw_info']['server']['change_pwd_every_x_days']);
}
// This is gonna change
if(isset($cd))
{
$var['messages'] = $api_messages . '<br />' . checkcode($cd);
}
if (substr($GLOBALS['egw_info']['server']['login_logo_file'],0,4) == 'http' ||
$GLOBALS['egw_info']['server']['login_logo_file'][0] == '/')
{
@ -1285,7 +1310,7 @@ if ($app == 'home') continue;
$base_path = $GLOBALS['egw_info']['server']['webserver_url'];
if ($base_path[0] != '/') $base_path = parse_url($base_path, PHP_URL_PATH);
$css_files = '';
foreach(self::$css_include_files as $n => $path)
foreach(self::$css_include_files as $path)
{
foreach(self::resolve_css_includes($path) as $path)
{
@ -1324,6 +1349,7 @@ if ($app == 'home') continue;
*/
protected static function resolve_css_includes($path, &$pathes=array())
{
$matches = null;
if (($to_check = file_get_contents (EGW_SERVER_ROOT.$path, false, null, -1, 1024)) &&
stripos($to_check, '/*@import') !== false && preg_match_all('|/\*@import url\("([^"]+)"|i', $to_check, $matches))
{
@ -1407,7 +1433,7 @@ if ($app == 'home') continue;
if(@isset($_GET['menuaction']))
{
list($app,$class,$method) = explode('.',$_GET['menuaction']);
list(, $class) = explode('.',$_GET['menuaction']);
if(is_array($GLOBALS[$class]->public_functions) &&
$GLOBALS[$class]->public_functions['java_script'])
{
@ -1484,8 +1510,8 @@ if ($app == 'home') continue;
}
$d->close();
// templates packaged like apps in own directories (containing as setup/setup.inc.php file!)
$d = dir(EGW_SERVER_ROOT);
while (($entry=$d->read()))
$dr = dir(EGW_SERVER_ROOT);
while (($entry=$dr->read()))
{
if ($entry != '..' && !isset($GLOBALS['egw_info']['apps'][$entry]) && is_dir(EGW_SERVER_ROOT.'/'.$entry) &&
file_exists($f = EGW_SERVER_ROOT . '/' . $entry .'/setup/setup.inc.php'))
@ -1498,7 +1524,7 @@ if ($app == 'home') continue;
}
}
}
$d->close();
$dr->close();
return array_filter($list);
}
@ -1569,7 +1595,7 @@ if ($app == 'home') continue;
*/
protected function add_preferences_topmenu($type='prefs')
{
static $memberships;
static $memberships=null;
if (!isset($memberships)) $memberships = $GLOBALS['egw']->accounts->memberships($GLOBALS['egw_info']['user']['account_id'], true);
static $types = array(
'prefs' => array(
@ -1896,6 +1922,7 @@ if ($app == 'home') continue;
}
}
$to_include = $included_bundles = array();
$query = null;
foreach($js_includes as $file)
{
if (!isset($to_include[$file]))
@ -1918,7 +1945,7 @@ if ($app == 'home') continue;
}
else
{
$query = '';
unset($query);
list($path, $query) = explode('?', $file, 2);
$mod = filemtime(EGW_SERVER_ROOT.$path);
@ -1945,6 +1972,7 @@ if ($app == 'home') continue;
$debug_minify = $GLOBALS['egw_info']['server']['debug_minify'] === 'True';
$to_include = $to_minify = array();
$max_modified = 0;
$query = null;
foreach($js_includes as $path)
{
if ($path == '/phpgwapi/js/jsapi/egw.js') continue; // loaded via own tag, and we must not load it twice!
@ -2129,9 +2157,10 @@ if ($app == 'home') continue;
self::includeCSS($app,'app');
// add all css files from egw_framework::includeCSS()
$query = null;
foreach(self::$css_include_files as $path)
{
$query = '';
unset($query);
list($path,$query) = explode('?',$path,2);
$path .= '?'. filemtime(EGW_SERVER_ROOT.$path).($query ? '&'.$query : '');
$response->includeCSS($GLOBALS['egw_info']['server']['webserver_url'].$path);
@ -2141,8 +2170,7 @@ if ($app == 'home') continue;
self::validate_file('.', 'app', $app);
// add all js files from egw_framework::validate_file()
$files = self::$js_include_mgr->get_included_files();
$files = self::bundle_js_includes($files);
$files = self::bundle_js_includes(self::$js_include_mgr->get_included_files());
foreach($files as $path)
{
$response->includeScript($GLOBALS['egw_info']['server']['webserver_url'].$path);
@ -2272,9 +2300,9 @@ if (!function_exists('display_sidebox'))
*
* @deprecated use $GLOBALS['egw']->framework->sidebox()
*/
function display_sidebox($appname,$menu_title,$file)
function display_sidebox($appname,$menu_title,$_file)
{
$file = str_replace('preferences.uisettings.index', 'preferences.preferences_settings.index', $file);
$file = str_replace('preferences.uisettings.index', 'preferences.preferences_settings.index', $_file);
$GLOBALS['egw']->framework->sidebox($appname,$menu_title,$file);
}
}