forked from extern/egroupware
allow to set CSP connect-src and fix all IDE warnings
r48999: add deprecation note to egw_framework::on_* methods, as they get stoped by CSP (they work for old apps incl. old eTemplate)
This commit is contained in:
Ralf Becker
parent
b6f628a66d
commit
d12db71dd7
@ -157,6 +157,33 @@ abstract class egw_framework
|
||||
return implode(' ', self::$csp_style_src_attrs);
|
||||
}
|
||||
|
||||
/**
|
||||
* Additional attributes or urls for CSP connect-src 'self'
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
private static $csp_connect_src_attrs = array();
|
||||
|
||||
/**
|
||||
* Set/get Content-Security-Policy attributes for connect-src:
|
||||
*
|
||||
* @param string|array $set =array() URL (incl. protocol!)
|
||||
* @return string with attributes eg. "'unsafe-inline'"
|
||||
*/
|
||||
public static function csp_connect_src_attrs($set=null)
|
||||
{
|
||||
foreach((array)$set as $attr)
|
||||
{
|
||||
if (!in_array($attr, self::$csp_connect_src_attrs))
|
||||
{
|
||||
self::$csp_connect_src_attrs[] = $attr;
|
||||
//error_log(__METHOD__."() setting CSP script-src $attr ".function_backtrace());
|
||||
}
|
||||
}
|
||||
//error_log(__METHOD__."(".array2string($set).") returned ".array2string(implode(' ', self::$csp_script_src_attrs)).' '.function_backtrace());
|
||||
return implode(' ', self::$csp_connect_src_attrs);
|
||||
}
|
||||
|
||||
/**
|
||||
* Query additional CSP frame-src from current app
|
||||
*
|
||||
@ -184,7 +211,7 @@ abstract class egw_framework
|
||||
if (($additional = $this->_get_csp_frame_src())) $frame_src = array_unique(array_merge($frame_src, $additional));
|
||||
|
||||
$csp = "script-src 'self' ".self::csp_script_src_attrs().
|
||||
"; connect-src 'self'".
|
||||
"; connect-src 'self'".self::csp_connect_src_attrs().
|
||||
"; style-src 'self' ".self::csp_style_src_attrs().
|
||||
"; frame-src ".implode(' ', $frame_src);
|
||||
|
||||
@ -234,6 +261,7 @@ abstract class egw_framework
|
||||
*/
|
||||
static function link($url, $extravars = '', $link_app=null)
|
||||
{
|
||||
unset($link_app); // not used by required by function signature
|
||||
return $GLOBALS['egw']->session->link($url, $extravars);
|
||||
}
|
||||
|
||||
@ -311,6 +339,7 @@ abstract class egw_framework
|
||||
*/
|
||||
public static function refresh_opener($msg, $app, $id=null, $type=null, $targetapp=null, $replace=null, $with=null, $msg_type=null)
|
||||
{
|
||||
unset($msg, $app, $id, $type, $targetapp, $replace, $with, $msg_type); // used only via func_get_args();
|
||||
//error_log(__METHOD__.'('.array2string(func_get_args()).')');
|
||||
self::$extra['refresh-opener'] = func_get_args();
|
||||
}
|
||||
@ -325,6 +354,7 @@ abstract class egw_framework
|
||||
*/
|
||||
public static function message($msg, $type='success')
|
||||
{
|
||||
unset($msg, $type); // used only via func_get_args();
|
||||
self::$extra['message'] = func_get_args();
|
||||
}
|
||||
|
||||
@ -337,6 +367,7 @@ abstract class egw_framework
|
||||
*/
|
||||
public static function popup($link, $target='_blank', $popup='640x480')
|
||||
{
|
||||
unset($link, $target, $popup); // used only via func_get_args()
|
||||
// default params are not returned by func_get_args!
|
||||
$args = func_get_args()+array(null, '_blank', '640x480');
|
||||
|
||||
@ -495,7 +526,7 @@ abstract class egw_framework
|
||||
|
||||
if($GLOBALS['egw_info']['server']['show_domain_selectbox'])
|
||||
{
|
||||
foreach($GLOBALS['egw_domain'] as $domain => $data)
|
||||
foreach(array_keys($GLOBALS['egw_domain']) as $domain)
|
||||
{
|
||||
$domains[$domain] = $domain;
|
||||
}
|
||||
@ -704,7 +735,7 @@ abstract class egw_framework
|
||||
$GLOBALS['egw_info']['flags']['currentapp'] != 'logout' &&
|
||||
!@$GLOBALS['egw_info']['flags']['noappfooter'])
|
||||
{
|
||||
list($app,$class,$method) = explode('.',(string)$_GET['menuaction']);
|
||||
list(, $class) = explode('.',(string)$_GET['menuaction']);
|
||||
if ($class && is_object($GLOBALS[$class]) && is_array($GLOBALS[$class]->public_functions) &&
|
||||
isset($GLOBALS[$class]->public_functions['footer']))
|
||||
{
|
||||
@ -831,12 +862,6 @@ abstract class egw_framework
|
||||
$api_messages = lang('it has been more then %1 days since you changed your password',$GLOBALS['egw_info']['server']['change_pwd_every_x_days']);
|
||||
}
|
||||
|
||||
// This is gonna change
|
||||
if(isset($cd))
|
||||
{
|
||||
$var['messages'] = $api_messages . '<br />' . checkcode($cd);
|
||||
}
|
||||
|
||||
if (substr($GLOBALS['egw_info']['server']['login_logo_file'],0,4) == 'http' ||
|
||||
$GLOBALS['egw_info']['server']['login_logo_file'][0] == '/')
|
||||
{
|
||||
@ -1285,7 +1310,7 @@ if ($app == 'home') continue;
|
||||
$base_path = $GLOBALS['egw_info']['server']['webserver_url'];
|
||||
if ($base_path[0] != '/') $base_path = parse_url($base_path, PHP_URL_PATH);
|
||||
$css_files = '';
|
||||
foreach(self::$css_include_files as $n => $path)
|
||||
foreach(self::$css_include_files as $path)
|
||||
{
|
||||
foreach(self::resolve_css_includes($path) as $path)
|
||||
{
|
||||
@ -1324,6 +1349,7 @@ if ($app == 'home') continue;
|
||||
*/
|
||||
protected static function resolve_css_includes($path, &$pathes=array())
|
||||
{
|
||||
$matches = null;
|
||||
if (($to_check = file_get_contents (EGW_SERVER_ROOT.$path, false, null, -1, 1024)) &&
|
||||
stripos($to_check, '/*@import') !== false && preg_match_all('|/\*@import url\("([^"]+)"|i', $to_check, $matches))
|
||||
{
|
||||
@ -1407,7 +1433,7 @@ if ($app == 'home') continue;
|
||||
|
||||
if(@isset($_GET['menuaction']))
|
||||
{
|
||||
list($app,$class,$method) = explode('.',$_GET['menuaction']);
|
||||
list(, $class) = explode('.',$_GET['menuaction']);
|
||||
if(is_array($GLOBALS[$class]->public_functions) &&
|
||||
$GLOBALS[$class]->public_functions['java_script'])
|
||||
{
|
||||
@ -1484,8 +1510,8 @@ if ($app == 'home') continue;
|
||||
}
|
||||
$d->close();
|
||||
// templates packaged like apps in own directories (containing as setup/setup.inc.php file!)
|
||||
$d = dir(EGW_SERVER_ROOT);
|
||||
while (($entry=$d->read()))
|
||||
$dr = dir(EGW_SERVER_ROOT);
|
||||
while (($entry=$dr->read()))
|
||||
{
|
||||
if ($entry != '..' && !isset($GLOBALS['egw_info']['apps'][$entry]) && is_dir(EGW_SERVER_ROOT.'/'.$entry) &&
|
||||
file_exists($f = EGW_SERVER_ROOT . '/' . $entry .'/setup/setup.inc.php'))
|
||||
@ -1498,7 +1524,7 @@ if ($app == 'home') continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
$d->close();
|
||||
$dr->close();
|
||||
|
||||
return array_filter($list);
|
||||
}
|
||||
@ -1569,7 +1595,7 @@ if ($app == 'home') continue;
|
||||
*/
|
||||
protected function add_preferences_topmenu($type='prefs')
|
||||
{
|
||||
static $memberships;
|
||||
static $memberships=null;
|
||||
if (!isset($memberships)) $memberships = $GLOBALS['egw']->accounts->memberships($GLOBALS['egw_info']['user']['account_id'], true);
|
||||
static $types = array(
|
||||
'prefs' => array(
|
||||
@ -1699,6 +1725,7 @@ if ($app == 'home') continue;
|
||||
/**
|
||||
* Body tags for onLoad, onUnload and onResize
|
||||
*
|
||||
* @deprecated since 14.1 use app.js et2_ready method instead to execute code or bind a handler (CSP will stop onXXX attributes!)
|
||||
* @var array
|
||||
*/
|
||||
protected static $body_tags = array();
|
||||
@ -1708,6 +1735,7 @@ if ($app == 'home') continue;
|
||||
*
|
||||
* @param string $code ='' javascript to be used
|
||||
* @param boolean $replace =false false: append to existing, true: replace existing tag
|
||||
* @deprecated since 14.1 use app.js et2_ready method instead to execute code or bind a handler (CSP will stop onXXX attributes!)
|
||||
* @return string content of onXXX tag after adding code
|
||||
*/
|
||||
static function set_onload($code='',$replace=false)
|
||||
@ -1728,6 +1756,7 @@ if ($app == 'home') continue;
|
||||
*
|
||||
* @param string $code ='' javascript to be used
|
||||
* @param boolean $replace =false false: append to existing, true: replace existing tag
|
||||
* @deprecated since 14.1 use app.js et2_ready method instead to execute code or bind a handler (CSP will stop onXXX attributes!)
|
||||
* @return string content of onXXX tag after adding code
|
||||
*/
|
||||
static function set_onunload($code='',$replace=false)
|
||||
@ -1748,6 +1777,7 @@ if ($app == 'home') continue;
|
||||
*
|
||||
* @param string $code ='' javascript to be used
|
||||
* @param boolean $replace =false false: append to existing, true: replace existing tag
|
||||
* @deprecated since 14.1 use app.js et2_ready method instead to execute code or bind a handler (CSP will stop onXXX attributes!)
|
||||
* @return string content of onXXX tag after adding code
|
||||
*/
|
||||
static function set_onbeforeunload($code='',$replace=false)
|
||||
@ -1768,6 +1798,7 @@ if ($app == 'home') continue;
|
||||
*
|
||||
* @param string $code ='' javascript to be used
|
||||
* @param boolean $replace =false false: append to existing, true: replace existing tag
|
||||
* @deprecated since 14.1 use app.js et2_ready method instead to execute code or bind a handler (CSP will stop onXXX attributes!)
|
||||
* @return string content of onXXX tag after adding code
|
||||
*/
|
||||
static function set_onresize($code='',$replace=false)
|
||||
@ -1786,6 +1817,7 @@ if ($app == 'home') continue;
|
||||
/**
|
||||
* Adds on(Un)Load= attributes to the body tag of a page
|
||||
*
|
||||
* @deprecated since 14.1 use app.js et2_ready method instead to execute code or bind a handler (CSP will stop onXXX attributes!)
|
||||
* @returns string the attributes to be used
|
||||
*/
|
||||
static public function _get_body_attribs()
|
||||
@ -1896,6 +1928,7 @@ if ($app == 'home') continue;
|
||||
}
|
||||
}
|
||||
$to_include = $included_bundles = array();
|
||||
$query = null;
|
||||
foreach($js_includes as $file)
|
||||
{
|
||||
if (!isset($to_include[$file]))
|
||||
@ -1918,7 +1951,7 @@ if ($app == 'home') continue;
|
||||
}
|
||||
else
|
||||
{
|
||||
$query = '';
|
||||
unset($query);
|
||||
list($path, $query) = explode('?', $file, 2);
|
||||
$mod = filemtime(EGW_SERVER_ROOT.$path);
|
||||
|
||||
@ -1945,6 +1978,7 @@ if ($app == 'home') continue;
|
||||
$debug_minify = $GLOBALS['egw_info']['server']['debug_minify'] === 'True';
|
||||
$to_include = $to_minify = array();
|
||||
$max_modified = 0;
|
||||
$query = null;
|
||||
foreach($js_includes as $path)
|
||||
{
|
||||
if ($path == '/phpgwapi/js/jsapi/egw.js') continue; // loaded via own tag, and we must not load it twice!
|
||||
@ -2129,9 +2163,10 @@ if ($app == 'home') continue;
|
||||
self::includeCSS($app,'app');
|
||||
|
||||
// add all css files from egw_framework::includeCSS()
|
||||
$query = null;
|
||||
foreach(self::$css_include_files as $path)
|
||||
{
|
||||
$query = '';
|
||||
unset($query);
|
||||
list($path,$query) = explode('?',$path,2);
|
||||
$path .= '?'. filemtime(EGW_SERVER_ROOT.$path).($query ? '&'.$query : '');
|
||||
$response->includeCSS($GLOBALS['egw_info']['server']['webserver_url'].$path);
|
||||
@ -2141,8 +2176,7 @@ if ($app == 'home') continue;
|
||||
self::validate_file('.', 'app', $app);
|
||||
|
||||
// add all js files from egw_framework::validate_file()
|
||||
$files = self::$js_include_mgr->get_included_files();
|
||||
$files = self::bundle_js_includes($files);
|
||||
$files = self::bundle_js_includes(self::$js_include_mgr->get_included_files());
|
||||
foreach($files as $path)
|
||||
{
|
||||
$response->includeScript($GLOBALS['egw_info']['server']['webserver_url'].$path);
|
||||
@ -2272,9 +2306,9 @@ if (!function_exists('display_sidebox'))
|
||||
*
|
||||
* @deprecated use $GLOBALS['egw']->framework->sidebox()
|
||||
*/
|
||||
function display_sidebox($appname,$menu_title,$file)
|
||||
function display_sidebox($appname,$menu_title,$_file)
|
||||
{
|
||||
$file = str_replace('preferences.uisettings.index', 'preferences.preferences_settings.index', $file);
|
||||
$file = str_replace('preferences.uisettings.index', 'preferences.preferences_settings.index', $_file);
|
||||
$GLOBALS['egw']->framework->sidebox($appname,$menu_title,$file);
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user