Core Update 1.4.0
This commit is contained in:
@@ -11,12 +11,16 @@ abstract class Document {
|
||||
protected bool $databaseRequired;
|
||||
private bool $cspEnabled;
|
||||
private ?string $cspNonce;
|
||||
private array $cspWhitelist;
|
||||
private string $domain;
|
||||
|
||||
public function __construct(User $user) {
|
||||
$this->user = $user;
|
||||
$this->cspEnabled = false;
|
||||
$this->cspNonce = null;
|
||||
$this->databaseRequired = true;
|
||||
$this->cspWhitelist = [];
|
||||
$this->domain = $user->getConfiguration()->getSettings()->getBaseUrl();
|
||||
}
|
||||
|
||||
public function getSQL(): ?SQL {
|
||||
@@ -40,6 +44,10 @@ abstract class Document {
|
||||
$this->cspNonce = generateRandomString(16, "base62");
|
||||
}
|
||||
|
||||
protected function addCSPWhitelist(string $path) {
|
||||
$this->cspWhitelist[] = $this->domain . $path;
|
||||
}
|
||||
|
||||
public function getCode(): string {
|
||||
if ($this->databaseRequired) {
|
||||
$sql = $this->user->getSQL();
|
||||
@@ -51,12 +59,22 @@ abstract class Document {
|
||||
}
|
||||
|
||||
if ($this->cspEnabled) {
|
||||
$csp = ["default-src 'self'", "object-src 'none'", "base-uri 'self'", "style-src 'self' 'unsafe-inline'", "script-src 'nonce-$this->cspNonce'"];
|
||||
|
||||
$cspWhiteList = implode(" ", $this->cspWhitelist);
|
||||
|
||||
$csp = [
|
||||
"default-src 'self'",
|
||||
"object-src 'none'",
|
||||
"base-uri 'self'",
|
||||
"style-src 'self' 'unsafe-inline'",
|
||||
"img-src 'self' data:",
|
||||
"script-src $cspWhiteList 'nonce-$this->cspNonce'"
|
||||
];
|
||||
if ($this->user->getConfiguration()->getSettings()->isRecaptchaEnabled()) {
|
||||
$csp[] = "frame-src https://www.google.com/ 'self'";
|
||||
}
|
||||
|
||||
$compiledCSP = implode(";", $csp);
|
||||
$compiledCSP = implode("; ", $csp);
|
||||
header("Content-Security-Policy: $compiledCSP;");
|
||||
}
|
||||
|
||||
|
||||
@@ -15,9 +15,11 @@ class TemplateDocument extends Document {
|
||||
protected array $parameters;
|
||||
private Environment $twigEnvironment;
|
||||
private FilesystemLoader $twigLoader;
|
||||
protected string $title;
|
||||
|
||||
public function __construct(User $user, string $templateName, array $initialParameters = []) {
|
||||
parent::__construct($user);
|
||||
$this->title = "";
|
||||
$this->templateName = $templateName;
|
||||
$this->parameters = $initialParameters;
|
||||
$this->twigLoader = new FilesystemLoader(WEBROOT . '/core/Templates');
|
||||
@@ -47,12 +49,16 @@ class TemplateDocument extends Document {
|
||||
$params["user"] = [
|
||||
"lang" => $this->user->getLanguage()->getShortCode(),
|
||||
"loggedIn" => $this->user->isLoggedIn(),
|
||||
"session" => (!$this->user->isLoggedIn() ? null : [
|
||||
"csrfToken" => $this->user->getSession()->getCsrfToken()
|
||||
])
|
||||
];
|
||||
|
||||
$settings = $this->user->getConfiguration()->getSettings();
|
||||
$params["site"] = [
|
||||
"name" => $settings->getSiteName(),
|
||||
"baseUrl" => $settings->getBaseUrl(),
|
||||
"title" => $this->title,
|
||||
"recaptcha" => [
|
||||
"key" => $settings->isRecaptchaEnabled() ? $settings->getRecaptchaSiteKey() : null,
|
||||
"enabled" => $settings->isRecaptchaEnabled(),
|
||||
|
||||
Reference in New Issue
Block a user