Changeset 3432:4e82fa3c576d for admin/install

Timestamp:

12/02/16 11:54:52 (9 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Message:

Ugly hack for SQLite CB driver for value beginning or ending by a single quote

File:

: 1 edited

admin/install/index.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

admin/install/index.php

-                      r3421
+                      r3432
           # CSP directive (admin part)
+          // SQlite Clearbricks driver does not allow using single quote at beginning or end of a field value
+          // so we have to use neutral values (localhost and 127.0.0.1) for some CSP directives
+          $csp_prefix = $core->con->driver() == 'sqlite' ? 'localhost ' : '';   // Hack for SQlite Clearbricks driver
+          $csp_suffix = $core->con->driver() == 'sqlite' ? ' 127.0.0.1' : '';   // Hack for SQlite Clearbricks driver
           $blog_settings->system->put('csp_admin_on',true,'boolean','Send CSP header (admin)',true,true);
           $blog_settings->system->put('csp_admin_report_only',false,'boolean','CSP Report only violations (admin)',true,true);
+          $blog_settings->system->put('csp_admin_default',"'self'",'string','CSP default-src directive',true,true);
+          $blog_settings->system->put('csp_admin_script',"'self' 'unsafe-inline' 'unsafe-eval'",'string','CSP script-src directive',true,true);
+          $blog_settings->system->put('csp_admin_style',"'self' 'unsafe-inline'",'string','CSP style-src directive',true,true);
+          $blog_settings->system->put('csp_admin_img',"'self' data: media.dotaddict.org blob:",'string','CSP img-src directive',true,true);
+          $blog_settings->system->put('csp_admin_default',
+               $csp_prefix."'self'".$csp_suffix,'string','CSP default-src directive',true,true);
+          $blog_settings->system->put('csp_admin_script',
+               $csp_prefix."'self' 'unsafe-inline' 'unsafe-eval'".$csp_suffix,'string','CSP script-src directive',true,true);
+          $blog_settings->system->put('csp_admin_style',
+               $csp_prefix."'self' 'unsafe-inline'".$csp_suffix,'string','CSP style-src directive',true,true);
+          $blog_settings->system->put('csp_admin_img',
+               $csp_prefix."'self' data: media.dotaddict.org blob:",'string','CSP img-src directive',true,true);
           # Add Dotclear version

Note: See TracChangeset for help on using the changeset viewer.

Dotclear

Context Navigation

Changeset 3432:4e82fa3c576d for admin/install

Legend:

admin/install/index.php

Download in other formats:

Sites map