Changeset 3291:34af0b763d82
- Timestamp:
- 07/24/16 14:30:20 (9 years ago)
- Branch:
- default
- Files:
-
- 3 edited
-
admin/install/index.php (modified) (1 diff)
-
inc/admin/lib.dc.page.php (modified) (1 diff)
-
inc/dbschema/upgrade.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
admin/install/index.php
r3159 r3291 169 169 $blog_settings->system->put('store_plugin_url','http://update.dotaddict.org/dc2/plugins.xml','string','Plugins XML feed location',true,true); 170 170 $blog_settings->system->put('store_theme_url','http://update.dotaddict.org/dc2/themes.xml','string','Themes XML feed location',true,true); 171 172 # CSP directive (admin part) 173 $blog_settings->system->put('csp_admin_on',true,'boolean','Send CSP header (admin)',true,true); 174 $blog_settings->system->put('csp_admin_default',"\'self\'",'string','CSP default-src directive',true,true); 175 $blog_settings->system->put('csp_admin_script',"\'self\' \'unsafe-inline\' \'unsafe-eval\'",'string','CSP script-src directive',true,true); 176 $blog_settings->system->put('csp_admin_style',"\'self\' \'unsafe-inline\'",'string','CSP style-src directive',true,true); 177 $blog_settings->system->put('csp_admin_img',"\'self\' data: media.dotaddict.org",'string','CSP img-src directive',true,true); 171 178 172 179 # Add Dotclear version -
inc/admin/lib.dc.page.php
r3279 r3291 102 102 } 103 103 104 # Content-Security-Policy (report only up to now) 105 $headers['csp'] = 106 "Content-Security-Policy: ". 107 "default-src 'self' ; ". 108 "script-src 'self' 'unsafe-inline' 'unsafe-eval' ; ". 109 "style-src 'self' 'unsafe-inline' ; ". 110 "img-src 'self' data: media.dotaddict.org". 111 (version_compare(phpversion(),'5.4','>=') ? " ; report-uri ".DC_ADMIN_URL."csp_report.php" : ''); 104 # Content-Security-Policy 105 if ($core->blog->settings->system->csp_admin_on) { 106 $headers['csp'] = 107 "Content-Security-Policy: ". 108 "default-src ".($core->blog->settings->system->csp_admin_default ? $core->blog->settings->system->csp_admin_default : 'self')." ; ". 109 "script-src ".($core->blog->settings->system->csp_admin_script ? $core->blog->settings->system->csp_admin_script : "'self' 'unsafe-inline' 'unsafe-eval'")." ; ". 110 "style-src ".($core->blog->settings->system->csp_admin_style ? $core->blog->settings->system->csp_admin_style : "'self' 'unsafe-inline'")." ; ". 111 "img-src ".($core->blog->settings->system->csp_admin_img ? $core->blog->settings->system->csp_admin_img : "'self' data: media.dotaddict.org"). 112 (version_compare(phpversion(),'5.4','>=') ? " ; report-uri ".DC_ADMIN_URL."csp_report.php" : ''); 113 } 112 114 113 115 # --BEHAVIOR-- adminPageHTTPHeaders -
inc/dbschema/upgrade.php
r3269 r3291 568 568 ' (setting_id,setting_ns,setting_value,setting_type,setting_label)'. 569 569 ' VALUES(\'%s\',\'system\',\'%s\',\'%s\',\'%s\')'; 570 # Import feed control 570 571 $core->con->execute( 571 572 sprintf($strReq,'import_feed_url_control',true,'boolean','Control feed URL before import')); … … 576 577 $core->con->execute( 577 578 sprintf($strReq,'import_feed_port_regexp','/^(80|443)$/','string','Authorize import feed only from this port regexp')); 579 # CSP directive (admin part) 580 $core->con->execute( 581 sprintf($strReq,'csp_admin_on',true,'boolean','Send CSP header (admin)')); 582 $core->con->execute( 583 sprintf($strReq,'csp_admin_default',"\'self\'",'string','CSP default-src directive')); 584 $core->con->execute( 585 sprintf($strReq,'csp_admin_script',"\'self\' \'unsafe-inline\' \'unsafe-eval\'",'string','CSP script-src directive')); 586 $core->con->execute( 587 sprintf($strReq,'csp_admin_style',"\'self\' \'unsafe-inline\'",'string','CSP style-src directive')); 588 $core->con->execute( 589 sprintf($strReq,'csp_admin_img',"\'self\' data: media.dotaddict.org",'string','CSP img-src directive')); 578 590 } 579 591
Note: See TracChangeset
for help on using the changeset viewer.