Changeset 3291:34af0b763d82 for inc/dbschema

Timestamp:

07/24/16 14:30:20 (9 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Message:

Put CSP activation and directives in settings, thanks Gvx for report.

File:

• inc/dbschema/upgrade.php (modified) (2 diffs)

inc/dbschema/upgrade.php

@@ -568 +568 @@
                          ' (setting_id,setting_ns,setting_value,setting_type,setting_label)'.
                          ' VALUES(\'%s\',\'system\',\'%s\',\'%s\',\'%s\')';
+               # Import feed control
                $core->con->execute(
                     sprintf($strReq,'import_feed_url_control',true,'boolean','Control feed URL before import'));
@@ -576 +577 @@
                $core->con->execute(
                     sprintf($strReq,'import_feed_port_regexp','/^(80|443)$/','string','Authorize import feed only from this port regexp'));
+               # CSP directive (admin part)
+               $core->con->execute(
+                    sprintf($strReq,'csp_admin_on',true,'boolean','Send CSP header (admin)'));
+               $core->con->execute(
+                    sprintf($strReq,'csp_admin_default',"\'self\'",'string','CSP default-src directive'));
+               $core->con->execute(
+                    sprintf($strReq,'csp_admin_script',"\'self\' \'unsafe-inline\' \'unsafe-eval\'",'string','CSP script-src directive'));
+               $core->con->execute(
+                    sprintf($strReq,'csp_admin_style',"\'self\' \'unsafe-inline\'",'string','CSP style-src directive'));
+               $core->con->execute(
+                    sprintf($strReq,'csp_admin_img',"\'self\' data: media.dotaddict.org",'string','CSP img-src directive'));
           }