Dotclear

Changeset 3401:47b013a91ab9


Ignore:
Timestamp:
11/10/16 15:32:24 (9 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
default
Message:

Add blob: to CSP img-src default directive, closes #2218

Files:
3 edited

Legend:

Unmodified
Added
Removed

  • admin/install/index.php

    r3326 r3401  
    176176          $blog_settings->system->put('csp_admin_script',"'self' 'unsafe-inline' 'unsafe-eval'",'string','CSP script-src directive',true,true); 
    177177          $blog_settings->system->put('csp_admin_style',"'self' 'unsafe-inline'",'string','CSP style-src directive',true,true); 
    178           $blog_settings->system->put('csp_admin_img',"'self' data: media.dotaddict.org",'string','CSP img-src directive',true,true); 
     178          $blog_settings->system->put('csp_admin_img',"'self' data: media.dotaddict.org blob:",'string','CSP img-src directive',true,true); 
    179179 
    180180          # Add Dotclear version 

  • inc/admin/lib.dc.page.php

    r3398 r3401  
    109109               $csp['script-src'] = $core->blog->settings->system->csp_admin_script ?: "'self' 'unsafe-inline' 'unsafe-eval'"; 
    110110               $csp['style-src'] = $core->blog->settings->system->csp_admin_style ?: "'self' 'unsafe-inline'"; 
    111                $csp['img-src'] = $core->blog->settings->system->csp_admin_img ?: "'self' data: media.dotaddict.org"; 
     111               $csp['img-src'] = $core->blog->settings->system->csp_admin_img ?: "'self' data: media.dotaddict.org blob:"; 
    112112 
    113113               # Cope with blog post preview (via public URL in iframe) 

  • inc/dbschema/upgrade.php

    r3373 r3401  
    602602                    sprintf($strReq,'csp_admin_report_only',false,'boolean','CSP Report only violations (admin)')); 
    603603 
     604               # Update CSP img-src default directive 
     605               $strReq = 'UPDATE '.$core->prefix.'setting '. 
     606                         " SET setting_value = '\'self\' data: media.dotaddict.org blob:' ". 
     607                         " WHERE setting_id = 'csp_admin_img' ". 
     608                         " AND setting_ns = 'system' ". 
     609                         " AND setting_value = '\'self\' data: media.dotaddict.org' "; 
     610               $core->con->execute($strReq); 
     611 
    604612               # A bit of housecleaning for no longer needed files 
    605613               $remfiles = array ( 
Note: See TracChangeset for help on using the changeset viewer.

Sites map