Dotclear


Ignore:
Timestamp:
12/02/16 11:54:52 (9 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
default
Message:

Ugly hack for SQLite CB driver for value beginning or ending by a single quote

File:
1 edited

Legend:

Unmodified
Added
Removed

  • inc/admin/lib.dc.page.php

    r3421 r3432  
    106106               // Get directives from settings if exist, else set defaults 
    107107               $csp = new ArrayObject(array()); 
    108                $csp['default-src'] = $core->blog->settings->system->csp_admin_default ?: "'self'"; 
    109                $csp['script-src'] = $core->blog->settings->system->csp_admin_script ?: "'self' 'unsafe-inline' 'unsafe-eval'"; 
    110                $csp['style-src'] = $core->blog->settings->system->csp_admin_style ?: "'self' 'unsafe-inline'"; 
    111                $csp['img-src'] = $core->blog->settings->system->csp_admin_img ?: "'self' data: media.dotaddict.org blob:"; 
     108 
     109               // SQlite Clearbricks driver does not allow using single quote at beginning or end of a field value 
     110               // so we have to use neutral values (localhost and 127.0.0.1) for some CSP directives 
     111               $csp_prefix = $core->con->driver() == 'sqlite' ? 'localhost ' : '';   // Hack for SQlite Clearbricks driver 
     112               $csp_suffix = $core->con->driver() == 'sqlite' ? ' 127.0.0.1' : '';   // Hack for SQlite Clearbricks driver 
     113 
     114               $csp['default-src'] = $core->blog->settings->system->csp_admin_default ?: 
     115                    $csp_prefix."'self'".$csp_suffix; 
     116               $csp['script-src'] = $core->blog->settings->system->csp_admin_script ?: 
     117                    $csp_prefix."'self' 'unsafe-inline' 'unsafe-eval'".$csp_suffix; 
     118               $csp['style-src'] = $core->blog->settings->system->csp_admin_style ?: 
     119                    $csp_prefix."'self' 'unsafe-inline'".$csp_suffix; 
     120               $csp['img-src'] = $core->blog->settings->system->csp_admin_img ?: 
     121                    $csp_prefix."'self' data: media.dotaddict.org blob:"; 
    112122 
    113123               # Cope with blog post preview (via public URL in iframe) 
Note: See TracChangeset for help on using the changeset viewer.

Sites map