Changeset 3622:d7c2089bb952
- Timestamp:
- 12/19/17 06:50:17 (6 years ago)
- Branch:
- default
- Parents:
- 3621:e1a3f3cf4930 (diff), 3611:e8ccb1c08e9f (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent. - Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
inc/admin/lib.dc.page.php
r3599 r3622 94 94 # Content-Type 95 95 $headers['content-type'] = 'Content-Type: text/html; charset=UTF-8'; 96 97 # Referrer Policy for admin pages 98 $headers['referrer'] = 'Referrer-Policy: strict-origin'; 96 99 97 100 # Prevents Clickjacking as far as possible … … 352 355 353 356 if (!$GLOBALS['__resources']['ctxhelp']) { 354 echo 355 '<p id="help-button"><a href="'.$core->adminurl->get("admin.help").'" class="outgoing" title="'. 356 __('Global help').'">'.__('Global help').'</a></p>'; 357 if (!$core->auth->user_prefs->interface->hidehelpbutton) { 358 echo 359 '<p id="help-button"><a href="'.$core->adminurl->get("admin.help").'" class="outgoing" title="'. 360 __('Global help').'">'.__('Global help').'</a></p>'; 361 } 357 362 } 358 363 … … 419 424 header('Content-Type: text/html; charset=UTF-8'); 420 425 421 // Prevents Clickjacking as far as possible 426 # Referrer Policy for admin pages 427 header('Referrer-Policy: strict-origin'); 428 429 # Prevents Clickjacking as far as possible 422 430 header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+ 423 431 … … 596 604 { 597 605 global $core; 606 607 if ($core->auth->user_prefs->interface->hidehelpbutton) { 608 return; 609 } 610 598 611 $args = func_get_args(); 599 600 612 $args = new ArrayObject($args); 601 613 -
inc/admin/lib.dc.page.php
r3619 r3622 122 122 $csp_prefix."'self' 'unsafe-inline'".$csp_suffix; 123 123 $csp['img-src'] = $core->blog->settings->system->csp_admin_img ?: 124 $csp_prefix."'self' data: media.dotaddict.org blob:";124 $csp_prefix."'self' data: http://media.dotaddict.org blob:"; 125 125 126 126 # Cope with blog post preview (via public URL in iframe) -
inc/core/class.dc.blog.php
r3592 r3622 694 694 if (!$rs->isEmpty()) 695 695 { 696 if ($this->con->driver() == 'mysql' || $this->con->driver() == 'mysqli' ) {696 if ($this->con->driver() == 'mysql' || $this->con->driver() == 'mysqli' || $this->con->driver() == 'mysqlimb4') { 697 697 $clause = "REGEXP '^".$this->con->escape($url)."[0-9]+$'"; 698 698 } elseif ($this->con->driver() == 'pgsql') { … … 1939 1939 if (!$rs->isEmpty()) 1940 1940 { 1941 if ($this->con->driver() == 'mysql' || $this->con->driver() == 'mysqli' ) {1941 if ($this->con->driver() == 'mysql' || $this->con->driver() == 'mysqli' || $this->con->driver() == 'mysqlimb4') { 1942 1942 $clause = "REGEXP '^".$this->con->escape(preg_quote($url))."[0-9]+$'"; 1943 1943 } elseif ($this->con->driver() == 'pgsql') { -
inc/core/class.dc.blog.php
r3565 r3622 1940 1940 { 1941 1941 if ($this->con->driver() == 'mysql' || $this->con->driver() == 'mysqli' || $this->con->driver() == 'mysqlimb4') { 1942 $clause = "REGEXP '^".$this->con->escape( $url)."[0-9]+$'";1942 $clause = "REGEXP '^".$this->con->escape(preg_quote($url))."[0-9]+$'"; 1943 1943 } elseif ($this->con->driver() == 'pgsql') { 1944 $clause = "~ '^".$this->con->escape( $url)."[0-9]+$'";1944 $clause = "~ '^".$this->con->escape(preg_quote($url))."[0-9]+$'"; 1945 1945 } else { 1946 $clause = "LIKE '".$this->con->escape($url)."%'"; 1946 $clause = "LIKE '". 1947 $this->con->escape(preg_replace(array('%','_','!'),array('!%','!_','!!'),$url)). 1948 "%' ESCAPE '!'"; 1947 1949 } 1948 1950 $strReq = 'SELECT post_url FROM '.$this->prefix.'post '. -
locales/fr/plugins.po
r3607 r3622 2001 2001 msgstr "Liens de navigation" 2002 2002 2003 msgid "Open URL on a new tab" 2004 msgstr "S'ouvre dans un nouvel onglet" 2005 2006 msgid "the link will open a new window" 2007 msgstr "Ce lien s'ouvrira dans une nouvelle fenêtre" 2008 2003 2009 msgid "Selected entries" 2004 2010 msgstr "Billets sélectionnés"
Note: See TracChangeset
for help on using the changeset viewer.