mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-13 03:27:39 +03:00
Cleanup RainLoop\Service with improved ?admin path detection
This commit is contained in:
parent
c804f35347
commit
9fea092c43
5 changed files with 63 additions and 82 deletions
|
|
@ -6,7 +6,11 @@ const
|
||||||
HASH_PREFIX = '#/',
|
HASH_PREFIX = '#/',
|
||||||
SERVER_PREFIX = './?',
|
SERVER_PREFIX = './?',
|
||||||
VERSION = Settings.app('version'),
|
VERSION = Settings.app('version'),
|
||||||
VERSION_PREFIX = Settings.app('webVersionPath') || 'snappymail/v/' + VERSION + '/';
|
VERSION_PREFIX = Settings.app('webVersionPath') || 'snappymail/v/' + VERSION + '/',
|
||||||
|
|
||||||
|
adminPath = () => rl.adminArea() && !Settings.app('adminHostUse'),
|
||||||
|
|
||||||
|
prefix = () => SERVER_PREFIX + (adminPath() ? Settings.app('adminPath') : '');
|
||||||
|
|
||||||
export const
|
export const
|
||||||
SUB_QUERY_PREFIX = '&q[]=',
|
SUB_QUERY_PREFIX = '&q[]=',
|
||||||
|
|
@ -20,9 +24,7 @@ export const
|
||||||
/**
|
/**
|
||||||
* @returns {string}
|
* @returns {string}
|
||||||
*/
|
*/
|
||||||
logoutLink = () => (rl.adminArea() && !Settings.app('adminHostUse'))
|
logoutLink = () => adminPath() ? prefix() : ROOT,
|
||||||
? SERVER_PREFIX + Settings.app('adminPath')
|
|
||||||
: ROOT,
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param {string} type
|
* @param {string} type
|
||||||
|
|
@ -49,7 +51,7 @@ export const
|
||||||
* @param {string} type
|
* @param {string} type
|
||||||
* @returns {string}
|
* @returns {string}
|
||||||
*/
|
*/
|
||||||
serverRequest = type => SERVER_PREFIX + '/' + type + '/' + SUB_QUERY_PREFIX + '/0/',
|
serverRequest = type => prefix() + '/' + type + '/' + SUB_QUERY_PREFIX + '/0/',
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param {string} lang
|
* @param {string} lang
|
||||||
|
|
|
||||||
|
|
@ -178,10 +178,6 @@ $Plugin->addHook('hook.name', 'functionName');
|
||||||
params:
|
params:
|
||||||
array &$aPaths
|
array &$aPaths
|
||||||
|
|
||||||
### filter.http-query
|
|
||||||
params:
|
|
||||||
string &$sQuery
|
|
||||||
|
|
||||||
### filter.json-response
|
### filter.json-response
|
||||||
params:
|
params:
|
||||||
string $sAction
|
string $sAction
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,7 @@ class Manager
|
||||||
$this->oLogger = null;
|
$this->oLogger = null;
|
||||||
$this->oActions = $oActions;
|
$this->oActions = $oActions;
|
||||||
|
|
||||||
$oConfig = $this->oActions->Config();
|
$oConfig = $oActions->Config();
|
||||||
$this->bIsEnabled = (bool) $oConfig->Get('plugins', 'enable', false);
|
$this->bIsEnabled = (bool) $oConfig->Get('plugins', 'enable', false);
|
||||||
if ($this->bIsEnabled) {
|
if ($this->bIsEnabled) {
|
||||||
$sList = $oConfig->Get('plugins', 'enabled_list', '');
|
$sList = $oConfig->Get('plugins', 'enabled_list', '');
|
||||||
|
|
|
||||||
|
|
@ -2,31 +2,8 @@
|
||||||
|
|
||||||
namespace RainLoop;
|
namespace RainLoop;
|
||||||
|
|
||||||
class Service
|
abstract class Service
|
||||||
{
|
{
|
||||||
/**
|
|
||||||
* @var \MailSo\Base\Http
|
|
||||||
*/
|
|
||||||
private $oHttp;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @var \RainLoop\Actions
|
|
||||||
*/
|
|
||||||
private $oActions;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @var \RainLoop\ServiceActions
|
|
||||||
*/
|
|
||||||
private $oServiceActions;
|
|
||||||
|
|
||||||
function __construct()
|
|
||||||
{
|
|
||||||
$this->oHttp = \MailSo\Base\Http::SingletonInstance();
|
|
||||||
$this->oActions = Api::Actions();
|
|
||||||
|
|
||||||
$this->oServiceActions = new ServiceActions($this->oHttp, $this->oActions);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @staticvar bool $bOne
|
* @staticvar bool $bOne
|
||||||
*/
|
*/
|
||||||
|
|
@ -35,23 +12,23 @@ class Service
|
||||||
static $bOne = null;
|
static $bOne = null;
|
||||||
if (null === $bOne)
|
if (null === $bOne)
|
||||||
{
|
{
|
||||||
$bOne = (new self)->RunResult();
|
$bOne = static::RunResult();
|
||||||
}
|
}
|
||||||
|
|
||||||
return $bOne;
|
return $bOne;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function RunResult() : bool
|
private static function RunResult() : bool
|
||||||
{
|
{
|
||||||
if ($this->oActions->Config()->Get('debug', 'enable', false))
|
$oConfig = Api::Config();
|
||||||
|
|
||||||
|
if ($oConfig->Get('debug', 'enable', false))
|
||||||
{
|
{
|
||||||
\error_reporting(E_ALL);
|
\error_reporting(E_ALL);
|
||||||
\ini_set('display_errors', 1);
|
\ini_set('display_errors', 1);
|
||||||
\ini_set('log_errors', 1);
|
\ini_set('log_errors', 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
$oConfig = $this->oActions->Config();
|
|
||||||
|
|
||||||
$sServer = \trim($oConfig->Get('security', 'custom_server_signature', ''));
|
$sServer = \trim($oConfig->Get('security', 'custom_server_signature', ''));
|
||||||
if (\strlen($sServer))
|
if (\strlen($sServer))
|
||||||
{
|
{
|
||||||
|
|
@ -64,7 +41,7 @@ class Service
|
||||||
// Google FLoC
|
// Google FLoC
|
||||||
\header('Permissions-Policy: interest-cohort=()');
|
\header('Permissions-Policy: interest-cohort=()');
|
||||||
|
|
||||||
$this->setCSP();
|
static::setCSP();
|
||||||
|
|
||||||
$sXFrameOptionsHeader = \trim($oConfig->Get('security', 'x_frame_options_header', '')) ?: 'DENY';
|
$sXFrameOptionsHeader = \trim($oConfig->Get('security', 'x_frame_options_header', '')) ?: 'DENY';
|
||||||
\header('X-Frame-Options: '.$sXFrameOptionsHeader);
|
\header('X-Frame-Options: '.$sXFrameOptionsHeader);
|
||||||
|
|
@ -72,9 +49,10 @@ class Service
|
||||||
$sXssProtectionOptionsHeader = \trim($oConfig->Get('security', 'x_xss_protection_header', '')) ?: '1; mode=block';
|
$sXssProtectionOptionsHeader = \trim($oConfig->Get('security', 'x_xss_protection_header', '')) ?: '1; mode=block';
|
||||||
\header('X-XSS-Protection: '.$sXssProtectionOptionsHeader);
|
\header('X-XSS-Protection: '.$sXssProtectionOptionsHeader);
|
||||||
|
|
||||||
if ($oConfig->Get('labs', 'force_https', false) && !$this->oHttp->IsSecure())
|
$oHttp = \MailSo\Base\Http::SingletonInstance();
|
||||||
|
if ($oConfig->Get('labs', 'force_https', false) && !$oHttp->IsSecure())
|
||||||
{
|
{
|
||||||
\header('Location: https://'.$this->oHttp->GetHost(false, false).$this->oHttp->GetUrl());
|
\header('Location: https://'.$oHttp->GetHost(false, false).$oHttp->GetUrl());
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -95,32 +73,36 @@ class Service
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->oActions->Plugins()->RunHook('filter.http-query', array(&$sQuery));
|
|
||||||
$aPaths = \explode('/', $sQuery);
|
$aPaths = \explode('/', $sQuery);
|
||||||
// unset($aPaths[1]); // was the rlspecauth/AuthAccountHash token
|
|
||||||
$this->oActions->Plugins()->RunHook('filter.http-paths', array(&$aPaths));
|
|
||||||
|
|
||||||
$bAdmin = false;
|
$bAdmin = false;
|
||||||
$sAdminPanelHost = $oConfig->Get('security', 'admin_panel_host', '');
|
$sAdminPanelHost = $oConfig->Get('security', 'admin_panel_host', '');
|
||||||
if (empty($sAdminPanelHost))
|
if (empty($sAdminPanelHost))
|
||||||
{
|
{
|
||||||
$bAdmin = !empty($aPaths[0]) && ($oConfig->Get('security', 'admin_panel_key', '') ?: 'admin') === $aPaths[0];
|
$bAdmin = !empty($aPaths[0]) && ($oConfig->Get('security', 'admin_panel_key', '') ?: 'admin') === $aPaths[0];
|
||||||
|
$bAdmin && \array_shift($aPaths);
|
||||||
}
|
}
|
||||||
else if (empty($aPaths[0]) &&
|
else if (empty($aPaths[0]) && \mb_strtolower($sAdminPanelHost) === \mb_strtolower($oHttp->GetHost()))
|
||||||
\mb_strtolower($sAdminPanelHost) === \mb_strtolower($this->oHttp->GetHost()))
|
|
||||||
{
|
{
|
||||||
$bAdmin = true;
|
$bAdmin = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->oHttp->IsPost())
|
$oActions = Api::Actions();
|
||||||
|
// $oActions = $bAdmin ? new ActionsAdmin() : Api::Actions();
|
||||||
|
|
||||||
|
$oActions->Plugins()->RunHook('filter.http-paths', array(&$aPaths));
|
||||||
|
|
||||||
|
if ($oHttp->IsPost())
|
||||||
{
|
{
|
||||||
$this->oHttp->ServerNoCache();
|
$oHttp->ServerNoCache();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$oServiceActions = new ServiceActions($oHttp, $oActions);
|
||||||
|
|
||||||
if ($bAdmin && !$oConfig->Get('security', 'allow_admin_panel', true))
|
if ($bAdmin && !$oConfig->Get('security', 'allow_admin_panel', true))
|
||||||
{
|
{
|
||||||
\MailSo\Base\Http::StatusHeader(403);
|
\MailSo\Base\Http::StatusHeader(403);
|
||||||
echo $this->oServiceActions->ErrorTemplates('Access Denied.',
|
echo $oServiceActions->ErrorTemplates('Access Denied.',
|
||||||
'Access to the SnappyMail Admin Panel is not allowed!');
|
'Access to the SnappyMail Admin Panel is not allowed!');
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -128,11 +110,11 @@ class Service
|
||||||
|
|
||||||
$bIndex = true;
|
$bIndex = true;
|
||||||
$sResult = '';
|
$sResult = '';
|
||||||
if (\count($aPaths) && !empty($aPaths[0]) && !$bAdmin && 'index' !== \strtolower($aPaths[0]))
|
if (\count($aPaths) && !empty($aPaths[0]) && 'index' !== \strtolower($aPaths[0]))
|
||||||
{
|
{
|
||||||
if (!\SnappyMail\HTTP\SecFetch::isSameOrigin()) {
|
if (!\SnappyMail\HTTP\SecFetch::isSameOrigin()) {
|
||||||
\MailSo\Base\Http::StatusHeader(403);
|
\MailSo\Base\Http::StatusHeader(403);
|
||||||
echo $this->oServiceActions->ErrorTemplates('Access Denied.',
|
echo $oServiceActions->ErrorTemplates('Access Denied.',
|
||||||
"Disallowed Sec-Fetch
|
"Disallowed Sec-Fetch
|
||||||
Dest: " . ($_SERVER['HTTP_SEC_FETCH_DEST'] ?? '') . "
|
Dest: " . ($_SERVER['HTTP_SEC_FETCH_DEST'] ?? '') . "
|
||||||
Mode: " . ($_SERVER['HTTP_SEC_FETCH_MODE'] ?? '') . "
|
Mode: " . ($_SERVER['HTTP_SEC_FETCH_MODE'] ?? '') . "
|
||||||
|
|
@ -145,13 +127,13 @@ class Service
|
||||||
$sMethodName = 'Service'.\preg_replace('/@.+$/', '', $aPaths[0]);
|
$sMethodName = 'Service'.\preg_replace('/@.+$/', '', $aPaths[0]);
|
||||||
$sMethodExtra = \strpos($aPaths[0], '@') ? \preg_replace('/^[^@]+@/', '', $aPaths[0]) : '';
|
$sMethodExtra = \strpos($aPaths[0], '@') ? \preg_replace('/^[^@]+@/', '', $aPaths[0]) : '';
|
||||||
|
|
||||||
if (\method_exists($this->oServiceActions, $sMethodName) &&
|
if (\method_exists($oServiceActions, $sMethodName) &&
|
||||||
\is_callable(array($this->oServiceActions, $sMethodName)))
|
\is_callable(array($oServiceActions, $sMethodName)))
|
||||||
{
|
{
|
||||||
$this->oServiceActions->SetQuery($sQuery)->SetPaths($aPaths);
|
$oServiceActions->SetQuery($sQuery)->SetPaths($aPaths);
|
||||||
$sResult = $this->oServiceActions->{$sMethodName}($sMethodExtra);
|
$sResult = $oServiceActions->{$sMethodName}($sMethodExtra);
|
||||||
}
|
}
|
||||||
else if (!$this->oActions->Plugins()->RunAdditionalPart($aPaths[0], $aPaths))
|
else if (!$oActions->Plugins()->RunAdditionalPart($aPaths[0], $aPaths))
|
||||||
{
|
{
|
||||||
$bIndex = true;
|
$bIndex = true;
|
||||||
}
|
}
|
||||||
|
|
@ -161,11 +143,11 @@ class Service
|
||||||
{
|
{
|
||||||
// if (!\SnappyMail\HTTP\SecFetch::isEntering()) {
|
// if (!\SnappyMail\HTTP\SecFetch::isEntering()) {
|
||||||
\header('Content-Type: text/html; charset=utf-8');
|
\header('Content-Type: text/html; charset=utf-8');
|
||||||
$this->oHttp->ServerNoCache();
|
$oHttp->ServerNoCache();
|
||||||
|
|
||||||
if (!\is_dir(APP_DATA_FOLDER_PATH) || !\is_writable(APP_DATA_FOLDER_PATH))
|
if (!\is_dir(APP_DATA_FOLDER_PATH) || !\is_writable(APP_DATA_FOLDER_PATH))
|
||||||
{
|
{
|
||||||
echo $this->oServiceActions->ErrorTemplates(
|
echo $oServiceActions->ErrorTemplates(
|
||||||
'Permission denied!',
|
'Permission denied!',
|
||||||
'SnappyMail can not access the data folder "'.APP_DATA_FOLDER_PATH.'"'
|
'SnappyMail can not access the data folder "'.APP_DATA_FOLDER_PATH.'"'
|
||||||
);
|
);
|
||||||
|
|
@ -173,22 +155,22 @@ class Service
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$sLanguage = $this->oActions->GetLanguage($bAdmin);
|
$sLanguage = $oActions->GetLanguage($bAdmin);
|
||||||
|
|
||||||
$sAppJsMin = $oConfig->Get('labs', 'use_app_debug_js', false) ? '' : '.min';
|
$sAppJsMin = $oConfig->Get('labs', 'use_app_debug_js', false) ? '' : '.min';
|
||||||
$sAppCssMin = $oConfig->Get('labs', 'use_app_debug_css', false) ? '' : '.min';
|
$sAppCssMin = $oConfig->Get('labs', 'use_app_debug_css', false) ? '' : '.min';
|
||||||
|
|
||||||
$sFaviconUrl = (string) $oConfig->Get('webmail', 'favicon_url', '');
|
$sFaviconUrl = (string) $oConfig->Get('webmail', 'favicon_url', '');
|
||||||
|
|
||||||
$sFaviconPngLink = $sFaviconUrl ? $sFaviconUrl : $this->oActions->StaticPath('apple-touch-icon.png');
|
$sFaviconPngLink = $sFaviconUrl ? $sFaviconUrl : $oActions->StaticPath('apple-touch-icon.png');
|
||||||
$sAppleTouchLink = $sFaviconUrl ? '' : $this->oActions->StaticPath('apple-touch-icon.png');
|
$sAppleTouchLink = $sFaviconUrl ? '' : $oActions->StaticPath('apple-touch-icon.png');
|
||||||
|
|
||||||
$aTemplateParameters = array(
|
$aTemplateParameters = array(
|
||||||
'{{BaseAppFaviconPngLinkTag}}' => $sFaviconPngLink ? '<link type="image/png" rel="shortcut icon" href="'.$sFaviconPngLink.'" />' : '',
|
'{{BaseAppFaviconPngLinkTag}}' => $sFaviconPngLink ? '<link type="image/png" rel="shortcut icon" href="'.$sFaviconPngLink.'" />' : '',
|
||||||
'{{BaseAppFaviconTouchLinkTag}}' => $sAppleTouchLink ? '<link type="image/png" rel="apple-touch-icon" href="'.$sAppleTouchLink.'" />' : '',
|
'{{BaseAppFaviconTouchLinkTag}}' => $sAppleTouchLink ? '<link type="image/png" rel="apple-touch-icon" href="'.$sAppleTouchLink.'" />' : '',
|
||||||
'{{BaseAppMainCssLink}}' => $this->oActions->StaticPath('css/'.($bAdmin ? 'admin' : 'app').$sAppCssMin.'.css'),
|
'{{BaseAppMainCssLink}}' => $oActions->StaticPath('css/'.($bAdmin ? 'admin' : 'app').$sAppCssMin.'.css'),
|
||||||
'{{BaseAppThemeCssLink}}' => $this->oActions->ThemeLink($bAdmin),
|
'{{BaseAppThemeCssLink}}' => $oActions->ThemeLink($bAdmin),
|
||||||
'{{BaseAppManifestLink}}' => $this->oActions->StaticPath('manifest.json'),
|
'{{BaseAppManifestLink}}' => $oActions->StaticPath('manifest.json'),
|
||||||
'{{LoadingDescriptionEsc}}' => \htmlspecialchars($oConfig->Get('webmail', 'loading_description', 'SnappyMail'), ENT_QUOTES|ENT_IGNORE, 'UTF-8'),
|
'{{LoadingDescriptionEsc}}' => \htmlspecialchars($oConfig->Get('webmail', 'loading_description', 'SnappyMail'), ENT_QUOTES|ENT_IGNORE, 'UTF-8'),
|
||||||
'{{BaseAppAdmin}}' => $bAdmin ? 1 : 0
|
'{{BaseAppAdmin}}' => $bAdmin ? 1 : 0
|
||||||
);
|
);
|
||||||
|
|
@ -199,22 +181,22 @@ class Service
|
||||||
$sCacheFileName = 'TMPL:' . $sLanguage . \md5(
|
$sCacheFileName = 'TMPL:' . $sLanguage . \md5(
|
||||||
\json_encode(array(
|
\json_encode(array(
|
||||||
$oConfig->Get('cache', 'index', ''),
|
$oConfig->Get('cache', 'index', ''),
|
||||||
$this->oActions->Plugins()->Hash(),
|
$oActions->Plugins()->Hash(),
|
||||||
$sAppJsMin,
|
$sAppJsMin,
|
||||||
$sAppCssMin,
|
$sAppCssMin,
|
||||||
$aTemplateParameters,
|
$aTemplateParameters,
|
||||||
APP_VERSION
|
APP_VERSION
|
||||||
))
|
))
|
||||||
);
|
);
|
||||||
$sResult = $this->oActions->Cacher()->Get($sCacheFileName);
|
$sResult = $oActions->Cacher()->Get($sCacheFileName);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($sResult) {
|
if ($sResult) {
|
||||||
$sResult .= '<!--cached-->';
|
$sResult .= '<!--cached-->';
|
||||||
} else {
|
} else {
|
||||||
$aTemplateParameters['{{BaseAppThemeCss}}'] = $this->oActions->compileCss($this->oActions->GetTheme($bAdmin), $bAdmin);
|
$aTemplateParameters['{{BaseAppThemeCss}}'] = $oActions->compileCss($oActions->GetTheme($bAdmin), $bAdmin);
|
||||||
$aTemplateParameters['{{BaseLanguage}}'] = $this->oActions->compileLanguage($sLanguage, $bAdmin);
|
$aTemplateParameters['{{BaseLanguage}}'] = $oActions->compileLanguage($sLanguage, $bAdmin);
|
||||||
$aTemplateParameters['{{BaseTemplates}}'] = $this->oServiceActions->compileTemplates($bAdmin);
|
$aTemplateParameters['{{BaseTemplates}}'] = $oServiceActions->compileTemplates($bAdmin);
|
||||||
$aTemplateParameters['{{BaseAppBootCss}}'] = \file_get_contents(APP_VERSION_ROOT_PATH.'static/css/boot'.$sAppCssMin.'.css');
|
$aTemplateParameters['{{BaseAppBootCss}}'] = \file_get_contents(APP_VERSION_ROOT_PATH.'static/css/boot'.$sAppCssMin.'.css');
|
||||||
$aTemplateParameters['{{BaseAppBootScript}}'] = \file_get_contents(APP_VERSION_ROOT_PATH.'static/js'.($sAppJsMin ? '/min' : '').'/boot'.$sAppJsMin.'.js');
|
$aTemplateParameters['{{BaseAppBootScript}}'] = \file_get_contents(APP_VERSION_ROOT_PATH.'static/js'.($sAppJsMin ? '/min' : '').'/boot'.$sAppJsMin.'.js');
|
||||||
$sResult = \strtr(\file_get_contents(APP_VERSION_ROOT_PATH.'app/templates/Index.html'), $aTemplateParameters);
|
$sResult = \strtr(\file_get_contents(APP_VERSION_ROOT_PATH.'app/templates/Index.html'), $aTemplateParameters);
|
||||||
|
|
@ -229,17 +211,17 @@ class Service
|
||||||
$sResult = Utils::ClearHtmlOutput($sResult);
|
$sResult = Utils::ClearHtmlOutput($sResult);
|
||||||
}
|
}
|
||||||
if ($sCacheFileName) {
|
if ($sCacheFileName) {
|
||||||
$this->oActions->Cacher()->Set($sCacheFileName, $sResult);
|
$oActions->Cacher()->Set($sCacheFileName, $sResult);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$sScriptNonce = \SnappyMail\UUID::generate();
|
$sScriptNonce = \SnappyMail\UUID::generate();
|
||||||
$this->setCSP($sScriptNonce);
|
static::setCSP($sScriptNonce);
|
||||||
$sResult = \str_replace('nonce=""', 'nonce="'.$sScriptNonce.'"', $sResult);
|
$sResult = \str_replace('nonce=""', 'nonce="'.$sScriptNonce.'"', $sResult);
|
||||||
/*
|
/*
|
||||||
\preg_match('<script[^>]+>(.+)</script>', $sResult, $script);
|
\preg_match('<script[^>]+>(.+)</script>', $sResult, $script);
|
||||||
$sScriptHash = 'sha256-'.\base64_encode(\hash('sha256', $script[1], true));
|
$sScriptHash = 'sha256-'.\base64_encode(\hash('sha256', $script[1], true));
|
||||||
$this->setCSP(null, $sScriptHash);
|
static::setCSP(null, $sScriptHash);
|
||||||
*/
|
*/
|
||||||
}
|
}
|
||||||
else if (!\headers_sent())
|
else if (!\headers_sent())
|
||||||
|
|
@ -251,17 +233,17 @@ class Service
|
||||||
echo $sResult;
|
echo $sResult;
|
||||||
unset($sResult);
|
unset($sResult);
|
||||||
|
|
||||||
$this->oActions->BootEnd();
|
$oActions->BootEnd();
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
private function setCSP(string $sScriptNonce = null) : void
|
private static function setCSP(string $sScriptNonce = null) : void
|
||||||
{
|
{
|
||||||
// "img-src https:" is allowed due to remote images in e-mails
|
// "img-src https:" is allowed due to remote images in e-mails
|
||||||
$sContentSecurityPolicy = \trim($this->oActions->Config()->Get('security', 'content_security_policy', ''))
|
$sContentSecurityPolicy = \trim(Api::Config()->Get('security', 'content_security_policy', ''))
|
||||||
?: "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: http:; style-src 'self' 'unsafe-inline'";
|
?: "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: http:; style-src 'self' 'unsafe-inline'";
|
||||||
if ($this->oActions->Config()->Get('security', 'use_local_proxy_for_external_images', '')) {
|
if (Api::Config()->Get('security', 'use_local_proxy_for_external_images', '')) {
|
||||||
$sContentSecurityPolicy = \preg_replace('/(img-src[^;]+)\\shttps:(\\s|;|$)/D', '$1$2', $sContentSecurityPolicy);
|
$sContentSecurityPolicy = \preg_replace('/(img-src[^;]+)\\shttps:(\\s|;|$)/D', '$1$2', $sContentSecurityPolicy);
|
||||||
$sContentSecurityPolicy = \preg_replace('/(img-src[^;]+)\\shttp:(\\s|;|$)/D', '$1$2', $sContentSecurityPolicy);
|
$sContentSecurityPolicy = \preg_replace('/(img-src[^;]+)\\shttp:(\\s|;|$)/D', '$1$2', $sContentSecurityPolicy);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -99,6 +99,7 @@ class ServiceActions
|
||||||
}
|
}
|
||||||
else if (!empty($sAction))
|
else if (!empty($sAction))
|
||||||
{
|
{
|
||||||
|
// if ($this->oActions instanceof ActionsAdmin)
|
||||||
if (0 === \stripos($sAction, 'Admin') && 'AdminLogin' !== $sAction && 'AdminLogout' !== $sAction) {
|
if (0 === \stripos($sAction, 'Admin') && 'AdminLogin' !== $sAction && 'AdminLogout' !== $sAction) {
|
||||||
$this->oActions->IsAdminLoggined();
|
$this->oActions->IsAdminLoggined();
|
||||||
}
|
}
|
||||||
|
|
@ -335,7 +336,7 @@ class ServiceActions
|
||||||
{
|
{
|
||||||
$bResult = false;
|
$bResult = false;
|
||||||
$sData = empty($this->aPaths[1]) ? '' : $this->aPaths[1];
|
$sData = empty($this->aPaths[1]) ? '' : $this->aPaths[1];
|
||||||
if (!empty($sData) && $this->oActions->Config()->Get('labs', 'use_local_proxy_for_external_images', false))
|
if (!empty($sData) && $this->Config()->Get('labs', 'use_local_proxy_for_external_images', false))
|
||||||
{
|
{
|
||||||
$this->oActions->verifyCacheByKey($sData);
|
$this->oActions->verifyCacheByKey($sData);
|
||||||
|
|
||||||
|
|
@ -419,8 +420,8 @@ class ServiceActions
|
||||||
|
|
||||||
if (\strlen($sRawError))
|
if (\strlen($sRawError))
|
||||||
{
|
{
|
||||||
$this->oActions->Logger()->Write($sRawError, \MailSo\Log\Enumerations\Type::ERROR);
|
$this->Logger()->Write($sRawError, \MailSo\Log\Enumerations\Type::ERROR);
|
||||||
$this->oActions->Logger()->WriteDump($this->aPaths, \MailSo\Log\Enumerations\Type::ERROR, 'PATHS');
|
$this->Logger()->WriteDump($this->aPaths, \MailSo\Log\Enumerations\Type::ERROR, 'PATHS');
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($oException)
|
if ($oException)
|
||||||
|
|
@ -702,7 +703,7 @@ class ServiceActions
|
||||||
}
|
}
|
||||||
catch (\Throwable $oException)
|
catch (\Throwable $oException)
|
||||||
{
|
{
|
||||||
$this->oActions->Logger()->WriteException($oException);
|
$this->Logger()->WriteException($oException);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -736,7 +737,7 @@ class ServiceActions
|
||||||
}
|
}
|
||||||
catch (\Throwable $oException)
|
catch (\Throwable $oException)
|
||||||
{
|
{
|
||||||
$this->oActions->Logger()->WriteException($oException);
|
$this->Logger()->WriteException($oException);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue