Example #1
0
 /**
  * Send HTTP headers
  *
  * @access private
  */
 private function sendHeaders($action)
 {
     // HTTP secure headers
     $this->response->csp(array('style-src' => "'self' 'unsafe-inline'", 'img-src' => '*'));
     $this->response->nosniff();
     $this->response->xss();
     // Allow the public board iframe inclusion
     if (ENABLE_XFRAME && $action !== 'readonly') {
         $this->response->xframe();
     }
     if (ENABLE_HSTS) {
         $this->response->hsts();
     }
 }
Example #2
0
 /**
  * Send HTTP headers
  *
  * @access private
  */
 private function sendHeaders($action)
 {
     // HTTP secure headers
     $this->response->csp($this->container['cspRules']);
     $this->response->nosniff();
     $this->response->xss();
     // Allow the public board iframe inclusion
     if (ENABLE_XFRAME && $action !== 'readonly') {
         $this->response->xframe();
     }
     if (ENABLE_HSTS) {
         $this->response->hsts();
     }
 }
Example #3
0
 /**
  * Method executed before each action
  *
  * @access public
  */
 public function beforeAction($controller, $action)
 {
     // Start the session
     $this->session->open(BASE_URL_DIRECTORY);
     // HTTP secure headers
     $this->response->csp(array('style-src' => "'self' 'unsafe-inline'"));
     $this->response->nosniff();
     $this->response->xss();
     // Allow the public board iframe inclusion
     if ($action !== 'readonly') {
         $this->response->xframe();
     }
     if (ENABLE_HSTS) {
         $this->response->hsts();
     }
     $this->config->setupTranslations();
     $this->config->setupTimezone();
     // Authentication
     if (!$this->authentication->isAuthenticated($controller, $action)) {
         if ($this->request->isAjax()) {
             $this->response->text('Not Authorized', 401);
         }
         $this->response->redirect('?controller=user&action=login&redirect_query=' . urlencode($this->request->getQueryString()));
     }
     // Check if the user is allowed to see this page
     if (!$this->acl->isPageAccessAllowed($controller, $action)) {
         $this->response->redirect('?controller=user&action=forbidden');
     }
     // Attach events
     $this->attachEvents();
 }
Example #4
0
 /**
  * Method executed before each action
  *
  * @access public
  */
 public function beforeAction($controller, $action)
 {
     // Start the session
     $this->session->open(BASE_URL_DIRECTORY, SESSION_SAVE_PATH);
     // HTTP secure headers
     $this->response->csp(array('style-src' => "'self' 'unsafe-inline'"));
     $this->response->nosniff();
     $this->response->xss();
     $this->response->hsts();
     $this->response->xframe();
     // Load translations
     $language = $this->config->get('language', 'en_US');
     if ($language !== 'en_US') {
         Translator::load($language);
     }
     // Set timezone
     date_default_timezone_set($this->config->get('timezone', 'UTC'));
     // Authentication
     if (!$this->authentication->isAuthenticated($controller, $action)) {
         $this->response->redirect('?controller=user&action=login&redirect_query=' . urlencode($this->request->getQueryString()));
     }
     // Check if the user is allowed to see this page
     if (!$this->acl->isPageAccessAllowed($controller, $action)) {
         $this->response->redirect('?controller=user&action=forbidden');
     }
     // Attach events
     $this->attachEvents();
 }
Example #5
0
 /**
  * Method executed before each action
  *
  * @access public
  */
 public function beforeAction($controller, $action)
 {
     // Start the session
     $this->session->open(BASE_URL_DIRECTORY, SESSION_SAVE_PATH);
     // HTTP secure headers
     $this->response->csp();
     $this->response->nosniff();
     $this->response->xss();
     $this->response->hsts();
     $this->response->xframe();
     // Load translations
     $language = $this->config->get('language', 'en_US');
     if ($language !== 'en_US') {
         \Translator\load($language);
     }
     // Set timezone
     date_default_timezone_set($this->config->get('timezone', 'UTC'));
     // Authentication
     if (!$this->acl->isLogged() && !$this->acl->isPublicAction($controller, $action)) {
         // Try the remember me authentication first
         if (!$this->rememberMe->authenticate()) {
             // Redirect to the login form if not authenticated
             $this->response->redirect('?controller=user&action=login');
         } else {
             $this->lastLogin->create(\Model\LastLogin::AUTH_REMEMBER_ME, $this->acl->getUserId(), $this->user->getIpAddress(), $this->user->getUserAgent());
         }
     } else {
         if ($this->rememberMe->hasCookie()) {
             $this->rememberMe->refresh();
         }
     }
     // Check if the user is allowed to see this page
     if (!$this->acl->isPageAccessAllowed($controller, $action)) {
         $this->response->redirect('?controller=user&action=forbidden');
     }
     // Attach events for automatic actions
     $this->action->attachEvents();
 }