/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
\OCP\Util::addscript('core', 'tags');
\OCP\Util::addStyle($this->appName, 'style');
\OCP\Util::addStyle($this->appName, 'jquery.Jcrop');
\OCP\Util::addStyle($this->appName, '3rdparty/fontello/css/animation');
\OCP\Util::addStyle($this->appName, '3rdparty/fontello/css/fontello');
\OCP\Util::addStyle($this->appName, '3rdparty/jquery.webui-popover');
\OCP\Util::addscript($this->appName, 'app');
\OCP\Util::addscript($this->appName, '3rdparty/jquery.webui-popover');
\OCP\Util::addscript($this->appName, 'settings');
\OCP\Util::addscript($this->appName, 'loader');
\OCP\Util::addscript($this->appName, 'jquery.scrollTo.min');
\OCP\Util::addscript($this->appName, 'jquery.nicescroll.min');
\OCP\Util::addscript('files', 'jquery.fileupload');
\OCP\Util::addscript($this->appName, 'jquery.Jcrop');
$iosSupport = $this->configInfo->getUserValue($this->userId, $this->appName, 'iossupport');
$maxUploadFilesize = \OCP\Util::maxUploadFilesize('/');
$addressbooks = Addressbook::all($this->userId);
if (count($addressbooks) == 0) {
Addressbook::addDefault($this->userId);
$addressbooks = Addressbook::all($this->userId);
}
//ContactsApp::addingDummyContacts(50);
$params = ['uploadMaxFilesize' => $maxUploadFilesize, 'uploadMaxHumanFilesize' => \OCP\Util::humanFileSize($maxUploadFilesize), 'iossupport' => $iosSupport, 'addressbooks' => $addressbooks];
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('*');
$csp->addAllowedFrameDomain('*');
$response = new TemplateResponse($this->appName, 'index');
$response->setContentSecurityPolicy($csp);
$response->setParams($params);
return $response;
}
public function testGetDefaultPolicyWithPolicies()
{
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$policy->addAllowedFontDomain('mydomain.com');
$policy->addAllowedImageDomain('anotherdomain.de');
$this->contentSecurityPolicyManager->addDefaultPolicy($policy);
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$policy->addAllowedFontDomain('example.com');
$policy->addAllowedImageDomain('example.org');
$policy->allowInlineScript(true);
$this->contentSecurityPolicyManager->addDefaultPolicy($policy);
$policy = new \OCP\AppFramework\Http\EmptyContentSecurityPolicy();
$policy->addAllowedChildSrcDomain('childdomain');
$policy->addAllowedFontDomain('anotherFontDomain');
$this->contentSecurityPolicyManager->addDefaultPolicy($policy);
$expected = new \OC\Security\CSP\ContentSecurityPolicy();
$expected->allowInlineScript(true);
$expected->addAllowedFontDomain('mydomain.com');
$expected->addAllowedFontDomain('example.com');
$expected->addAllowedFontDomain('anotherFontDomain');
$expected->addAllowedImageDomain('anotherdomain.de');
$expected->addAllowedImageDomain('example.org');
$expected->addAllowedChildSrcDomain('childdomain');
$expectedStringPolicy = 'default-src \'none\';script-src \'self\' \'unsafe-inline\' \'unsafe-eval\';style-src \'self\' \'unsafe-inline\';img-src \'self\' data: blob: anotherdomain.de example.org;font-src \'self\' mydomain.com example.com anotherFontDomain;connect-src \'self\';media-src \'self\';child-src childdomain';
$this->assertEquals($expected, $this->contentSecurityPolicyManager->getDefaultPolicy());
$this->assertSame($expectedStringPolicy, $this->contentSecurityPolicyManager->getDefaultPolicy()->buildPolicy());
}
/**
* CAUTION: the @Stuff turn off security checks, for this page no admin is
* required and no CSRF check. If you don't know what CSRF is, read
* it up in the docs or you might create a security hole. This is
* basically the only required method to add this exemption, don't
* add it to any other method if you don't exactly know what it does
*
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$params = array('user' => $this->userId, 'devices' => $this->deviceMapper->findAll($this->userId));
$response = new TemplateResponse('maps', 'main', $params);
if (class_exists('OCP\\AppFramework\\Http\\ContentSecurityPolicy')) {
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
// map tiles
$csp->addAllowedImageDomain('http://*.mqcdn.com');
// marker icons
$csp->addAllowedImageDomain('https://api.tiles.mapbox.com');
// inline images
$csp->addAllowedScriptDomain('data:');
$response->setContentSecurityPolicy($csp);
}
return $response;
// templates/main.php
}
/**
* @NoAdminRequired
*/
public function cropPhoto()
{
$id = $this->params('id');
$tmpkey = $this->params('tmpkey');
$params = array('tmpkey' => $tmpkey, 'id' => $id);
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('data:');
$response = new TemplateResponse($this->appName, 'part.cropphoto', $params, '');
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$iosSupport = $this->configInfo->getUserValue($this->userId, $this->appName, 'iossupport');
$activeView = $this->configInfo->getUserValue($this->userId, $this->appName, 'view', 'listview');
$lastSelectedBook = $this->configInfo->getUserValue($this->userId, $this->appName, 'currentbook', 0);
$maxUploadFilesize = \OCP\Util::maxUploadFilesize('/');
$addressbooks = Addressbook::all($this->userId);
if (count($addressbooks) == 0) {
Addressbook::addDefault($this->userId);
$addressbooks = Addressbook::all($this->userId);
}
//ContactsApp::addingDummyContacts(1000);
$params = ['uploadMaxFilesize' => $maxUploadFilesize, 'uploadMaxHumanFilesize' => \OCP\Util::humanFileSize($maxUploadFilesize), 'iossupport' => $iosSupport, 'addressbooks' => $addressbooks, 'activeView' => $activeView, 'lastSelectedBook' => $lastSelectedBook];
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('\'self\'');
$csp->addAllowedImageDomain('data:');
$csp->addAllowedImageDomain('*');
$csp->addAllowedFrameDomain('*');
$response = new TemplateResponse($this->appName, 'index');
$response->setContentSecurityPolicy($csp);
$response->setParams($params);
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
if (\OC::$server->getAppManager()->isEnabledForUser('calendarplus')) {
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain(':data');
$config = \OC::$server->getConfig();
$response = new TemplateResponse($this->appName, 'index');
$response->setParams(array('allowShareWithLink' => $config->getAppValue('core', 'shareapi_allow_links', 'yes'), 'mailNotificationEnabled' => $config->getAppValue('core', 'shareapi_allow_mail_notification', 'no'), 'mailPublicNotificationEnabled' => $config->getAppValue('core', 'shareapi_allow_public_notification', 'no'), 'appname' => TasksApp::$appname, 'calappname' => CalendarApp::$appname));
$response->setContentSecurityPolicy($csp);
} else {
\OCP\Util::addStyle($this->appName, 'style');
$response = new TemplateResponse($this->appName, 'no-calendar-app');
}
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index() {
$status = $this->statusService->getStatus();
$response = new TemplateResponse($this->appName, 'index', [
'cronWarning' => $status['warnings']['improperlyConfiguredCron']
]);
// set csp rules for ownCloud 8.1
if (class_exists('OCP\AppFramework\Http\ContentSecurityPolicy')) {
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('*');
$csp->addAllowedMediaDomain('*');
$csp->addAllowedFrameDomain('https://youtube.com');
$csp->addAllowedFrameDomain('https://www.youtube.com');
$csp->addAllowedFrameDomain('https://player.vimeo.com');
$csp->addAllowedFrameDomain('https://www.player.vimeo.com');
$response->setContentSecurityPolicy($csp);
}
return $response;
}
<?php
/**
* owncloud_piwik
*
* Copyright (c) 2015 Klaus Herberth <*****@*****.**> <br>
* Released under the MIT license
*
* @author Klaus Herberth <*****@*****.**>
* @license MIT
*/
OCP\App::registerAdmin('piwik', 'settings-admin');
$internal = OCP\Config::getAppValue('piwik', 'internal');
if ($internal === 'yes') {
OCP\Util::addScript('piwik', 'piwik');
}
if (class_exists('\\OCP\\AppFramework\\Http\\ContentSecurityPolicy')) {
$piwik = json_decode(OCP\Config::getAppValue('piwik', 'piwik'));
$url = parse_url($piwik->url, PHP_URL_HOST);
if ($_SERVER['HTTP_HOST'] !== $url) {
$policy = new OCP\AppFramework\Http\ContentSecurityPolicy();
$policy->addAllowedScriptDomain($url);
$policy->addAllowedImageDomain($url);
\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy);
}
}
OCP\Util::addScript('piwik', 'track');
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
if (\OC::$server->getAppManager()->isEnabledForUser('contactsplus')) {
$appinfo = \OCP\App::getAppVersion('contactsplus');
if (version_compare($appinfo, '1.0.6', '>=')) {
$calId = $this->calendarController->checkBirthdayCalendarByUri('bdaycpltocal_' . $this->userId);
}
}
$calendars = CalendarCalendar::allCalendars($this->userId, false, false, false);
if (count($calendars) == 0) {
CalendarCalendar::addDefaultCalendars($this->userId);
$calendars = CalendarCalendar::allCalendars($this->userId, true);
}
if ($this->configInfo->getUserValue($this->userId, $this->appName, 'currentview', 'month') == "onedayview") {
$this->configInfo->setUserValue($this->userId, $this->appName, 'currentview', "agendaDay");
}
if ($this->configInfo->getUserValue($this->userId, $this->appName, 'currentview', 'month') == "oneweekview") {
$this->configInfo->setUserValue($this->userId, $this->appName, 'currentview', "agendaWeek");
}
if ($this->configInfo->getUserValue($this->userId, $this->appName, 'currentview', 'month') == "onemonthview") {
$this->configInfo->setUserValue($this->userId, $this->appName, 'currentview', "month");
}
if ($this->configInfo->getUserValue($this->userId, $this->appName, 'currentview', 'month') == "listview") {
$this->configInfo->setUserValue($this->userId, $this->appName, 'currentview', "list");
}
if ($this->configInfo->getUserValue($this->userId, $this->appName, 'currentview', 'month') == "fourweeksview") {
$this->configInfo->setUserValue($this->userId, $this->appName, 'currentview', "fourweeks");
}
\OCP\Util::addStyle($this->appName, '3rdparty/colorPicker');
\OCP\Util::addscript($this->appName, '3rdparty/jquery.colorPicker');
\OCP\Util::addScript($this->appName, '3rdparty/fullcalendar');
\OCP\Util::addStyle($this->appName, '3rdparty/fullcalendar');
\OCP\Util::addStyle($this->appName, '3rdparty/jquery.timepicker');
\OCP\Util::addStyle($this->appName, '3rdparty/fontello/css/animation');
\OCP\Util::addStyle($this->appName, '3rdparty/fontello/css/fontello');
\OCP\Util::addScript($this->appName, 'jquery.scrollTo.min');
//\OCP\Util::addScript($this->appName,'timepicker');
\OCP\Util::addScript($this->appName, '3rdparty/datepair');
\OCP\Util::addScript($this->appName, '3rdparty/jquery.datepair');
\OCP\Util::addScript($this->appName, '3rdparty/jquery.timepicker');
\OCP\Util::addScript($this->appName, "3rdparty/jquery.webui-popover");
\OCP\Util::addScript($this->appName, "3rdparty/chosen.jquery.min");
\OCP\Util::addStyle($this->appName, "3rdparty/chosen");
\OCP\Util::addScript($this->appName, '3rdparty/tag-it');
\OCP\Util::addStyle($this->appName, '3rdparty/jquery.tagit');
\OCP\Util::addStyle($this->appName, '3rdparty/jquery.webui-popover');
if ($this->configInfo->getUserValue($this->userId, $this->appName, 'timezone') == null || $this->configInfo->getUserValue($this->userId, $this->appName, 'timezonedetection') == 'true') {
\OCP\Util::addScript($this->appName, '3rdparty/jstz-1.0.4.min');
\OCP\Util::addScript($this->appName, 'geo');
}
\OCP\Util::addScript($this->appName, '3rdparty/printThis');
\OCP\Util::addScript($this->appName, 'app');
\OCP\Util::addScript($this->appName, 'loaderimport');
\OCP\Util::addStyle($this->appName, 'style');
\OCP\Util::addStyle($this->appName, "mobile");
\OCP\Util::addScript($this->appName, 'jquery.multi-autocomplete');
\OCP\Util::addScript('core', 'tags');
\OCP\Util::addScript($this->appName, 'on-event');
$leftNavAktiv = $this->configInfo->getUserValue($this->userId, $this->appName, 'calendarnav');
$rightNavAktiv = $this->configInfo->getUserValue($this->userId, $this->appName, 'tasknav');
$pCalendar = $calendars;
$pHiddenCal = 'class="isHiddenCal"';
$pButtonCalAktive = '';
if ($leftNavAktiv === 'true') {
$pHiddenCal = '';
$pButtonCalAktive = 'button-info';
}
$pButtonTaskAktive = '';
$pTaskOutput = '';
$pRightnavAktiv = $rightNavAktiv;
$pIsHidden = 'class="isHiddenTask"';
if ($rightNavAktiv === 'true' && \OC::$server->getAppManager()->isEnabledForUser('tasksplus')) {
$allowedCals = [];
foreach ($calendars as $calInfo) {
$isAktiv = (int) $calInfo['active'];
if ($this->configInfo->getUserValue($this->userId, $this->appName, 'calendar_' . $calInfo['id']) !== '') {
$isAktiv = (int) $this->configInfo->getUserValue($this->userId, $this->appName, 'calendar_' . $calInfo['id']);
}
if ($isAktiv === 1) {
$allowedCals[] = $calInfo;
}
}
$cDataTimeLine = new \OCA\TasksPlus\Timeline();
$cDataTimeLine->setCalendars($allowedCals);
$taskOutPutbyTime = $cDataTimeLine->generateAddonCalendarTodo();
$paramsList = ['taskOutPutbyTime' => $taskOutPutbyTime];
$list = new TemplateResponse('tasksplus', 'calendars.tasks.list', $paramsList, '');
$pButtonTaskAktive = 'button-info';
$pTaskOutput = $list->render();
$pIsHidden = '';
}
$params = ['calendars' => $pCalendar, 'leftnavAktiv' => $leftNavAktiv, 'isHiddenCal' => $pHiddenCal, 'buttonCalAktive' => $pButtonCalAktive, 'isHidden' => $pIsHidden, 'buttonTaskAktive' => $pButtonTaskAktive, 'taskOutput' => $pTaskOutput, 'rightnavAktiv' => $pRightnavAktiv, 'mailNotificationEnabled' => \OC::$server->getAppConfig()->getValue('core', 'shareapi_allow_mail_notification', 'yes'), 'allowShareWithLink' => \OC::$server->getAppConfig()->getValue('core', 'shareapi_allow_links', 'yes'), 'mailPublicNotificationEnabled' => \OC::$server->getAppConfig()->getValue('core', 'shareapi_allow_public_notification', 'no')];
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('*');
$response = new TemplateResponse($this->appName, 'calendar', $params);
$response->setContentSecurityPolicy($csp);
return $response;
}
