function setupHeaders($p_event) { global $g_bypass_headers; if (!$g_bypass_headers && !headers_sent()) { http_content_headers(); http_caching_headers(); header('X-Frame-Options: DENY'); $t_avatar_img_allow = ''; if (config_get_global('show_avatar')) { if ($_SERVER['REQUEST_SCHEME'] == 'https') { $t_avatar_img_allow = "; img-src 'self' https://secure.gravatar.com:443"; } else { $t_avatar_img_allow = "; img-src 'self' http://www.gravatar.com:80"; } } header("X-Content-Security-Policy: allow 'self'; img-src *; options inline-script eval-script{$t_avatar_img_allow}; frame-ancestors 'none'"); http_custom_headers(); } $g_bypass_headers = true; }
/** * Set all headers used by a normal page load. */ function http_all_headers() { global $g_bypass_headers; if (!$g_bypass_headers && !headers_sent()) { http_content_headers(); http_caching_headers(); http_security_headers(); http_custom_headers(); } }
# Initialise a special error handler for use with check.php so that errors are # not treated as being fatal. Instead, integrate error handling inline with the # test results. check_init_error_handler(); # Increase the time limit for this script to 5 minutes execution time as some # of the tests may take a long time to complete. set_time_limit( 60 * 5 ); $g_show_all = gpc_get_bool( 'show_all', false ); $g_show_errors = gpc_get_bool( 'show_errors', false ); $t_show_all_mode_link = '<a href="index.php?show_all=' . ($g_show_all ? '0' : '1') . '&show_errors=' . ($g_show_errors ? '1' : '0') . '">' . ($g_show_all ? 'Hide passed tests' : 'Show passed tests') . '</a>'; $t_show_errors_mode_link = '<a href="index.php?show_all=' . ($g_show_all ? '1' : '0') . '&show_errors=' . ($g_show_errors ? '0' : '1') . '">' . ($g_show_errors ? 'Hide verbose error messages' : 'Show verbose error messages') . '</a>'; http_content_headers(); echo '<?xml version="1.0" encoding="utf-8"?>'; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" > <head> <meta http-equiv="Content-type" content="application/xhtml+xml; charset=UTF-8" /> <title>MantisBT Administration - Check Installation</title> <link rel="stylesheet" href="../admin.css" type="text/css" /> </head> <body> <div id="mantisbt-header-logo"> <img src="../../images/mantis_logo.gif" alt="MantisBT Logo" /> </div> <p class="notice">Verbosity: <?php echo $t_show_all_mode_link ?> | <?php echo $t_show_errors_mode_link ?></p> <table id="check-results">