/** * Send HTTP headers * * @access private */ private function sendHeaders($action) { // HTTP secure headers $this->response->csp(array('style-src' => "'self' 'unsafe-inline'", 'img-src' => '*')); $this->response->nosniff(); $this->response->xss(); // Allow the public board iframe inclusion if (ENABLE_XFRAME && $action !== 'readonly') { $this->response->xframe(); } if (ENABLE_HSTS) { $this->response->hsts(); } }
/** * Send HTTP headers * * @access private */ private function sendHeaders($action) { // HTTP secure headers $this->response->csp($this->container['cspRules']); $this->response->nosniff(); $this->response->xss(); // Allow the public board iframe inclusion if (ENABLE_XFRAME && $action !== 'readonly') { $this->response->xframe(); } if (ENABLE_HSTS) { $this->response->hsts(); } }
/** * Method executed before each action * * @access public */ public function beforeAction($controller, $action) { // Start the session $this->session->open(BASE_URL_DIRECTORY); // HTTP secure headers $this->response->csp(array('style-src' => "'self' 'unsafe-inline'")); $this->response->nosniff(); $this->response->xss(); // Allow the public board iframe inclusion if ($action !== 'readonly') { $this->response->xframe(); } if (ENABLE_HSTS) { $this->response->hsts(); } $this->config->setupTranslations(); $this->config->setupTimezone(); // Authentication if (!$this->authentication->isAuthenticated($controller, $action)) { if ($this->request->isAjax()) { $this->response->text('Not Authorized', 401); } $this->response->redirect('?controller=user&action=login&redirect_query=' . urlencode($this->request->getQueryString())); } // Check if the user is allowed to see this page if (!$this->acl->isPageAccessAllowed($controller, $action)) { $this->response->redirect('?controller=user&action=forbidden'); } // Attach events $this->attachEvents(); }
/** * Method executed before each action * * @access public */ public function beforeAction($controller, $action) { // Start the session $this->session->open(BASE_URL_DIRECTORY, SESSION_SAVE_PATH); // HTTP secure headers $this->response->csp(array('style-src' => "'self' 'unsafe-inline'")); $this->response->nosniff(); $this->response->xss(); $this->response->hsts(); $this->response->xframe(); // Load translations $language = $this->config->get('language', 'en_US'); if ($language !== 'en_US') { Translator::load($language); } // Set timezone date_default_timezone_set($this->config->get('timezone', 'UTC')); // Authentication if (!$this->authentication->isAuthenticated($controller, $action)) { $this->response->redirect('?controller=user&action=login&redirect_query=' . urlencode($this->request->getQueryString())); } // Check if the user is allowed to see this page if (!$this->acl->isPageAccessAllowed($controller, $action)) { $this->response->redirect('?controller=user&action=forbidden'); } // Attach events $this->attachEvents(); }
/** * Method executed before each action * * @access public */ public function beforeAction($controller, $action) { // Start the session $this->session->open(BASE_URL_DIRECTORY, SESSION_SAVE_PATH); // HTTP secure headers $this->response->csp(); $this->response->nosniff(); $this->response->xss(); $this->response->hsts(); $this->response->xframe(); // Load translations $language = $this->config->get('language', 'en_US'); if ($language !== 'en_US') { \Translator\load($language); } // Set timezone date_default_timezone_set($this->config->get('timezone', 'UTC')); // Authentication if (!$this->acl->isLogged() && !$this->acl->isPublicAction($controller, $action)) { // Try the remember me authentication first if (!$this->rememberMe->authenticate()) { // Redirect to the login form if not authenticated $this->response->redirect('?controller=user&action=login'); } else { $this->lastLogin->create(\Model\LastLogin::AUTH_REMEMBER_ME, $this->acl->getUserId(), $this->user->getIpAddress(), $this->user->getUserAgent()); } } else { if ($this->rememberMe->hasCookie()) { $this->rememberMe->refresh(); } } // Check if the user is allowed to see this page if (!$this->acl->isPageAccessAllowed($controller, $action)) { $this->response->redirect('?controller=user&action=forbidden'); } // Attach events for automatic actions $this->action->attachEvents(); }