/** * @brief Constructor * @param string $app app providing the template * @param string $name of the template file (without suffix) * @param string $renderas = ""; produce a full page * @return OC_Template object * * This function creates an OC_Template object. * * If $renderas is set, OC_Template will try to produce a full page in the * according layout. For now, renderas can be set to "guest", "user" or * "admin". */ public function __construct($app, $name, $renderas = "") { // Read the selected theme from the config file $theme = OC_Util::getTheme(); // Read the detected formfactor and use the right file name. $fext = self::getFormFactorExtension(); $requesttoken = OC::$session ? OC_Util::callRegister() : ''; $parts = explode('/', $app); // fix translation when app is something like core/lostpassword $l10n = OC_L10N::get($parts[0]); $themeDefaults = new OC_Defaults(); list($path, $template) = $this->findTemplate($theme, $app, $name, $fext); // Set the private data $this->renderas = $renderas; $this->path = $path; parent::__construct($template, $requesttoken, $l10n, $themeDefaults); // Some headers to enhance security header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE // iFrame Restriction Policy $xFramePolicy = OC_Config::getValue('xframe_restriction', true); if ($xFramePolicy) { header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains } // Content Security Policy // If you change the standard policy, please also change it in config.sample.php $policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; ' . 'script-src \'self\' \'unsafe-eval\'; ' . 'style-src \'self\' \'unsafe-inline\'; ' . 'frame-src *; ' . 'img-src *; ' . 'font-src \'self\' data:; ' . 'media-src *'); header('Content-Security-Policy:' . $policy); // Standard }
/** * Constructor * @param string $app app providing the template * @param string $name of the template file (without suffix) * @param string $renderas = ""; produce a full page * @param bool $registerCall = true * @return OC_Template object * * This function creates an OC_Template object. * * If $renderas is set, OC_Template will try to produce a full page in the * according layout. For now, renderas can be set to "guest", "user" or * "admin". */ public function __construct($app, $name, $renderas = "", $registerCall = true) { // Read the selected theme from the config file $theme = OC_Util::getTheme(); $requesttoken = (OC::$server->getSession() and $registerCall) ? OC_Util::callRegister() : ''; $parts = explode('/', $app); // fix translation when app is something like core/lostpassword $l10n = \OC::$server->getL10N($parts[0]); $themeDefaults = new OC_Defaults(); list($path, $template) = $this->findTemplate($theme, $app, $name); // Set the private data $this->renderas = $renderas; $this->path = $path; $this->app = $app; parent::__construct($template, $requesttoken, $l10n, $themeDefaults); }
/** * @brief Constructor * @param string $app app providing the template * @param string $name of the template file (without suffix) * @param string $renderas = ""; produce a full page * @return OC_Template object * * This function creates an OC_Template object. * * If $renderas is set, OC_Template will try to produce a full page in the * according layout. For now, renderas can be set to "guest", "user" or * "admin". */ public function __construct($app, $name, $renderas = "") { // Read the selected theme from the config file $theme = OC_Util::getTheme(); // Read the detected formfactor and use the right file name. $fext = self::getFormFactorExtension(); $requesttoken = OC::$session ? OC_Util::callRegister() : ''; $parts = explode('/', $app); // fix translation when app is something like core/lostpassword $l10n = OC_L10N::get($parts[0]); $themeDefaults = new OC_Defaults(); list($path, $template) = $this->findTemplate($theme, $app, $name, $fext); // Set the private data $this->renderas = $renderas; $this->path = $path; parent::__construct($template, $requesttoken, $l10n, $themeDefaults); }