/** * @NoAdminRequired * @NoCSRFRequired */ public function index() { \OCP\Util::addscript('core', 'tags'); \OCP\Util::addStyle($this->appName, 'style'); \OCP\Util::addStyle($this->appName, 'jquery.Jcrop'); \OCP\Util::addStyle($this->appName, '3rdparty/fontello/css/animation'); \OCP\Util::addStyle($this->appName, '3rdparty/fontello/css/fontello'); \OCP\Util::addStyle($this->appName, '3rdparty/jquery.webui-popover'); \OCP\Util::addscript($this->appName, 'app'); \OCP\Util::addscript($this->appName, '3rdparty/jquery.webui-popover'); \OCP\Util::addscript($this->appName, 'settings'); \OCP\Util::addscript($this->appName, 'loader'); \OCP\Util::addscript($this->appName, 'jquery.scrollTo.min'); \OCP\Util::addscript($this->appName, 'jquery.nicescroll.min'); \OCP\Util::addscript('files', 'jquery.fileupload'); \OCP\Util::addscript($this->appName, 'jquery.Jcrop'); $iosSupport = $this->configInfo->getUserValue($this->userId, $this->appName, 'iossupport'); $maxUploadFilesize = \OCP\Util::maxUploadFilesize('/'); $addressbooks = Addressbook::all($this->userId); if (count($addressbooks) == 0) { Addressbook::addDefault($this->userId); $addressbooks = Addressbook::all($this->userId); } //ContactsApp::addingDummyContacts(50); $params = ['uploadMaxFilesize' => $maxUploadFilesize, 'uploadMaxHumanFilesize' => \OCP\Util::humanFileSize($maxUploadFilesize), 'iossupport' => $iosSupport, 'addressbooks' => $addressbooks]; $csp = new \OCP\AppFramework\Http\ContentSecurityPolicy(); $csp->addAllowedImageDomain('*'); $csp->addAllowedFrameDomain('*'); $response = new TemplateResponse($this->appName, 'index'); $response->setContentSecurityPolicy($csp); $response->setParams($params); return $response; }
public function testGetDefaultPolicyWithPolicies() { $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(); $policy->addAllowedFontDomain('mydomain.com'); $policy->addAllowedImageDomain('anotherdomain.de'); $this->contentSecurityPolicyManager->addDefaultPolicy($policy); $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(); $policy->addAllowedFontDomain('example.com'); $policy->addAllowedImageDomain('example.org'); $policy->allowInlineScript(true); $this->contentSecurityPolicyManager->addDefaultPolicy($policy); $policy = new \OCP\AppFramework\Http\EmptyContentSecurityPolicy(); $policy->addAllowedChildSrcDomain('childdomain'); $policy->addAllowedFontDomain('anotherFontDomain'); $this->contentSecurityPolicyManager->addDefaultPolicy($policy); $expected = new \OC\Security\CSP\ContentSecurityPolicy(); $expected->allowInlineScript(true); $expected->addAllowedFontDomain('mydomain.com'); $expected->addAllowedFontDomain('example.com'); $expected->addAllowedFontDomain('anotherFontDomain'); $expected->addAllowedImageDomain('anotherdomain.de'); $expected->addAllowedImageDomain('example.org'); $expected->addAllowedChildSrcDomain('childdomain'); $expectedStringPolicy = 'default-src \'none\';script-src \'self\' \'unsafe-inline\' \'unsafe-eval\';style-src \'self\' \'unsafe-inline\';img-src \'self\' data: blob: anotherdomain.de example.org;font-src \'self\' mydomain.com example.com anotherFontDomain;connect-src \'self\';media-src \'self\';child-src childdomain'; $this->assertEquals($expected, $this->contentSecurityPolicyManager->getDefaultPolicy()); $this->assertSame($expectedStringPolicy, $this->contentSecurityPolicyManager->getDefaultPolicy()->buildPolicy()); }
/** * CAUTION: the @Stuff turn off security checks, for this page no admin is * required and no CSRF check. If you don't know what CSRF is, read * it up in the docs or you might create a security hole. This is * basically the only required method to add this exemption, don't * add it to any other method if you don't exactly know what it does * * @NoAdminRequired * @NoCSRFRequired */ public function index() { $params = array('user' => $this->userId, 'devices' => $this->deviceMapper->findAll($this->userId)); $response = new TemplateResponse('maps', 'main', $params); if (class_exists('OCP\\AppFramework\\Http\\ContentSecurityPolicy')) { $csp = new \OCP\AppFramework\Http\ContentSecurityPolicy(); // map tiles $csp->addAllowedImageDomain('http://*.mqcdn.com'); // marker icons $csp->addAllowedImageDomain('https://api.tiles.mapbox.com'); // inline images $csp->addAllowedScriptDomain('data:'); $response->setContentSecurityPolicy($csp); } return $response; // templates/main.php }
/** * @NoAdminRequired */ public function cropPhoto() { $id = $this->params('id'); $tmpkey = $this->params('tmpkey'); $params = array('tmpkey' => $tmpkey, 'id' => $id); $csp = new \OCP\AppFramework\Http\ContentSecurityPolicy(); $csp->addAllowedImageDomain('data:'); $response = new TemplateResponse($this->appName, 'part.cropphoto', $params, ''); $response->setContentSecurityPolicy($csp); return $response; }
/** * @NoAdminRequired * @NoCSRFRequired */ public function index() { $iosSupport = $this->configInfo->getUserValue($this->userId, $this->appName, 'iossupport'); $activeView = $this->configInfo->getUserValue($this->userId, $this->appName, 'view', 'listview'); $lastSelectedBook = $this->configInfo->getUserValue($this->userId, $this->appName, 'currentbook', 0); $maxUploadFilesize = \OCP\Util::maxUploadFilesize('/'); $addressbooks = Addressbook::all($this->userId); if (count($addressbooks) == 0) { Addressbook::addDefault($this->userId); $addressbooks = Addressbook::all($this->userId); } //ContactsApp::addingDummyContacts(1000); $params = ['uploadMaxFilesize' => $maxUploadFilesize, 'uploadMaxHumanFilesize' => \OCP\Util::humanFileSize($maxUploadFilesize), 'iossupport' => $iosSupport, 'addressbooks' => $addressbooks, 'activeView' => $activeView, 'lastSelectedBook' => $lastSelectedBook]; $csp = new \OCP\AppFramework\Http\ContentSecurityPolicy(); $csp->addAllowedImageDomain('\'self\''); $csp->addAllowedImageDomain('data:'); $csp->addAllowedImageDomain('*'); $csp->addAllowedFrameDomain('*'); $response = new TemplateResponse($this->appName, 'index'); $response->setContentSecurityPolicy($csp); $response->setParams($params); return $response; }
/** * @NoAdminRequired * @NoCSRFRequired */ public function index() { if (\OC::$server->getAppManager()->isEnabledForUser('calendarplus')) { $csp = new \OCP\AppFramework\Http\ContentSecurityPolicy(); $csp->addAllowedImageDomain(':data'); $config = \OC::$server->getConfig(); $response = new TemplateResponse($this->appName, 'index'); $response->setParams(array('allowShareWithLink' => $config->getAppValue('core', 'shareapi_allow_links', 'yes'), 'mailNotificationEnabled' => $config->getAppValue('core', 'shareapi_allow_mail_notification', 'no'), 'mailPublicNotificationEnabled' => $config->getAppValue('core', 'shareapi_allow_public_notification', 'no'), 'appname' => TasksApp::$appname, 'calappname' => CalendarApp::$appname)); $response->setContentSecurityPolicy($csp); } else { \OCP\Util::addStyle($this->appName, 'style'); $response = new TemplateResponse($this->appName, 'no-calendar-app'); } return $response; }
/** * @NoAdminRequired * @NoCSRFRequired */ public function index() { $status = $this->statusService->getStatus(); $response = new TemplateResponse($this->appName, 'index', [ 'cronWarning' => $status['warnings']['improperlyConfiguredCron'] ]); // set csp rules for ownCloud 8.1 if (class_exists('OCP\AppFramework\Http\ContentSecurityPolicy')) { $csp = new \OCP\AppFramework\Http\ContentSecurityPolicy(); $csp->addAllowedImageDomain('*'); $csp->addAllowedMediaDomain('*'); $csp->addAllowedFrameDomain('https://youtube.com'); $csp->addAllowedFrameDomain('https://www.youtube.com'); $csp->addAllowedFrameDomain('https://player.vimeo.com'); $csp->addAllowedFrameDomain('https://www.player.vimeo.com'); $response->setContentSecurityPolicy($csp); } return $response; }
<?php /** * owncloud_piwik * * Copyright (c) 2015 Klaus Herberth <*****@*****.**> <br> * Released under the MIT license * * @author Klaus Herberth <*****@*****.**> * @license MIT */ OCP\App::registerAdmin('piwik', 'settings-admin'); $internal = OCP\Config::getAppValue('piwik', 'internal'); if ($internal === 'yes') { OCP\Util::addScript('piwik', 'piwik'); } if (class_exists('\\OCP\\AppFramework\\Http\\ContentSecurityPolicy')) { $piwik = json_decode(OCP\Config::getAppValue('piwik', 'piwik')); $url = parse_url($piwik->url, PHP_URL_HOST); if ($_SERVER['HTTP_HOST'] !== $url) { $policy = new OCP\AppFramework\Http\ContentSecurityPolicy(); $policy->addAllowedScriptDomain($url); $policy->addAllowedImageDomain($url); \OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy); } } OCP\Util::addScript('piwik', 'track');
/** * @NoAdminRequired * @NoCSRFRequired */ public function index() { if (\OC::$server->getAppManager()->isEnabledForUser('contactsplus')) { $appinfo = \OCP\App::getAppVersion('contactsplus'); if (version_compare($appinfo, '1.0.6', '>=')) { $calId = $this->calendarController->checkBirthdayCalendarByUri('bdaycpltocal_' . $this->userId); } } $calendars = CalendarCalendar::allCalendars($this->userId, false, false, false); if (count($calendars) == 0) { CalendarCalendar::addDefaultCalendars($this->userId); $calendars = CalendarCalendar::allCalendars($this->userId, true); } if ($this->configInfo->getUserValue($this->userId, $this->appName, 'currentview', 'month') == "onedayview") { $this->configInfo->setUserValue($this->userId, $this->appName, 'currentview', "agendaDay"); } if ($this->configInfo->getUserValue($this->userId, $this->appName, 'currentview', 'month') == "oneweekview") { $this->configInfo->setUserValue($this->userId, $this->appName, 'currentview', "agendaWeek"); } if ($this->configInfo->getUserValue($this->userId, $this->appName, 'currentview', 'month') == "onemonthview") { $this->configInfo->setUserValue($this->userId, $this->appName, 'currentview', "month"); } if ($this->configInfo->getUserValue($this->userId, $this->appName, 'currentview', 'month') == "listview") { $this->configInfo->setUserValue($this->userId, $this->appName, 'currentview', "list"); } if ($this->configInfo->getUserValue($this->userId, $this->appName, 'currentview', 'month') == "fourweeksview") { $this->configInfo->setUserValue($this->userId, $this->appName, 'currentview', "fourweeks"); } \OCP\Util::addStyle($this->appName, '3rdparty/colorPicker'); \OCP\Util::addscript($this->appName, '3rdparty/jquery.colorPicker'); \OCP\Util::addScript($this->appName, '3rdparty/fullcalendar'); \OCP\Util::addStyle($this->appName, '3rdparty/fullcalendar'); \OCP\Util::addStyle($this->appName, '3rdparty/jquery.timepicker'); \OCP\Util::addStyle($this->appName, '3rdparty/fontello/css/animation'); \OCP\Util::addStyle($this->appName, '3rdparty/fontello/css/fontello'); \OCP\Util::addScript($this->appName, 'jquery.scrollTo.min'); //\OCP\Util::addScript($this->appName,'timepicker'); \OCP\Util::addScript($this->appName, '3rdparty/datepair'); \OCP\Util::addScript($this->appName, '3rdparty/jquery.datepair'); \OCP\Util::addScript($this->appName, '3rdparty/jquery.timepicker'); \OCP\Util::addScript($this->appName, "3rdparty/jquery.webui-popover"); \OCP\Util::addScript($this->appName, "3rdparty/chosen.jquery.min"); \OCP\Util::addStyle($this->appName, "3rdparty/chosen"); \OCP\Util::addScript($this->appName, '3rdparty/tag-it'); \OCP\Util::addStyle($this->appName, '3rdparty/jquery.tagit'); \OCP\Util::addStyle($this->appName, '3rdparty/jquery.webui-popover'); if ($this->configInfo->getUserValue($this->userId, $this->appName, 'timezone') == null || $this->configInfo->getUserValue($this->userId, $this->appName, 'timezonedetection') == 'true') { \OCP\Util::addScript($this->appName, '3rdparty/jstz-1.0.4.min'); \OCP\Util::addScript($this->appName, 'geo'); } \OCP\Util::addScript($this->appName, '3rdparty/printThis'); \OCP\Util::addScript($this->appName, 'app'); \OCP\Util::addScript($this->appName, 'loaderimport'); \OCP\Util::addStyle($this->appName, 'style'); \OCP\Util::addStyle($this->appName, "mobile"); \OCP\Util::addScript($this->appName, 'jquery.multi-autocomplete'); \OCP\Util::addScript('core', 'tags'); \OCP\Util::addScript($this->appName, 'on-event'); $leftNavAktiv = $this->configInfo->getUserValue($this->userId, $this->appName, 'calendarnav'); $rightNavAktiv = $this->configInfo->getUserValue($this->userId, $this->appName, 'tasknav'); $pCalendar = $calendars; $pHiddenCal = 'class="isHiddenCal"'; $pButtonCalAktive = ''; if ($leftNavAktiv === 'true') { $pHiddenCal = ''; $pButtonCalAktive = 'button-info'; } $pButtonTaskAktive = ''; $pTaskOutput = ''; $pRightnavAktiv = $rightNavAktiv; $pIsHidden = 'class="isHiddenTask"'; if ($rightNavAktiv === 'true' && \OC::$server->getAppManager()->isEnabledForUser('tasksplus')) { $allowedCals = []; foreach ($calendars as $calInfo) { $isAktiv = (int) $calInfo['active']; if ($this->configInfo->getUserValue($this->userId, $this->appName, 'calendar_' . $calInfo['id']) !== '') { $isAktiv = (int) $this->configInfo->getUserValue($this->userId, $this->appName, 'calendar_' . $calInfo['id']); } if ($isAktiv === 1) { $allowedCals[] = $calInfo; } } $cDataTimeLine = new \OCA\TasksPlus\Timeline(); $cDataTimeLine->setCalendars($allowedCals); $taskOutPutbyTime = $cDataTimeLine->generateAddonCalendarTodo(); $paramsList = ['taskOutPutbyTime' => $taskOutPutbyTime]; $list = new TemplateResponse('tasksplus', 'calendars.tasks.list', $paramsList, ''); $pButtonTaskAktive = 'button-info'; $pTaskOutput = $list->render(); $pIsHidden = ''; } $params = ['calendars' => $pCalendar, 'leftnavAktiv' => $leftNavAktiv, 'isHiddenCal' => $pHiddenCal, 'buttonCalAktive' => $pButtonCalAktive, 'isHidden' => $pIsHidden, 'buttonTaskAktive' => $pButtonTaskAktive, 'taskOutput' => $pTaskOutput, 'rightnavAktiv' => $pRightnavAktiv, 'mailNotificationEnabled' => \OC::$server->getAppConfig()->getValue('core', 'shareapi_allow_mail_notification', 'yes'), 'allowShareWithLink' => \OC::$server->getAppConfig()->getValue('core', 'shareapi_allow_links', 'yes'), 'mailPublicNotificationEnabled' => \OC::$server->getAppConfig()->getValue('core', 'shareapi_allow_public_notification', 'no')]; $csp = new \OCP\AppFramework\Http\ContentSecurityPolicy(); $csp->addAllowedImageDomain('*'); $response = new TemplateResponse($this->appName, 'calendar', $params); $response->setContentSecurityPolicy($csp); return $response; }