mirror of
https://github.com/FreshRSS/FreshRSS.git
synced 2026-01-29 15:41:05 -05:00
d2247221bb
* Minor update whitespace PHPCS rules To simplify our configuration, apply more rules, and be clearer about what is added or removed compared with PSR12. Does not change our current conventions, but just a bit more consistent. * Forgotten *.phtml * Sort exclusion patterns + add a few for Extensions repo * Relaxed some rules
120 lines
3.3 KiB
PHP
120 lines
3.3 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
/**
|
|
* MINZ - Copyright 2011 Marien Fressinaud
|
|
* Sous licence AGPL3 <http://www.gnu.org/licenses/>
|
|
*/
|
|
|
|
/**
|
|
* The Minz_ActionController class is a controller in the MVC paradigm
|
|
*/
|
|
abstract class Minz_ActionController {
|
|
|
|
/** @var array<string,string> */
|
|
private static array $csp_default = [
|
|
'default-src' => "'self'",
|
|
];
|
|
|
|
/** @var array<string,string> */
|
|
private array $csp_policies;
|
|
|
|
/** @var Minz_View */
|
|
protected $view;
|
|
|
|
/**
|
|
* Gives the possibility to override the default view model type.
|
|
* @var class-string
|
|
* @deprecated Use constructor with view type instead
|
|
*/
|
|
public static string $defaultViewType = Minz_View::class;
|
|
|
|
/**
|
|
* @phpstan-param class-string|'' $viewType
|
|
* @param string $viewType Name of the class (inheriting from Minz_View) to use for the view model
|
|
*/
|
|
public function __construct(string $viewType = '') {
|
|
$this->csp_policies = self::$csp_default;
|
|
$view = null;
|
|
if ($viewType !== '' && class_exists($viewType)) {
|
|
$view = new $viewType();
|
|
if (!($view instanceof Minz_View)) {
|
|
$view = null;
|
|
}
|
|
}
|
|
if ($view === null && class_exists(self::$defaultViewType)) {
|
|
$view = new self::$defaultViewType();
|
|
if (!($view instanceof Minz_View)) {
|
|
$view = null;
|
|
}
|
|
}
|
|
$this->view = $view ?? new Minz_View();
|
|
$view_path = Minz_Request::controllerName() . '/' . Minz_Request::actionName() . '.phtml';
|
|
$this->view->_path($view_path);
|
|
$this->view->attributeParams();
|
|
}
|
|
|
|
/**
|
|
* Getteur
|
|
*/
|
|
public function view(): Minz_View {
|
|
return $this->view;
|
|
}
|
|
|
|
/**
|
|
* Set default CSP policies.
|
|
* @param array<string,string> $policies An array where keys are directives and values are sources.
|
|
*/
|
|
public static function _defaultCsp(array $policies): void {
|
|
if (!isset($policies['default-src'])) {
|
|
Minz_Log::warning('Default CSP policy is not declared', ADMIN_LOG);
|
|
}
|
|
self::$csp_default = $policies;
|
|
}
|
|
|
|
/**
|
|
* Set CSP policies.
|
|
*
|
|
* A default-src directive should always be given.
|
|
*
|
|
* References:
|
|
* - https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
|
|
* - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src
|
|
*
|
|
* @param array<string,string> $policies An array where keys are directives and values are sources.
|
|
*/
|
|
protected function _csp(array $policies): void {
|
|
if (!isset($policies['default-src'])) {
|
|
$action = Minz_Request::controllerName() . '#' . Minz_Request::actionName();
|
|
Minz_Log::warning(
|
|
"Default CSP policy is not declared for action {$action}.",
|
|
ADMIN_LOG
|
|
);
|
|
}
|
|
$this->csp_policies = $policies;
|
|
}
|
|
|
|
/**
|
|
* Send HTTP Content-Security-Policy header based on declared policies.
|
|
*/
|
|
public function declareCspHeader(): void {
|
|
$policies = [];
|
|
foreach (Minz_ExtensionManager::listExtensions(true) as $extension) {
|
|
$extension->amendCsp($this->csp_policies);
|
|
}
|
|
foreach ($this->csp_policies as $directive => $sources) {
|
|
$policies[] = $directive . ' ' . $sources;
|
|
}
|
|
header('Content-Security-Policy: ' . implode('; ', $policies));
|
|
}
|
|
|
|
/**
|
|
* Méthodes à redéfinir (ou non) par héritage
|
|
* firstAction est la première méthode exécutée par le Dispatcher
|
|
* lastAction est la dernière
|
|
*/
|
|
public function init(): void { }
|
|
public function firstAction(): void { }
|
|
public function lastAction(): void { }
|
|
}
|