Skip to content

Commit

Permalink
Ensure proper semocolons between CSP-parts.
Browse files Browse the repository at this point in the history
  • Loading branch information
pabzm committed Oct 28, 2024
1 parent 2d74fe8 commit e1f10e9
Showing 1 changed file with 15 additions and 2 deletions.
17 changes: 15 additions & 2 deletions program/include/rcmail_output_html.php
Original file line number Diff line number Diff line change
Expand Up @@ -2726,13 +2726,26 @@ protected function get_template_logo($type = null, $match = null)
*/
protected function add_csp_header(): void
{
$csp = $this->app->config->get('content_security_policy');
$csp = $this->get_csp_value('content_security_policy');
if (!in_array($csp, ['', false, 'false'])) {
$csp_header = "Content-Security-Policy: {$csp}";
if (isset($this->env['safemode']) && $this->env['safemode'] === true) {
$csp_header .= $this->app->config->get('content_security_policy_add_allow_remote');
$csp_allow_remote = $this->get_csp_value('content_security_policy_add_allow_remote');
$csp_header .= "; {$csp_allow_remote}";
}
$this->header($csp_header);
}
}

/**
* Get a CSP-related value from the config, stripped by surrounding
* whitespace and semicolons (and NUL byte, because it's included in the
* default second argument to trim(), too).
*
* @param $name string The key of the wanted config value.
*/
protected function get_csp_value($name): string
{
return trim($this->app->config->get($name), "; \n\r\t\v\x00");
}
}

0 comments on commit e1f10e9

Please sign in to comment.