use Friendica\Util\Network;
use Friendica\Util\Profiler;
use Friendica\Util\Strings;
+use GuzzleHttp\Psr7\Utils;
use Psr\Http\Message\ResponseInterface;
/**
'right_aside' => '',
'template' => '',
'title' => '',
+ 'section' => '',
+ 'module' => '',
];
/**
* @var string The basepath of the page
* being first
*/
$this->page['htmlhead'] = Renderer::replaceMacros($tpl, [
+ '$l10n' => [
+ 'delitem' => $l10n->t('Delete this item?'),
+ 'blockAuthor' => $l10n->t("Block this author? They won't be able to follow you nor see your public posts, and you won't be able to see their posts and their notifications."),
+ 'ignoreAuthor' => $l10n->t("Ignore this author? You won't be able to see their posts and their notifications."),
+ 'collapseAuthor' => $l10n->t("Collapse this author's posts?"),
+ 'ignoreServer' => $l10n->t("Ignore this author's server?"),
+ 'ignoreServerDesc' => $l10n->t("You won't see any content from this server including reshares in your Network page, the community pages and individual conversations."),
+
+ 'likeError' => $l10n->t('Like not successful'),
+ 'dislikeError' => $l10n->t('Dislike not successful'),
+ 'announceError' => $l10n->t('Sharing not successful'),
+ 'attendError' => $l10n->t('Attendance unsuccessful'),
+ 'srvError' => $l10n->t('Backend error'),
+ 'netError' => $l10n->t('Network error'),
+
+ // Dropzone
+ 'dictDefaultMessage' => $l10n->t('Drop files here to upload'),
+ 'dictFallbackMessage' => $l10n->t("Your browser does not support drag and drop file uploads."),
+ 'dictFallbackText' => $l10n->t('Please use the fallback form below to upload your files like in the olden days.'),
+ 'dictFileTooBig' => $l10n->t('File is too big ({{filesize}}MiB). Max filesize: {{maxFilesize}}MiB.'),
+ 'dictInvalidFileType' => $l10n->t("You can't upload files of this type."),
+ 'dictResponseError' => $l10n->t('Server responded with {{statusCode}} code.'),
+ 'dictCancelUpload' => $l10n->t('Cancel upload'),
+ 'dictUploadCanceled' => $l10n->t('Upload canceled.'),
+ 'dictCancelUploadConfirmation' => $l10n->t('Are you sure you want to cancel this upload?'),
+ 'dictRemoveFile' => $l10n->t('Remove file'),
+ 'dictMaxFilesExceeded' => $l10n->t("You can't upload any more files."),
+ ],
+
'$local_user' => $localUID,
'$generator' => 'Friendica' . ' ' . App::VERSION,
- '$delitem' => $l10n->t('Delete this item?'),
- '$blockAuthor' => $l10n->t('Block this author? They won\'t be able to follow you nor see your public posts, and you won\'t be able to see their posts and their notifications.'),
- '$ignoreAuthor' => $l10n->t('Ignore this author? You won\'t be able to see their posts and their notifications.'),
'$update_interval' => $interval,
'$shortcut_icon' => $shortcut_icon,
'$touch_icon' => $touch_icon,
'$block_public' => intval($config->get('system', 'block_public')),
'$stylesheets' => $this->stylesheets,
+
+ // Dropzone
+ '$max_imagesize' => round(\Friendica\Util\Strings::getBytesFromShorthand($config->get('system', 'maximagesize')) / 1000000, 1),
+
]) . $this->page['htmlhead'];
}
* Initializes Page->page['footer'].
*
* Includes:
- * - Javascript homebase
+ * - JavaScript homebase
* - Mobile toggle link
* - Registered footer scripts (through App->registerFooterScript())
* - footer.tpl template
$this->page['nav'] = $nav->getHtml();
}
- foreach ($response->getHeaders() as $key => $header) {
- if (is_array($header)) {
- $header_str = implode(',', $header);
- } else {
- $header_str = $header;
- }
-
- if (empty($key)) {
- header($header_str);
- } else {
- header("$key: $header_str");
- }
- }
-
// Build the page - now that we have all the components
if (isset($_GET["mode"]) && (($_GET["mode"] == "raw") || ($_GET["mode"] == "minimal"))) {
$doc = new DOMDocument();
$content = mb_convert_encoding($this->page["content"], 'HTML-ENTITIES', "UTF-8");
- /// @TODO one day, kill those error-surpressing @ stuff, or PHP should ban it
+ /// @TODO one day, kill those error-suppressing @ stuff, or PHP should ban it
@$doc->loadHTML($content);
$xpath = new DOMXPath($doc);
$page = $this->page;
+ // add and escape some common but crucial content for direct "echo" in HTML (security)
+ $page['title'] = htmlspecialchars($page['title'] ?? '');
+ $page['section'] = htmlspecialchars($args->get(0) ?? 'generic');
+ $page['module'] = htmlspecialchars($args->getModuleName() ?? '');
+
header("X-Friendica-Version: " . App::VERSION);
header("Content-type: text/html; charset=utf-8");
- if ($config->get('system', 'hsts') && ($baseURL->getSSLPolicy() == BaseURL::SSL_POLICY_FULL)) {
+ if ($config->get('system', 'hsts') && ($baseURL->getScheme() === 'https')) {
header("Strict-Transport-Security: max-age=31536000");
}
// Used as is in view/php/default.php
$lang = $l10n->getCurrentLang();
+ ob_start();
require_once $template;
+ $body = ob_get_clean();
+
+ return $response->withBody(Utils::streamFor($body));
}
}
projects / friendica.git / blobdiff