X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=index.php;h=d3d2e42ae6a7c8e088be411c896e644764d8c816;hb=d0dfcc71a82ac423db68a12fd2eaf6d13cb18e1f;hp=2b26eb90f0caad691e99605471e24863cc640e9a;hpb=d9f8fbeb4f83112ed1c856b694c3bc96a6f782fa;p=friendica.git

diff --git a/index.php b/index.php
index 2b26eb90f0..d3d2e42ae6 100644
--- a/index.php
+++ b/index.php
@@ -14,6 +14,7 @@
  */
 
 use Friendica\App;
+use Friendica\Core\System;
 use Friendica\Core\Config;
 
 require_once 'boot.php';
@@ -59,18 +60,18 @@ if (!$install) {
 
 	Config::load();
 
-	if ($a->max_processes_reached() OR $a->maxload_reached()) {
+	if ($a->max_processes_reached() || $a->maxload_reached()) {
 		header($_SERVER["SERVER_PROTOCOL"] . ' 503 Service Temporarily Unavailable');
 		header('Retry-After: 120');
-		header('Refresh: 120; url=' . App::get_baseurl() . "/" . $a->query_string);
+		header('Refresh: 120; url=' . System::baseUrl() . "/" . $a->query_string);
 		die("System is currently unavailable. Please try again later");
 	}
 
-	if (get_config('system', 'force_ssl') AND ($a->get_scheme() == "http") AND
-		(intval(get_config('system', 'ssl_policy')) == SSL_POLICY_FULL) AND
-		(substr(App::get_baseurl(), 0, 8) == "https://")) {
+	if (get_config('system', 'force_ssl') && ($a->get_scheme() == "http") &&
+		(intval(get_config('system', 'ssl_policy')) == SSL_POLICY_FULL) &&
+		(substr(System::baseUrl(), 0, 8) == "https://")) {
 		header("HTTP/1.1 302 Moved Temporarily");
-		header("Location: " . App::get_baseurl() . "/" . $a->query_string);
+		header("Location: " . System::baseUrl() . "/" . $a->query_string);
 		exit();
 	}
 
@@ -128,7 +129,7 @@ if ((x($_SESSION,'language')) && ($_SESSION['language'] !== $lang)) {
 if ((x($_GET,'zrl')) && (!$install && !$maintenance)) {
 	// Only continue when the given profile link seems valid
 	// Valid profile links contain a path with "/profile/" and no query parameters
-	if ((parse_url($_GET['zrl'], PHP_URL_QUERY) == "") AND
+	if ((parse_url($_GET['zrl'], PHP_URL_QUERY) == "") &&
 		strstr(parse_url($_GET['zrl'], PHP_URL_PATH), "/profile/")) {
 		$_SESSION['my_url'] = $_GET['zrl'];
 		$a->query_string = preg_replace('/[\?&]zrl=(.*?)([\?&]|$)/is','',$a->query_string);
@@ -154,7 +155,7 @@ if ((x($_GET,'zrl')) && (!$install && !$maintenance)) {
  *
  */
 
-// header('Link: <' . App::get_baseurl() . '/amcd>; rel="acct-mgmt";');
+// header('Link: <' . System::baseUrl() . '/amcd>; rel="acct-mgmt";');
 
 if (x($_COOKIE["Friendica"]) || (x($_SESSION,'authenticated')) || (x($_POST,'auth-params')) || ($a->module === 'login')) {
 	require("include/auth.php");
@@ -245,7 +246,7 @@ if (strlen($a->module)) {
 	}
 
 	// Compatibility with the Firefox App
-	if (($a->module == "users") AND ($a->cmd == "users/sign_in")) {
+	if (($a->module == "users") && ($a->cmd == "users/sign_in")) {
 		$a->module = "login";
 	}
 
@@ -294,7 +295,7 @@ if (strlen($a->module)) {
 
 		if ((x($_SERVER,'QUERY_STRING')) && ($_SERVER['QUERY_STRING'] === 'q=internal_error.html') && isset($dreamhost_error_hack)) {
 			logger('index.php: dreamhost_error_hack invoked. Original URI =' . $_SERVER['REQUEST_URI']);
-			goaway(App::get_baseurl() . $_SERVER['REQUEST_URI']);
+			goaway(System::baseUrl() . $_SERVER['REQUEST_URI']);
 		}
 
 		logger('index.php: page not found: ' . $_SERVER['REQUEST_URI'] . ' ADDRESS: ' . $_SERVER['REMOTE_ADDR'] . ' QUERY: ' . $_SERVER['QUERY_STRING'], LOGGER_DEBUG);
@@ -450,7 +451,7 @@ if (!$a->theme['stylesheet']) {
 $a->page['htmlhead'] = str_replace('{{$stylesheet}}',$stylesheet,$a->page['htmlhead']);
 //$a->page['htmlhead'] = replace_macros($a->page['htmlhead'], array('$stylesheet' => $stylesheet));
 
-if (isset($_GET["mode"]) AND (($_GET["mode"] == "raw") OR ($_GET["mode"] == "minimal"))) {
+if (isset($_GET["mode"]) && (($_GET["mode"] == "raw") || ($_GET["mode"] == "minimal"))) {
 	$doc = new DOMDocument();
 
 	$target = new DOMDocument();
@@ -473,7 +474,7 @@ if (isset($_GET["mode"]) AND (($_GET["mode"] == "raw") OR ($_GET["mode"] == "min
 	}
 }
 
-if (isset($_GET["mode"]) AND ($_GET["mode"] == "raw")) {
+if (isset($_GET["mode"]) && ($_GET["mode"] == "raw")) {
 
 	header("Content-type: text/html; charset=utf-8");
 
@@ -488,6 +489,19 @@ $profile = $a->profile;
 header("X-Friendica-Version: " . FRIENDICA_VERSION);
 header("Content-type: text/html; charset=utf-8");
 
+if (Config::get('system', 'hsts') && (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL)) {
+	header("Strict-Transport-Security: max-age=31536000");
+}
+
+// Some security stuff
+header('X-Content-Type-Options: nosniff');
+header('X-XSS-Protection: 1; mode=block');
+header('X-Permitted-Cross-Domain-Policies: none');
+header('X-Frame-Options: sameorigin');
+
+// Things like embedded OSM maps don't work, when this is enabled
+// header("Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' https: data:; media-src 'self' https:; child-src 'self' https:; object-src 'none'");
+
 /*
  * We use $_GET["mode"] for special page templates. So we will check if we have
  * to load another page template than the default one.
@@ -498,7 +512,7 @@ if (isset($_GET["mode"])) {
 }
 
 // If there is no page template use the default page template
-if (!$template) {
+if (empty($template)) {
 	$template = theme_include("default.php");
 }