X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FApp%2FPage.php;h=23f542f7def77545e637376ba498191272ca5446;hb=0b1f67f5b33cd9a57e9bebeec76cbb8898f2ab27;hp=f7adb18d63285b8439076b6ccb732ad816a33105;hpb=840f25cc5ca130fd36c8c8cbfaa3b7d8ec36bde2;p=friendica.git diff --git a/src/App/Page.php b/src/App/Page.php index f7adb18d63..23f542f7de 100644 --- a/src/App/Page.php +++ b/src/App/Page.php @@ -27,18 +27,18 @@ use DOMXPath; use Friendica\App; use Friendica\Content\Nav; use Friendica\Core\Config\Capability\IManageConfigValues; -use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues; use Friendica\Core\Hook; use Friendica\Core\L10n; use Friendica\Core\Logger; +use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues; use Friendica\Core\Renderer; use Friendica\Core\System; use Friendica\Core\Theme; use Friendica\Module\Response; use Friendica\Network\HTTPException; use Friendica\Util\Network; -use Friendica\Util\Strings; use Friendica\Util\Profiler; +use Friendica\Util\Strings; use Psr\Http\Message\ResponseInterface; /** @@ -73,6 +73,8 @@ class Page implements ArrayAccess 'right_aside' => '', 'template' => '', 'title' => '', + 'section' => '', + 'module' => '', ]; /** * @var string The basepath of the page @@ -251,6 +253,14 @@ class Page implements ArrayAccess '$touch_icon' => $touch_icon, '$block_public' => intval($config->get('system', 'block_public')), '$stylesheets' => $this->stylesheets, + '$likeError' => $l10n->t('Like not successfull'), + '$dislikeError' => $l10n->t('Dislike not successfull'), + '$announceError' => $l10n->t('Sharing not successfull'), + '$srvError' => $l10n->t('Backend error'), + '$netError' => $l10n->t('Network error'), + // Dropzone + '$max_imagesize' => round(\Friendica\Util\Strings::getBytesFromShorthand($config->get('system', 'maximagesize')) / 1000000, 1), + ]) . $this->page['htmlhead']; } @@ -407,13 +417,16 @@ class Page implements ArrayAccess * @param Mode $mode The current node mode * @param ResponseInterface $response The Response of the module class, including type, content & headers * @param L10n $l10n The l10n language class + * @param Profiler $profiler * @param IManageConfigValues $config The Configuration of this node * @param IManagePersonalConfigValues $pconfig The personal/user configuration - * @param int $localUID The UID of the local user - * - * @throws HTTPException\InternalServerErrorException|HTTPException\ServiceUnavailableException + * @param Nav $nav + * @param int $localUID + * @throws HTTPException\MethodNotAllowedException + * @throws HTTPException\InternalServerErrorException + * @throws HTTPException\ServiceUnavailableException */ - public function run(App $app, BaseURL $baseURL, Arguments $args, Mode $mode, ResponseInterface $response, L10n $l10n, Profiler $profiler, IManageConfigValues $config, IManagePersonalConfigValues $pconfig, int $localUID) + public function run(App $app, BaseURL $baseURL, Arguments $args, Mode $mode, ResponseInterface $response, L10n $l10n, Profiler $profiler, IManageConfigValues $config, IManagePersonalConfigValues $pconfig, Nav $nav, int $localUID) { $moduleName = $args->getModuleName(); @@ -463,7 +476,7 @@ class Page implements ArrayAccess // Add the navigation (menu) template if ($moduleName != 'install' && $moduleName != 'maintenance') { $this->page['htmlhead'] .= Renderer::replaceMacros(Renderer::getMarkupTemplate('nav_head.tpl'), []); - $this->page['nav'] = Nav::build($app); + $this->page['nav'] = $nav->getHtml(); } foreach ($response->getHeaders() as $key => $header) { @@ -510,10 +523,15 @@ class Page implements ArrayAccess $page = $this->page; + // add and escape some common but crucial content for direct "echo" in HTML (security) + $page['title'] = htmlspecialchars($page['title'] ?? ''); + $page['section'] = htmlspecialchars($args->get(0) ?? 'generic'); + $page['module'] = htmlspecialchars($args->getModuleName() ?? ''); + header("X-Friendica-Version: " . App::VERSION); header("Content-type: text/html; charset=utf-8"); - if ($config->get('system', 'hsts') && ($baseURL->getSSLPolicy() == BaseURL::SSL_POLICY_FULL)) { + if ($config->get('system', 'hsts') && ($baseURL->getScheme() === 'https')) { header("Strict-Transport-Security: max-age=31536000"); }