X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FApp%2FPage.php;h=96bb59425efd151f405bd025d41dfb98a1058f70;hb=e659a0314086dd700dbe5e754e383ab758725805;hp=1e9d6892f24ffc79ac145f8d0ed3540c75791458;hpb=1874a32728142f2c12724562eb122eb1cd1370fe;p=friendica.git diff --git a/src/App/Page.php b/src/App/Page.php index 1e9d6892f2..96bb59425e 100644 --- a/src/App/Page.php +++ b/src/App/Page.php @@ -27,18 +27,19 @@ use DOMXPath; use Friendica\App; use Friendica\Content\Nav; use Friendica\Core\Config\Capability\IManageConfigValues; -use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues; use Friendica\Core\Hook; use Friendica\Core\L10n; use Friendica\Core\Logger; +use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues; use Friendica\Core\Renderer; use Friendica\Core\System; use Friendica\Core\Theme; use Friendica\Module\Response; use Friendica\Network\HTTPException; use Friendica\Util\Network; -use Friendica\Util\Strings; use Friendica\Util\Profiler; +use Friendica\Util\Strings; +use GuzzleHttp\Psr7\Utils; use Psr\Http\Message\ResponseInterface; /** @@ -73,6 +74,8 @@ class Page implements ArrayAccess 'right_aside' => '', 'template' => '', 'title' => '', + 'section' => '', + 'module' => '', ]; /** * @var string The basepath of the page @@ -241,15 +244,44 @@ class Page implements ArrayAccess * being first */ $this->page['htmlhead'] = Renderer::replaceMacros($tpl, [ + '$l10n' => [ + 'delitem' => $l10n->t('Delete this item?'), + 'blockAuthor' => $l10n->t('Block this author? They won\'t be able to follow you nor see your public posts, and you won\'t be able to see their posts and their notifications.'), + 'ignoreAuthor' => $l10n->t('Ignore this author? You won\'t be able to see their posts and their notifications.'), + 'collapseAuthor' => $l10n->t('Collapse this author\'s posts?'), + + 'likeError' => $l10n->t('Like not successful'), + 'dislikeError' => $l10n->t('Dislike not successful'), + 'announceError' => $l10n->t('Sharing not successful'), + 'attendError' => $l10n->t('Attendance unsuccessful'), + 'srvError' => $l10n->t('Backend error'), + 'netError' => $l10n->t('Network error'), + + // Dropzone + 'dictDefaultMessage' => $l10n->t('Drop files here to upload'), + 'dictFallbackMessage' => $l10n->t("Your browser does not support drag and drop file uploads."), + 'dictFallbackText' => $l10n->t('Please use the fallback form below to upload your files like in the olden days.'), + 'dictFileTooBig' => $l10n->t('File is too big ({{filesize}}MiB). Max filesize: {{maxFilesize}}MiB.'), + 'dictInvalidFileType' => $l10n->t("You can't upload files of this type."), + 'dictResponseError' => $l10n->t('Server responded with {{statusCode}} code.'), + 'dictCancelUpload' => $l10n->t('Cancel upload'), + 'dictUploadCanceled' => $l10n->t('Upload canceled.'), + 'dictCancelUploadConfirmation' => $l10n->t('Are you sure you want to cancel this upload?'), + 'dictRemoveFile' => $l10n->t('Remove file'), + 'dictMaxFilesExceeded' => $l10n->t("You can't upload any more files."), + ], + '$local_user' => $localUID, '$generator' => 'Friendica' . ' ' . App::VERSION, - '$delitem' => $l10n->t('Delete this item?'), - '$blockAuthor' => $l10n->t('Block this author? They won\'t be able to follow you nor see your public posts, and you won\'t be able to see their posts and their notifications.'), '$update_interval' => $interval, '$shortcut_icon' => $shortcut_icon, '$touch_icon' => $touch_icon, '$block_public' => intval($config->get('system', 'block_public')), '$stylesheets' => $this->stylesheets, + + // Dropzone + '$max_imagesize' => round(\Friendica\Util\Strings::getBytesFromShorthand($config->get('system', 'maximagesize')) / 1000000, 1), + ]) . $this->page['htmlhead']; } @@ -279,7 +311,7 @@ class Page implements ArrayAccess * Initializes Page->page['footer']. * * Includes: - * - Javascript homebase + * - JavaScript homebase * - Mobile toggle link * - Registered footer scripts (through App->registerFooterScript()) * - footer.tpl template @@ -406,13 +438,16 @@ class Page implements ArrayAccess * @param Mode $mode The current node mode * @param ResponseInterface $response The Response of the module class, including type, content & headers * @param L10n $l10n The l10n language class + * @param Profiler $profiler * @param IManageConfigValues $config The Configuration of this node * @param IManagePersonalConfigValues $pconfig The personal/user configuration - * @param int $localUID The UID of the local user - * - * @throws HTTPException\InternalServerErrorException|HTTPException\ServiceUnavailableException + * @param Nav $nav + * @param int $localUID + * @throws HTTPException\MethodNotAllowedException + * @throws HTTPException\InternalServerErrorException + * @throws HTTPException\ServiceUnavailableException */ - public function run(App $app, BaseURL $baseURL, Arguments $args, Mode $mode, ResponseInterface $response, L10n $l10n, Profiler $profiler, IManageConfigValues $config, IManagePersonalConfigValues $pconfig, int $localUID) + public function run(App $app, BaseURL $baseURL, Arguments $args, Mode $mode, ResponseInterface $response, L10n $l10n, Profiler $profiler, IManageConfigValues $config, IManagePersonalConfigValues $pconfig, Nav $nav, int $localUID) { $moduleName = $args->getModuleName(); @@ -462,21 +497,7 @@ class Page implements ArrayAccess // Add the navigation (menu) template if ($moduleName != 'install' && $moduleName != 'maintenance') { $this->page['htmlhead'] .= Renderer::replaceMacros(Renderer::getMarkupTemplate('nav_head.tpl'), []); - $this->page['nav'] = Nav::build($app); - } - - foreach ($response->getHeaders() as $key => $header) { - if (is_array($header)) { - $header_str = implode(',', $header); - } else { - $header_str = $header; - } - - if (empty($key)) { - header($header_str); - } else { - header("$key: $header_str"); - } + $this->page['nav'] = $nav->getHtml(); } // Build the page - now that we have all the components @@ -488,7 +509,7 @@ class Page implements ArrayAccess $content = mb_convert_encoding($this->page["content"], 'HTML-ENTITIES', "UTF-8"); - /// @TODO one day, kill those error-surpressing @ stuff, or PHP should ban it + /// @TODO one day, kill those error-suppressing @ stuff, or PHP should ban it @$doc->loadHTML($content); $xpath = new DOMXPath($doc); @@ -509,10 +530,15 @@ class Page implements ArrayAccess $page = $this->page; + // add and escape some common but crucial content for direct "echo" in HTML (security) + $page['title'] = htmlspecialchars($page['title'] ?? ''); + $page['section'] = htmlspecialchars($args->get(0) ?? 'generic'); + $page['module'] = htmlspecialchars($args->getModuleName() ?? ''); + header("X-Friendica-Version: " . App::VERSION); header("Content-type: text/html; charset=utf-8"); - if ($config->get('system', 'hsts') && ($baseURL->getSSLPolicy() == BaseURL::SSL_POLICY_FULL)) { + if ($config->get('system', 'hsts') && ($baseURL->getScheme() === 'https')) { header("Strict-Transport-Security: max-age=31536000"); } @@ -544,6 +570,10 @@ class Page implements ArrayAccess // Used as is in view/php/default.php $lang = $l10n->getCurrentLang(); + ob_start(); require_once $template; + $body = ob_get_clean(); + + return $response->withBody(Utils::streamFor($body)); } }