Skip to content

Commit

Permalink
Fix datetimepicker's files handling
Browse files Browse the repository at this point in the history 
- add js hashes
- add missing security header
- drop execute permissions
- use specific version w/o cdn

Fixes #22064

Signed-off-by: Damien Regad <dregad@mantisbt.org>
  • Loading branch information
@badfiles @dregad
badfiles authored and dregad committed Dec 24, 2016
1 parent 2fa9053 commit c108253
Show file tree
Hide file tree
Showing 6 changed files with 8 additions and 5 deletions.
2 changes: 2 additions & 0 deletions core/constant_inc.php
View file
Expand Up @@ -619,7 +619,9 @@

# Moment & DateTimePicker
define( 'MOMENT_VERSION', '2.15.2' );
define( 'MOMENT_HASH', 'sha256-K+AZsAFjiBd4piqBmFzaxDsiQiHfREubm1ExNGW1JIA=' );
define( 'DATETIME_PICKER_VERSION', '4.17.43' );
define( 'DATETIME_PICKER_HASH', 'sha256-I8vGZkA2jL0PptxyJBvewDVqNXcgIhcgeqi+GD/aw34=' );

# Chart JS
define( 'CHARTJS_VERSION', '2.1.6' );
Expand Down
1 change: 1 addition & 0 deletions core/http_api.php
View file
Expand Up @@ -230,6 +230,7 @@ function http_security_headers() {

http_csp_add( 'script-src', 'ajax.googleapis.com' );
http_csp_add( 'script-src', 'maxcdn.bootstrapcdn.com' );
http_csp_add( 'script-src', 'cdnjs.cloudflare.com' );

http_csp_add( 'img-src', 'ajax.googleapis.com' );

Expand Down
10 changes: 5 additions & 5 deletions core/layout_api.php
View file
Expand Up @@ -268,7 +268,7 @@ function layout_head_css() {
html_css_link( 'open-sans.css' );

# datetimepicker
html_css_link( 'bootstrap-datetimepicker.min.css' );
html_css_link( 'bootstrap-datetimepicker-' . DATETIME_PICKER_VERSION . '.min.css' );
}

# page specific plugin styles
Expand Down Expand Up @@ -318,15 +318,15 @@ function layout_body_javascript() {
html_javascript_cdn_link( 'https://maxcdn.bootstrapcdn.com/bootstrap/' . BOOTSTRAP_VERSION . '/js/bootstrap.min.js', BOOTSTRAP_HASH );

# moment & datetimepicker
html_javascript_cdn_link( 'https://cdnjs.cloudflare.com/ajax/libs/moment.js/' . MOMENT_VERSION . '/moment-with-locales.min.js' );
html_javascript_cdn_link( 'https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/' . DATETIME_PICKER_VERSION . '/js/bootstrap-datetimepicker.min.js' );
html_javascript_cdn_link( 'https://cdnjs.cloudflare.com/ajax/libs/moment.js/' . MOMENT_VERSION . '/moment-with-locales.min.js', MOMENT_HASH );
html_javascript_cdn_link( 'https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/' . DATETIME_PICKER_VERSION . '/js/bootstrap-datetimepicker.min.js', DATETIME_PICKER_HASH );
} else {
# bootstrap
html_javascript_link( 'bootstrap-' . BOOTSTRAP_VERSION . '.min.js' );

# moment & datetimepicker
html_javascript_link( 'moment-with-locales.min.js' );
html_javascript_link( 'bootstrap-datetimepicker.min.js' );
html_javascript_link( 'moment-with-locales-' . MOMENT_VERSION . '.min.js' );
html_javascript_link( 'bootstrap-datetimepicker-' . DATETIME_PICKER_VERSION . '.min.js' );
}

# theme scripts
Expand Down
0 css/bootstrap-datetimepicker.min.css → css/bootstrap-datetimepicker-4.17.43.min.css 100755 → 100644
View file
File renamed without changes.
0 js/bootstrap-datetimepicker.min.js → js/bootstrap-datetimepicker-4.17.43.min.js 100755 → 100644
View file
File renamed without changes.
0 js/moment-with-locales.min.js → js/moment-with-locales-2.15.2.min.js 100755 → 100644
View file
File renamed without changes.

0 comments on commit c108253

Please sign in to comment.