Permalink
Browse files

Fix datetimepicker's files handling

- add js hashes
- add missing security header
- drop execute permissions
- use specific version w/o cdn

Fixes #22064

Signed-off-by: Damien Regad <dregad@mantisbt.org>
  • Loading branch information...
1 parent 2fa9053 commit c10825306606a87223a742b5818d2d645232674f @badfiles badfiles committed with dregad Dec 22, 2016
@@ -619,7 +619,9 @@
# Moment & DateTimePicker
define( 'MOMENT_VERSION', '2.15.2' );
+define( 'MOMENT_HASH', 'sha256-K+AZsAFjiBd4piqBmFzaxDsiQiHfREubm1ExNGW1JIA=' );
define( 'DATETIME_PICKER_VERSION', '4.17.43' );
+define( 'DATETIME_PICKER_HASH', 'sha256-I8vGZkA2jL0PptxyJBvewDVqNXcgIhcgeqi+GD/aw34=' );
# Chart JS
define( 'CHARTJS_VERSION', '2.1.6' );
View
@@ -230,6 +230,7 @@ function http_security_headers() {
http_csp_add( 'script-src', 'ajax.googleapis.com' );
http_csp_add( 'script-src', 'maxcdn.bootstrapcdn.com' );
+ http_csp_add( 'script-src', 'cdnjs.cloudflare.com' );
http_csp_add( 'img-src', 'ajax.googleapis.com' );
View
@@ -268,7 +268,7 @@ function layout_head_css() {
html_css_link( 'open-sans.css' );
# datetimepicker
- html_css_link( 'bootstrap-datetimepicker.min.css' );
+ html_css_link( 'bootstrap-datetimepicker-' . DATETIME_PICKER_VERSION . '.min.css' );
}
# page specific plugin styles
@@ -318,15 +318,15 @@ function layout_body_javascript() {
html_javascript_cdn_link( 'https://maxcdn.bootstrapcdn.com/bootstrap/' . BOOTSTRAP_VERSION . '/js/bootstrap.min.js', BOOTSTRAP_HASH );
# moment & datetimepicker
- html_javascript_cdn_link( 'https://cdnjs.cloudflare.com/ajax/libs/moment.js/' . MOMENT_VERSION . '/moment-with-locales.min.js' );
- html_javascript_cdn_link( 'https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/' . DATETIME_PICKER_VERSION . '/js/bootstrap-datetimepicker.min.js' );
+ html_javascript_cdn_link( 'https://cdnjs.cloudflare.com/ajax/libs/moment.js/' . MOMENT_VERSION . '/moment-with-locales.min.js', MOMENT_HASH );
+ html_javascript_cdn_link( 'https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/' . DATETIME_PICKER_VERSION . '/js/bootstrap-datetimepicker.min.js', DATETIME_PICKER_HASH );
} else {
# bootstrap
html_javascript_link( 'bootstrap-' . BOOTSTRAP_VERSION . '.min.js' );
# moment & datetimepicker
- html_javascript_link( 'moment-with-locales.min.js' );
- html_javascript_link( 'bootstrap-datetimepicker.min.js' );
+ html_javascript_link( 'moment-with-locales-' . MOMENT_VERSION . '.min.js' );
+ html_javascript_link( 'bootstrap-datetimepicker-' . DATETIME_PICKER_VERSION . '.min.js' );
}
# theme scripts
File renamed without changes.
File renamed without changes.
File renamed without changes.

0 comments on commit c108253

Please sign in to comment.