update Content-Security-Policy

r23 · Oct 17, 2023 · 7f31003 · 7f31003
1 parent eb8a1a9
commit 7f31003
Show file tree

Hide file tree

Showing 12 changed files with 20 additions and 20 deletions.
diff --git a/myoos/admin/categories.php b/myoos/admin/categories.php
@@ -1019,7 +1019,7 @@
                             </div>
                         </div>
                     </fieldset>
-            <script>
+            <script nonce="<?php echo NONCE; ?>">
                 CKEDITOR.replace( 'categories_description[<?php echo $aLanguages[$i]['id']; ?>]');
             </script>
         <?php

diff --git a/myoos/admin/categories_panorama.php b/myoos/admin/categories_panorama.php
@@ -694,7 +694,7 @@
 
                                 <div id="panorama"></div>
 
-<script>
+<script nonce="<?php echo NONCE; ?>">
 pannellum.viewer('panorama', {
     "type": "equirectangular",
     "panorama": "<?php echo OOS_HTTPS_SERVER . OOS_SHOP . OOS_IMAGES . 'panoramas/' . oos_output_string($panorama['scene_image']); ?>",
@@ -1060,7 +1060,7 @@
                         <div class="col-lg-10">
 
                             <div id="panorama_hot"></div>
-<script>
+<script nonce="<?php echo NONCE; ?>">
 pannellum.viewer('panorama_hot', {
     "type": "equirectangular",
     "panorama": "<?php echo OOS_HTTPS_SERVER . OOS_SHOP . OOS_IMAGES . 'panoramas/' . oos_output_string($panorama['scene_image']); ?>",

diff --git a/myoos/admin/customers.php b/myoos/admin/customers.php
@@ -276,7 +276,7 @@
 
 if ($action == 'edit') {
       ?>
-<script>
+<script nonce="<?php echo NONCE; ?>">
 function resetStateText(theForm) {
   theForm.entry_state.value = '';
   if (theForm.entry_zone_id.options.length > 1) {

diff --git a/myoos/admin/geo_zones.php b/myoos/admin/geo_zones.php
@@ -131,7 +131,7 @@ function oosGetGeoZoneName($geo_zone_id)
 
 if (isset($_GET['zID'])  && (($saction == 'edit') || ($saction == 'new'))) {
     ?>
-<script>
+<script nonce="<?php echo NONCE; ?>">
 function resetZoneSelected(theForm) {
   if (theForm.state.value != '') {
     theForm.zone_id.selectedIndex = '0';

diff --git a/myoos/admin/includes/account_check.js.php b/myoos/admin/includes/account_check.js.php
@@ -26,7 +26,7 @@
 
     ?>
 
-<script>
+<script nonce="<?php echo NONCE; ?>">
 function validateForm() {
   let p,z,xEmail,errors='',dbEmail,result=0,i;
 
@@ -95,7 +95,7 @@ function checkSub(obj) {
 } else {
     ?>
 
-<script>
+<script nonce="<?php echo NONCE; ?>">
 function validateForm() {
   let p,z,xEmail,errors='',dbEmail,result=0,i;
 

diff --git a/myoos/admin/includes/modules/newsletters/product_notification.php b/myoos/admin/includes/modules/newsletters/product_notification.php
@@ -52,7 +52,7 @@ public function choose_audience()
             $products_result->MoveNext();
         }
 
-        $choose_audience_string = '<script>
+        $choose_audience_string = '<script nonce="' . NONCE . '">'
 function mover(move) {
   if (move == \'remove\') {
     for (x=0; x<(document.notifications.products.length); x++) {

diff --git a/myoos/admin/information.php b/myoos/admin/information.php
@@ -256,7 +256,7 @@
                             </div>
                         </div>
                     </fieldset>
-            <script>
+            <script nonce="<?php echo NONCE; ?>">
                 CKEDITOR.replace( 'information_description[<?php echo $aLanguages[$i]['id']; ?>]');
             </script>
         <?php

diff --git a/myoos/admin/product_model_viewer.php b/myoos/admin/product_model_viewer.php
@@ -396,7 +396,7 @@
                               </div>
                            </div>
                         </fieldset>
-        <script>
+        <script nonce="<?php echo NONCE; ?>">
             CKEDITOR.replace( 'model_viewer_description_<?php echo  $nCounter . '_' . $aLanguages[$i]['id']; ?>');
         </script>
                 <?php

diff --git a/myoos/admin/product_video.php b/myoos/admin/product_video.php
@@ -403,7 +403,7 @@
                               </div>
                            </div>
                         </fieldset>
-        <script>
+        <script nonce="<?php echo NONCE; ?>">
             CKEDITOR.replace( 'video_description_<?php echo  $nCounter . '_' . $aLanguages[$i]['id']; ?>');
         </script>
                 <?php

diff --git a/myoos/admin/products.php b/myoos/admin/products.php
@@ -486,7 +486,7 @@
     } ?>
 <script nonce="<?php echo NONCE; ?>" src="js/ckeditor/ckeditor.js"></script>
 
-<script>
+<script nonce="<?php echo NONCE; ?>">
 let tax_rates = new Array();
 <?php
 	$n = is_countable($tax_class_array) ? count($tax_class_array) : 0;
@@ -715,7 +715,7 @@ function calcBasePriceFactor() {
                               </div>
                            </div>
                         </fieldset>
-		<script>
+		<script nonce="<?php echo NONCE; ?>">
 			CKEDITOR.replace( 'products_description_<?php echo $aLanguages[$i]['id']; ?>');
 		</script>
 
@@ -737,7 +737,7 @@ function calcBasePriceFactor() {
                               </div>
                            </div>
                         </fieldset>
-		<script>
+		<script nonce="<?php echo NONCE; ?>">
 			CKEDITOR.replace( 'products_short_description_<?php echo $aLanguages[$i]['id']; ?>');
 		</script>
 
@@ -759,7 +759,7 @@ function calcBasePriceFactor() {
                               </div>
                            </div>
                         </fieldset>
-		<script>
+		<script nonce="<?php echo NONCE; ?>">
 			CKEDITOR.replace( 'products_essential_characteristics_<?php echo $aLanguages[$i]['id']; ?>');
 		</script>
 
@@ -947,7 +947,7 @@ function calcBasePriceFactor() {
                             </div>
                            </div>
                         </fieldset>
-<script>
+<script nonce="<?php echo NONCE; ?>">
 updateWithTax();
 </script>
 
@@ -1207,7 +1207,7 @@ function calcBasePriceFactor() {
                      </div>
 
                      <div class="tab-pane" id="picture" role="tabpanel">
-		<script>
+		<script nonce="<?php echo NONCE; ?>">
 		window.totalinputs = 3;
 		function addUploadBoxes(placeholderid, copyfromid, num) {
 			for (i = 0; i < num; i++) {

diff --git a/myoos/admin/products_attributes.php b/myoos/admin/products_attributes.php
@@ -485,7 +485,7 @@
 
 require 'includes/header.php';
 ?>
-<script>
+<script nonce="<?php echo NONCE; ?>">
 function go_option() {
   if (document.option_order_by.selected.options[document.option_order_by.selected.selectedIndex].value != "none") {
     location = "<?php echo oos_href_link_admin($aContents['products_attributes'], 'option_page=' . (isset($_GET['option_page']) ? intval($_GET['option_page']) : 1)); ?>&option_order_by="+document.option_order_by.selected.options[document.option_order_by.selected.selectedIndex].value;
@@ -987,7 +987,7 @@ function go_option() {
     $form_action = 'add_product_attributes';
 }
 ?>
-<script>
+<script nonce="<?php echo NONCE; ?>">
 
 function doRound(x, places) {
   return Math.round(x * Math.pow(10, places)) / Math.pow(10, places);

diff --git a/myoos/admin/specials.php b/myoos/admin/specials.php
@@ -328,7 +328,7 @@ function oos_set_specials_status($specials_id, $status)
         }
 
         echo "\n";
-        echo '<script>' . "\n";
+        echo '<script nonce="' . NONCE  . '">' . "\n";
         echo 'let taxRate = ' . $tax['tax_rate'] . ';' . "\n"; ?>
 function doRound(x, places) {
   num = Math.round(x * Math.pow(10, places)) / Math.pow(10, places);