Skip to content

Commit

Permalink
Diverse nonces im core eingesetzt (#5526)
Browse files Browse the repository at this point in the history 
Co-authored-by: Gregor Harlan <330436+gharlan@users.noreply.github.com>
  • Loading branch information
@dergel @gharlan
dergel and gharlan committed Jan 19, 2023
1 parent dc9988a commit 965786e
Show file tree
Hide file tree
Showing 36 changed files with 40 additions and 40 deletions.
2 changes: 1 addition & 1 deletion redaxo/src/addons/backup/package.yml
View file
Expand Up @@ -21,4 +21,4 @@ requires:
php:
version: '>=8.1'
extensions: [ctype]
redaxo: ^5.9.0
redaxo: ^5.15.0-dev
2 changes: 1 addition & 1 deletion redaxo/src/addons/backup/pages/export.php
View file
Expand Up @@ -282,7 +282,7 @@
' . $content . '
</form>
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
(function($) {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/cronjob/lib/form.php
View file
Expand Up @@ -170,7 +170,7 @@ public function formatElement()
$element = $fragment->parse('core/form/form.php');

$element .= '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
// <![CDATA[
jQuery(function($){
$(".rex-js-cronjob-interval-all").each(function () {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/cronjob/package.yml
View file
Expand Up @@ -19,7 +19,7 @@ pages:

requires:
php: '>=8.1'
redaxo: ^5.13.0
redaxo: ^5.15.0-dev

console_commands:
cronjob:run: rex_command_cronjob_run
2 changes: 1 addition & 1 deletion redaxo/src/addons/cronjob/pages/cronjobs.php
View file
Expand Up @@ -341,7 +341,7 @@

echo $content; ?>

<script type="text/javascript">
<script type="text/javascript" nonce="<?= rex_response::getNonce() ?>">
// <![CDATA[
jQuery(function($){
var currentShown = null;
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/install/package.yml
View file
Expand Up @@ -23,7 +23,7 @@ requires:
php:
version: '>=8.1'
extensions: [zlib]
redaxo: ^5.13.0
redaxo: ^5.15.0-dev


console_commands:
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/install/pages/packages.add.php
View file
Expand Up @@ -176,7 +176,7 @@
$content .= '</tbody></table>';

$content .= '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
var table = $("#rex-js-table-install-packages-addons");
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/install/pages/packages.upload.php
View file
Expand Up @@ -125,7 +125,7 @@

if (!$new) {
echo '
<script type="text/javascript"><!--
<script type="text/javascript" nonce="' . rex_response::getNonce() . '"><!--
jQuery(function($) {
$("#rex-js-install-packages-upload-upload-file").change(function(){
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/media_manager/lib/effects/effect_image_properties.php
View file
Expand Up @@ -66,7 +66,7 @@ public function getParams()
'options' => [self::NO_INTERLACING, 'jpg', 'png', 'gif'],
'attributes' => ['multiple' => true, 'class' => 'selectpicker form-control'],
'suffix' => '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
$(function() {
var $field = $("#media-manager-rex-effect-image-properties-interlace-select");
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/media_manager/lib/effects/effect_mirror.php
View file
Expand Up @@ -81,7 +81,7 @@ public function getParams()
'options' => ['colored', 'transparent / png24'],
'default' => 'colored',
'suffix' => '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
(function($) {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/media_manager/lib/effects/effect_resize.php
View file
Expand Up @@ -141,7 +141,7 @@ public function getParams()
'options' => self::OPTIONS,
'default' => 'fit',
'suffix' => '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
$(function() {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/media_manager/lib/effects/effect_workspace.php
View file
Expand Up @@ -139,7 +139,7 @@ public function getParams()
'options' => ['colored', 'transparent'],
'default' => 'colored',
'suffix' => '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
$(function() {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/media_manager/package.yml
View file
Expand Up @@ -18,7 +18,7 @@ requires:
php:
version: '>=8.1'
extensions: [gd]
redaxo: ^5.13.0
redaxo: ^5.15.0-dev

default_config:
jpg_quality: 80
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/media_manager/pages/effects.php
View file
Expand Up @@ -157,7 +157,7 @@
$select->setSize(1);

$script = '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
(function($) {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/media_manager/pages/settings.php
View file
Expand Up @@ -124,7 +124,7 @@
</fieldset>
</form>
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
(function($) {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/mediapool/package.yml
View file
Expand Up @@ -31,4 +31,4 @@ image_extensions: [bmp, gif, jpeg, jpg, png, svg, tif, tiff, webp]

requires:
php: '>=8.1'
redaxo: ^5.13.0
redaxo: ^5.15.0-dev
2 changes: 1 addition & 1 deletion redaxo/src/addons/mediapool/pages/index.php
View file
Expand Up @@ -93,7 +93,7 @@

if (!rex_request::isXmlHttpRequest()) {
?>
<script type="text/javascript">
<script type="text/javascript" nonce="<?= rex_response::getNonce() ?>">
rex_retain_popup_event_handlers("rex:selectMedia");
<?= $openerInputField ? 'rex.mediapoolOpenerInputField = "'.rex_escape($openerInputField, 'js').'";' : '' ?>
</script>
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/mediapool/pages/sync.php
View file
Expand Up @@ -149,7 +149,7 @@
</fieldset>
</form>
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
jQuery(document).ready(function($){
$("input[name=\'sync_files[]\']").change(function() {
$(this).closest(\'form\').find("[type=\'submit\']").attr("disabled", $("input[name=\'sync_files[]\']:checked").length == 0);
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/mediapool/pages/upload.php
View file
Expand Up @@ -42,7 +42,7 @@
}
}

echo '<script type="text/javascript">';
echo '<script type="text/javascript" nonce="' . rex_response::getNonce() . '">';
if (isset($js)) {
echo $js;
}
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/metainfo/lib/restrictions_element.php
View file
Expand Up @@ -50,7 +50,7 @@ public function get()
$html = '';

$html .= '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/metainfo/lib/table_expander.php
View file
Expand Up @@ -100,7 +100,7 @@ public function init()
}
}
$notices .= '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
var needle = new getObj("' . $field->getAttribute('id') . '");
meta_checkConditionalFields(needle.obj, new Array(' . implode(',', $typeFields) . '), new Array(' . implode(',', $textFields) . '));
</script>';
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/metainfo/package.yml
View file
Expand Up @@ -16,7 +16,7 @@ page:

requires:
php: '>=8.1'
redaxo: '^5.13.0'
redaxo: ^5.15.0-dev
packages:
structure: '^2.12.1'
mediapool: '^2.10.1'
2 changes: 1 addition & 1 deletion redaxo/src/addons/structure/package.yml
View file
Expand Up @@ -27,7 +27,7 @@ system_plugins: [content]

requires:
php: '>=8.1'
redaxo: ^5.13.0
redaxo: ^5.15.0-dev

default_config:
start_article_id: 1
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/structure/pages/linkmap.php
View file
Expand Up @@ -68,7 +68,7 @@
}

?>
<script type="text/javascript">
<script type="text/javascript" nonce="<?= rex_response::getNonce() ?>">
<?php echo $retainEventHandlers ?>

function insertLink(link,name){
Expand Down
4 changes: 2 additions & 2 deletions redaxo/src/addons/structure/plugins/content/lib/article_content_editor.php
View file
Expand Up @@ -453,7 +453,7 @@ protected function addSlice($sliceId, $moduleId)
<form action="' . rex_url::currentBackendPage(['article_id' => $this->article_id, 'slice_id' => $sliceId, 'clang' => $this->clang, 'ctype' => $this->ctype]) . '#slice-add-pos-' . $this->sliceAddPosition . '" method="post" id="REX_FORM" enctype="multipart/form-data">
' . $sliceContent . '
</form>
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
$(":input:visible:enabled:not([readonly]):first", $("#REX_FORM")).focus();
Expand Down Expand Up @@ -531,7 +531,7 @@ protected function editSlice($sliceId, $moduleInput, $ctypeId, $moduleId, $artDa
<form enctype="multipart/form-data" action="' . rex_url::currentBackendPage(['article_id' => $this->article_id, 'slice_id' => $sliceId, 'ctype' => $ctypeId, 'clang' => $this->clang, 'function' => 'edit']) . '#slice' . $sliceId . '" method="post" id="REX_FORM">
' . $sliceContent . '
</form>
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
$(":input:visible:enabled:not([readonly]):first", $("#REX_FORM")).focus();
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/structure/plugins/content/package.yml
View file
Expand Up @@ -35,7 +35,7 @@ pages:
actions: { title: translate:actions }

requires:
redaxo: ^5.13.0
redaxo: ^5.15.0-dev

conflicts:
packages:
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/structure/plugins/content/pages/modules.actions.php
View file
Expand Up @@ -378,7 +378,7 @@
' . $csrfToken->getHiddenField() . '
' . $content . '
</form>
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
Expand Down
4 changes: 2 additions & 2 deletions redaxo/src/addons/structure/plugins/content/pages/templates.php
View file
Expand Up @@ -306,7 +306,7 @@
}

$ctypesOut .= '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
';
Expand Down Expand Up @@ -486,7 +486,7 @@
' . $content . '
</form>
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
// store the currently selected tab in the hidden input#rex-js-form-template-tab
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/structure/plugins/history/package.yml
View file
Expand Up @@ -17,7 +17,7 @@ pages:
title: translate:history

requires:
redaxo: ^5.15.0-dev
packages:
structure: '^2.2.0'
structure/content: '^2.2.0'
redaxo: '^5.15.0-dev'
2 changes: 1 addition & 1 deletion redaxo/src/addons/users/package.yml
View file
Expand Up @@ -18,4 +18,4 @@ page:

requires:
php: '>=8.1'
redaxo: ^5.14.0
redaxo: ^5.15.0-dev
2 changes: 1 addition & 1 deletion redaxo/src/addons/users/pages/roles.php
View file
Expand Up @@ -139,7 +139,7 @@

if ($fieldIds) {
$content .= '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/users/pages/users.php
View file
Expand Up @@ -528,7 +528,7 @@
' . $content . '
</form>
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
$("#rex-js-user-admin").change(function() {
Expand Down
6 changes: 3 additions & 3 deletions redaxo/src/core/fragments/core/top.php
View file
Expand Up @@ -24,7 +24,7 @@
$colorScheme = rex_escape($user->getValue('theme'));
}
echo "\n" . ' <meta name="color-scheme" content="' . $colorScheme . '">';
echo "\n" . ' <style>:root { color-scheme: ' . $colorScheme . ' }</style>';
echo "\n" . ' <style nonce="' . rex_response::getNonce() . '">:root { color-scheme: ' . $colorScheme . ' }</style>';

$assetDir = rex_path::assets();

Expand All @@ -41,7 +41,7 @@
}
}
echo "\n";
echo "\n" . ' <script type="text/javascript">';
echo "\n" . ' <script type="text/javascript" nonce="' . rex_response::getNonce() . '">';
echo "\n" . ' <!--';
echo "\n" . ' var rex = '.$this->jsProperties.';';
echo "\n" . ' //-->';
Expand Down Expand Up @@ -72,7 +72,7 @@
$attributes[] = 'defer="defer"';
}

echo "\n" . ' <script type="text/javascript" src="' . $file .'" '. implode(' ', $attributes) .'></script>';
echo "\n" . ' <script type="text/javascript" src="' . $file .'" '. implode(' ', $attributes) .' nonce="' . rex_response::getNonce() . '"></script>';
}
?>

Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/core/pages/login.php
View file
Expand Up @@ -113,7 +113,7 @@ function disableLogin() {
' . $content . '
' . rex_csrf_token::factory('backend_login')->getHiddenField() . '
</form>
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
$("#rex-form-login")
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/core/pages/packages.list.php
View file
Expand Up @@ -137,7 +137,7 @@
</table>';

$content .= '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
var table = $("#rex-js-table-available-packages-addons");
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/core/pages/setup.step4.php
View file
Expand Up @@ -196,7 +196,7 @@
$content .= '</form>';

$content .= '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
var $container = $(".rex-js-setup-step-4");
Expand Down

0 comments on commit 965786e

Please sign in to comment.