Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Diverse nonces im core eingesetzt #5526

Merged
merged 2 commits into from
Jan 19, 2023
Merged

Diverse nonces im core eingesetzt #5526

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
964c00c
divers nonces im core eingesetzt
dergel Jan 17, 2023
16b2de1
update
gharlan Jan 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion redaxo/src/addons/backup/package.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,4 @@ requires:
php:
version: '>=8.1'
extensions: [ctype]
redaxo: ^5.9.0
redaxo: ^5.15.0-dev
2 changes: 1 addition & 1 deletion redaxo/src/addons/backup/pages/export.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,7 @@
' . $content . '
</form>

<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--

(function($) {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/cronjob/lib/form.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ public function formatElement()
$element = $fragment->parse('core/form/form.php');

$element .= '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
// <![CDATA[
jQuery(function($){
$(".rex-js-cronjob-interval-all").each(function () {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/cronjob/package.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ pages:

requires:
php: '>=8.1'
redaxo: ^5.13.0
redaxo: ^5.15.0-dev

console_commands:
cronjob:run: rex_command_cronjob_run
2 changes: 1 addition & 1 deletion redaxo/src/addons/cronjob/pages/cronjobs.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -341,7 +341,7 @@

echo $content; ?>

<script type="text/javascript">
<script type="text/javascript" nonce="<?= rex_response::getNonce() ?>">
// <![CDATA[
jQuery(function($){
var currentShown = null;
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/install/package.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ requires:
php:
version: '>=8.1'
extensions: [zlib]
redaxo: ^5.13.0
redaxo: ^5.15.0-dev


console_commands:
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/install/pages/packages.add.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@
$content .= '</tbody></table>';

$content .= '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
var table = $("#rex-js-table-install-packages-addons");
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/install/pages/packages.upload.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@

if (!$new) {
echo '
<script type="text/javascript"><!--
<script type="text/javascript" nonce="' . rex_response::getNonce() . '"><!--

jQuery(function($) {
$("#rex-js-install-packages-upload-upload-file").change(function(){
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/media_manager/lib/effects/effect_image_properties.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ public function getParams()
'options' => [self::NO_INTERLACING, 'jpg', 'png', 'gif'],
'attributes' => ['multiple' => true, 'class' => 'selectpicker form-control'],
'suffix' => '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
$(function() {
var $field = $("#media-manager-rex-effect-image-properties-interlace-select");

Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/media_manager/lib/effects/effect_mirror.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ public function getParams()
'options' => ['colored', 'transparent / png24'],
'default' => 'colored',
'suffix' => '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--

(function($) {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/media_manager/lib/effects/effect_resize.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ public function getParams()
'options' => self::OPTIONS,
'default' => 'fit',
'suffix' => '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--

$(function() {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/media_manager/lib/effects/effect_workspace.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ public function getParams()
'options' => ['colored', 'transparent'],
'default' => 'colored',
'suffix' => '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--

$(function() {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/media_manager/package.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ requires:
php:
version: '>=8.1'
extensions: [gd]
redaxo: ^5.13.0
redaxo: ^5.15.0-dev

default_config:
jpg_quality: 80
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/media_manager/pages/effects.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@
$select->setSize(1);

$script = '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--

(function($) {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/media_manager/pages/settings.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@
</fieldset>
</form>

<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--

(function($) {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/mediapool/package.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,4 @@ image_extensions: [bmp, gif, jpeg, jpg, png, svg, tif, tiff, webp]

requires:
php: '>=8.1'
redaxo: ^5.13.0
redaxo: ^5.15.0-dev
2 changes: 1 addition & 1 deletion redaxo/src/addons/mediapool/pages/index.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@

if (!rex_request::isXmlHttpRequest()) {
?>
<script type="text/javascript">
<script type="text/javascript" nonce="<?= rex_response::getNonce() ?>">
rex_retain_popup_event_handlers("rex:selectMedia");
<?= $openerInputField ? 'rex.mediapoolOpenerInputField = "'.rex_escape($openerInputField, 'js').'";' : '' ?>
</script>
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/mediapool/pages/sync.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@
</fieldset>
</form>

<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
jQuery(document).ready(function($){
$("input[name=\'sync_files[]\']").change(function() {
$(this).closest(\'form\').find("[type=\'submit\']").attr("disabled", $("input[name=\'sync_files[]\']:checked").length == 0);
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/mediapool/pages/upload.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
}
}

echo '<script type="text/javascript">';
echo '<script type="text/javascript" nonce="' . rex_response::getNonce() . '">';
if (isset($js)) {
echo $js;
}
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/metainfo/lib/restrictions_element.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ public function get()
$html = '';

$html .= '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--

jQuery(function($) {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/metainfo/lib/table_expander.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ public function init()
}
}
$notices .= '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
var needle = new getObj("' . $field->getAttribute('id') . '");
meta_checkConditionalFields(needle.obj, new Array(' . implode(',', $typeFields) . '), new Array(' . implode(',', $textFields) . '));
</script>';
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/metainfo/package.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ page:

requires:
php: '>=8.1'
redaxo: '^5.13.0'
redaxo: ^5.15.0-dev
packages:
structure: '^2.12.1'
mediapool: '^2.10.1'
2 changes: 1 addition & 1 deletion redaxo/src/addons/structure/package.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ system_plugins: [content]

requires:
php: '>=8.1'
redaxo: ^5.13.0
redaxo: ^5.15.0-dev

default_config:
start_article_id: 1
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/structure/pages/linkmap.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@
}

?>
<script type="text/javascript">
<script type="text/javascript" nonce="<?= rex_response::getNonce() ?>">
<?php echo $retainEventHandlers ?>

function insertLink(link,name){
Expand Down
4 changes: 2 additions & 2 deletions redaxo/src/addons/structure/plugins/content/lib/article_content_editor.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -453,7 +453,7 @@ protected function addSlice($sliceId, $moduleId)
<form action="' . rex_url::currentBackendPage(['article_id' => $this->article_id, 'slice_id' => $sliceId, 'clang' => $this->clang, 'ctype' => $this->ctype]) . '#slice-add-pos-' . $this->sliceAddPosition . '" method="post" id="REX_FORM" enctype="multipart/form-data">
' . $sliceContent . '
</form>
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
$(":input:visible:enabled:not([readonly]):first", $("#REX_FORM")).focus();
Expand Down Expand Up @@ -531,7 +531,7 @@ protected function editSlice($sliceId, $moduleInput, $ctypeId, $moduleId, $artDa
<form enctype="multipart/form-data" action="' . rex_url::currentBackendPage(['article_id' => $this->article_id, 'slice_id' => $sliceId, 'ctype' => $ctypeId, 'clang' => $this->clang, 'function' => 'edit']) . '#slice' . $sliceId . '" method="post" id="REX_FORM">
' . $sliceContent . '
</form>
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
$(":input:visible:enabled:not([readonly]):first", $("#REX_FORM")).focus();
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/structure/plugins/content/package.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ pages:
actions: { title: translate:actions }

requires:
redaxo: ^5.13.0
redaxo: ^5.15.0-dev

conflicts:
packages:
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/structure/plugins/content/pages/modules.actions.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -378,7 +378,7 @@
' . $csrfToken->getHiddenField() . '
' . $content . '
</form>
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--

jQuery(function($) {
Expand Down
4 changes: 2 additions & 2 deletions redaxo/src/addons/structure/plugins/content/pages/templates.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -306,7 +306,7 @@
}

$ctypesOut .= '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
';
Expand Down Expand Up @@ -486,7 +486,7 @@
' . $content . '
</form>

<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
// store the currently selected tab in the hidden input#rex-js-form-template-tab
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/structure/plugins/history/package.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ pages:
title: translate:history

requires:
redaxo: ^5.15.0-dev
packages:
structure: '^2.2.0'
structure/content: '^2.2.0'
redaxo: '^5.15.0-dev'
2 changes: 1 addition & 1 deletion redaxo/src/addons/users/package.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,4 @@ page:

requires:
php: '>=8.1'
redaxo: ^5.14.0
redaxo: ^5.15.0-dev
2 changes: 1 addition & 1 deletion redaxo/src/addons/users/pages/roles.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@

if ($fieldIds) {
$content .= '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--

jQuery(function($) {
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/users/pages/users.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -528,7 +528,7 @@
' . $content . '
</form>

<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
$("#rex-js-user-admin").change(function() {
Expand Down
6 changes: 3 additions & 3 deletions redaxo/src/core/fragments/core/top.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
$colorScheme = rex_escape($user->getValue('theme'));
}
echo "\n" . ' <meta name="color-scheme" content="' . $colorScheme . '">';
echo "\n" . ' <style>:root { color-scheme: ' . $colorScheme . ' }</style>';
echo "\n" . ' <style nonce="' . rex_response::getNonce() . '">:root { color-scheme: ' . $colorScheme . ' }</style>';

$assetDir = rex_path::assets();

Expand All @@ -41,7 +41,7 @@
}
}
echo "\n";
echo "\n" . ' <script type="text/javascript">';
echo "\n" . ' <script type="text/javascript" nonce="' . rex_response::getNonce() . '">';
echo "\n" . ' <!--';
echo "\n" . ' var rex = '.$this->jsProperties.';';
echo "\n" . ' //-->';
Expand Down Expand Up @@ -72,7 +72,7 @@
$attributes[] = 'defer="defer"';
}

echo "\n" . ' <script type="text/javascript" src="' . $file .'" '. implode(' ', $attributes) .'></script>';
echo "\n" . ' <script type="text/javascript" src="' . $file .'" '. implode(' ', $attributes) .' nonce="' . rex_response::getNonce() . '"></script>';
}
?>

Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/core/pages/login.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ function disableLogin() {
' . $content . '
' . rex_csrf_token::factory('backend_login')->getHiddenField() . '
</form>
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
$("#rex-form-login")
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/core/pages/packages.list.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@
</table>';

$content .= '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
var table = $("#rex-js-table-available-packages-addons");
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/core/pages/setup.step4.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@
$content .= '</form>';

$content .= '
<script type="text/javascript">
<script type="text/javascript" nonce="' . rex_response::getNonce() . '">
<!--
jQuery(function($) {
var $container = $(".rex-js-setup-step-4");
Expand Down