Changeset 1819492
- Timestamp:
- 02/10/2018 03:32:54 AM (8 years ago)
- Location:
- wp-content-security-policy
- Files:
-
- 18 added
- 5 edited
-
tags/2.3 (added)
-
tags/2.3/admin (added)
-
tags/2.3/admin/WP_CSP_Admin.php (added)
-
tags/2.3/admin/part-cspcontrol.php (added)
-
tags/2.3/admin/part-cspheaders.php (added)
-
tags/2.3/admin/part-cspoptions.php (added)
-
tags/2.3/admin/part-cspsavechanges.php (added)
-
tags/2.3/admin/part-csptest.php (added)
-
tags/2.3/admin/part-cspv3.php (added)
-
tags/2.3/css (added)
-
tags/2.3/css/WP_CSP_Admin.css (added)
-
tags/2.3/includes (added)
-
tags/2.3/includes/WP_CSP.php (added)
-
tags/2.3/js (added)
-
tags/2.3/js/WP_CSP_Admin.js (added)
-
tags/2.3/readme.txt (added)
-
tags/2.3/uninstall.php (added)
-
tags/2.3/wp-content-security-policy.php (added)
-
trunk/admin/WP_CSP_Admin.php (modified) (1 diff)
-
trunk/admin/part-cspcontrol.php (modified) (1 diff)
-
trunk/includes/WP_CSP.php (modified) (3 diffs)
-
trunk/readme.txt (modified) (1 diff)
-
trunk/wp-content-security-policy.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
wp-content-security-policy/trunk/admin/WP_CSP_Admin.php
r1817783 r1819492 207 207 208 208 // Is CSP turned on? 209 $selected = isset( $options[ WP_CSP::SETTINGS_OPTIONS_CSP_MODE ] ) ? $options[ WP_CSP::SETTINGS_OPTIONS_CSP_MODE ] : '';210 if ( $selected == '' || $selected == -1){209 $selected = isset( $options[ WP_CSP::SETTINGS_OPTIONS_CSP_MODE ] ) ? $options[ WP_CSP::SETTINGS_OPTIONS_CSP_MODE ] : WP_CSP::CSP_MODE_DEFAULT; 210 if ( $selected == '' || $selected == WP_CSP::CSP_NOTINUSE ){ 211 211 212 212 $PolicyKeyErrors[ WP_CSP::SETTINGS_OPTIONS_CSP_MODE ] = "CSP is currently turned off"; -
wp-content-security-policy/trunk/admin/part-cspcontrol.php
r1817783 r1819492 7 7 <td class='wpcsp_option_cell'> 8 8 <select name="<?php echo WP_CSP::SETTINGS_OPTIONS_ALLOPTIONS;?>[<?php echo WP_CSP::SETTINGS_OPTIONS_CSP_MODE; ?>]" id="<?php echo WP_CSP::SETTINGS_OPTIONS_CSP_MODE; ?>"> 9 <?php $selected = !empty( $options[ WP_CSP::SETTINGS_OPTIONS_CSP_MODE ] ) ? $options[ WP_CSP::SETTINGS_OPTIONS_CSP_MODE ] : ''; ?>10 <option value=" -1" <?php selected( $selected, -1); ?> >Not in use</option>11 <option value=" 0" <?php selected( $selected, 0); ?> >Enforce policies</option>12 <option value=" 1" <?php selected( $selected, 1); ?> >Report only - do not enforce policies</option>9 <?php $selected = isset( $options[ WP_CSP::SETTINGS_OPTIONS_CSP_MODE ] ) ? $options[ WP_CSP::SETTINGS_OPTIONS_CSP_MODE ] : WP_CSP::CSP_MODE_DEFAULT; ?> 10 <option value="<?php echo WP_CSP::CSP_NOTINUSE ; ?>" <?php selected( $selected, WP_CSP::CSP_NOTINUSE); ?> >Not in use</option> 11 <option value="<?php echo WP_CSP::CSP_ENABLED_ENFORCE; ?>" <?php selected( $selected, WP_CSP::CSP_ENABLED_ENFORCE); ?> >Enforce policies</option> 12 <option value="<?php echo WP_CSP::CSP_ENABLED_REPORTONLY; ?>" <?php selected( $selected, WP_CSP::CSP_ENABLED_REPORTONLY ); ?> >Report only - do not enforce policies</option> 13 13 </select> 14 14 <div class='wpcsp_option_description'><?php _e( 'Toggles whether or not to run in report only mode or cause the browsers to enforce the security policy.', 'wpcsp' ); ?></div> -
wp-content-security-policy/trunk/includes/WP_CSP.php
r1817783 r1819492 37 37 38 38 39 const CSP_NOTINUSE = -1 ; 40 const CSP_ENABLED_ENFORCE = 0 ; 41 const CSP_ENABLED_REPORTONLY = 1 ; 42 const CSP_MODE_DEFAULT = WP_CSP::CSP_ENABLED_REPORTONLY; 43 39 44 const LOGVIOLATIONS_IGNORE = 0 ; 40 45 const LOGVIOLATIONS_LOG_ALL = 1 ; … … 441 446 442 447 // Output the CSP header 443 $ ReportOnly = isset( $options[ self::SETTINGS_OPTIONS_CSP_MODE] ) ? $options[ self::SETTINGS_OPTIONS_CSP_MODE ] : 0;444 switch( $ ReportOnly) {448 $CSPMode = isset( $options[ self::SETTINGS_OPTIONS_CSP_MODE] ) ? $options[ self::SETTINGS_OPTIONS_CSP_MODE ] : WP_CSP::CSP_MODE_DEFAULT; 449 switch( $CSPMode ) { 445 450 case "": 446 case -1: // Not In use - -1 because this was added after 0/1 were allocated.447 break ; 448 case 0:451 case WP_CSP::CSP_NOTINUSE: // Not In use - -1 because this was added after 0/1 were allocated. 452 break ; 453 case WP_CSP::CSP_ENABLED_ENFORCE: 449 454 // We want to log violations - set the correct URL to log the errors. 450 455 if ( $LogViolations === true ) { … … 453 458 header("Content-Security-Policy: " . implode( "; ", $CSPOutput )); 454 459 break ; 455 case 1:460 case WP_CSP::CSP_ENABLED_REPORTONLY: 456 461 if ( $LogViolations === true ) { 457 462 $CSPOutput[] = "report-uri " . $ReportURI_ReportOnly ; -
wp-content-security-policy/trunk/readme.txt
r1817783 r1819492 249 249 == Changelog == 250 250 251 = 2.3 = 252 * Bug: CSP Enforced mode was getting lost due to 'empty()' check 253 251 254 = 2.2 = 252 255 * Moved CSP v3 information into tab on admin screen to make it easier to find -
wp-content-security-policy/trunk/wp-content-security-policy.php
r1817783 r1819492 4 4 Plugin URI: http://URI_Of_Page_Describing_Plugin_and_Updates 5 5 Description: Setup, output, and log content security policy information. 6 Version: 2. 26 Version: 2.3 7 7 Author: Dylan Downhill 8 8 Author URI: http://www.elixirinteractive.com
Note: See TracChangeset
for help on using the changeset viewer.