diff options
author | Alexandre Roux D'Anzi <alexandre.roux.danzi@lostpod.me> | 2022-01-12 00:24:13 +0300 |
---|---|---|
committer | Alexandre Roux D'Anzi <alexandre.roux.danzi@lostpod.me> | 2022-01-12 00:24:13 +0300 |
commit | cc4a12dca09dc0b9263d92026de1247d5151cbce (patch) | |
tree | 1f165dc7836182806a19e25a0803370e93abecf1 | |
parent | ab98a8fbdde267e330a8fb3caea45dbdf7bce123 (diff) |
put carnet in a frame to avoid conflicting css
-rwxr-xr-x | appinfo/routes.php | 2 | ||||
-rwxr-xr-x | lib/Controller/PageController.php | 30 | ||||
-rwxr-xr-x | templates/browser.php | 60 | ||||
-rwxr-xr-x | templates/index.php | 58 |
4 files changed, 92 insertions, 58 deletions
diff --git a/appinfo/routes.php b/appinfo/routes.php index d1c3226..f42e891 100755 --- a/appinfo/routes.php +++ b/appinfo/routes.php @@ -13,6 +13,8 @@ return [ 'routes' => [ ['name' => 'page#index', 'url' => '/', 'verb' => 'GET'], ['name' => 'page#writer', 'url' => '/writer', 'verb' => 'GET'], + ['name' => 'page#browser', 'url' => '/browser', 'verb' => 'GET'], + ['name' => 'page#importer', 'url' => '/importer', 'verb' => 'GET'], ['name' => 'page#exporter', 'url' => 'exporter/exporter.html', 'verb' => 'GET'], diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index 9aa126b..e3f758a 100755 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -27,6 +27,32 @@ class PageController extends Controller { * @NoAdminRequired * @NoCSRFRequired */ + public function browser() { + $parameters = [ + 'nc_version' => \OCP\Util::getVersion()[0], + 'carnet_display_fullscreen' => $this->config->getAppValue('carnet', 'carnetDisplayFullscreen', 'no'), + 'app_version' => App::getAppInfo($this->appName)['version'], + ]; + $response = new TemplateResponse($this->appName,"browser",$parameters); + $response->renderAs("blank"); + $policy = new ContentSecurityPolicy(); + $policy->addAllowedFrameDomain('\'self\''); + $policy->addAllowedFrameDomain('data:'); + + $response->setContentSecurityPolicy($policy); // allow iframe + return $response; + } + + /** + * CAUTION: the @Stuff turns off security checks; for this page no admin is + * required and no CSRF check. If you don't know what CSRF is, read + * it up in the docs or you might create a security hole. This is + * basically the only required method to add this exemption, don't + * add it to any other method if you don't exactly know what it does + * + * @NoAdminRequired + * @NoCSRFRequired + */ public function index() { $parameters = [ 'nc_version' => \OCP\Util::getVersion()[0], @@ -34,12 +60,10 @@ class PageController extends Controller { 'app_version' => App::getAppInfo($this->appName)['version'], ]; $response = new TemplateResponse($this->appName,"index",$parameters); - if($this->config->getAppValue('carnet', 'carnetDisplayFullscreen', 'no') === "yes") - $response->renderAs("blank"); $policy = new ContentSecurityPolicy(); $policy->addAllowedFrameDomain('\'self\''); $policy->addAllowedFrameDomain('data:'); - + $response->setContentSecurityPolicy($policy); // allow iframe return $response; } diff --git a/templates/browser.php b/templates/browser.php new file mode 100755 index 0000000..19a5770 --- /dev/null +++ b/templates/browser.php @@ -0,0 +1,60 @@ +<?php +global $currentpath; +global $root; +global $fullscreen; +global $appVersion; +$fullscreen = "yes"; +$appVersion = $_['app_version']; +$currentpath = __DIR__."/CarnetElectron/"; +$root = \OCP\Util::linkToAbsolute("carnet","templates"); +$file = file_get_contents($currentpath."index.html"); +$root = parse_url($root, PHP_URL_PATH); + +$file = preg_replace_callback('/<link(.*?)href=\"(.*?\.css(?:\?.*?)?)"/s',function ($matches) { + global $currentpath; + global $appVersion; + return "<link".$matches[1]."href=\"".$matches[2]."?v=".$appVersion."\""; +}, $file); +$file = str_replace("href=\"","href=\"".$root."/CarnetElectron/",$file); + +$file = preg_replace_callback('/<script(.*?)src=\"(.*?\.js(?:\?.*?)?)"/s',function ($matches) { + global $currentpath; + global $fullscreen; + global $appVersion; + + if($matches[2] === "libs/jquery.min.js" AND $fullscreen === "no") + return "<script "; + return "<script".$matches[1]."src=\"".$matches[2]."?v=".$appVersion."\""; +}, $file); +// token is needed to pass the csfr check +$file .= "<script src=\"compatibility/nextcloud/fullscreen.js?v=".$appVersion."\"></script>"; + +$file .= "<span style=\"display:none;\" id=\"token\">".$_['requesttoken']."</span>"; +if($_['carnet_display_fullscreen']==="yes"){ + + $file = str_replace('</head>', " + <link rel=\"apple-touch-icon-precomposed\" href=\"".image_path('', 'favicon-touch.png')."\" /> + <link rel=\"icon\" href=\"".image_path('', 'favicon.ico')."\"> + <link rel=\"mask-icon\" sizes=\"any\" href=\"".image_path('', 'favicon-mask.svg')."\" color=\"".$theme->getColorPrimary()."\"> + <link rel=\"manifest\" href=\"".image_path('', 'manifest.json')."\"> + </head>", $file); + if($_['nc_version']>=16) + style("carnet","../templates/CarnetElectron/compatibility/nextcloud/nc16"); + +} +else { + if($_['nc_version']>=14) + style("carnet","../templates/CarnetElectron/compatibility/nextcloud/nc14-header"); +} +$nonce = ""; +if (method_exists(\OC::$server, "getContentSecurityPolicyNonceManager")){ + $nonce = \OC::$server->getContentSecurityPolicyNonceManager()->getNonce(); +} +else{ + style("carnet","../templates/CarnetElectron/compatibility/nextcloud/owncloud"); +} + +$file = str_replace("src=\"","defer nonce='".$nonce."' src=\"".$root."/CarnetElectron/",$file); +echo $file; +echo "<span style=\"display:none;\" id=\"root-url\">".$root."/CarnetElectron/</span>"; +?>
\ No newline at end of file diff --git a/templates/index.php b/templates/index.php index 6109860..c3ae8cc 100755 --- a/templates/index.php +++ b/templates/index.php @@ -1,59 +1,7 @@ <?php -global $currentpath; -global $root; -global $fullscreen; -global $appVersion; -$fullscreen = $_['carnet_display_fullscreen']; -$appVersion = $_['app_version']; -$currentpath = __DIR__."/CarnetElectron/"; -$root = \OCP\Util::linkToAbsolute("carnet","templates"); -$file = file_get_contents($currentpath."index.html"); -$root = parse_url($root, PHP_URL_PATH); -$file = preg_replace_callback('/<link(.*?)href=\"(.*?\.css(?:\?.*?)?)"/s',function ($matches) { - global $currentpath; - global $appVersion; - return "<link".$matches[1]."href=\"".$matches[2]."?v=".$appVersion."\""; -}, $file); -$file = str_replace("href=\"","href=\"".$root."/CarnetElectron/",$file); +?> -$file = preg_replace_callback('/<script(.*?)src=\"(.*?\.js(?:\?.*?)?)"/s',function ($matches) { - global $currentpath; - global $fullscreen; - global $appVersion; +<iframe src="./browser" style="border:unset; width:100%; margin:0;"> - if($matches[2] === "libs/jquery.min.js" AND $fullscreen === "no") - return "<script "; - return "<script".$matches[1]."src=\"".$matches[2]."?v=".$appVersion."\""; -}, $file); -// token is needed to pass the csfr check -$file .= "<span style=\"display:none;\" id=\"token\">".$_['requesttoken']."</span>"; -if($_['carnet_display_fullscreen']==="yes"){ - - $file = str_replace('</head>', " - <link rel=\"apple-touch-icon-precomposed\" href=\"".image_path('', 'favicon-touch.png')."\" /> - <link rel=\"icon\" href=\"".image_path('', 'favicon.ico')."\"> - <link rel=\"mask-icon\" sizes=\"any\" href=\"".image_path('', 'favicon-mask.svg')."\" color=\"".$theme->getColorPrimary()."\"> - <link rel=\"manifest\" href=\"".image_path('', 'manifest.json')."\"> - <script src=\"compatibility/nextcloud/fullscreen.js?v=".$appVersion."\"></script> - </head>", $file); - if($_['nc_version']>=16) - style("carnet","../templates/CarnetElectron/compatibility/nextcloud/nc16"); - -} -else { - if($_['nc_version']>=14) - style("carnet","../templates/CarnetElectron/compatibility/nextcloud/nc14-header"); -} -$nonce = ""; -if (method_exists(\OC::$server, "getContentSecurityPolicyNonceManager")){ - $nonce = \OC::$server->getContentSecurityPolicyNonceManager()->getNonce(); -} -else{ - style("carnet","../templates/CarnetElectron/compatibility/nextcloud/owncloud"); -} - -$file = str_replace("src=\"","defer nonce='".$nonce."' src=\"".$root."/CarnetElectron/",$file); -echo $file; -echo "<span style=\"display:none;\" id=\"root-url\">".$root."/CarnetElectron/</span>"; -?>
\ No newline at end of file +</iframe>
\ No newline at end of file |