diff options
author | PhieF <phie@phie.ovh> | 2022-01-24 00:59:54 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-24 00:59:54 +0300 |
commit | 5d8a63d1a404c2adc8e340165a20344287bcee74 (patch) | |
tree | bcf03201bcb4aea5780522d63cfc1b90d304aa57 | |
parent | c90eacfe1edca6b32fcd33a893cbd721a236ca43 (diff) | |
parent | 4dea0cc834d98bb80a45575e3096b94be08d1341 (diff) |
Merge pull request #176 from CarnetApp/in-a-framev0.24.4v0.24.3stable-0.24.4stable-0.24.3nextcloud-stable-0.24.4master
In a frame
-rwxr-xr-x | appinfo/info.xml | 4 | ||||
-rwxr-xr-x | appinfo/routes.php | 2 | ||||
-rwxr-xr-x | lib/Controller/PageController.php | 33 | ||||
l---------[m---------] | templates/CarnetElectron | 1 | ||||
-rwxr-xr-x | templates/browser.php | 60 | ||||
-rw-r--r--[-rwxr-xr-x] | templates/index.php | 58 | ||||
-rwxr-xr-x | templates/settings.php | 2 |
7 files changed, 97 insertions, 63 deletions
diff --git a/appinfo/info.xml b/appinfo/info.xml index 7c50f9d..188dc50 100755 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -19,7 +19,7 @@ Mac, with sync capabilities - Statistics : words/sentences/characters - Sync with ownCloud/NextCloud - Online editor as a ownCloud/NextCloud App]]></description> - <version>0.24.2</version> + <version>0.24.3</version> <licence>agpl</licence> <author mail="phie@phie.ovh" >Phie</author> <namespace>Carnet</namespace> @@ -33,7 +33,7 @@ Mac, with sync capabilities <filesystem/> </types> <dependencies> - <nextcloud min-version="13" max-version="22"/> + <nextcloud min-version="13" max-version="23"/> <owncloud min-version="10" max-version="10"/> </dependencies> diff --git a/appinfo/routes.php b/appinfo/routes.php index d1c3226..f42e891 100755 --- a/appinfo/routes.php +++ b/appinfo/routes.php @@ -13,6 +13,8 @@ return [ 'routes' => [ ['name' => 'page#index', 'url' => '/', 'verb' => 'GET'], ['name' => 'page#writer', 'url' => '/writer', 'verb' => 'GET'], + ['name' => 'page#browser', 'url' => '/browser', 'verb' => 'GET'], + ['name' => 'page#importer', 'url' => '/importer', 'verb' => 'GET'], ['name' => 'page#exporter', 'url' => 'exporter/exporter.html', 'verb' => 'GET'], diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index 9aa126b..e8ee548 100755 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -27,6 +27,32 @@ class PageController extends Controller { * @NoAdminRequired * @NoCSRFRequired */ + public function browser() { + $parameters = [ + 'nc_version' => \OCP\Util::getVersion()[0], + 'carnet_display_fullscreen' => $this->config->getAppValue('carnet', 'carnetDisplayFullscreen', 'no'), + 'app_version' => App::getAppInfo($this->appName)['version'], + ]; + $response = new TemplateResponse($this->appName,"browser",$parameters); + $response->renderAs("blank"); + $policy = new ContentSecurityPolicy(); + $policy->addAllowedFrameDomain('\'self\''); + $policy->addAllowedFrameDomain('data:'); + + $response->setContentSecurityPolicy($policy); // allow iframe + return $response; + } + + /** + * CAUTION: the @Stuff turns off security checks; for this page no admin is + * required and no CSRF check. If you don't know what CSRF is, read + * it up in the docs or you might create a security hole. This is + * basically the only required method to add this exemption, don't + * add it to any other method if you don't exactly know what it does + * + * @NoAdminRequired + * @NoCSRFRequired + */ public function index() { $parameters = [ 'nc_version' => \OCP\Util::getVersion()[0], @@ -34,12 +60,10 @@ class PageController extends Controller { 'app_version' => App::getAppInfo($this->appName)['version'], ]; $response = new TemplateResponse($this->appName,"index",$parameters); - if($this->config->getAppValue('carnet', 'carnetDisplayFullscreen', 'no') === "yes") - $response->renderAs("blank"); $policy = new ContentSecurityPolicy(); $policy->addAllowedFrameDomain('\'self\''); $policy->addAllowedFrameDomain('data:'); - + $response->setContentSecurityPolicy($policy); // allow iframe return $response; } @@ -77,8 +101,7 @@ class PageController extends Controller { 'app_version' => App::getAppInfo($this->appName)['version'], ]; $response = new TemplateResponse($this->appName,"settings", $parameters); - if($this->config->getAppValue('carnet', 'carnetDisplayFullscreen', 'no') === "yes") - $response->renderAs("blank"); + $response->renderAs("blank"); $policy = new ContentSecurityPolicy(); $policy->addAllowedFrameDomain('\'self\''); $response->setContentSecurityPolicy($policy); // allow iframe diff --git a/templates/CarnetElectron b/templates/CarnetElectron -Subproject 78007590a7fca55fd381f91af94f52a4dc619a5 diff --git a/templates/browser.php b/templates/browser.php new file mode 100755 index 0000000..19a5770 --- /dev/null +++ b/templates/browser.php @@ -0,0 +1,60 @@ +<?php +global $currentpath; +global $root; +global $fullscreen; +global $appVersion; +$fullscreen = "yes"; +$appVersion = $_['app_version']; +$currentpath = __DIR__."/CarnetElectron/"; +$root = \OCP\Util::linkToAbsolute("carnet","templates"); +$file = file_get_contents($currentpath."index.html"); +$root = parse_url($root, PHP_URL_PATH); + +$file = preg_replace_callback('/<link(.*?)href=\"(.*?\.css(?:\?.*?)?)"/s',function ($matches) { + global $currentpath; + global $appVersion; + return "<link".$matches[1]."href=\"".$matches[2]."?v=".$appVersion."\""; +}, $file); +$file = str_replace("href=\"","href=\"".$root."/CarnetElectron/",$file); + +$file = preg_replace_callback('/<script(.*?)src=\"(.*?\.js(?:\?.*?)?)"/s',function ($matches) { + global $currentpath; + global $fullscreen; + global $appVersion; + + if($matches[2] === "libs/jquery.min.js" AND $fullscreen === "no") + return "<script "; + return "<script".$matches[1]."src=\"".$matches[2]."?v=".$appVersion."\""; +}, $file); +// token is needed to pass the csfr check +$file .= "<script src=\"compatibility/nextcloud/fullscreen.js?v=".$appVersion."\"></script>"; + +$file .= "<span style=\"display:none;\" id=\"token\">".$_['requesttoken']."</span>"; +if($_['carnet_display_fullscreen']==="yes"){ + + $file = str_replace('</head>', " + <link rel=\"apple-touch-icon-precomposed\" href=\"".image_path('', 'favicon-touch.png')."\" /> + <link rel=\"icon\" href=\"".image_path('', 'favicon.ico')."\"> + <link rel=\"mask-icon\" sizes=\"any\" href=\"".image_path('', 'favicon-mask.svg')."\" color=\"".$theme->getColorPrimary()."\"> + <link rel=\"manifest\" href=\"".image_path('', 'manifest.json')."\"> + </head>", $file); + if($_['nc_version']>=16) + style("carnet","../templates/CarnetElectron/compatibility/nextcloud/nc16"); + +} +else { + if($_['nc_version']>=14) + style("carnet","../templates/CarnetElectron/compatibility/nextcloud/nc14-header"); +} +$nonce = ""; +if (method_exists(\OC::$server, "getContentSecurityPolicyNonceManager")){ + $nonce = \OC::$server->getContentSecurityPolicyNonceManager()->getNonce(); +} +else{ + style("carnet","../templates/CarnetElectron/compatibility/nextcloud/owncloud"); +} + +$file = str_replace("src=\"","defer nonce='".$nonce."' src=\"".$root."/CarnetElectron/",$file); +echo $file; +echo "<span style=\"display:none;\" id=\"root-url\">".$root."/CarnetElectron/</span>"; +?>
\ No newline at end of file diff --git a/templates/index.php b/templates/index.php index 6109860..c3ae8cc 100755..100644 --- a/templates/index.php +++ b/templates/index.php @@ -1,59 +1,7 @@ <?php -global $currentpath; -global $root; -global $fullscreen; -global $appVersion; -$fullscreen = $_['carnet_display_fullscreen']; -$appVersion = $_['app_version']; -$currentpath = __DIR__."/CarnetElectron/"; -$root = \OCP\Util::linkToAbsolute("carnet","templates"); -$file = file_get_contents($currentpath."index.html"); -$root = parse_url($root, PHP_URL_PATH); -$file = preg_replace_callback('/<link(.*?)href=\"(.*?\.css(?:\?.*?)?)"/s',function ($matches) { - global $currentpath; - global $appVersion; - return "<link".$matches[1]."href=\"".$matches[2]."?v=".$appVersion."\""; -}, $file); -$file = str_replace("href=\"","href=\"".$root."/CarnetElectron/",$file); +?> -$file = preg_replace_callback('/<script(.*?)src=\"(.*?\.js(?:\?.*?)?)"/s',function ($matches) { - global $currentpath; - global $fullscreen; - global $appVersion; +<iframe src="./browser" style="border:unset; width:100%; margin:0;"> - if($matches[2] === "libs/jquery.min.js" AND $fullscreen === "no") - return "<script "; - return "<script".$matches[1]."src=\"".$matches[2]."?v=".$appVersion."\""; -}, $file); -// token is needed to pass the csfr check -$file .= "<span style=\"display:none;\" id=\"token\">".$_['requesttoken']."</span>"; -if($_['carnet_display_fullscreen']==="yes"){ - - $file = str_replace('</head>', " - <link rel=\"apple-touch-icon-precomposed\" href=\"".image_path('', 'favicon-touch.png')."\" /> - <link rel=\"icon\" href=\"".image_path('', 'favicon.ico')."\"> - <link rel=\"mask-icon\" sizes=\"any\" href=\"".image_path('', 'favicon-mask.svg')."\" color=\"".$theme->getColorPrimary()."\"> - <link rel=\"manifest\" href=\"".image_path('', 'manifest.json')."\"> - <script src=\"compatibility/nextcloud/fullscreen.js?v=".$appVersion."\"></script> - </head>", $file); - if($_['nc_version']>=16) - style("carnet","../templates/CarnetElectron/compatibility/nextcloud/nc16"); - -} -else { - if($_['nc_version']>=14) - style("carnet","../templates/CarnetElectron/compatibility/nextcloud/nc14-header"); -} -$nonce = ""; -if (method_exists(\OC::$server, "getContentSecurityPolicyNonceManager")){ - $nonce = \OC::$server->getContentSecurityPolicyNonceManager()->getNonce(); -} -else{ - style("carnet","../templates/CarnetElectron/compatibility/nextcloud/owncloud"); -} - -$file = str_replace("src=\"","defer nonce='".$nonce."' src=\"".$root."/CarnetElectron/",$file); -echo $file; -echo "<span style=\"display:none;\" id=\"root-url\">".$root."/CarnetElectron/</span>"; -?>
\ No newline at end of file +</iframe>
\ No newline at end of file diff --git a/templates/settings.php b/templates/settings.php index 1d4396e..c7d2a73 100755 --- a/templates/settings.php +++ b/templates/settings.php @@ -1,7 +1,7 @@ <?php global $fullscreen; global $appVersion; -$fullscreen = $_['carnet_display_fullscreen']; +$fullscreen = True; $currentpath = __DIR__."/CarnetElectron/"; $appVersion = $_['app_version']; |