This repository has been archived on 2022-07-28. You can view files and clone it, but cannot push or open issues or pull requests.
md-cms/edit/inc/standardHTML.php
Joshua Ramon Enslin 067beedf29 Improved settings of CSPs.
Added manifest.json.
Added further security-related HTTP headers.
2018-06-18 13:57:35 +02:00

204 lines
6.0 KiB
PHP

<?PHP
/**
* Functions for forming the HTML output.
*
* @file
*
* @author Joshua Ramon Enslin <joshua@jrenslin.de>
*/
/**
* Prints the head element of an HTML page
*
* @param array $settings Settings variable.
* @param string $page Name / ID of the current page.
* @param string $title Title of the page.
* @param string $icon The icon of the website.
*
* @return string
*/
function printBackendHead(array $settings, string $page = "home", string $title = "Home", string $icon = ""):string {
$output = '<!DOCTYPE html>
<html lang="en" id="' . $page . '">
<head>
<!-- Content Security policies -->
<meta http-equiv="Content-Security-Policy" content="default-src \'none\'; script-src \'self\'; connect-src \'self\'; img-src \'self\' data: blob: ' . $settings['mdVersion'];
if ($settings['CSPimageSources']) $output .= " " . $settings['CSPimageSources']; // Allow embedding of whitelisted images.
$output .= '; style-src \'self\' \'unsafe-inline\'; frame-src \'self\'';
if ($settings['CSPobjectSources']) $output .= " " . $settings['CSPobjectSources']; // Allow embedding of whitelisted frame contents / objects.
$output .= '; object-src \'self\'';
if ($settings['CSPobjectSources']) $output .= " " . $settings['CSPobjectSources']; // Allow embedding of whitelisted frame contents / objects.
$output .= '; frame-ancestors \'self\';font-src \'self\';" />
<title>' . $title . '</title>
<link rel="stylesheet" type="text/css" href="themes/imports.css">
<link rel="stylesheet" type="text/css" href="themes/default/default.css">
<meta http-equiv="content-type" content="text/html;charset=utf-8">';
if ($icon) {
$output .= '
<link rel="shortcut icon" href="' . $icon . '" />
';
}
$output .= '
<meta name="viewport" content="width=device-width, initial-scale=1" />
<script type="text/javascript" src="./js/newToolTip.js" defer></script>
<script type="text/javascript" src="./js/main.js"></script>
<script type="text/javascript" src="../js/main.js"></script>
</head>
<body>
';
if (isset($_SESSION['editHistory'])) {
$output .= "<p class='editLine ".$_SESSION['editHistory'][0]."'>".$_SESSION['editHistory'][1]."</p>";
unset($_SESSION['editHistory']);
}
return $output;
}
/**
* Prints the header element of an HTML page.
*
* @param string $title Title of the page.
* @param string $helpText Additional help text for the page. Optional.
*
* @return string
*/
function printBackendHeader(string $title = "Home", string $helpText = ""):string {
$output = '
<header id="mainHeader">
<span id="toggleNavigation"></span>
<h1>' . $title . '</h1>
<span>
';
if ($helpText) $output .= '
<span class="newToolTipTag" data-for="pageHelp" id="helpText">
<span>?</span>
<div class="newToolTip" id="tooltip_pageHelp" data-title="' . $title . '">
' . $helpText . '
</div>
</span>';
$output .= '
<span id="uploadFile"></span>
<a id="logoutLink" href="./?logout"></a>
</span>
</header>
';
return $output;
}
/**
* Returns HTML code for a help icon and its attached tooltip.
*
* @param string $tooltipName Name / ID of the tooltip to generate.
* @param string $title Title to print in the tooltip.
* @param string $helpText Text to print into the tooltip.
*
* @return string
*/
function generateHelpToolTip(string $tooltipName, string $title, string $helpText):string {
$output = '
<span class="newToolTipTag helpToolTip" data-for="' . $tooltipName . '">
<div class="newToolTip" id="tooltip_' . $tooltipName . '" data-title="' . $title . '">
' . $helpText . '
</div>
</span>';
return $output;
}
/**
* Prints the navigation for the backend.
*
* @param string[] $translations Translation variable.
*
* @return string
*/
function printBackendNav(array $translations):string {
$output = '
<nav id="mainNav">
<div>
<span>' . $translations['edit'] . '</span>
<div>
<a href=".">' . $translations['start'] . '</a>
</div>
<div>
<a href="pages.php">' . $translations['pages'] . '</a>
<a href="page.php"> + </a>';
if (isset($GLOBALS['pages']) and is_array($GLOBALS['pages'])) $output .= '
<a href="pages.php">' . count($GLOBALS['pages']) . '</a>';
$output .= '
</div>
<div>
<a href="editHTMLPage.php?id=banner">' . $translations['banner'] . '</a>
</div>
<div>
<a href="editHTMLPage.php?id=footer">' . $translations['footer'] . '</a>
</div>
<div>
<a href="editHTMLPage.php?id=aside">' . $translations['aside'] . '</a>
</div>
</div>
';
if ($_SESSION['admin']) {
$output .= '
<div>
<span>' . $translations['administration'] . '</span>
<div>
<a href="users.php#listUsers">' . $translations['users'] . '</a>
<a href="users.php#addUser"> + </a>';
if (isset($GLOBALS['users']) and is_array($GLOBALS['users'])) $output .= '
<a href="users.php#listUsers">' . count($GLOBALS['users']) . '</a>';
$output .= '
</div>
<div>
<a href="settings.php">' . $translations['settings'] . '</a>
</div>
</div>
';
}
$output .= '
</nav>
';
return $output;
}
/**
* Prints the finishing elements of an HTML page.
*
* @return string
*/
function printBackendEnd():string {
$output = '
</body>
</html>';
return $output;
}
?>