This repository has been archived on 2022-07-28. You can view files and clone it, but cannot push or open issues or pull requests.
md-cms/inc/standardHTML.php
Joshua Ramon Enslin 067beedf29 Improved settings of CSPs.
Added manifest.json.
Added further security-related HTTP headers.
2018-06-18 13:57:35 +02:00

220 lines
5.6 KiB
PHP

<?PHP
/**
* File for collecting functions building common HTML parts of the public page
*
* @file
*
* @author Joshua Ramon Enslin <joshua@jrenslin.de>
*/
/**
* Prints the head element of an HTML page in the public frontend.
*
* @param array $settings Settings variable.
* @param string $page ID of the current page.
* @param string $title Title of the page.
* @param string $icon The icon of the website.
* @param string $additional Additional HTML to inject.
*
* @return string
*/
function printPublicHead(array $settings, string $page = "home", string $title = "Home", string $icon = "", $additional = ""):string {
$output = '<!DOCTYPE html>
<html lang="' . $settings['defaultLang'] . '" id="' . $page . '">
<head>
<!-- Content Security policies -->
<meta http-equiv="Content-Security-Policy" content="default-src \'none\'; script-src \'self\'; connect-src \'self\' ' . $settings['mdVersion'] . '; img-src \'self\' ' . $settings['mdVersion'];
if ($settings['CSPimageSources']) $output .= " " . $settings['CSPimageSources']; // Allow embedding of whitelisted images.
$output .= '; style-src \'self\' \'unsafe-inline\'; font-src \'self\'; frame-src \'self\'';
if ($settings['CSPobjectSources']) $output .= " " . $settings['CSPobjectSources']; // Allow embedding of whitelisted frame contents / objects.
$output .= '; object-src \'self\'';
if ($settings['CSPobjectSources']) $output .= " " . $settings['CSPobjectSources']; // Allow embedding of whitelisted frame contents / objects.
$output .= '; frame-ancestors \'self\'; base-uri \'none\'; form-action \'self\';" />
<title>' . $title . '</title>
<link rel="stylesheet" type="text/css" href="themes/imports.css" />
<link rel="stylesheet" type="text/css" href="themes/' . $settings['css'] . '/theme.css" />
<link rel="manifest" href="./manifest.php">
<meta http-equiv="content-type" content="text/html;charset=utf-8" />';
$output .= $additional;
if ($icon) {
$output .= '
<link rel="shortcut icon" href="' . $icon . '" />
';
}
$output .= '
<meta name="viewport" content="width=device-width, initial-scale=1" />
<script type="text/javascript" src="./js/main.js"></script>
<script type="text/javascript" src="./js/mdCalendar.js" defer></script>
</head>
<body>
';
if (isset($_SESSION['editHistory'])) {
$output .= "<p class='editLine ".$_SESSION['editHistory'][0]."'>".$_SESSION['editHistory'][1]."</p>";
unset($_SESSION['editHistory']);
}
return $output;
}
/**
* Prints the header element of an HTML page.
*
* @param string $title Title of the page.
*
* @return string
*/
function printPublicHeader(string $title = "Home"):string {
$output = '
<header id="mainHeader">
<h1>' . $title . '</h1>
' . generateSearchBar() . '
</header>
';
return $output;
}
/**
* Prints the finishing elements of public HTML pages.
*
* @return string
*/
function printPublicEnd():string {
$output = '
</body>
</html>';
return $output;
}
/**
* This function prints a file (the sidebar, the banner, or the footer) if it is not empty.
*
* @param string $file File name. Must be either aside, banner or footer.
* @param string $elem Encapsulating HTML element.
*
* @return string
*/
function printStaticPagePart(string $file, string $elem):string {
if (!in_array($file, ['footer', 'aside', 'banner'])) {
echo "Trying to access disallowed file.";
}
if (!file_exists(__DIR__ . "/../data/$file.htm") || !filesize(__DIR__ . "/../data/$file.htm") > 5) return "";
$content = file_get_contents(__DIR__ . "/../data/$file.htm");
$output = "
<$elem>
$content
</$elem>";
return $output;
}
/**
* This function prints an error page.
*
* @param string $content The error message.
*
* @return string
*/
function printErrorPage(string $content):string {
$output = '
<!DOCTYPE html>
<html id="errorPage">
<head>
<meta http-equiv="Content-Security-Policy" content="default-src \'none\'; script-src \'none\'; connect-src \'none\'; style-src \'self\'; font-src \'self\';" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<meta charset="UTF-8" />
<title>' . $content . '</title>
<link rel="stylesheet" type="text/css" href="themes/default/default.css" />
</head>
<body>
<div>
' . $content . '
<div>
</body>
</html>
';
return $output;
}
/**
* Function for generating the standard navigation of the public parts of the page.
*
* @param array $pages List of all pages.
*
* @return string
*/
function generatePublicNav($pages):string {
$output = '<nav>';
$output .= buildPageOrder(
$pages,
function() {
return "<ul>";
},
function() {
return "</ul>";
},
function($inputs, string $toAdd) {
$output = "
<li";
if (!$inputs['public']) $output .= " class='notPublic'";
$output .= ">
<a href='./?id=" . $inputs['id'] . "'>" . $inputs['title'] . "</a>
$toAdd
</li>
";
return $output;
}
);
$output .= '</nav>';
return $output;
}
/**
* Function for printing the search bar.
*
* @return string
*/
function generateSearchBar():string {
$output = '
<form action="search.php" method="GET">
<input type="search" name="q" />
</form>
';
return $output;
}
?>