museum-digital/MD_STD
35
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Compare commits

base: museum-digital:6a7b8bd8fdef418f11b2fe8f164a5ea9643eb091
Branches Tags
museum-digital:master
..
compare: museum-digital:c362aa128337837ab2930526d154eca4900a2dea
Branches Tags
museum-digital:master

3 Commits
6a7b8bd8fd ... c362aa1283

Author SHA1 Message Date
Joshua Ramon Enslin
c362aa1283 Remove superfluous checks for empty realnames 2022-03-31 14:38:02 +02:00
Joshua Ramon Enslin
65aaea4097 Check links for using an accepted scheme during validation (http, https, 
ftp)
 2022-03-30 13:03:04 +02:00
Joshua Ramon Enslin
7c02bbb8ad Fix function comment for setting content-security-policies 2022-03-29 17:51:21 +02:00
3 changed files with 8 additions and 3 deletions
Expand all files Collapse all files

2
src/MD_STD.php
View File

@ -44,7 +44,7 @@ final class MD_STD {
public static function realpath(string $path):string { public static function realpath(string $path):string {
$output = \realpath($path); $output = \realpath($path);
if (!\is_string($output) || empty($output)) { if (!\is_string($output)) {
throw new MDFileDoesNotExist("The file {$path} does not exist or is not readable."); throw new MDFileDoesNotExist("The file {$path} does not exist or is not readable.");
} }
return $output; return $output;

5
src/MD_STD_IN.php
View File

@ -202,6 +202,11 @@ final class MD_STD_IN {
throw new MDInvalidUrl("Invalid input URL"); throw new MDInvalidUrl("Invalid input URL");
} }
// Check for valid schemes
if (MD_STD::startsWithAny($input, ['https://', 'http://', 'ftp://']) === false) {
throw new MDInvalidUrl("Invalid input URL");
}
return $output; return $output;
} }

4
src/MD_STD_SEC.php
View File

@ -134,8 +134,8 @@ final class MD_STD_SEC {
/** /**
* Send CSP headers. * Send CSP headers.
* *
* @param array{default-src: string, connect-src: string, script-src: string, img-src: string, media-src: string, style-src: string, frame-src: string, object-src: string, base-uri: string, form-action: string, frame-ancestors?: string} $directives Directives to send. Font source is always set to 'self', and hence excluded. * @param array{default-src: string, connect-src: string, script-src: string, img-src: string, media-src: string, style-src: string, frame-src: string, object-src: string, base-uri: string, form-action: string, worker-src?: string, frame-ancestors?: string} $directives Directives to send. Font source is always set to 'self', and hence excluded.
* @param string $frame_ancestors Frame ancestors directive. Default is to not set it. * @param string $frame_ancestors Frame ancestors directive. Default is to not set it.
* *
* @return void * @return void
*/ */