mirror of
https://github.com/Combodo/iTop.git
synced 2026-04-25 11:38:44 +02:00
N°3416 Updates after code review
Many thanks @bruno-ds ! * add comments to explain intentions * fix indentations
This commit is contained in:
Pierre Goiffon
@@ -64,7 +64,7 @@ try
|
||||
$oPage->add_header("Cache-Control: no-transform,public,max-age=$iCacheSec,s-maxage=$iCacheSec");
|
||||
$oPage->add_header("Pragma: cache"); // Reset the value set .... where ?
|
||||
$oPage->add_header("Expires: "); // Reset the value set in ajax_page
|
||||
$oPage->add_xframe_options('');
|
||||
$oPage->add_xframe_options(''); // the header is set in page constructor, we reset its value ! See N°3416
|
||||
$oPage->add_header("Last-Modified: Wed, 15 Jun 2015 13:21:15 GMT"); // An arbitrary date in the past is ok
|
||||
}
|
||||
}
|
||||
@@ -81,7 +81,7 @@ try
|
||||
$oPage->add_header("Cache-Control: no-transform,public,max-age=$iCacheSec,s-maxage=$iCacheSec");
|
||||
$oPage->add_header("Pragma: cache"); // Reset the value set .... where ?
|
||||
$oPage->add_header("Expires: "); // Reset the value set in ajax_page
|
||||
$oPage->add_xframe_options('');
|
||||
$oPage->add_xframe_options(''); // the header is set in page constructor, we reset its value ! See N°3416
|
||||
$oPage->add_header("Last-Modified: Wed, 15 Jun 2016 13:21:15 GMT"); // An arbitrary date in the past is ok
|
||||
}
|
||||
break;
|
||||
@@ -92,7 +92,7 @@ try
|
||||
$oPage->SetContentType('text/javascript');
|
||||
$oPage->add_header('Cache-control: public, max-age=86400'); // Cache for 24 hours
|
||||
$oPage->add_header("Pragma: cache"); // Reset the value set .... where ?
|
||||
$oPage->add_xframe_options('');
|
||||
$oPage->add_xframe_options(''); // the header is set in page constructor, we reset its value ! See N°3416
|
||||
$oPage->add(file_get_contents(Utils::GetCachePath().$sSignature.'.js'));
|
||||
break;
|
||||
|
||||
|
||||
@@ -958,7 +958,7 @@ try
|
||||
if (!empty($sClass) && ($sClass != 'InlineImage') && !empty($id) && !empty($sField))
|
||||
{
|
||||
$oKPI = new ExecutionKPI();
|
||||
$oPage->add_xframe_options(''); // resets header, see N°3416
|
||||
$oPage->add_xframe_options(''); // the header is set in page constructor, we reset its value ! See N°3416
|
||||
ormDocument::DownloadDocument($oPage, $sClass, $id, $sField, 'inline');
|
||||
$oKPI->ComputeAndReport('Data fetch and format');
|
||||
}
|
||||
|
||||
@@ -33,6 +33,10 @@ LoginWebPage::DoLogin(true); // Check user rights and prompt if needed (must be
|
||||
$sOperation = Utils::ReadParam('operation', 'step1');
|
||||
$oP = new SetupPage('iTop email test utility');
|
||||
|
||||
// Although this page doesn't expose sensitive info, with it we can send multiple emails
|
||||
// So we're adding this http header to reduce CSRF exposure...
|
||||
$oP->add_xframe_options('DENY');
|
||||
|
||||
|
||||
/**
|
||||
* Helper to check server setting required to send an email
|
||||
@@ -256,7 +260,6 @@ try
|
||||
|
||||
case 'step2':
|
||||
$oP->no_cache();
|
||||
$oP->add_xframe_options('DENY');
|
||||
$sTo = Utils::ReadParam('to', '', false, 'raw_data');
|
||||
$sFrom = Utils::ReadParam('from', '', false, 'raw_data');
|
||||
DisplayStep2($oP, $sFrom, $sTo);
|
||||
|
||||
@@ -781,7 +781,7 @@ try
|
||||
break;
|
||||
|
||||
case 'create_structure':
|
||||
$oP->no_cache();
|
||||
$oP->no_cache();
|
||||
$oP->add_xframe_options('DENY');
|
||||
$iPlannedContacts = Utils::ReadParam('plannedcontacts');
|
||||
$iPlannedContracts = Utils::ReadParam('plannedcontracts');
|
||||
|
||||
@@ -189,7 +189,7 @@ if (!empty($sExpression))
|
||||
switch($sFormat)
|
||||
{
|
||||
case 'html':
|
||||
$oP = new NiceWebPage("iTop - Export");
|
||||
$oP = new NiceWebPage("iTop - Export");
|
||||
$oP->add_style('body { overflow: auto; }'); // Show scroll bars if needed
|
||||
$oP->add_linked_stylesheet(utils::GetAbsoluteUrlAppRoot().'css/font-awesome/css/all.min.css');
|
||||
$oP->add_linked_stylesheet(utils::GetAbsoluteUrlAppRoot().'css/font-awesome/css/v4-shims.min.css');
|
||||
@@ -207,27 +207,36 @@ if (!empty($sExpression))
|
||||
$oP->set_base($sUrl.'pages/');
|
||||
|
||||
if (count($aFields) > 0) {
|
||||
$iSearch = array_search('id', $aFields);
|
||||
if ($iSearch !== false)
|
||||
{
|
||||
$bViewLink = true;
|
||||
unset($aFields[$iSearch]);
|
||||
$iSearch = array_search('id', $aFields);
|
||||
if ($iSearch !== false) {
|
||||
$bViewLink = true;
|
||||
unset($aFields[$iSearch]);
|
||||
} else {
|
||||
$bViewLink = false;
|
||||
}
|
||||
$sFields = implode(',', $aFields);
|
||||
$aExtraParams = array(
|
||||
'menu' => false,
|
||||
'toolkit_menu' => false,
|
||||
'display_limit' => false,
|
||||
'localize_values' => $bLocalize,
|
||||
'zlist' => false,
|
||||
'extra_fields' => $sFields,
|
||||
'view_link' => $bViewLink,
|
||||
);
|
||||
} else {
|
||||
$aExtraParams = array(
|
||||
'menu' => false,
|
||||
'toolkit_menu' => false,
|
||||
'display_limit' => false,
|
||||
'localize_values' => $bLocalize,
|
||||
'zlist' => 'details',
|
||||
);
|
||||
}
|
||||
else
|
||||
{
|
||||
$bViewLink = false;
|
||||
}
|
||||
$sFields = implode(',', $aFields);
|
||||
$aExtraParams = array('menu' => false, 'toolkit_menu' => false, 'display_limit' => false, 'localize_values' => $bLocalize, 'zlist' => false, 'extra_fields' => $sFields, 'view_link' => $bViewLink);
|
||||
}
|
||||
else
|
||||
{
|
||||
$aExtraParams = array('menu' => false, 'toolkit_menu' => false, 'display_limit' => false, 'localize_values' => $bLocalize, 'zlist' => 'details');
|
||||
}
|
||||
|
||||
$oResultBlock = new DisplayBlock($oFilter, 'list', false, $aExtraParams);
|
||||
$oResultBlock->Display($oP, 'expresult');
|
||||
break;
|
||||
$oResultBlock = new DisplayBlock($oFilter, 'list', false, $aExtraParams);
|
||||
$oResultBlock->Display($oP, 'expresult');
|
||||
break;
|
||||
|
||||
case 'csv':
|
||||
$oP = new CSVPage("iTop - Export");
|
||||
|
||||
Reference in New Issue
Block a user