Changeset 2852524

Timestamp:

01/22/2023 11:46:31 AM (3 years ago)

Author:

zinoui

Message:

Version 1.18.6

Location:

http-headers/trunk

Files:

• README.txt (modified) (3 diffs)
• http-headers.php (modified) (5 diffs)
• views/access-control-allow-origin.php (modified) (1 diff)
• views/ajax-inspect.php (modified) (1 diff)
• views/category.php (modified) (1 diff)
• views/content-security-policy.php (modified) (1 diff)
• views/dashboard.php (modified) (1 diff)
• views/feature-policy.php (modified) (1 diff)
• views/index.php (modified) (1 diff)
• views/permissions-policy.php (modified) (1 diff)
• views/report-to.php (modified) (2 diffs)

http-headers/trunk/README.txt

@@ -1 +1 @@
 === HTTP Headers ===
 Contributors: zinoui
-Donate link: https://zinoui.com/donation
+Donate link: https://paypal.me/Dimitar81
 Tags: custom headers, http headers, headers, security, http header, header, cross domain, cors, xss, clickjacking, mitm, cross origin, cross site, privacy, p3p, hsts, referrer, csp, caching, compression, access control, authentication
 Requires at least: 3.2
-Tested up to: 5.7.1
+Tested up to: 6.1.1
 Requires PHP: 5.3
-Stable tag: 1.18.5
+Stable tag: 1.18.6
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -58 +58 @@
 - X-XSS-Protection
 
-The [getting started tutorial](https://zinoui.com/blog/http-headers-for-wordpress) describes a typical configuration of this plugin.
-
 == Installation ==
 
@@ -88 +86 @@
 
 == Changelog ==
+
+= 1.18.6 =
+*Release Date - 22nd January, 2023*
+
+* PHP 8 compatibility changes
 
 = 1.18.5 =

http-headers/trunk/http-headers.php

@@ -2 +2 @@
 /*
 Plugin Name: HTTP Headers
-Plugin URI: https://zinoui.com/blog/http-headers-for-wordpress
+Plugin URI: https://github.com/riverside/http-headers
 Description: A plugin for HTTP headers management including security, access-control (CORS), caching, compression, and authentication.
-Version: 1.18.5
+Version: 1.18.6
 Author: Dimitar Ivanov
-Author URI: https://zinoui.com
+Author URI: https://github.com/riverside
 License: GPLv2 or later
 Text Domain: http-headers
@@ -25 +25 @@
 along with this program. If not, see <http://www.gnu.org/copyleft/gpl.html>.
 
-Copyright (c) 2017-2021 Zino UI
+Copyright (c) 2017-2023 Dimitar Ivanov
 */
 
@@ -40 +40 @@
 
 function build_csp_value($value) {
+    if (!is_array($value))
+    {
+        return NULL;
+    }
     $csp = array();
     foreach ($value as $key => $val)
@@ -452 +456 @@
     $nel = get_option('hh_nel_value', array());
     return sprintf('{"report_to": "%s", "max_age": %u%s%s%s%s%s}',
-        @$nel['report_to'], @$nel['max_age'],
+        isset($nel['report_to']) ? $nel['report_to'] : NULL,
+        isset($nel['max_age']) ? $nel['max_age'] : NULL,
         isset($nel['include_subdomains']) ? ', "include_subdomains": true' : NULL,
         array_key_exists('success_fraction', $nel) && is_numeric($nel['success_fraction']) ? ', "success_fraction": '. $nel['success_fraction'] : NULL,
@@ -1172 +1177 @@
         $types = get_option('hh_expires_type', array());
         $values = get_option('hh_expires_value', array());
+        if (!is_array($types))
+        {
+            $types = array();
+        }
+        if (!is_array($values))
+        {
+            $values = array();
+        }
         
         $lines[] = '<IfModule mod_expires.c>';

http-headers/trunk/views/access-control-allow-origin.php

@@ -51 +51 @@
                     </select>
                 </td>
-                <td class="hh-acao<?php echo $access_control_allow_origin_value != 'origin' ? ' hh-hidden' : NULL; ?>"><input type="text" name="hh_access_control_allow_origin_url[]" class="http-header-value" placeholder="http://domain.com" size="35" value="<?php echo esc_attr(@$access_control_allow_origin_url[0]); ?>"<?php echo $access_control_allow_origin == 1 && $access_control_allow_origin_value == 'origin' ? NULL : ' readonly'; ?> /></td>
+                <td class="hh-acao<?php echo $access_control_allow_origin_value != 'origin' ? ' hh-hidden' : NULL; ?>">
+                    <input type="text" name="hh_access_control_allow_origin_url[]" class="http-header-value"
+                           placeholder="http://domain.com" size="35"
+                           value="<?php echo isset($access_control_allow_origin_url[0]) ? esc_attr($access_control_allow_origin_url[0]) : NULL; ?>"<?php echo $access_control_allow_origin == 1 && $access_control_allow_origin_value == 'origin' ? NULL : ' readonly'; ?> />
+                </td>
                 <td class="hh-acao<?php echo $access_control_allow_origin_value != 'origin' ? ' hh-hidden' : NULL; ?>">&nbsp;</td>
             </tr>

http-headers/trunk/views/ajax-inspect.php

@@ -98 +98 @@
         && !(in_array($k, $special) && array_key_exists($k . '-report-only', $responseHeaders) ))
     {
-        $missing[$k] = @$categories[$v[2]];
+        $missing[$k] = isset($categories[$v[2]]) ? $categories[$v[2]] : 'Other';
     }
 }

http-headers/trunk/views/category.php

@@ -19 +19 @@
     foreach ($headers as $index => $item)
     {
-        if (@$_GET['category'] != $item[2])
+        if ($_GET['category'] != $item[2])
         {
             continue;

http-headers/trunk/views/content-security-policy.php

@@ -18 +18 @@
         <p class="description">Useful tools:</p>
         <p class="description">
-            <a target="_blank" href="https://zinoui.com/tools/sri-generator">SRI Hash Generator</a>
+            <a target="_blank" href="https://report-uri.com/home/sri_hash">SRI Hash Generator</a>
             - generates subresource integrity hashes using a cryptographic algorithm.
         </p>
         <p class="description">
-            <a target="_blank" href="https://zinoui.com/tools/csp-hash">CSP Hash Generator</a>
+            <a target="_blank" href="https://report-uri.com/home/hash">CSP Hash Generator</a>
             - generates CSP hashes to use in script-src and style-src directives.
         </p>

http-headers/trunk/views/dashboard.php

@@ -27 +27 @@
             <i></i>
             <span><?php echo $key[0]; ?></span>
-            <strong><?php echo $val; ?></strong>(<?php printf('%u/%u', @$tmp[$key]['on'], @$tmp[$key]['total']); ?>)</a>
+            <strong><?php echo $val; ?></strong><?php
+            if (isset($tmp[$key]))
+            {
+                printf('(%u/%u)', $tmp[$key]['on'], $tmp[$key]['total']);
+            }
+            ?></a>
         <?php 
     }

http-headers/trunk/views/feature-policy.php

@@ -87 +87 @@
                         foreach ($origins as $origin)
                         {
-                            ?><option value="<?php echo $origin; ?>"<?php selected(@$feature_policy_value[$feature], $origin); ?>><?php echo $origin; ?></option><?php
+                            ?><option value="<?php echo $origin; ?>"<?php isset($feature_policy_value[$feature]) ? selected($feature_policy_value[$feature], $origin) : NULL; ?>><?php echo $origin; ?></option><?php
                         }
                         ?>
                         </select>
                         <input type="text" name="hh_feature_policy_origin[<?php echo $feature; ?>]" 
-                            value="<?php echo @$feature_policy_origin[$feature]; ?>" size="30"<?php echo isset($feature_policy_value[$feature]) && in_array($feature_policy_value[$feature], array('origin(s)', "'self'")) ? NULL : ' style="display: none"'; ?> 
+                               value="<?php echo isset($feature_policy_origin[$feature]) ? $feature_policy_origin[$feature] : NULL; ?>"
+                               size="30"<?php echo isset($feature_policy_value[$feature]) && in_array($feature_policy_value[$feature], array('origin(s)', "'self'")) ? NULL : ' style="display: none"'; ?>
                             class="http-header-value"<?php echo $feature_policy == 1 ? NULL : ' readonly'; ?>>
                     </td>

http-headers/trunk/views/index.php

@@ -39 +39 @@
     ?>
     <p><?php _e('Quick links', 'http-headers'); ?>: 
-        <a href="https://zinoui.com/blog/http-headers-for-wordpress" target="_blank" title="HTTP Headers"><?php _e('Getting started', 'http-headers'); ?></a>, 
         <a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;tab=advanced"><?php _e('Advanced settings', 'http-headers'); ?></a>,
         <a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;tab=manual"><?php _e('Manual setup', 'http-headers'); ?></a>,

http-headers/trunk/views/permissions-policy.php

@@ -97 +97 @@
                         foreach ($origins as $origin)
                         {
-                            ?><option value="<?php echo $origin; ?>"<?php selected(@$permissions_policy_value[$feature], $origin); ?>><?php echo $origin; ?></option><?php
+                            ?><option value="<?php echo $origin; ?>"<?php isset($permissions_policy_value[$feature]) ? selected($permissions_policy_value[$feature], $origin) : NULL; ?>><?php echo $origin; ?></option><?php
                         }
                         ?>
                         </select>
                         <input type="text" name="hh_permissions_policy_origin[<?php echo $feature; ?>]" 
-                            value="<?php echo htmlspecialchars( @$permissions_policy_origin[$feature] ); ?>" size="30"<?php echo isset($permissions_policy_value[$feature]) && in_array($permissions_policy_value[$feature], array('origin(s)', 'self')) ? NULL : ' style="display: none"'; ?> 
+                            value="<?php echo isset($permissions_policy_origin[$feature]) ? htmlspecialchars( $permissions_policy_origin[$feature] ) : NULL; ?>" size="30"<?php echo isset($permissions_policy_value[$feature]) && in_array($permissions_policy_value[$feature], array('origin(s)', 'self')) ? NULL : ' style="display: none"'; ?>
                             class="http-header-value"<?php echo $permissions_policy == 1 ? NULL : ' readonly'; ?>>
                     </td>

http-headers/trunk/views/report-to.php

@@ -95 +95 @@
                                     ?>
                                     </select></td>
-                                    <td rowspan="<?php echo $cnt; ?>" class="hh-middle hh-center"><input type="checkbox" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][include_subdomains]" value="1"<?php checked(@$item['include_subdomains'], 1, true); ?><?php echo $report_to == 1 ? NULL : ' readonly'; ?> /></td>
+                                    <td rowspan="<?php echo $cnt; ?>" class="hh-middle hh-center"><input type="checkbox" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][include_subdomains]" value="1"<?php array_key_exists('include_subdomains', $item) ? checked($item['include_subdomains'], 1, true) : NULL; ?><?php echo $report_to == 1 ? NULL : ' readonly'; ?> /></td>
                                     <?php
                                 }
@@ -146 +146 @@
                             ?>
                             </select></td>
-                            <td class="hh-center"><input type="checkbox" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][include_subdomains]" value="1"<?php checked(@$item['include_subdomains'], 1, true); ?><?php echo $report_to == 1 ? NULL : ' readonly'; ?> /></td>
+                            <td class="hh-center"><input type="checkbox" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][include_subdomains]" value="1"<?php array_key_exists('include_subdomains', $item) ? checked($item['include_subdomains'], 1, true) : NULL; ?><?php echo $report_to == 1 ? NULL : ' readonly'; ?> /></td>
                             
                             <td><input type="text" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][0][url]" placeholder="https://example.com/report/csp"<?php echo $report_to == 1 ? NULL : ' readonly'; ?> size="40"></td>