nextcloud / server

core/templates/layout.user.php

Spacing +20 added lines, -20 removed lines

@@ -4,7 +4,7 @@ 
 		<meta charset="utf-8">
 		<title>
 			<?php
-				p(!empty($_['application'])?$_['application'].' - ':'');
+				p(!empty($_['application']) ? $_['application'].' - ' : '');
 				p($theme->getTitle());
 			?>
 		</title>
@@ -14,17 +14,17 @@ 
 		<meta name="apple-itunes-app" content="app-id=<?php p($theme->getiTunesAppId()); ?>">
 		<meta name="apple-mobile-web-app-capable" content="yes">
 		<meta name="apple-mobile-web-app-status-bar-style" content="black">
-		<meta name="apple-mobile-web-app-title" content="<?php p((!empty($_['application']) && $_['appid']!='files')? $_['application']:$theme->getTitle()); ?>">
+		<meta name="apple-mobile-web-app-title" content="<?php p((!empty($_['application']) && $_['appid'] != 'files') ? $_['application'] : $theme->getTitle()); ?>">
 		<meta name="mobile-web-app-capable" content="yes">
 		<meta name="theme-color" content="<?php p($theme->getMailHeaderColor()); ?>">
 		<link rel="icon" href="<?php print_unescaped(image_path($_['appid'], 'favicon.ico')); /* IE11+ supports png */ ?>">
 		<link rel="apple-touch-icon-precomposed" href="<?php print_unescaped(image_path($_['appid'], 'favicon-touch.png')); ?>">
 		<link rel="mask-icon" sizes="any" href="<?php print_unescaped(image_path($_['appid'], 'favicon-mask.svg')); ?>" color="#0082c9">
 		<link rel="manifest" href="<?php print_unescaped(image_path($_['appid'], 'manifest.json')); ?>">
-		<?php foreach($_['cssfiles'] as $cssfile): ?>
+		<?php foreach ($_['cssfiles'] as $cssfile): ?>
 			<link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>">
 		<?php endforeach; ?>
-		<?php foreach($_['printcssfiles'] as $cssfile): ?>
+		<?php foreach ($_['printcssfiles'] as $cssfile): ?>
 			<link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" media="print">
 		<?php endforeach; ?>
 		<?php if (isset($_['inline_ocjs'])): ?>
@@ -32,12 +32,12 @@ 
 				<?php print_unescaped($_['inline_ocjs']); ?>
 			</script>
 		<?php endif; ?>
-		<?php foreach($_['jsfiles'] as $jsfile): ?>
+		<?php foreach ($_['jsfiles'] as $jsfile): ?>
 			<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" src="<?php print_unescaped($jsfile); ?>"></script>
 		<?php endforeach; ?>
 		<?php print_unescaped($_['headers']); ?>
 	</head>
-	<body id="<?php p($_['bodyid']);?>">
+	<body id="<?php p($_['bodyid']); ?>">
 	<?php include('layout.noscript.warning.php'); ?>
 	<div id="notification-container">
 		<div id="notification"></div>
@@ -55,18 +55,18 @@ 
 
 				<a href="#" class="header-appname-container menutoggle" tabindex="2">
 					<h1 class="header-appname">
-						<?php p(!empty($_['application'])?$_['application']: $l->t('Apps')); ?>
+						<?php p(!empty($_['application']) ? $_['application'] : $l->t('Apps')); ?>
 					</h1>
 					<div class="icon-caret"></div>
 				</a>
 
 				<div id="appmenu">
 					<ul>
-						<?php foreach($_['headernavigation'] as $entry): ?>
+						<?php foreach ($_['headernavigation'] as $entry): ?>
 							<li data-id="<?php p($entry['id']); ?>">
 								<a href="<?php print_unescaped($entry['href']); ?>" tabindex="3"
-									<?php if( $entry['active'] ): ?> class="active"<?php endif; ?>>
-									<img src="<?php print_unescaped($entry['icon'] . '?v=' . $_['versionHash']); ?>"  class="app-icon" />
+									<?php if ($entry['active']): ?> class="active"<?php endif; ?>>
+									<img src="<?php print_unescaped($entry['icon'].'?v='.$_['versionHash']); ?>"  class="app-icon" />
 									<div class="icon-loading-dark" style="display:none;"></div>
 									<span>
 								<?php p($entry['name']); ?>
@@ -86,17 +86,17 @@ 
 				<nav role="navigation"><div id="navigation">
 						<div id="apps">
 							<ul>
-								<?php foreach($_['navigation'] as $entry): ?>
-									<?php if($entry['showInHeader']): ?>
+								<?php foreach ($_['navigation'] as $entry): ?>
+									<?php if ($entry['showInHeader']): ?>
 										<li data-id="<?php p($entry['id']); ?>" class="in-header">
 									<?php else: ?>
 										<li data-id="<?php p($entry['id']); ?>">
 									<?php endif; ?>
 									<a href="<?php print_unescaped($entry['href']); ?>" tabindex="3"
-										<?php if( $entry['active'] ): ?> class="active"<?php endif; ?>>
+										<?php if ($entry['active']): ?> class="active"<?php endif; ?>>
 										<svg width="32" height="32" viewBox="0 0 32 32">
 											<defs><filter id="invert-<?php p($entry['id']); ?>"><feColorMatrix in="SourceGraphic" type="matrix" values="-1 0 0 0 1 0 -1 0 0 1 0 0 -1 0 1 0 0 0 1 0"></feColorMatrix></filter></defs>
-											<image x="0" y="0" width="32" height="32" preserveAspectRatio="xMinYMin meet" filter="url(#invert-<?php p($entry['id']); ?>)" xlink:href="<?php print_unescaped($entry['icon'] . '?v=' . $_['versionHash']); ?>"  class="app-icon"></image>
+											<image x="0" y="0" width="32" height="32" preserveAspectRatio="xMinYMin meet" filter="url(#invert-<?php p($entry['id']); ?>)" xlink:href="<?php print_unescaped($entry['icon'].'?v='.$_['versionHash']); ?>"  class="app-icon"></image>
 										</svg>
 										<div class="icon-loading-dark" style="display:none;"></div>
 										<span>
@@ -114,7 +114,7 @@ 
 			<div id="header-right">
 				<form class="searchbox" action="#" method="post" role="search" novalidate>
 					<label for="searchbox" class="hidden-visually">
-						<?php p($l->t('Search'));?>
+						<?php p($l->t('Search')); ?>
 					</label>
 					<input id="searchbox" type="search" name="query"
 						value="" required
@@ -126,8 +126,8 @@ 
 						<div class="avatardiv<?php if ($_['userAvatarSet']) { print_unescaped(' avatardiv-shown'); } else { print_unescaped('" style="display: none'); } ?>">
 							<?php if ($_['userAvatarSet']): ?>
 								<img alt="" width="32" height="32"
-								src="<?php p(\OC::$server->getURLGenerator()->linkToRoute('core.avatar.getAvatar', ['userId' => $_['user_uid'], 'size' => 32, 'v' => $_['userAvatarVersion']]));?>"
-								srcset="<?php p(\OC::$server->getURLGenerator()->linkToRoute('core.avatar.getAvatar', ['userId' => $_['user_uid'], 'size' => 64, 'v' => $_['userAvatarVersion']]));?> 2x, <?php p(\OC::$server->getURLGenerator()->linkToRoute('core.avatar.getAvatar', ['userId' => $_['user_uid'], 'size' => 128, 'v' => $_['userAvatarVersion']]));?> 4x"
+								src="<?php p(\OC::$server->getURLGenerator()->linkToRoute('core.avatar.getAvatar', ['userId' => $_['user_uid'], 'size' => 32, 'v' => $_['userAvatarVersion']])); ?>"
+								srcset="<?php p(\OC::$server->getURLGenerator()->linkToRoute('core.avatar.getAvatar', ['userId' => $_['user_uid'], 'size' => 64, 'v' => $_['userAvatarVersion']])); ?> 2x, <?php p(\OC::$server->getURLGenerator()->linkToRoute('core.avatar.getAvatar', ['userId' => $_['user_uid'], 'size' => 128, 'v' => $_['userAvatarVersion']])); ?> 4x"
 								>
 							<?php endif; ?>
 						</div>
@@ -135,11 +135,11 @@ 
 					</div>
 					<div id="expanddiv">
 					<ul>
-					<?php foreach($_['settingsnavigation'] as $entry):?>
+					<?php foreach ($_['settingsnavigation'] as $entry):?>
 						<li>
 							<a href="<?php print_unescaped($entry['href']); ?>"
-								<?php if( $entry["active"] ): ?> class="active"<?php endif; ?>>
-								<img alt="" src="<?php print_unescaped($entry['icon'] . '?v=' . $_['versionHash']); ?>">
+								<?php if ($entry["active"]): ?> class="active"<?php endif; ?>>
+								<img alt="" src="<?php print_unescaped($entry['icon'].'?v='.$_['versionHash']); ?>">
 								<?php p($entry['name']) ?>
 							</a>
 						</li>

lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php

Indentation +373 added lines, -373 removed lines

@@ -36,377 +36,377 @@
  * @since 9.0.0
  */
 class EmptyContentSecurityPolicy {
-	/** @var bool Whether inline JS snippets are allowed */
-	protected $inlineScriptAllowed = null;
-	/** @var string Whether JS nonces should be used */
-	protected $useJsNonce = null;
-	/**
-	 * @var bool Whether eval in JS scripts is allowed
-	 * TODO: Disallow per default
-	 * @link https://github.com/owncloud/core/issues/11925
-	 */
-	protected $evalScriptAllowed = null;
-	/** @var array Domains from which scripts can get loaded */
-	protected $allowedScriptDomains = null;
-	/**
-	 * @var bool Whether inline CSS is allowed
-	 * TODO: Disallow per default
-	 * @link https://github.com/owncloud/core/issues/13458
-	 */
-	protected $inlineStyleAllowed = null;
-	/** @var array Domains from which CSS can get loaded */
-	protected $allowedStyleDomains = null;
-	/** @var array Domains from which images can get loaded */
-	protected $allowedImageDomains = null;
-	/** @var array Domains to which connections can be done */
-	protected $allowedConnectDomains = null;
-	/** @var array Domains from which media elements can be loaded */
-	protected $allowedMediaDomains = null;
-	/** @var array Domains from which object elements can be loaded */
-	protected $allowedObjectDomains = null;
-	/** @var array Domains from which iframes can be loaded */
-	protected $allowedFrameDomains = null;
-	/** @var array Domains from which fonts can be loaded */
-	protected $allowedFontDomains = null;
-	/** @var array Domains from which web-workers and nested browsing content can load elements */
-	protected $allowedChildSrcDomains = null;
-
-	/**
-	 * Whether inline JavaScript snippets are allowed or forbidden
-	 * @param bool $state
-	 * @return $this
-	 * @since 8.1.0
-	 * @deprecated 10.0 CSP tokens are now used
-	 */
-	public function allowInlineScript($state = false) {
-		$this->inlineScriptAllowed = $state;
-		return $this;
-	}
-
-	/**
-	 * Use the according JS nonce
-	 *
-	 * @param string $nonce
-	 * @return $this
-	 * @since 11.0.0
-	 */
-	public function useJsNonce($nonce) {
-		$this->useJsNonce = $nonce;
-		return $this;
-	}
-
-	/**
-	 * Whether eval in JavaScript is allowed or forbidden
-	 * @param bool $state
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function allowEvalScript($state = true) {
-		$this->evalScriptAllowed = $state;
-		return $this;
-	}
-
-	/**
-	 * Allows to execute JavaScript files from a specific domain. Use * to
-	 * allow JavaScript from all domains.
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedScriptDomain($domain) {
-		$this->allowedScriptDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed script domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowScriptDomain($domain) {
-		$this->allowedScriptDomains = array_diff($this->allowedScriptDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * Whether inline CSS snippets are allowed or forbidden
-	 * @param bool $state
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function allowInlineStyle($state = true) {
-		$this->inlineStyleAllowed = $state;
-		return $this;
-	}
-
-	/**
-	 * Allows to execute CSS files from a specific domain. Use * to allow
-	 * CSS from all domains.
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedStyleDomain($domain) {
-		$this->allowedStyleDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed style domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowStyleDomain($domain) {
-		$this->allowedStyleDomains = array_diff($this->allowedStyleDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * Allows using fonts from a specific domain. Use * to allow
-	 * fonts from all domains.
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedFontDomain($domain) {
-		$this->allowedFontDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed font domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowFontDomain($domain) {
-		$this->allowedFontDomains = array_diff($this->allowedFontDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * Allows embedding images from a specific domain. Use * to allow
-	 * images from all domains.
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedImageDomain($domain) {
-		$this->allowedImageDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed image domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowImageDomain($domain) {
-		$this->allowedImageDomains = array_diff($this->allowedImageDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * To which remote domains the JS connect to.
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedConnectDomain($domain) {
-		$this->allowedConnectDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed connect domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowConnectDomain($domain) {
-		$this->allowedConnectDomains = array_diff($this->allowedConnectDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * From which domains media elements can be embedded.
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedMediaDomain($domain) {
-		$this->allowedMediaDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed media domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowMediaDomain($domain) {
-		$this->allowedMediaDomains = array_diff($this->allowedMediaDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * From which domains objects such as <object>, <embed> or <applet> are executed
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedObjectDomain($domain) {
-		$this->allowedObjectDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed object domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowObjectDomain($domain) {
-		$this->allowedObjectDomains = array_diff($this->allowedObjectDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * Which domains can be embedded in an iframe
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedFrameDomain($domain) {
-		$this->allowedFrameDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed frame domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowFrameDomain($domain) {
-		$this->allowedFrameDomains = array_diff($this->allowedFrameDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * Domains from which web-workers and nested browsing content can load elements
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedChildSrcDomain($domain) {
-		$this->allowedChildSrcDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed child src domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowChildSrcDomain($domain) {
-		$this->allowedChildSrcDomains = array_diff($this->allowedChildSrcDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * Get the generated Content-Security-Policy as a string
-	 * @return string
-	 * @since 8.1.0
-	 */
-	public function buildPolicy() {
-		$policy = "default-src 'none';";
-		$policy .= "base-uri 'none';";
-		$policy .= "manifest-src 'self';";
-
-		if(!empty($this->allowedScriptDomains) || $this->inlineScriptAllowed || $this->evalScriptAllowed) {
-			$policy .= 'script-src ';
-			if(is_string($this->useJsNonce)) {
-				$policy .= '\'nonce-'.base64_encode($this->useJsNonce).'\'';
-				$allowedScriptDomains = array_flip($this->allowedScriptDomains);
-				unset($allowedScriptDomains['\'self\'']);
-				$this->allowedScriptDomains = array_flip($allowedScriptDomains);
-				if(count($allowedScriptDomains) !== 0) {
-					$policy .= ' ';
-				}
-			}
-			if(is_array($this->allowedScriptDomains)) {
-				$policy .= implode(' ', $this->allowedScriptDomains);
-			}
-			if($this->inlineScriptAllowed) {
-				$policy .= ' \'unsafe-inline\'';
-			}
-			if($this->evalScriptAllowed) {
-				$policy .= ' \'unsafe-eval\'';
-			}
-			$policy .= ';';
-		}
-
-		if(!empty($this->allowedStyleDomains) || $this->inlineStyleAllowed) {
-			$policy .= 'style-src ';
-			if(is_array($this->allowedStyleDomains)) {
-				$policy .= implode(' ', $this->allowedStyleDomains);
-			}
-			if($this->inlineStyleAllowed) {
-				$policy .= ' \'unsafe-inline\'';
-			}
-			$policy .= ';';
-		}
-
-		if(!empty($this->allowedImageDomains)) {
-			$policy .= 'img-src ' . implode(' ', $this->allowedImageDomains);
-			$policy .= ';';
-		}
-
-		if(!empty($this->allowedFontDomains)) {
-			$policy .= 'font-src ' . implode(' ', $this->allowedFontDomains);
-			$policy .= ';';
-		}
-
-		if(!empty($this->allowedConnectDomains)) {
-			$policy .= 'connect-src ' . implode(' ', $this->allowedConnectDomains);
-			$policy .= ';';
-		}
-
-		if(!empty($this->allowedMediaDomains)) {
-			$policy .= 'media-src ' . implode(' ', $this->allowedMediaDomains);
-			$policy .= ';';
-		}
-
-		if(!empty($this->allowedObjectDomains)) {
-			$policy .= 'object-src ' . implode(' ', $this->allowedObjectDomains);
-			$policy .= ';';
-		}
-
-		if(!empty($this->allowedFrameDomains)) {
-			$policy .= 'frame-src ' . implode(' ', $this->allowedFrameDomains);
-			$policy .= ';';
-		}
-
-		if(!empty($this->allowedChildSrcDomains)) {
-			$policy .= 'child-src ' . implode(' ', $this->allowedChildSrcDomains);
-			$policy .= ';';
-		}
-
-		return rtrim($policy, ';');
-	}
+    /** @var bool Whether inline JS snippets are allowed */
+    protected $inlineScriptAllowed = null;
+    /** @var string Whether JS nonces should be used */
+    protected $useJsNonce = null;
+    /**
+     * @var bool Whether eval in JS scripts is allowed
+     * TODO: Disallow per default
+     * @link https://github.com/owncloud/core/issues/11925
+     */
+    protected $evalScriptAllowed = null;
+    /** @var array Domains from which scripts can get loaded */
+    protected $allowedScriptDomains = null;
+    /**
+     * @var bool Whether inline CSS is allowed
+     * TODO: Disallow per default
+     * @link https://github.com/owncloud/core/issues/13458
+     */
+    protected $inlineStyleAllowed = null;
+    /** @var array Domains from which CSS can get loaded */
+    protected $allowedStyleDomains = null;
+    /** @var array Domains from which images can get loaded */
+    protected $allowedImageDomains = null;
+    /** @var array Domains to which connections can be done */
+    protected $allowedConnectDomains = null;
+    /** @var array Domains from which media elements can be loaded */
+    protected $allowedMediaDomains = null;
+    /** @var array Domains from which object elements can be loaded */
+    protected $allowedObjectDomains = null;
+    /** @var array Domains from which iframes can be loaded */
+    protected $allowedFrameDomains = null;
+    /** @var array Domains from which fonts can be loaded */
+    protected $allowedFontDomains = null;
+    /** @var array Domains from which web-workers and nested browsing content can load elements */
+    protected $allowedChildSrcDomains = null;
+
+    /**
+     * Whether inline JavaScript snippets are allowed or forbidden
+     * @param bool $state
+     * @return $this
+     * @since 8.1.0
+     * @deprecated 10.0 CSP tokens are now used
+     */
+    public function allowInlineScript($state = false) {
+        $this->inlineScriptAllowed = $state;
+        return $this;
+    }
+
+    /**
+     * Use the according JS nonce
+     *
+     * @param string $nonce
+     * @return $this
+     * @since 11.0.0
+     */
+    public function useJsNonce($nonce) {
+        $this->useJsNonce = $nonce;
+        return $this;
+    }
+
+    /**
+     * Whether eval in JavaScript is allowed or forbidden
+     * @param bool $state
+     * @return $this
+     * @since 8.1.0
+     */
+    public function allowEvalScript($state = true) {
+        $this->evalScriptAllowed = $state;
+        return $this;
+    }
+
+    /**
+     * Allows to execute JavaScript files from a specific domain. Use * to
+     * allow JavaScript from all domains.
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedScriptDomain($domain) {
+        $this->allowedScriptDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed script domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowScriptDomain($domain) {
+        $this->allowedScriptDomains = array_diff($this->allowedScriptDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * Whether inline CSS snippets are allowed or forbidden
+     * @param bool $state
+     * @return $this
+     * @since 8.1.0
+     */
+    public function allowInlineStyle($state = true) {
+        $this->inlineStyleAllowed = $state;
+        return $this;
+    }
+
+    /**
+     * Allows to execute CSS files from a specific domain. Use * to allow
+     * CSS from all domains.
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedStyleDomain($domain) {
+        $this->allowedStyleDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed style domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowStyleDomain($domain) {
+        $this->allowedStyleDomains = array_diff($this->allowedStyleDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * Allows using fonts from a specific domain. Use * to allow
+     * fonts from all domains.
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedFontDomain($domain) {
+        $this->allowedFontDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed font domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowFontDomain($domain) {
+        $this->allowedFontDomains = array_diff($this->allowedFontDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * Allows embedding images from a specific domain. Use * to allow
+     * images from all domains.
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedImageDomain($domain) {
+        $this->allowedImageDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed image domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowImageDomain($domain) {
+        $this->allowedImageDomains = array_diff($this->allowedImageDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * To which remote domains the JS connect to.
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedConnectDomain($domain) {
+        $this->allowedConnectDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed connect domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowConnectDomain($domain) {
+        $this->allowedConnectDomains = array_diff($this->allowedConnectDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * From which domains media elements can be embedded.
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedMediaDomain($domain) {
+        $this->allowedMediaDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed media domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowMediaDomain($domain) {
+        $this->allowedMediaDomains = array_diff($this->allowedMediaDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * From which domains objects such as <object>, <embed> or <applet> are executed
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedObjectDomain($domain) {
+        $this->allowedObjectDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed object domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowObjectDomain($domain) {
+        $this->allowedObjectDomains = array_diff($this->allowedObjectDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * Which domains can be embedded in an iframe
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedFrameDomain($domain) {
+        $this->allowedFrameDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed frame domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowFrameDomain($domain) {
+        $this->allowedFrameDomains = array_diff($this->allowedFrameDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * Domains from which web-workers and nested browsing content can load elements
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedChildSrcDomain($domain) {
+        $this->allowedChildSrcDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed child src domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowChildSrcDomain($domain) {
+        $this->allowedChildSrcDomains = array_diff($this->allowedChildSrcDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * Get the generated Content-Security-Policy as a string
+     * @return string
+     * @since 8.1.0
+     */
+    public function buildPolicy() {
+        $policy = "default-src 'none';";
+        $policy .= "base-uri 'none';";
+        $policy .= "manifest-src 'self';";
+
+        if(!empty($this->allowedScriptDomains) || $this->inlineScriptAllowed || $this->evalScriptAllowed) {
+            $policy .= 'script-src ';
+            if(is_string($this->useJsNonce)) {
+                $policy .= '\'nonce-'.base64_encode($this->useJsNonce).'\'';
+                $allowedScriptDomains = array_flip($this->allowedScriptDomains);
+                unset($allowedScriptDomains['\'self\'']);
+                $this->allowedScriptDomains = array_flip($allowedScriptDomains);
+                if(count($allowedScriptDomains) !== 0) {
+                    $policy .= ' ';
+                }
+            }
+            if(is_array($this->allowedScriptDomains)) {
+                $policy .= implode(' ', $this->allowedScriptDomains);
+            }
+            if($this->inlineScriptAllowed) {
+                $policy .= ' \'unsafe-inline\'';
+            }
+            if($this->evalScriptAllowed) {
+                $policy .= ' \'unsafe-eval\'';
+            }
+            $policy .= ';';
+        }
+
+        if(!empty($this->allowedStyleDomains) || $this->inlineStyleAllowed) {
+            $policy .= 'style-src ';
+            if(is_array($this->allowedStyleDomains)) {
+                $policy .= implode(' ', $this->allowedStyleDomains);
+            }
+            if($this->inlineStyleAllowed) {
+                $policy .= ' \'unsafe-inline\'';
+            }
+            $policy .= ';';
+        }
+
+        if(!empty($this->allowedImageDomains)) {
+            $policy .= 'img-src ' . implode(' ', $this->allowedImageDomains);
+            $policy .= ';';
+        }
+
+        if(!empty($this->allowedFontDomains)) {
+            $policy .= 'font-src ' . implode(' ', $this->allowedFontDomains);
+            $policy .= ';';
+        }
+
+        if(!empty($this->allowedConnectDomains)) {
+            $policy .= 'connect-src ' . implode(' ', $this->allowedConnectDomains);
+            $policy .= ';';
+        }
+
+        if(!empty($this->allowedMediaDomains)) {
+            $policy .= 'media-src ' . implode(' ', $this->allowedMediaDomains);
+            $policy .= ';';
+        }
+
+        if(!empty($this->allowedObjectDomains)) {
+            $policy .= 'object-src ' . implode(' ', $this->allowedObjectDomains);
+            $policy .= ';';
+        }
+
+        if(!empty($this->allowedFrameDomains)) {
+            $policy .= 'frame-src ' . implode(' ', $this->allowedFrameDomains);
+            $policy .= ';';
+        }
+
+        if(!empty($this->allowedChildSrcDomains)) {
+            $policy .= 'child-src ' . implode(' ', $this->allowedChildSrcDomains);
+            $policy .= ';';
+        }
+
+        return rtrim($policy, ';');
+    }
 }

Spacing +23 added lines, -23 removed lines

@@ -338,72 +338,72 @@
 		$policy .= "base-uri 'none';";
 		$policy .= "manifest-src 'self';";
 
-		if(!empty($this->allowedScriptDomains) || $this->inlineScriptAllowed || $this->evalScriptAllowed) {
+		if (!empty($this->allowedScriptDomains) || $this->inlineScriptAllowed || $this->evalScriptAllowed) {
 			$policy .= 'script-src ';
-			if(is_string($this->useJsNonce)) {
+			if (is_string($this->useJsNonce)) {
 				$policy .= '\'nonce-'.base64_encode($this->useJsNonce).'\'';
 				$allowedScriptDomains = array_flip($this->allowedScriptDomains);
 				unset($allowedScriptDomains['\'self\'']);
 				$this->allowedScriptDomains = array_flip($allowedScriptDomains);
-				if(count($allowedScriptDomains) !== 0) {
+				if (count($allowedScriptDomains) !== 0) {
 					$policy .= ' ';
 				}
 			}
-			if(is_array($this->allowedScriptDomains)) {
+			if (is_array($this->allowedScriptDomains)) {
 				$policy .= implode(' ', $this->allowedScriptDomains);
 			}
-			if($this->inlineScriptAllowed) {
+			if ($this->inlineScriptAllowed) {
 				$policy .= ' \'unsafe-inline\'';
 			}
-			if($this->evalScriptAllowed) {
+			if ($this->evalScriptAllowed) {
 				$policy .= ' \'unsafe-eval\'';
 			}
 			$policy .= ';';
 		}
 
-		if(!empty($this->allowedStyleDomains) || $this->inlineStyleAllowed) {
+		if (!empty($this->allowedStyleDomains) || $this->inlineStyleAllowed) {
 			$policy .= 'style-src ';
-			if(is_array($this->allowedStyleDomains)) {
+			if (is_array($this->allowedStyleDomains)) {
 				$policy .= implode(' ', $this->allowedStyleDomains);
 			}
-			if($this->inlineStyleAllowed) {
+			if ($this->inlineStyleAllowed) {
 				$policy .= ' \'unsafe-inline\'';
 			}
 			$policy .= ';';
 		}
 
-		if(!empty($this->allowedImageDomains)) {
-			$policy .= 'img-src ' . implode(' ', $this->allowedImageDomains);
+		if (!empty($this->allowedImageDomains)) {
+			$policy .= 'img-src '.implode(' ', $this->allowedImageDomains);
 			$policy .= ';';
 		}
 
-		if(!empty($this->allowedFontDomains)) {
-			$policy .= 'font-src ' . implode(' ', $this->allowedFontDomains);
+		if (!empty($this->allowedFontDomains)) {
+			$policy .= 'font-src '.implode(' ', $this->allowedFontDomains);
 			$policy .= ';';
 		}
 
-		if(!empty($this->allowedConnectDomains)) {
-			$policy .= 'connect-src ' . implode(' ', $this->allowedConnectDomains);
+		if (!empty($this->allowedConnectDomains)) {
+			$policy .= 'connect-src '.implode(' ', $this->allowedConnectDomains);
 			$policy .= ';';
 		}
 
-		if(!empty($this->allowedMediaDomains)) {
-			$policy .= 'media-src ' . implode(' ', $this->allowedMediaDomains);
+		if (!empty($this->allowedMediaDomains)) {
+			$policy .= 'media-src '.implode(' ', $this->allowedMediaDomains);
 			$policy .= ';';
 		}
 
-		if(!empty($this->allowedObjectDomains)) {
-			$policy .= 'object-src ' . implode(' ', $this->allowedObjectDomains);
+		if (!empty($this->allowedObjectDomains)) {
+			$policy .= 'object-src '.implode(' ', $this->allowedObjectDomains);
 			$policy .= ';';
 		}
 
-		if(!empty($this->allowedFrameDomains)) {
-			$policy .= 'frame-src ' . implode(' ', $this->allowedFrameDomains);
+		if (!empty($this->allowedFrameDomains)) {
+			$policy .= 'frame-src '.implode(' ', $this->allowedFrameDomains);
 			$policy .= ';';
 		}
 
-		if(!empty($this->allowedChildSrcDomains)) {
-			$policy .= 'child-src ' . implode(' ', $this->allowedChildSrcDomains);
+		if (!empty($this->allowedChildSrcDomains)) {
+			$policy .= 'child-src '.implode(' ', $this->allowedChildSrcDomains);
 			$policy .= ';';
 		}