Sh3ll
OdayForums


Server : LiteSpeed
System : Linux premium84.web-hosting.com 4.18.0-553.44.1.lve.el8.x86_64 #1 SMP Thu Mar 13 14:29:12 UTC 2025 x86_64
User : claqxcrl ( 523)
PHP Version : 8.1.32
Disable Function : NONE
Directory :  /home/claqxcrl/anfangola.com/wp-content/plugins/matomo/app/core/View/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/claqxcrl/anfangola.com/wp-content/plugins/matomo/app/core/View/SecurityPolicy.php
<?php

/**
 * Matomo - free/libre analytics platform
 *
 * @link https://matomo.org
 * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
 *
 */
namespace Piwik\View;

use Piwik\Config;
/**
 * Content Security Policy HTTP Header management class
 *
 */
class SecurityPolicy
{
    /*
     * Commonly used rules
     */
    const RULE_DEFAULT = "'self' 'unsafe-inline' 'unsafe-eval'";
    const RULE_IMG_DEFAULT = "'self' 'unsafe-inline' 'unsafe-eval' data:";
    const RULE_EMBEDDED_FRAME = "'self' 'unsafe-inline' 'unsafe-eval' data: https: http:";
    /**
     * The policies that will generate the CSP header.
     * These are keyed by the directive.
     *
     * @var array
     */
    private $policies = array();
    private $cspEnabled;
    private $reportOnly;
    /**
     * Constructor.
     */
    public function __construct(Config $config)
    {
        $this->policies['default-src'] = self::RULE_DEFAULT;
        $this->policies['img-src'] = self::RULE_IMG_DEFAULT;
        $generalConfig = $config->General;
        $this->cspEnabled = $generalConfig['csp_enabled'] ?? true;
        $this->reportOnly = $generalConfig['csp_report_only'] ?? false;
    }
    /**
     * Appends a policy to a directive.
     *
     * @api
     */
    public function addPolicy($directive, $value)
    {
        if (isset($this->policies[$directive])) {
            $this->policies[$directive] .= ' ' . $value;
        } else {
            $this->policies[$directive] = $value;
        }
    }
    /**
     * Removes a directive.
     *
     * @api
     */
    public function removeDirective($directive)
    {
        if (isset($this->policies[$directive])) {
            unset($this->policies[$directive]);
        }
    }
    /**
     * Overrides a directive.
     *
     * @api
     */
    public function overridePolicy($directive, $value)
    {
        $this->policies[$directive] = $value;
    }
    /**
     * Disable CSP
     *
     * @api
     */
    public function disable()
    {
        $this->cspEnabled = false;
    }
    /**
     * Creates the Header String that can be inserted in the Content-Security-Policy header.
     *
     * @return string
     */
    public function createHeaderString()
    {
        if (!$this->cspEnabled) {
            return '';
        }
        if ($this->reportOnly) {
            $headerString = 'Content-Security-Policy-Report-Only: ';
        } else {
            $headerString = 'Content-Security-Policy: ';
        }
        foreach ($this->policies as $directive => $values) {
            $headerString .= $directive . ' ' . $values . '; ';
        }
        return $headerString;
    }
    /**
     * A less restrictive CSP which will allow embedding other sites with iframes
     * (useful for heatmaps and session recordings)
     *
     * @api
     */
    public function allowEmbedPage()
    {
        $this->overridePolicy('default-src', self::RULE_EMBEDDED_FRAME);
        $this->overridePolicy('img-src', self::RULE_EMBEDDED_FRAME);
        $this->addPolicy('script-src', self::RULE_DEFAULT);
    }
}

ZeroDay Forums Mini