in ApplicationBootstrap#setupErrorHandling(). In webrouter.php disable
them unconditionally (until ApplicationBootstrap#setupErrorHandling())
not to duplicate the check. ApplicationBootstrap#setupErrorHandling())
is called pretty early, so we won't miss much.
fixes#5117
* In addition, this provides #5269 and mitigates #5152 in production
where ICINGAWEB_ENVIRONMENT isn't set.
Trusted in this case means, it was Icinga Web that
rendered a link and the user followed it. Whether
a source is trustworthy or not is detected by use
of the user's session id to hash it combined with
the source similar to how CSRF tokens are assembled.
Partial because the helper method is not the preferred way
anymore to create an icon. So I simplified the detection
to only check whether the given icon is a legacy one, as
those are smaller in number. Though, this leads to some fa
icons being identified as legacy, as the names equal. But,
it's the legacy helper after all... Anyone wanting to make
sure to get fontawesome icons, must add the `fa-` prefix.
When performing a str_replace, subject should always be a string. If
passing a non-existent column or empty column, subject may be null
This ensure str_replace is called when subject is actually a string (not
NULL)
ldap_connect() in php >= 8.1 returns `LDAP\Connection` instead of `resource` and all ldap_*() methods expects the returned type. But function defined return type and $ds type confuses phpstan, so i removed the hardcoded type hint.
For mysql it's just enough to check whether the privileges are granted
at database or table label, but for PostgreSQL it's necessary that the
privileges are granted at database and at table level.
This ensures that, if CSP is enabled, the newly created token on the
login is accepted by the browser. A small, but IMHO desired, side
effect is that the login now always appears in the default theme.
fixes#5126
