282b4d564a
Add `style` element to SVGs
...
The ruleset returned by `Styleable::getStyle()` is added to the SVG.
2023-08-28 16:56:51 +02:00
97a14d7b18
Modify `Styleable` to avoid using static inline styles
...
To prevent CSP violation the following changes has been made in `Styleable::class`:
1) `Styleable::getStyle()` method is modified to return `ipl\Web\Style::class`
2) `Styleable::additionalStyle` property type is changed to array
3) `Styleable::setAdditionalStyle()` parameter type is changed to array
2023-08-28 16:56:49 +02:00
4e8107c231
RoleForm: Replace static inline styles with css class
...
The static inline style for resetriction text element is replaced with css class `role-restriction-text`
to avoid Content-Security-Policy violations.
2023-08-28 16:40:37 +02:00
afd2a65df6
Add `nonce` attribute to `<style>` elements
...
`nonce` attribute needs to be set on the style elements to avoid CSP violations.
2023-08-28 16:40:37 +02:00
da1bf7048d
Remove inline scripts
...
Remove inline scripts present in `layout.phtml` and `logout.phtml` to prevent CSP violation.
2023-08-28 16:40:37 +02:00
33a5f765b9
Use `style` element to create css class for dynamic inline style
...
The `style` element with `nonce` attribute is used to create css classes for
inline styles that are not static. This prevents Content-Security-Policy violations.
2023-08-28 16:40:33 +02:00
459f4198c3
Replace static inline styles with css class
...
The static inline styles are replaced with css class to avoid Content-Security-Policy violations.
2023-08-28 16:30:12 +02:00
511f507c60
Allow Enabling Strict Content Security Policy (CSP) ( #5059 )
2023-08-28 16:15:09 +02:00
6f39194b0c
Add `CSP` documentation
2023-08-28 16:01:52 +02:00
3b7f054534
Initiate full page reload upon `CSP` config change
2023-08-28 12:42:32 +02:00
e3ebe109eb
Enable strict CSP if configured
2023-08-28 12:42:32 +02:00
1cd1b500b3
Add helper to enable strict CSP
2023-08-28 12:42:32 +02:00
0bac6cfe07
Config: Add setting to enable strict CSP
2023-08-24 16:02:06 +02:00
6c68578a6c
Github Actions: Add PhpStan ( #5040 )
...
Blocked by: #5061
closes #5052 , https://github.com/Icinga/icingaweb2/pull/4920 ,
https://github.com/Icinga/icingaweb2/pull/5003
2023-08-23 11:53:21 +02:00
2818757bc6
phpstan: Ignore `LdapCapabilities/LdapConnection` errors
...
- ldap_connect() returns `LDAP\Connection` in php >= 81
2023-08-23 11:37:00 +02:00
fe24d7809f
Phpstan: Set level to max and add baseline file
...
- Remove already default flags in `max` level
- Don't ingnore Zend_* errors explicitly (added to baseline)
2023-08-23 11:37:00 +02:00
3f3f0a1f67
GlobFilter::__construct(): Add possible param type hint
2023-08-23 11:37:00 +02:00
0cf97d5825
Workflow: clone the remote `head`, regardless of the branch name
2023-08-23 11:36:30 +02:00
9887a2d622
`ConfigTest`: Define property `$oldConfigDir`
...
Use of dynamic property is deprecated since PHP 8.2
2023-08-23 10:53:15 +02:00
a82e3b2320
Stylable: Fix `strokeWidth` type hint declaration
2023-08-23 10:53:15 +02:00
55b4a5eb63
StaticController: Pass only strings to `str_pad` as first argument
2023-08-23 10:53:15 +02:00
a965b5c44b
Fix argument type hints
2023-08-23 10:53:15 +02:00
ffe84507f9
Host/Servie::getDataView(): Fix return class name case
2023-08-23 10:53:15 +02:00
2fa9aaedb0
(Host/Service)status: Fix class name case
2023-08-23 10:53:15 +02:00
19151763af
`UrlParams`: Fix parameter types of `addValues()` method
2023-08-23 10:53:15 +02:00
eed1b0a680
`Url`: Fix type of parameter `$values` of `with()` method
2023-08-23 10:53:15 +02:00
6353f79528
`VersionCommand`: Avoid using deprecated `${}` string interpolation
2023-08-23 10:53:15 +02:00
fd984c5798
Loader: Fix `Variable '$obj' is probably undefined`
2023-08-23 10:53:15 +02:00
17c2a19e28
ObjectList: Pass the correct value to `unset()`
...
- $featureStatus is an associative array
2023-08-23 10:53:15 +02:00
e3ce1c4b2d
(Hosts/Services)Controller: Cannot check `ObjectList` instance with `! empty()`
2023-08-23 10:53:15 +02:00
5d5b767afe
Setup Module (finish.phtml): Add empty array if $report is null
2023-08-23 10:53:15 +02:00
6f04c54f3c
ListController::createTabs(): Add missing return statement
2023-08-23 10:53:15 +02:00
907486ccac
NavigationItemRenderer::setOptions(): Add missing return statement
2023-08-23 10:53:15 +02:00
66c4fc404e
LocalFileStorage::create(): Add missing return statement
2023-08-23 10:53:15 +02:00
ee9d139a3a
PhpDoc: Fix incorrect `@param` and `@return` type hints
2023-08-23 10:53:15 +02:00
8d55385e38
HealthController: Add return statement in new line because `render()` returns nothing
2023-08-23 10:53:14 +02:00
63556849c9
HostnotificationQuery: Fix `Variable '$$concattedContacts' is probably undefined`
2023-08-23 10:53:14 +02:00
8960324fcd
ResourceStep: Fix `Variable '$dbHtml, $ldapHtml' are probably undefined`
2023-08-23 10:53:14 +02:00
e5981ed2b5
GeneralConfigStep: Fix `Variable '$typeDescription, $typeSpecificHtml' are probably undefined`
2023-08-23 10:53:14 +02:00
07e272f3cc
RequirementsRenderer: Add `$tags` explicitly as non-dynamic property
2023-08-23 10:53:14 +02:00
8cfc40affe
RequirementSet: Fix `sprintf` args
2023-08-23 10:53:14 +02:00
b755650256
Requirement: Fix exception throw
2023-08-23 10:53:14 +02:00
dae38414f8
AuthBackendPage: Fix `Variable '$backendForm' is probably undefined`
2023-08-23 10:53:14 +02:00
01352cf6c2
AdminAccountPage: Fix `Variable '$groups, $users' are probably undefined`
2023-08-23 10:53:14 +02:00
d1bfde0dc5
ConfigCommand: Fix `Variable '$webserver' is probably undefined` and import missing `Exception` class
2023-08-23 10:53:14 +02:00
7adc25ba38
TimeRange: Fix class name case
2023-08-23 10:53:14 +02:00
0901e841a3
PerfData: Fix method name case
2023-08-23 10:53:14 +02:00
92c647e883
CustomVarRendererHook: Remove unused param $object
2023-08-23 10:53:14 +02:00
84589f8833
BackendStep: Fix `Variable '$$resourceTitle, $resourceHtml' is probably undefined`
2023-08-23 10:53:14 +02:00
c1bdec65f4
ServicenotificationQuery: Fix `Variable '$$concattedContacts' is probably undefined`
2023-08-23 10:53:14 +02:00
raviks789
Johannes Meyer
Yonas Habteab
Eric Lippmann
Sukhwinder Dhillon