|
|
|
@ -8,6 +8,13 @@
|
|
|
|
|
* This file contains global settings and utility functions.
|
|
|
|
|
*/
|
|
|
|
|
ob_start(); // allow sending headers after content
|
|
|
|
|
//
|
|
|
|
|
// Composer
|
|
|
|
|
require __DIR__ . '/vendor/autoload.php';
|
|
|
|
|
|
|
|
|
|
// Settings file
|
|
|
|
|
require __DIR__ . '/settings.php';
|
|
|
|
|
|
|
|
|
|
// Unicode, solves almost all stupid encoding problems
|
|
|
|
|
header('Content-Type: text/html; charset=utf-8');
|
|
|
|
|
|
|
|
|
@ -27,6 +34,7 @@ session_start(); // stick some cookies in it
|
|
|
|
|
//// renew session cookie
|
|
|
|
|
setcookie(session_name(), session_id(), time() + $session_length);
|
|
|
|
|
|
|
|
|
|
$captcha_server = (CAPTCHA_ENABLED === true ? preg_replace("/http(s)?:\/\//", "", CAPTCHA_SERVER) : "");
|
|
|
|
|
if ($_SESSION['mobile'] === TRUE) {
|
|
|
|
|
header("Content-Security-Policy: "
|
|
|
|
|
. "default-src 'self';"
|
|
|
|
@ -37,7 +45,7 @@ if ($_SESSION['mobile'] === TRUE) {
|
|
|
|
|
. "font-src 'self'; "
|
|
|
|
|
. "connect-src *; "
|
|
|
|
|
. "style-src 'self' 'unsafe-inline'; "
|
|
|
|
|
. "script-src 'self' 'unsafe-inline'");
|
|
|
|
|
. "script-src 'self' 'unsafe-inline' $captcha_server");
|
|
|
|
|
} else {
|
|
|
|
|
header("Content-Security-Policy: "
|
|
|
|
|
. "default-src 'self';"
|
|
|
|
@ -48,14 +56,9 @@ if ($_SESSION['mobile'] === TRUE) {
|
|
|
|
|
. "font-src 'self'; "
|
|
|
|
|
. "connect-src *; "
|
|
|
|
|
. "style-src 'self' 'nonce-$SECURE_NONCE'; "
|
|
|
|
|
. "script-src 'self' 'nonce-$SECURE_NONCE'");
|
|
|
|
|
. "script-src 'self' 'nonce-$SECURE_NONCE' $captcha_server");
|
|
|
|
|
}
|
|
|
|
|
//
|
|
|
|
|
// Composer
|
|
|
|
|
require __DIR__ . '/vendor/autoload.php';
|
|
|
|
|
|
|
|
|
|
// Settings file
|
|
|
|
|
require __DIR__ . '/settings.php';
|
|
|
|
|
// List of alert messages
|
|
|
|
|
require __DIR__ . '/lang/messages.php';
|
|
|
|
|
// text strings (i18n)
|
|
|
|
@ -76,7 +79,7 @@ function sendError($error) {
|
|
|
|
|
. "<h1>A fatal application error has occurred.</h1>"
|
|
|
|
|
. "<i>(This isn't your fault.)</i>"
|
|
|
|
|
. "<h2>Details:</h2>"
|
|
|
|
|
. "<p>". htmlspecialchars($error) . "</p>");
|
|
|
|
|
. "<p>" . htmlspecialchars($error) . "</p>");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
date_default_timezone_set(TIMEZONE);
|
|
|
|
|