Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
intranet-reporting
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
project-open
intranet-reporting
Commits
e2e9f643
Commit
e2e9f643
authored
Nov 03, 2020
by
Frank Bergmann
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- Implemented CSP (Content Security Policy)
parent
65de8218
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
52 additions
and
14 deletions
+52
-14
create-ts-chart.adp
lib/create-ts-chart.adp
+1
-2
project-deviation-time-budget.adp
lib/project-deviation-time-budget.adp
+10
-2
intranet-reporting-procs.tcl
tcl/intranet-reporting-procs.tcl
+24
-0
timesheet-customer-project-xml-xslt.tcl
www/timesheet-customer-project-xml-xslt.tcl
+4
-4
timesheet-incomplete-days.tcl
www/timesheet-incomplete-days.tcl
+2
-2
user-contacts.tcl
www/user-contacts.tcl
+11
-4
No files found.
lib/create-ts-chart.adp
View file @
e2e9f643
<script>
<script type="text/javascript" <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
<if @no_records_found_msg@ eq "">
Ext.require('Ext.chart.*');
...
...
lib/project-deviation-time-budget.adp
View file @
e2e9f643
...
...
@@ -2,6 +2,14 @@
<%=[im_header]%>
<%=[im_navbar]%>
<!-- Show calendar on start- and end-date -->
<script type="text/javascript" <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
window.addEventListener('load', function() {
document.getElementById('start_date_calendar').addEventListener('click', function() { showCalendar('start_date', 'y-m-d'); });
document.getElementById('end_date_calendar').addEventListener('click', function() { showCalendar('end_date', 'y-m-d'); });
});
</script>
<form action='project-deviation-time-budget' id='intranet-reporting-project-deviation-time-budget'>
<%=[export_vars -form {opened_projects}]%>
...
...
@@ -13,14 +21,14 @@
<td class=form-label><%=[lang::message::lookup "" intranet-core.Start_Date "Start Date"]%></td>
<td class=form-widget>
<input type="text"field name="start_date" id="start_date" value="@start_date@">
<input type="button"
style="height:20px; width:20px; background: url('/resources/acs-templating/calendar.gif');" onclick ="return showCalendar('start_date', 'y-m-d');"
>
<input type="button"
id=start_date_calendar style="height:20px; width:20px; background: url('/resources/acs-templating/calendar.gif');"
>
</td>
</tr>
<tr>
<td class=form-label><%=[lang::message::lookup "" intranet-core.End_Date "End Date"]%></td>
<td class=form-widget>
<input type="text"field name="end_date" id="end_date" value="@end_date@">
<input type="button"
style="height:20px; width:20px; background: url('/resources/acs-templating/calendar.gif');" onclick ="return showCalendar('end_date', 'y-m-d');"
>
<input type="button"
id=end_date_calendar style="height:20px; width:20px; background: url('/resources/acs-templating/calendar.gif');"
>
</td>
</tr>
<tr>
...
...
tcl/intranet-reporting-procs.tcl
View file @
e2e9f643
...
...
@@ -829,6 +829,30 @@ ad_proc im_report_write_http_headers {
set all_the_headers
"HTTP/1.0 200 OK
\n
Connection: keep-alive
\n
Content-Type:
$content
_type
\r\n
"
}
#
# Add the content security policy. Since this is the blank master, we
# are defensive and check, if the system has already support for it
# via the CSPEnabledP kernel parameter. Otherwise users would be
# blocked out.
#
if
{[
parameter::get -parameter CSPEnabledP -package_id
[
ad_acs_kernel_id
]
-default 0
]
&&
[
info
commands ::security::csp::render
]
ne
""
}
{
set csp
[
::security::csp::render
]
if
{
$csp
ne
""
}
{
set ua
[
ns_set iget
[
ns_conn headers
]
user-agent
]
if
{[
regexp
{
Trident/.*rv:
([
0-9
]{
1,
}[
\.
0-9
]{
0,
})}
$ua
]}
{
set field X-Content-Security-Policy
}
else
{
set field Content-Security-Policy
}
ns_set put
[
ns_conn outputheaders
]
$field
$csp
}
}
util_WriteWithExtraOutputHeaders
$all
_the_headers
# fraber 160224: NaviServer instead of AOLserver...
...
...
www/timesheet-customer-project-xml-xslt.tcl
View file @
e2e9f643
...
...
@@ -1008,7 +1008,7 @@ append sidebar_html "
</div> <!-- /slave -->
<script type='text/javascript'>
<script type='text/javascript'
nonce='
[
im_csp_nonce
]
'
>
function handleClick(myRadio)
\{
if (
\"
html
\"
== myRadio.value)
\{
...
...
@@ -1351,7 +1351,7 @@ switch $output_format {
html
{
ns_write
"</table>
[
im_box_footer
]
</div></form>"
# Todo: Verify how to include div id
"monitor_frame"
to make following js obsolete
ns_write
"<script language='javascript' type='text/javascript'>document.getElementById('slave_content').style.visibility='visible';"
ns_write
"<script language='javascript' type='text/javascript'
nonce='
[
im_csp_nonce
]
'
>document.getElementById('slave_content').style.visibility='visible';"
ns_write
"document.getElementById('fullwidth-list').style.visibility='visible'; </script>"
ns_write
"
[
im_footer
]
\n
"
}
...
...
@@ -1419,7 +1419,7 @@ switch $output_format {
}
chart
{
# Todo: Verify how to include div id
"monitor_frame"
to make following js obsolete
ns_write
"<script language='javascript' type='text/javascript'>document.getElementById('slave_content').style.visibility='visible';"
ns_write
"<script language='javascript' type='text/javascript'
nonce='
[
im_csp_nonce
]
'
>document.getElementById('slave_content').style.visibility='visible';"
ns_write
"document.getElementById('fullwidth-list').style.visibility='visible'; </script>"
# These var values we need to wrap into ''
set str_vars_list
[
list
]
...
...
@@ -1465,7 +1465,7 @@ switch $output_format {
ns_write
"
[
im_footer
]
\n
"
# Todo: Verify how to include div id
"monitor_frame"
to make following js obsolete
ns_write
"<script language='javascript' type='text/javascript'>"
ns_write
"<script language='javascript' type='text/javascript'
nonce='
[
im_csp_nonce
]
'
>"
ns_write
"document.getElementById('slave_content').style.visibility='visible';"
ns_write
"document.getElementById('fullwidth-list').style.visibility='visible';"
ns_write
"</script>"
...
...
www/timesheet-incomplete-days.tcl
View file @
e2e9f643
...
...
@@ -343,7 +343,7 @@ switch $output_format {
</td>
</table>
<script>
<script
type=
\"
text/javascript
\"
nonce=
\"
[
im_csp_nonce
]
\"
>
jQuery().ready(function(){
\$
(function() {
\$
(
\"\#
start_date
\"
).datepicker({ dateFormat:
\"
yyyy-mm-dd
\"
});
...
...
@@ -465,7 +465,7 @@ switch $output_format {
html
{
ns_write
"</table>
\n
[
im_footer
]
\n
"
ns_write
"
<script type='text/javascript'>
<script type='text/javascript'
nonce='
[
im_csp_nonce
]
'
>
document.getElementById('total_users_ctr').innerHTML = '
$total
_users_ctr';
document.getElementById('output_users_ctr').innerHTML = '
$output
_users_ctr';
</script>
...
...
www/user-contacts.tcl
View file @
e2e9f643
...
...
@@ -46,9 +46,9 @@ set offset [expr {$page * $limit}]
# Page Title, Bread Crums and Help
#
set
page_title
[
lang::message::lookup
""
intranet-reporting
_
Users_and_Contacts
"Users and Contacts"
]
set
page_title
[
lang::message::lookup
""
intranet-reporting
.
Users_and_Contacts
"Users and Contacts"
]
set
context_bar
[
im_context_bar
$page
_title
]
set
help_text
[
lang::message::lookup
""
intranet-reporting
_
Users_and_Contacts_help
"
set
help_text
[
lang::message::lookup
""
intranet-reporting
.
Users_and_Contacts_help
"
<strong>Users and Contacts:</strong><br>
This report shows all users in the system, together with
their state and their contact details.
...
...
@@ -161,8 +161,8 @@ OFFSET :offset
# Global Header Line
set
header0
[
list
\
"<input
type=checkbox name=_dummy onclick=
\\\"
acs_ListCheckAll('user',this.checked)
\\\"
checked>"
\
[
lang::message::lookup
""
intranet-reporting.Company_short Comp
]
\
"<input
id=list_check_all type=checkbox name=_dummy
checked>"
\
[
lang::message::lookup
""
intranet-reporting.Company_short Comp
]
\
[
lang::message::lookup
""
intranet-reporting.Customer_oneletter
"C"
]
\
[
lang::message::lookup
""
intranet-reporting.Employee_oneletter
"E"
]
\
[
lang::message::lookup
""
intranet-reporting.Freelancer_oneletter
"F"
]
\
...
...
@@ -270,6 +270,13 @@ switch $output_format {
ns_write
"
[
im_header
]
[
im_navbar reporting
]
<script type=
\"
text/javascript
\"
nonce=
\"
[
im_csp_nonce
]
\"
>
window.addEventListener('load', function() {
document.getElementById('list_check_all').addEventListener('click', function() { acs_ListCheckAll('user',this.checked); });
});
</script>
<table cellspacing=0 cellpadding=0 border=0>
<tr valign=top>
<td width='30%'>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment