Use str_starts_with/str_ends_with

code style: line breaks

code style: operator spacing

Rector to rename print to echo calls

coding style: control flow line breaks

coding style: control flow whitespaces

coding style: function call spacing

codestyle adjustments: function declaration braces/spaces

Apply rector fixes to the rest of inc

scrutinizer fix

Restrictive Content-Security-Policy for media #1045

This adds a CSP header for all media delivered through our fetch.php
dispatcher. This should revent any scripts etc. to be executed when
scriptabl

Restrictive Content-Security-Policy for media #1045

This adds a CSP header for all media delivered through our fetch.php
dispatcher. This should revent any scripts etc. to be executed when
scriptable media, like SVG is used.

Suggestions on finetuning the policy are welcome.

The policy is added to the MEDIA_SENDFILE event, so plugins can easily
influence it. The way it is passed as an array should make it easier to
modify from plugins as well.

I put the mechanism to send the header into it's own class in the HTTP
namespace. Additional methods from inc/httputils could be moved here
later. The method might also be interesting for #2198 and #1676.

show more ...

fixed some line length errors

replaced deprecated utf8 functions

For now this uses full qualified namespaces, sensible imports may come
later.

line lengths shortened

This makes sure all files use line lenghts shorter than 120 characters.

This is a quick fix. It might not always be the nicest change.

remove pragma:no-cache header. closes #1201

The pragma header is only defined for requests not for responses. The
Cache-Control header should be used in responses.

Remove error supression for file_exists()

In an older version of PHP a file_exists() call would issue a warning
when the file did not exist. This was fixed in later PHP releases. Since
we require PH

Remove error supression for file_exists()

In an older version of PHP a file_exists() call would issue a warning
when the file did not exist. This was fixed in later PHP releases. Since
we require PHP 5.3 now, there's no need to supress any error here
anymore. This might even give a minor performance boost.

show more ...

Merge remote-tracking branch 'splitbrain/master'

Many PHPDocs, some unused and dyn declared vars

many PHPDocs
some unused variables
some dynamically declared variables declared

rfc2231 compatible encoding for header()

This is only used in the filename header field and ensures correct
interpretation of an encoded filename. This is will be needed
especially for download of f

rfc2231 compatible encoding for header()

This is only used in the filename header field and ensures correct
interpretation of an encoded filename. This is will be needed
especially for download of files with umlauts with an Internet Explorer.

show more ...

use http_sendfile correct

Re-order parameters to not break other callers

Needs a check for null now.

nop

Use original filename for Content-Disposition

In most cases this change will have no effect, but noes the response will use the filename that was originally requested. The downloaded filename can be

Use original filename for Content-Disposition

In most cases this change will have no effect, but noes the response will use the filename that was originally requested. The downloaded filename can be modified to something different as well. E.g. the siteexport plugin will make use of it.

show more ...

remove hash for external images, but use token url parameter instead

Merge remote-tracking branch 'origin/master' into fetchimagetokexternal