1*046ca144SAndreas Gohr<?php 2*046ca144SAndreas Gohr/** 3*046ca144SAndreas Gohr * DokuWiki Plugin diagrams (Renderer Component) 4*046ca144SAndreas Gohr * 5*046ca144SAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 6*046ca144SAndreas Gohr * @author Innovakom + CosmoCode <dokuwiki@cosmocode.de> 7*046ca144SAndreas Gohr */ 8*046ca144SAndreas Gohrclass renderer_plugin_diagrams extends Doku_Renderer 9*046ca144SAndreas Gohr{ 10*046ca144SAndreas Gohr 11*046ca144SAndreas Gohr /** @inheritDoc */ 12*046ca144SAndreas Gohr public function getFormat() 13*046ca144SAndreas Gohr { 14*046ca144SAndreas Gohr return 'diagrams'; 15*046ca144SAndreas Gohr } 16*046ca144SAndreas Gohr 17*046ca144SAndreas Gohr /** 18*046ca144SAndreas Gohr * Set proper headers 19*046ca144SAndreas Gohr */ 20*046ca144SAndreas Gohr public function document_start() 21*046ca144SAndreas Gohr { 22*046ca144SAndreas Gohr global $ID; 23*046ca144SAndreas Gohr $headers = [ 24*046ca144SAndreas Gohr 'Content-Type' => 'image/svg+xml', 25*046ca144SAndreas Gohr 'Content-Security-Policy' => $this->getCSP(), 26*046ca144SAndreas Gohr ]; 27*046ca144SAndreas Gohr p_set_metadata($ID, ['format' => ['diagrams' => $headers]]); 28*046ca144SAndreas Gohr // don't cache 29*046ca144SAndreas Gohr $this->nocache(); 30*046ca144SAndreas Gohr } 31*046ca144SAndreas Gohr 32*046ca144SAndreas Gohr /** 33*046ca144SAndreas Gohr * Create the content security policy 34*046ca144SAndreas Gohr * @return string 35*046ca144SAndreas Gohr */ 36*046ca144SAndreas Gohr protected function getCSP() { 37*046ca144SAndreas Gohr $policy = [ 38*046ca144SAndreas Gohr 'default-src' => "'none'", 39*046ca144SAndreas Gohr 'style-src' => "'unsafe-inline'", 40*046ca144SAndreas Gohr 'media-src' => "'self'", 41*046ca144SAndreas Gohr 'object-src' => "'self'", 42*046ca144SAndreas Gohr 'font-src' => "'self' data:", 43*046ca144SAndreas Gohr 'form-action' => "'none'", 44*046ca144SAndreas Gohr 'frame-ancestors' => "'self'", 45*046ca144SAndreas Gohr 'img-src' => "self data:", 46*046ca144SAndreas Gohr 'sandbox' => "allow-popups allow-top-navigation allow-same-origin", 47*046ca144SAndreas Gohr ]; 48*046ca144SAndreas Gohr 49*046ca144SAndreas Gohr /** @noinspection DuplicatedCode from dokuwiki\HTTP\Headers::contentSecurityPolicy() */ 50*046ca144SAndreas Gohr foreach ($policy as $key => $values) { 51*046ca144SAndreas Gohr // if the value is not an array, we also accept newline terminated strings 52*046ca144SAndreas Gohr if (!is_array($values)) $values = explode("\n", $values); 53*046ca144SAndreas Gohr $values = array_map('trim', $values); 54*046ca144SAndreas Gohr $values = array_unique($values); 55*046ca144SAndreas Gohr $values = array_filter($values); 56*046ca144SAndreas Gohr $policy[$key] = $values; 57*046ca144SAndreas Gohr } 58*046ca144SAndreas Gohr 59*046ca144SAndreas Gohr $cspheader = ''; 60*046ca144SAndreas Gohr foreach ($policy as $key => $values) { 61*046ca144SAndreas Gohr if ($values) { 62*046ca144SAndreas Gohr $cspheader .= " $key " . join(' ', $values) . ';'; 63*046ca144SAndreas Gohr } else { 64*046ca144SAndreas Gohr $cspheader .= " $key;"; 65*046ca144SAndreas Gohr } 66*046ca144SAndreas Gohr } 67*046ca144SAndreas Gohr 68*046ca144SAndreas Gohr return $cspheader; 69*046ca144SAndreas Gohr } 70*046ca144SAndreas Gohr} 71*046ca144SAndreas Gohr 72