danwin1210/le-chat-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Disallow otp-credentials Permission

Browse Source
This commit is contained in:
Daniel Winzen
2021-06-19 12:41:30 +02:00
parent 20ebe8a995
commit 373973fb25
1 changed files with 4 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
chat.php
View File

@ -1459,15 +1459,12 @@ function send_frameset(){
if(isset($_POST['sort'])){ if(isset($_POST['sort'])){
if($_POST['sort']==1){ if($_POST['sort']==1){
$U['sortupdown']=1; $U['sortupdown']=1;
$tmp=$U['nocache'];
$U['nocache']=$U['nocache_old'];
$U['nocache_old']=$tmp;
}else{ }else{
$U['sortupdown']=0; $U['sortupdown']=0;
$tmp=$U['nocache'];
$U['nocache']=$U['nocache_old'];
$U['nocache_old']=$tmp;
} }
$tmp=$U['nocache'];
$U['nocache']=$U['nocache_old'];
$U['nocache_old']=$tmp;
$stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET sortupdown=?, nocache=?, nocache_old=? WHERE nickname=?;'); $stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET sortupdown=?, nocache=?, nocache_old=? WHERE nickname=?;');
$stmt->execute([$U['sortupdown'], $U['nocache'], $U['nocache_old'], $U['nickname']]); $stmt->execute([$U['sortupdown'], $U['nocache'], $U['nocache_old'], $U['nickname']]);
if($U['status']>1){ if($U['status']>1){
@ -3294,7 +3291,6 @@ function add_message(string $message, string $recipient, string $poster, int $de
} }
function add_system_message(string $mes, string $doer){ function add_system_message(string $mes, string $doer){
global $I;
if($mes===''){ if($mes===''){
return; return;
} }
@ -3477,7 +3473,7 @@ function send_headers(){
header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0, private'); header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0, private');
header('Expires: 0'); header('Expires: 0');
header('Referrer-Policy: no-referrer'); header('Referrer-Policy: no-referrer');
header("Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=(), interest-cohort=()"); header("Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=(), interest-cohort=(), otp-credentials()");
if(!get_setting('imgembed') || !($U['embed'] ?? false)){ if(!get_setting('imgembed') || !($U['embed'] ?? false)){
header("Cross-Origin-Embedder-Policy: require-corp"); header("Cross-Origin-Embedder-Policy: require-corp");
} }