Point808/LobbySIO
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CSP tweaks again, login uid fix, mild cleanup

Browse Source
This commit is contained in:
Josh North
2021-08-11 20:12:35 -04:00
parent 0b45ed9e02
commit ff621bce35
7 changed files with 90 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
index.php
View File

@@ -81,7 +81,7 @@
$app_current_pagename = $transLang['STR_COMMON_HOME']; // PAGE SETUP
$app_current_pageicon = '<i class="fas fa-home"></i> ';
require_once("inc/header.inc.php");
$urlsrc=basename($_SERVER['PHP_SELF']);
$urlsrc=basename(filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL));
header("X-Frame-Options: SAMEORIGIN");
header("X-Content-Type-Options: nosniff");
//header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
@@ -107,7 +107,7 @@
<div class="container-fluid">
<div class="row row-cols-1">
<div class="col d-grid gap-2">
<button class="btn btn-outline-danger btn-lg btn-block" tabindex="-1" role="button" aria-disabled="true" disabled><i class="fas fa-4x fa-sign-in-alt"></i><img src="<?php echo $StaticFunctions->getLogoText(); ?>" height="140" width="370" nonce="<?=$_SESSION['nonce']?>"></img><i class="fas fa-4x fa-sign-out-alt"></i><br /><h1><?php echo $transLang['APP_NAME']; ?></h1></button>
<button class="btn btn-outline-danger btn-lg btn-block" tabindex="-1" role="button" aria-disabled="true" disabled><i class="fas fa-4x fa-sign-in-alt"></i><img src="<?php echo $StaticFunctions->getLogoText(); ?>" height="140" width="370" nonce="<?=$_SESSION['nonceStr']?>"></img><i class="fas fa-4x fa-sign-out-alt"></i><br /><h1><?php echo $transLang['APP_NAME']; ?></h1></button>
</div>
</div>
</div>
@@ -306,7 +306,7 @@ $form_data = filter_input_array(INPUT_POST, [
if (0 === $row_count): else: $page_count = (int)ceil($row_count / $StaticFunctions->getPageRows()); if($page_num > $page_count): $page_num = 1; endif; endif;
?>
<!-- modals -->
<script nonce="<?=$_SESSION['nonce']?>">
<script nonce="<?=$_SESSION['nonceStr']?>">
$(document).on("click", ".open-voidModal", function (e) {
e.preventDefault();
var _self = $(this);
@@ -365,7 +365,7 @@ $form_data = filter_input_array(INPUT_POST, [
<ul class="pagination pagination-sm">
<li class="page-item disabled"><a class="page-link" href="#" tabindex="-1"><?php echo $transLang['STR_COMMON_PAGE']; ?></a></li>
<?php for ($i = 1; $i <= $page_count; $i++): ?>
<li class="page-item<?php if ($i === $page_num): echo ' active'; else: echo ' '; endif; ?>"><a class="page-link" href="<?php echo $_SERVER['PHP_SELF'] . '?pnum=' . $i; ?>"><?php echo $i; ?></a></li>
<li class="page-item<?php if ($i === $page_num): echo ' active'; else: echo ' '; endif; ?>"><a class="page-link" href="<?php echo filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL) . '?pnum=' . $i; ?>"><?php echo $i; ?></a></li>
<?php endfor; ?>
</ul>
</div>
@@ -391,7 +391,7 @@ $form_data = filter_input_array(INPUT_POST, [
<div class="input-group input-group-sm mb-0">
<span class="input-group-text" data-bs-toggle="datetimepicker" data-target=".datetimepicker-fd_manualTimeDate">Sign In Date/Time&nbsp;<i class="fas fa-clock"></i></span>
<input placeholder="" name="fd_manualTimeDate" type="text" class="form-control bg-white datetimepicker-input datetimepicker-fd_manualTimeDate" id="datetimepicker-fd_manualTimeDate" data-toggle="datetimepicker" data-target=".datetimepicker-fd_manualTimeDate"/>
<script type="text/javascript" nonce="<?=$_SESSION['nonce']?>">
<script type="text/javascript" nonce="<?=$_SESSION['nonceStr']?>">
$(function () {
$('.datetimepicker-fd_manualTimeDate').datetimepicker({'timeZone': '<?php echo $timezone; ?>', 'sideBySide':true, 'format':'YYYY-MM-DD HH:mm:ss', 'allowInputToggle': true });
});
@@ -467,7 +467,7 @@ $form_data = filter_input_array(INPUT_POST, [
<div class="input-group input-group-sm mb-0">
<span class="input-group-text" data-bs-toggle="datetimepicker" data-target=".datetimepicker-form_data_workstart"><?php echo $transLang['STR_VENDORINFO_WORKSTART_TITLE']; ?>&nbsp;<i class="fas fa-clock"></i></span>
<input placeholder="" name="form_data_workstart" type="text" class="form-control bg-white datetimepicker-input datetimepicker-form_data_workstart" id="datetimepicker-form_data_workstart" data-toggle="datetimepicker" data-target=".datetimepicker-form_data_workstart"/>
<script type="text/javascript" nonce="<?=$_SESSION['nonce']?>">
<script type="text/javascript" nonce="<?=$_SESSION['nonceStr']?>">
$(function () {
$('.datetimepicker-form_data_workstart').datetimepicker({'timeZone': '<?php echo $timezone; ?>', 'sideBySide':true, 'format':'YYYY-MM-DD HH:mm:ss', 'allowInputToggle': true, 'defaultDate':'<?php echo $timenow; ?>' });
});
@@ -478,7 +478,7 @@ $form_data = filter_input_array(INPUT_POST, [
<div class="input-group input-group-sm mb-0">
<span class="input-group-text" data-bs-toggle="datetimepicker" data-target=".datetimepicker-form_data_workend"><?php echo $transLang['STR_VENDORINFO_WORKEND_TITLE']; ?>&nbsp;<i class="fas fa-clock"></i></span>
<input placeholder="" name="form_data_workend" type="text" class="form-control bg-white datetimepicker-input datetimepicker-form_data_workend" id="datetimepicker-form_data_workend" data-toggle="datetimepicker" data-target=".datetimepicker-form_data_workend"/>
<script type="text/javascript" nonce="<?=$_SESSION['nonce']?>">
<script type="text/javascript" nonce="<?=$_SESSION['nonceStr']?>">
$(function () {
$('.datetimepicker-form_data_workend').datetimepicker({'timeZone': '<?php echo $timezone; ?>', 'sideBySide':true, 'format':'YYYY-MM-DD HH:mm:ss', 'allowInputToggle': true, 'defaultDate':'<?php echo date('Y-m-d H:i:s', time()+43200); ?>' });
});
@@ -487,7 +487,7 @@ $form_data = filter_input_array(INPUT_POST, [
</div>
</div>
</div>
<script type="text/javascript" nonce="<?=$_SESSION['nonce']?>">
<script type="text/javascript" nonce="<?=$_SESSION['nonceStr']?>">
$('#vendorrequiredswitch').change(function() {
var checkedEscortValue=$("#vendorrequiredswitch").is(":checked");
if (checkedEscortValue === true) {
@@ -548,7 +548,7 @@ $form_data = filter_input_array(INPUT_POST, [
</div>
</div>
</div>
<script type="text/javascript" nonce="<?=$_SESSION['nonce']?>">
<script type="text/javascript" nonce="<?=$_SESSION['nonceStr']?>">
$('#escortrequiredswitch').change(function() {
var checkedEscortValue=$("#escortrequiredswitch").is(":checked");
if (checkedEscortValue === true) {
@@ -946,8 +946,8 @@ if ($db_vendorinfo_workcompleted === 1 && $db_vendorinfo_sitecleanup === 1) { $f
<span class="badge bg-light text-dark"><?php echo $transLang[$VisitTypeInfo->getInfoVisitType("%", $row['visits_reason'])[0]["visittypes_name"]]; ?></span>
</div>
</td>
<td class="small"><?php echo $row['visits_lastname'] . ", " . $row['visits_firstname']; ?><br><img src="<?php echo $row['visits_signature']; ?>" width="200" height="50" nonce="<?=$_SESSION['nonce']?>"></img></td>
<td class="small"><?php if (!empty($row['visits_escort'])) {echo $row['visits_escort'] . '<br /><img src="' . $row['visits_escort_signature'] . '" width="200" height="50" nonce="'.$_SESSION['nonce'].'"></img>'; } ?></td>
<td class="small"><?php echo $row['visits_lastname'] . ", " . $row['visits_firstname']; ?><br><img src="<?php echo $row['visits_signature']; ?>" width="200" height="50" nonce="<?=$_SESSION['nonceStr']?>"></img></td>
<td class="small"><?php if (!empty($row['visits_escort'])) {echo $row['visits_escort'] . '<br /><img src="' . $row['visits_escort_signature'] . '" width="200" height="50" nonce="'.$_SESSION['nonceStr'].'"></img>'; } ?></td>
<td class="small">
<?php if($row['visits_approved'] === 2) { ?>
<div>
@@ -992,7 +992,7 @@ if ($db_vendorinfo_workcompleted === 1 && $db_vendorinfo_sitecleanup === 1) { $f
<div class="input-group input-group-sm mb-0">
<span class="input-group-text" data-bs-toggle="datetimepicker" data-target=".datetimepicker-<?php echo $visitid; ?>"><i class="fas fa-clock"></i></span>
<input placeholder="<?php echo $transLang['OPTIONAL']; ?>" name="outtime" type="text" class="form-control form-control-sm bg-white datetimepicker-input datetimepicker-<?php echo $visitid; ?>" id="datetimepicker-<?php echo $visitid; ?>" data-toggle="datetimepicker" data-target=".datetimepicker-<?php echo $visitid; ?>"/>
<script type="text/javascript" nonce="<?=$_SESSION['nonce']?>">
<script type="text/javascript" nonce="<?=$_SESSION['nonceStr']?>">
$(function () {
$('.datetimepicker-<?php echo $visitid; ?>').datetimepicker({'timeZone': '<?php echo $timezone; ?>', 'sideBySide':true, 'format':'YYYY-MM-DD HH:mm:ss', 'allowInputToggle': true });
});
@@ -1015,7 +1015,7 @@ if ($db_vendorinfo_workcompleted === 1 && $db_vendorinfo_sitecleanup === 1) { $f
<input class="form-control form-control-sm bg-white<?php if( isset($id_reference_error) && $id_reference_error === 1 && $_POST['approvevisit'] == $visitid ) { echo " is-invalid"; } ?>" type="text" id="id_reference-<?php echo $visitid; ?>" name="id_reference">
<div class="invalid-feedback"><?php echo $transLang['STR_COMMON_REQUIRED']; ?></div>
</div>
<script type="text/javascript" nonce="<?=$_SESSION['nonce']?>">
<script type="text/javascript" nonce="<?=$_SESSION['nonceStr']?>">
$('#id_type-<?php echo $visitid; ?>').change(function() {
if ($(this).val() === "1") {
$('#ticket-<?php echo $visitid; ?>').show();
@@ -1043,7 +1043,7 @@ if ($db_vendorinfo_workcompleted === 1 && $db_vendorinfo_sitecleanup === 1) { $f
<div id="citizen-ban-<?php echo $visitid; ?>" name="ban-<?php echo $visitid; ?>" class="input-group input-group-sm mb-0">
<span class="badge bg-danger"><?php echo $transLang['STR_COMMON_SANCTIONED']; ?></span>
</div>
<script type="text/javascript" nonce="<?=$_SESSION['nonce']?>">
<script type="text/javascript" nonce="<?=$_SESSION['nonceStr']?>">
$('#citizen-<?php echo $visitid; ?>').change(function() {
var controlbox = $(this);
var isSanctioned = controlbox.find(':selected').data('sanctioned');
@@ -1095,7 +1095,7 @@ if ($db_vendorinfo_workcompleted === 1 && $db_vendorinfo_sitecleanup === 1) { $f
<div class="input-group input-group-sm mb-0">
<span class="input-group-text" data-bs-toggle="datetimepicker" data-target=".datetimepicker-<?php echo $visitid; ?>"><i class="fas fa-clock"></i></span>
<input placeholder="<?php echo $transLang['OPTIONAL']; ?>" name="outtime" type="text" class="form-control form-control-sm bg-white datetimepicker-input datetimepicker-<?php echo $visitid; ?>" id="datetimepicker-<?php echo $visitid; ?>" data-toggle="datetimepicker" data-target=".datetimepicker-<?php echo $visitid; ?>" />
<script type="text/javascript" nonce="<?=$_SESSION['nonce']?>">
<script type="text/javascript" nonce="<?=$_SESSION['nonceStr']?>">
$(function () {
$('.datetimepicker-<?php echo $visitid; ?>').datetimepicker({'sideBySide':true, 'format':'YYYY-MM-DD HH:mm:ss', 'allowInputToggle': true });
});
@@ -1122,7 +1122,7 @@ if ($db_vendorinfo_workcompleted === 1 && $db_vendorinfo_sitecleanup === 1) { $f
<ul class="pagination pagination-sm">
<li class="page-item disabled"><a class="page-link" href="#" tabindex="-1"><?php echo $transLang['STR_COMMON_PAGE']; ?></a></li>
<?php for ($i = 1; $i <= $page_count; $i++): ?>
<li class="page-item<?php if ($i === $page_num): echo ' active'; else: echo ' '; endif; ?>"><a class="page-link" href="<?php echo $_SERVER['PHP_SELF'] . '?pnum=' . $i; ?>"><?php echo $i; ?></a></li>
<li class="page-item<?php if ($i === $page_num): echo ' active'; else: echo ' '; endif; ?>"><a class="page-link" href="<?php echo filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL) . '?pnum=' . $i; ?>"><?php echo $i; ?></a></li>
<?php endfor; ?>
</ul>
</div>