* Mon Dec 30 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-33.sme

- host locally flag-icon.min.css 3.5.0 [SME: 12845]
- remove onclick to comply with strict CSP [SME: 12846]
- add CSP rules with specific hash [SME: 12840]
This commit is contained in:
Jean-Philippe Pialasse 2024-12-31 01:25:04 -05:00
parent b58f82a332
commit 58c3f2348a
17 changed files with 119 additions and 66 deletions

View File

@ -39,7 +39,13 @@
$OUT .= "# private access by default\n"; $OUT .= "# private access by default\n";
$OUT .= " Require ip $localAccess $externalSSLAccess\n"; $OUT .= " Require ip $localAccess $externalSSLAccess\n";
} }
$OUT .= " </Location>\n"; # any smanager script or style added in line should be hashed and added here to run in a modern browser
$OUT .= " Header set Content-Security-Policy \"script-src 'self' 'unsafe-eval' 'unsafe-hashes' "
." 'sha256-X8Qwlk0M9iDTQZqFVpbVcThRjBqQXpwTOZCLX8I+Frk=' 'sha256-inQ04nmqTZI75Z5g/tAzjahedNugPFfrhxHyoFezFkM=' 'sha256-5IsIX+Vbow7wwy2RjR3+5X06R/0CQZPkw3OHj/228cM=' 'sha256-tfVskwioRaNsV75h89itf7FujMgIrodfs1Ea4UAJNpE=' 'sha256-P51OyslUh5bGkoWk9qY+o4Su4HuwNFoQcFCeNxF7Ms8=' ; "
." style-src 'self' 'unsafe-hashes' "
." 'sha256-msdEhWmYTu7vqzGaQHDfvy6lzlDsbKkouwvN2R6Co9E=' 'sha256-a1tyxi1vRpW2Q9+0hM+nBA250/jWJlJdeR43c5r90PI=' 'sha256-iYwYhiMcsGmXCUzLEpEzZNz5dINrlkqf1sLbLhEcqGM=' 'sha256-bOTFT8zacR4Rfja/WIKXgAQQXVaPyG3oBlvAhU4ga8g=' 'sha256-2iGOQeZyvW9G2X+8IhZDG+GPRpXQTxUg/2QxdI+dyEg=' 'sha256-CP93jJ1Y8nMwUoDzFbo1srdgsbADPasAc0Wjig1ahpY=' 'sha256-2iGOQeZyvW9G2X+8IhZDG+GPRpXQTxUg/2QxdI+dyEg=' ;"
." \"\n";
$OUT .= " </Location>\n";
# prevent caching of manager files in browser # prevent caching of manager files in browser
$OUT .= " <LocationMatch \"/$place/.+\.(html|cgi)\$\">\n"; $OUT .= " <LocationMatch \"/$place/.+\.(html|cgi)\$\">\n";
$OUT .= " Header set Cache-Control no-store\n"; $OUT .= " Header set Cache-Control no-store\n";

File diff suppressed because one or more lines are too long

View File

@ -33,7 +33,7 @@
%= javascript '/js/buttons.print.min.js' %= javascript '/js/buttons.print.min.js'
%= javascript '/js/flag-by-locale.js' %= javascript '/js/flag-by-locale.js'
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.5.0/css/flag-icon.min.css"> <link rel="stylesheet" href="/smanager/css/flag-icon.min.css">
%= stylesheet '/css/sme-jquery-overrides.css' %= stylesheet '/css/sme-jquery-overrides.css'
<style> <style>
@ -125,4 +125,4 @@
</body> </body>
</html> </html>

View File

@ -51,10 +51,11 @@
%my $csrf_token = "TOKEN"; # CSRF token for security %my $csrf_token = "TOKEN"; # CSRF token for security
%my $domain_name = $domain->{Domain}; # Domain name extracted from the data structure %my $domain_name = $domain->{Domain}; # Domain name extracted from the data structure
%my $actionModify = qq{ %my $actionModify = qq{
% <button type='button' class='sme-modify-button' title='$modify_text' % <a href="domains2?CsrfDef=$csrf_token&trt=UPD&Domain=$domain_name">
% onclick="window.location.href='domains2?CsrfDef=$csrf_token&trt=UPD&Domain=$domain_name'"> % <button type='button' class='sme-modify-button' title='$modify_text' >
% $modify_text % $modify_text
% </button> % </button>
% </a>
%}; %};
%my $removable = ($domain->{Removable} || 'yes'); %my $removable = ($domain->{Removable} || 'yes');
%my $actionRemove = '&nbsp;'; %my $actionRemove = '&nbsp;';
@ -63,10 +64,11 @@
%my $csrf_token = "TOKEN"; # CSRF token for security %my $csrf_token = "TOKEN"; # CSRF token for security
%my $domain_name = $domain->{Domain}; # Domain name extracted from the data structure %my $domain_name = $domain->{Domain}; # Domain name extracted from the data structure
%$actionRemove = qq{ %$actionRemove = qq{
% <button type='button' class='sme-remove-button' title='$remove_text' % <a href="domains2?CsrfDef=$csrf_token&trt=DEL&Domain=$domain_name">
% onclick="window.location.href='domains2?CsrfDef=$csrf_token&trt=DEL&Domain=$domain_name'"> % <button type='button' class='sme-remove-button' title='$remove_text' >
% $remove_text % $remove_text
% </button> % </button>
% </a>
%}; %};
%# $actionRemove = "<a href='domains2?CsrfDef=TOKEN&trt=DEL&Domain=" . $domain->{Domain} . "'>" . "<button class='sme-remove-button' title=".l('REMOVE').">".l('REMOVE')."</button>" . "</a>"; %# $actionRemove = "<a href='domains2?CsrfDef=TOKEN&trt=DEL&Domain=" . $domain->{Domain} . "'>" . "<button class='sme-remove-button' title=".l('REMOVE').">".l('REMOVE')."</button>" . "</a>";
%}; %};
@ -117,4 +119,4 @@
</div> </div>

View File

@ -43,19 +43,21 @@
%my $csrf_token = "TOKEN"; # CSRF token for security %my $csrf_token = "TOKEN"; # CSRF token for security
%my $group_name = $group->key; # group name extracted from the data structure %my $group_name = $group->key; # group name extracted from the data structure
%my $actionModify = qq{ %my $actionModify = qq{
% <button type='button' class='sme-modify-button' title='$modify_text' % <a href="groups2?CsrfDef=$csrf_token&trt=UPD&group=$group_name">
% onclick="window.location.href='groups2?CsrfDef=$csrf_token&trt=UPD&group=$group_name'"> % <button type='button' class='sme-modify-button' title='$modify_text' >
% $modify_text % $modify_text
% </button> % </button>
% </a>
%}; %};
%my $remove_text = l('REMOVE'); # Localized text %my $remove_text = l('REMOVE'); # Localized text
%my $csrf_token = "TOKEN"; # CSRF token for security %my $csrf_token = "TOKEN"; # CSRF token for security
%my $group_name = $group->key; # group name extracted from the data structure %my $group_name = $group->key; # group name extracted from the data structure
%my $actionRemove = qq{ %my $actionRemove = qq{
% <button type='button' class='sme-remove-button' title='$remove_text' % <a href="groups2?CsrfDef=$csrf_token&trt=DEL&group=$group_name">
% onclick="window.location.href='groups2?CsrfDef=$csrf_token&trt=DEL&group=$group_name'"> % <button type='button' class='sme-remove-button' title='$remove_text' >
% $remove_text % $remove_text
% </button> % </button>
% </a>
%}; %};
<%= $c->render_to_string(inline => $actionModify) %> <%= $c->render_to_string(inline => $actionRemove) %> <%= $c->render_to_string(inline => $actionModify) %> <%= $c->render_to_string(inline => $actionRemove) %>
</td> </td>
@ -67,4 +69,4 @@
</p> </p>
</div> </div>

View File

@ -57,19 +57,21 @@
%my $csrf_token = "TOKEN"; # CSRF token for security %my $csrf_token = "TOKEN"; # CSRF token for security
%my $hostentries_name = $_->{'HostName'}; # hostentries name extracted from the data structure %my $hostentries_name = $_->{'HostName'}; # hostentries name extracted from the data structure
%$actionModify = qq{ %$actionModify = qq{
% <button type='button' class='sme-modify-button' title='$modify_text' % <a href="hostentriesd?CsrfDef=$csrf_token&trt=UPD&Hostname=$hostentries_name">
% onclick="window.location.href='hostentriesd?CsrfDef=$csrf_token&trt=UPD&Hostname=$hostentries_name'"> % <button type='button' class='sme-modify-button' title='$modify_text' >
% $modify_text % $modify_text
% </button> % </button>
% </a>
%}; %};
%my $remove_text = l('REMOVE'); # Localized text %my $remove_text = l('REMOVE'); # Localized text
%my $csrf_token = "TOKEN"; # CSRF token for security %my $csrf_token = "TOKEN"; # CSRF token for security
%#my $hostentries_name = $_->{'HostName'}; # hostentries name extracted from the data structure %#my $hostentries_name = $_->{'HostName'}; # hostentries name extracted from the data structure
%$actionRemove = qq{ %$actionRemove = qq{
% <button type='button' class='sme-remove-button' title='$remove_text' % <a href="hostentriesd?CsrfDef=$csrf_token&trt=DEL&Hostname=$hostentries_name">
% onclick="window.location.href='hostentriesd?CsrfDef=$csrf_token&trt=DEL&Hostname=$hostentries_name'"> % <button type='button' class='sme-remove-button' title='$remove_text' >
% $remove_text % $remove_text
% </button> % </button>
% </a>
%}; %};
%} %}
<%= $c->render_to_string(inline => $actionModify) %> <%= $c->render_to_string(inline => $actionRemove) %> <%= $c->render_to_string(inline => $actionModify) %> <%= $c->render_to_string(inline => $actionRemove) %>
@ -79,4 +81,4 @@
</tbody> </tbody>
</table> </table>
% } % }
</div> </div>

View File

@ -53,10 +53,11 @@
%my $csrf_token = "TOKEN"; # CSRF token for security %my $csrf_token = "TOKEN"; # CSRF token for security
%my $ibays_entry_name = $ibay->key; # ibays_entry name extracted from the data structure %my $ibays_entry_name = $ibay->key; # ibays_entry name extracted from the data structure
%$actionModify = qq{ %$actionModify = qq{
% <button type='button' class='sme-modify-button' title='$modify_text' % <a href="ibaysd?CsrfDef=$csrf_token&trt=UPD&ibay=$ibays_entry_name">
% onclick="window.location.href='ibaysd?CsrfDef=$csrf_token&trt=UPD&ibay=$ibays_entry_name'"> % <button type='button' class='sme-modify-button' title='$modify_text' >
% $modify_text % $modify_text
% </button> % </button>
% </a>
%}; %};
%} %}
@ -66,17 +67,19 @@
%my $ibays_entry_name = $ibay->key; # ibays_entry name extracted from the data structure %my $ibays_entry_name = $ibay->key; # ibays_entry name extracted from the data structure
%if ($ibay->prop('PasswordSet') ne 'yes' && $needPassword) { %if ($ibay->prop('PasswordSet') ne 'yes' && $needPassword) {
%$actionResetPw = qq{ %$actionResetPw = qq{
% <button type='button' class='sme-password-button unset' title="$password_text - currently unset" style = background:pink; % <a href="ibaysd?CsrfDef=$csrf_token&trt=PWD&ibay=$ibays_entry_name">
% onclick="window.location.href='ibaysd?CsrfDef=$csrf_token&trt=PWD&ibay=$ibays_entry_name'"> % <button type='button' class='sme-password-button unset' title="$password_text - currently unset" style = background:pink; >
% $password_text % $password_text
% </button> % </button>
% </a>
%}; %};
%} else { %} else {
%$actionResetPw = qq{ %$actionResetPw = qq{
% <button type='button' class='sme-password-button' title='$password_text' % <a href="ibaysd?CsrfDef=$csrf_token&trt=PWD&ibay=$ibays_entry_name">
% onclick="window.location.href='ibaysd?CsrfDef=$csrf_token&trt=PWD&ibay=$ibays_entry_name'"> % <button type='button' class='sme-password-button' title='$password_text' >
% $password_text % $password_text
% </button> % </button>
% </a>
%}; %};
%} %}
@ -87,10 +90,11 @@
%my $csrf_token = "TOKEN"; # CSRF token for security %my $csrf_token = "TOKEN"; # CSRF token for security
%my $ibays_entry_name = $ibay->key; # ibays_entry name extracted from the data structure %my $ibays_entry_name = $ibay->key; # ibays_entry name extracted from the data structure
%$actionRemove = qq{ %$actionRemove = qq{
% <button type='button' class='sme-remove-button' title='$remove_text' % <a href="ibaysd?CsrfDef=$csrf_token&trt=DEL&ibays=$ibays_entry_name">
% onclick="window.location.href='ibaysd?CsrfDef=$csrf_token&trt=DEL&ibays=$ibays_entry_name'"> % <button type='button' class='sme-remove-button' title='$remove_text' >
% $remove_text % $remove_text
% </button> % </button>
% </a>
%}; %};
%} %}
<%= $c->render_to_string(inline => $actionModify) %> <%= $c->render_to_string(inline => $actionModify) %>
@ -104,4 +108,4 @@
<%} %> <%} %>
</div> </div>

View File

@ -30,10 +30,16 @@
</span><br> </span><br>
<span class='data'> <span class='data'>
%= submit_button l('lets_Back'), class => 'action back', onclick =>'history.back()' %my $back_text = l('lets_Back'); # Localized text
%my $actionBack = qq{
% <a href="letsencryptd">
% <input class='action back' type='submit' value='$back_text'>
% </a>
%};
<%= $c->render_to_string(inline => $actionBack) %>
</span> </span>
%# Probably finally by a submit. %# Probably finally by a submit.
%end %end
</div> </div>

View File

@ -30,10 +30,16 @@
</span><br> </span><br>
<span class='data'> <span class='data'>
%= submit_button l('lets_Back'), class => 'action back', onclick =>'history.back()' %my $back_text = l('lets_Back'); # Localized text
%my $actionBack = qq{
% <a href="letsencryptd">
% <input class='action back' type='submit' value='$back_text'>
% </a>
%};
<%= $c->render_to_string(inline => $actionBack) %>
</span> </span>
%# Probably finally by a submit. %# Probably finally by a submit.
%end %end
</div> </div>

View File

@ -37,10 +37,16 @@
</span><br> </span><br>
<span class='data'> <span class='data'>
%= submit_button l('lets_Back'), class => 'action back', onclick =>'history.back()' %my $back_text = l('lets_Back'); # Localized text
%my $actionBack = qq{
% <a href="letsencryptd">
% <input class='action back' type='submit' value='$back_text'>
% </a>
%};
<%= $c->render_to_string(inline => $actionBack) %>
</span> </span>
%# Probably finally by a submit. %# Probably finally by a submit.
%end %end
</div> </div>

View File

@ -89,10 +89,11 @@
%my $local_network_entry = $localnetwork->key; %my $local_network_entry = $localnetwork->key;
%my $csrf_token = "TOKEN"; # CSRF token for security %my $csrf_token = "TOKEN"; # CSRF token for security
%$actionRemove = qq{ %$actionRemove = qq{
% <button type='button' class='sme-remove-button' title='$remove_text' % <a href="localnetworksd?CsrfDef=$csrf_token&trt=DEL&localnetwork=$local_network_entry">
% onclick="window.location.href='localnetworksd?CsrfDef=$csrf_token&trt=DEL&localnetwork=$local_network_entry'"> % <button type='button' class='sme-remove-button' title='$remove_text' >
% $remove_text % $remove_text
% </button> % </button>
% </a>
%}; %};
% } % }
<td class='sme-border'><%= $c->render_to_string(inline => $actionRemove) %></td> <td class='sme-border'><%= $c->render_to_string(inline => $actionRemove) %></td>
@ -102,4 +103,4 @@
</table> </table>
%= hidden_field 'trt' => $ln_datas->{trt} %= hidden_field 'trt' => $ln_datas->{trt}
%} %}
</div> </div>

View File

@ -96,10 +96,11 @@
%my $remove_text = l('REMOVE'); # Localized text %my $remove_text = l('REMOVE'); # Localized text
%my $csrf_token = "TOKEN"; # CSRF token for security %my $csrf_token = "TOKEN"; # CSRF token for security
%my $actionRemove = qq{ %my $actionRemove = qq{
% <button type='button' class='sme-remove-button' title='$remove_text' % <a href="portforwardingd?CsrfDef=$csrf_token&trt=DEL&sport=$sport&proto=$proto">
% onclick="window.location.href='portforwardingd?CsrfDef=$csrf_token&trt=DEL&sport=$sport&proto=$proto'"> % <button type='button' class='sme-remove-button' title='$remove_text' >
% $remove_text % $remove_text
% </button> % </button>
% </a>
%}; %};
<%= $c->render_to_string(inline => $actionRemove) %> <%= $c->render_to_string(inline => $actionRemove) %>
</td> </td>
@ -112,4 +113,4 @@
</table> </table>
%= hidden_field 'trt' => $pf_datas->{trt} %= hidden_field 'trt' => $pf_datas->{trt}
</div> </div>

View File

@ -62,10 +62,11 @@
%my $csrf_token = "TOKEN"; # CSRF token for security %my $csrf_token = "TOKEN"; # CSRF token for security
%my $printer_name = $printer->key; %my $printer_name = $printer->key;
%my $actionRemove = qq{ %my $actionRemove = qq{
% <button type='button' class='sme-remove-button' title='$remove_text' % <a href="printers2?CsrfDef=$csrf_token&trt=DEL&&printer=$printer_name">
% onclick="window.location.href='printers2?CsrfDef=$csrf_token&trt=DEL&&printer=$printer_name'"> % <button type='button' class='sme-remove-button' title='$remove_text' >
% $remove_text % $remove_text
% </button> % </button>
% </a>
%}; %};
<%= $c->render_to_string(inline => $actionRemove) %> <%= $c->render_to_string(inline => $actionRemove) %>
</td> </td>
@ -77,4 +78,4 @@
</p> </p>
</div> </div>

View File

@ -61,10 +61,11 @@
%my $csrf_token = "TOKEN"; # CSRF token for security %my $csrf_token = "TOKEN"; # CSRF token for security
%my $pseudonyms_entry_name = $pseudonym->key; # pseudonyms_entry name extracted from the data structure %my $pseudonyms_entry_name = $pseudonym->key; # pseudonyms_entry name extracted from the data structure
%$actionModify = qq{ %$actionModify = qq{
% <button type='button' class='sme-modify-button' title='$modify_text' % <a href="pseudonyms2?CsrfDef=$csrf_token&trt=UPD&pseudonym=$pseudonyms_entry_name">
% onclick="window.location.href='pseudonyms2?CsrfDef=$csrf_token&trt=UPD&pseudonym=$pseudonyms_entry_name'"> % <button type='button' class='sme-modify-button' title='$modify_text' >
% $modify_text % $modify_text
% </button> % </button>
% </a>
%}; %};
%} %}
@ -73,10 +74,11 @@
%my $csrf_token = "TOKEN"; # CSRF token for security %my $csrf_token = "TOKEN"; # CSRF token for security
%my $pseudonyms_entry_name = $pseudonym->key; # pseudonyms_entry name extracted from the data structure %my $pseudonyms_entry_name = $pseudonym->key; # pseudonyms_entry name extracted from the data structure
%$actionRemove = qq{ %$actionRemove = qq{
% <button type='button' class='sme-remove-button' title='$remove_text' % <a href="pseudonyms2?CsrfDef=$csrf_token&trt=DEL&pseudonym=$pseudonyms_entry_name">
% onclick="window.location.href='pseudonyms2?CsrfDef=$csrf_token&trt=DEL&pseudonym=$pseudonyms_entry_name'"> % <button type='button' class='sme-remove-button' title='$remove_text' >
% $remove_text % $remove_text
% </button> % </button>
% </a>
%}; %};
%} %}
<%= $c->render_to_string(inline => $actionModify) %> <%= $c->render_to_string(inline => $actionRemove) %> <%= $c->render_to_string(inline => $actionModify) %> <%= $c->render_to_string(inline => $actionRemove) %>
@ -91,4 +93,4 @@
</div> </div>

View File

@ -62,10 +62,11 @@
%my $csrf_token = "TOKEN"; # CSRF token for security %my $csrf_token = "TOKEN"; # CSRF token for security
%my $quota_user_name = $user->key; # quotas_entry name extracted from the data structure %my $quota_user_name = $user->key; # quotas_entry name extracted from the data structure
%my $actionModify = qq{ %my $actionModify = qq{
% <button type='button' class='sme-modify-button' title='$modify_text' % <a href="quotad?CsrfDef=$csrf_token&trt=UPD&user=$quota_user_name">
% onclick="window.location.href='quotad?CsrfDef=$csrf_token&trt=UPD&user=$quota_user_name'"> % <button type='button' class='sme-modify-button' title='$modify_text' >
% $modify_text % $modify_text
% </button> % </button>
% </a>
%}; %};
<%= $c->render_to_string(inline => $actionModify) %> <%= $c->render_to_string(inline => $actionModify) %>
</td> </td>
@ -78,4 +79,4 @@
%= hidden_field 'trt' => $quo_datas->{trt} %= hidden_field 'trt' => $quo_datas->{trt}
</div> </div>

View File

@ -66,52 +66,58 @@
%my $password_text = l("PASSWORD_RESET"); %my $password_text = l("PASSWORD_RESET");
%if ($useraccounts_user_name eq 'admin') { %if ($useraccounts_user_name eq 'admin') {
%$actionModify = qq{ %$actionModify = qq{
% <button type='button' class='sme-modify-button' title='$modify_text' % <a href="useraccountsd?CsrfDef=$csrf_token&trt=UPS&user=$useraccounts_user_name">
% onclick="window.location.href='useraccountsd?CsrfDef=$csrf_token&trt=UPS&user=$useraccounts_user_name'"> % <button type='button' class='sme-modify-button' title='$modify_text'>
% $modify_text % $modify_text
% </button> % </button>
% </a>
%}; %};
%} else { %} else {
%$actionModify = qq{ %$actionModify = qq{
% <button type='button' class='sme-modify-button' title='$modify_text' % <a href="useraccountsd?CsrfDef=$csrf_token&trt=UPD&user=$useraccounts_user_name">
% onclick="window.location.href='useraccountsd?CsrfDef=$csrf_token&trt=UPD&user=$useraccounts_user_name'"> % <button type='button' class='sme-modify-button' title='$modify_text' >
% $modify_text % $modify_text
% </button> % </button>
% </a>
%}; %};
%} %}
%if ($password_set ne 'yes') { %if ($password_set ne 'yes') {
%$actionLock = l('ACCOUNT_LOCKED'); %$actionLock = l('ACCOUNT_LOCKED');
%$actionResetPw = qq{ %$actionResetPw = qq{
% <button type='button' class='sme-password-button unset' title="$password_text - currently unset" style = background:pink; % <a href="useraccountsd?CsrfDef=$csrf_token&trt=PWD&user=$useraccounts_user_name">
% onclick="window.location.href='useraccountsd?CsrfDef=$csrf_token&trt=PWD&user=$useraccounts_user_name'"> % <button type='button' class='sme-password-button unset' title="$password_text - currently unset" style = background:pink; >
% $password_text % $password_text
% </button> % </button>
% </a>
%}; %};
%} else { %} else {
%my $lock_text = l('ACCOUNT LOCKED'); # Localized text %my $lock_text = l('ACCOUNT LOCKED'); # Localized text
%my $csrf_token = "TOKEN"; # CSRF token for security %my $csrf_token = "TOKEN"; # CSRF token for security
%my $useraccounts_user_name = $user->key; # useraccountss_entry name extracted from the data structure %my $useraccounts_user_name = $user->key; # useraccountss_entry name extracted from the data structure
%$actionLock = qq{ %$actionLock = qq{
% <button type='button' class='sme-lock-button' title='$lock_text' % <a href="useraccountsd?CsrfDef=$csrf_token&trt=LCK&user=$useraccounts_user_name">
% onclick="window.location.href='useraccountsd?CsrfDef=$csrf_token&trt=LCK&user=$useraccounts_user_name'"> % <button type='button' class='sme-lock-button' title='$lock_text' >
% $lock_text % $lock_text
% </button> % </button>
% </a>
%}; %};
%$actionResetPw = qq{ %$actionResetPw = qq{
% <button type='button' class='sme-password-button' title='$password_text' % <a href="useraccountsd?CsrfDef=$csrf_token&trt=PWD&user=$useraccounts_user_name">
% onclick="window.location.href='useraccountsd?CsrfDef=$csrf_token&trt=PWD&user=$useraccounts_user_name'"> % <button type='button' class='sme-password-button' title='$password_text' >
% $password_text % $password_text
% </button> % </button>
% </a>
%}; %};
%} %}
%if ( $removable eq 'yes' ) { %if ( $removable eq 'yes' ) {
%my $remove_text = l('REMOVE'); # Localized text %my $remove_text = l('REMOVE'); # Localized text
%my $csrf_token = "TOKEN"; # CSRF token for security %my $csrf_token = "TOKEN"; # CSRF token for security
%$actionRemove = qq{ %$actionRemove = qq{
% <button type='button' class='sme-remove-button' title='$remove_text' % <a href="useraccountsd?CsrfDef=$csrf_token&trt=DEL&user=$useraccounts_user_name">
% onclick="window.location.href='useraccountsd?CsrfDef=$csrf_token&trt=DEL&user=$useraccounts_user_name'"> % <button type='button' class='sme-remove-button' title='$remove_text' >
% $remove_text % $remove_text
% </button> % </button>
% </a>
%}; %};
%} %}
@ -121,10 +127,11 @@
%my $csrf_token = "TOKEN"; # CSRF token for security %my $csrf_token = "TOKEN"; # CSRF token for security
%my $useraccounts_user_name = $user->key; # useraccountss_entry name extracted from the data structure %my $useraccounts_user_name = $user->key; # useraccountss_entry name extracted from the data structure
%$actionroundcube = qq{ %$actionroundcube = qq{
% <button type='button' class='sme-email-button' title='$roundcube_text' % <a href="roundcubepanel?CsrfDef=$csrf_token&url=https://$thisdomain/roundcube?_user=$useraccounts_user_name">
% onclick="window.location.href='roundcubepanel?CsrfDef=$csrf_token&url=https://$thisdomain/roundcube?_user=$useraccounts_user_name'"> % <button type='button' class='sme-email-button' title='$roundcube_text' >
% $roundcube_text % $roundcube_text
% </button> % </button>
% </a>
%}; %};
<td class='sme-border' style="min-width:35em"> <td class='sme-border' style="min-width:35em">
@ -143,4 +150,4 @@
%= hidden_field 'trt' => $usr_datas->{trt} %= hidden_field 'trt' => $usr_datas->{trt}
</div> </div>

View File

@ -2,7 +2,7 @@ Summary: Sme server navigation module : manager 2
%define name smeserver-manager %define name smeserver-manager
Name: %{name} Name: %{name}
%define version 11.0.0 %define version 11.0.0
%define release 32 %define release 33
Version: %{version} Version: %{version}
Release: %{release}%{?dist} Release: %{release}%{?dist}
License: GPL License: GPL
@ -115,6 +115,11 @@ true
%defattr(-,root,root) %defattr(-,root,root)
%changelog %changelog
* Mon Dec 30 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-33.sme
- host locally flag-icon.min.css 3.5.0 [SME: 12845]
- remove onclick to comply with strict CSP [SME: 12846]
- add CSP rules with specific hash [SME: 12840]
* Wed Dec 18 2024 Brian Read <brianr@koozali.org> 11.0.0-32.sme * Wed Dec 18 2024 Brian Read <brianr@koozali.org> 11.0.0-32.sme
- Fix for User and localnetwork panel [SME: 6278] - Fix for User and localnetwork panel [SME: 6278]
- Fix menu entry for proxy to stop it moving - Fix menu entry for proxy to stop it moving