ncp-web: small fixes

nextcloud · Oct 4, 2017 · 6e129da · 6e129da
1 parent 99126b6
commit 6e129da
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 0 deletions.
diff --git a/ncp-web/ncp-launcher.php b/ncp-web/ncp-launcher.php
@@ -39,6 +39,7 @@
     // checkbox (yes/no) field
     if ( preg_match('/^(\w+)_=(yes|no)$/', $line, $matches) )
     {
+      $checked = "";
       if ( $matches[2] == "yes" )
         $checked = "checked";
       $output = $output . "<tr>";

diff --git a/ncp-web/ncp-output.php b/ncp-web/ncp-output.php
@@ -48,6 +48,12 @@ function follow($file)
   $size = 0;
   while (true) 
   {
+    if ( !file_exists($file) )
+    {
+      usleep(200000); // 0.2s
+      continue;
+    }
+
     clearstatcache();
     $currentSize = filesize($file);
     if ($size == $currentSize) 

diff --git a/ncp-web/wizard/index.php b/ncp-web/wizard/index.php
@@ -9,6 +9,18 @@
 		<link href="CSS/wizard.css" rel="stylesheet">
         <?php 
             session_start();
+
+            // security headers
+            header("Content-Security-Policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; object-src 'self';");
+            header("X-XSS-Protection: 1; mode=block");
+            header("X-Content-Type-Options: nosniff");
+            header("X-Robots-Tag: none");
+            header("X-Permitted-Cross-Domain-Policies: none");
+            header("X-Frame-Options: DENY");
+            header("Cache-Control: max-age=15778463");
+            ini_set('session.cookie_httponly', 1);
+            if ( isset($_SERVER['HTTPS']) )
+              ini_set('session.cookie_secure', 1); 
         ?>
 	</head>
 <body>