Closed fritzmg closed 1 year ago
Currently CSPBuilder::allowPluginType does not work at all. There are two issues:
CSPBuilder::allowPluginType
compileSubgroup tries to compile the allowed plugin types from the allow sub-key. However that key does not exist, leading to
compileSubgroup
allow
1) ParagonIE\CSPBuilderTest\BasicTest::testAllowPluginType Undefined array key "allow" csp-builder\src\CSPBuilder.php:875 csp-builder\src\CSPBuilder.php:131
The allowed plugin types are actually stored in the types sub-key.
types
preg_replace
enc
This PR implements the following changes:
mime
preg_match
Currently
CSPBuilder::allowPluginType
does not work at all. There are two issues:compileSubgroup
tries to compile the allowed plugin types from theallow
sub-key. However that key does not exist, leading toThe allowed plugin types are actually stored in the
types
sub-key.preg_replace
inenc
will actually remove any valid mime type string.This PR implements the following changes:
enc
method formime
strings is changed to apreg_match
method that will return a valid mime-type definition if found and an empty string if not.compileSubgroup
will return an empty string if no valid plugin type was provided.