Home Explore Help
Register Sign In
NSHkD
/
Gazelle
forked from Oppaitime/Gazelle
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Add sub-resource integrity to scripts 

This is not particularly useful but it was fun
spaghetti 8 years ago
parent
69de846618
commit
60ed8ef00d
3 changed files with 37 additions and 33 deletions
Split View Show Diff Stats
  1. 3
    0
      classes/config.template
  2. 20
    26
      design/privateheader.php
  3. 14
    7
      design/publicheader.php

+ 3
- 0
classes/config.template View File 

@@ -23,6 +23,9 @@ define('API_KEYS', ['ANIDB' => 'AAAAAAAAAAAAAAAA']);
23 23 
 // Allows you to run static content off another server. Default is usually what you want.
24 24 
 define('STATIC_SERVER', 'static/');
25 25
26 
+// The hashing algorithm used for SRI
27 
+define('INTEGRITY_ALGO', 'sha256');
28 
+
26 29 
 // Keys
27 30 
 define('ENCKEY',       'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'); //Random key. The key for encryption
28 31 
 define('SCHEDULE_KEY', 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'); // Random key. This key must be the argument to schedule.php for the schedule to work.

+ 20
- 26
design/privateheader.php View File 

@@ -60,30 +60,24 @@ if ($UseTooltipster) { ?>
60 60 
   <link rel="stylesheet" href="<?=STATIC_SERVER?>styles/tooltipster/style.css?v=<?=filemtime(SERVER_ROOT.'/static/styles/tooltipster/style.css')?>" type="text/css" media="screen" />
61 61 
 <?
62 62 
 }
63 
-if ($Mobile) { ?>
64 
-  <meta name="viewport" content="width=device-width; initial-scale=1.0; maximum-scale=1.0, user-scalable=no;" />
65 
-  <link rel="stylesheet" type="text/css" href="<?=STATIC_SERVER ?>styles/mobile/style.css" />
66 
-<?
67 
-} else {
68 
-  if (empty(G::$LoggedUser['StyleURL'])) {
63 
+if (empty(G::$LoggedUser['StyleURL'])) {
69 64 
 ?>
70 
-  <link rel="stylesheet" type="text/css" title="<?=G::$LoggedUser['StyleName']?>" media="screen"
71 
-      href="<?=STATIC_SERVER?>styles/<?=G::$LoggedUser['StyleName']?>/style.css?v=<?=filemtime(SERVER_ROOT.'/static/styles/'.G::$LoggedUser['StyleName'].'/style.css')?>" />
65 
+<link rel="stylesheet" type="text/css" title="<?=G::$LoggedUser['StyleName']?>" media="screen"
66 
+    href="<?=STATIC_SERVER?>styles/<?=G::$LoggedUser['StyleName']?>/style.css?v=<?=filemtime(SERVER_ROOT.'/static/styles/'.G::$LoggedUser['StyleName'].'/style.css')?>" />
72 67 
 <?
68 
+} else {
69 
+  $StyleURLInfo = parse_url(G::$LoggedUser['StyleURL']);
70 
+  if (substr(G::$LoggedUser['StyleURL'], -4) == '.css'
71 
+      && empty($StyleURLInfo['query']) && empty($StyleURLInfo['fragment'])
72 
+      && ($StyleURLInfo['host'] == SITE_DOMAIN)
73 
+      && file_exists(SERVER_ROOT.$StyleURLInfo['path'])) {
74 
+    $StyleURL = G::$LoggedUser['StyleURL'].'?v='.filemtime(SERVER_ROOT.$StyleURLInfo['path']);
73 75 
   } else {
74 
-    $StyleURLInfo = parse_url(G::$LoggedUser['StyleURL']);
75 
-    if (substr(G::$LoggedUser['StyleURL'], -4) == '.css'
76 
-        && empty($StyleURLInfo['query']) && empty($StyleURLInfo['fragment'])
77 
-        && ($StyleURLInfo['host'] == SITE_DOMAIN)
78 
-        && file_exists(SERVER_ROOT.$StyleURLInfo['path'])) {
79 
-      $StyleURL = G::$LoggedUser['StyleURL'].'?v='.filemtime(SERVER_ROOT.$StyleURLInfo['path']);
80 
-    } else {
81 
-      $StyleURL = G::$LoggedUser['StyleURL'];
82 
-    }
76 
+    $StyleURL = G::$LoggedUser['StyleURL'];
77 
+  }
83 78 
 ?>
84 
-  <link rel="stylesheet" type="text/css" media="screen" href="<?=$StyleURL?>" title="External CSS" />
79 
+<link rel="stylesheet" type="text/css" media="screen" href="<?=$StyleURL?>" title="External CSS" />
85 80 
 <?
86 
-  }
87 81 
 }
88 82 
 $ExtraCSS = explode(',', $CSSIncludes);
89 83 
 foreach ($ExtraCSS as $CSS) {
 
@@ -110,14 +104,14 @@ foreach ($Scripts as $Script) {
110 104 
   if (trim($Script) == '') {
111 105 
     continue;
112 106 
   }
107 
+  if (($ScriptStats = G::$Cache->get_value("script_stats_$Script")) === false || $ScriptStats['mtime'] != filemtime(STATIC_SERVER."functions/$Script.js")) {
108 
+    $ScriptStats['mtime'] = filemtime(STATIC_SERVER."functions/$Script.js");
109 
+    $ScriptStats['hash'] = base64_encode(hash_file(INTEGRITY_ALGO, STATIC_SERVER."functions/$Script.js", true));
110 
+    $ScriptStats['algo'] = INTEGRITY_ALGO;
111 
+    G::$Cache->cache_value("script_stats_$Script", $ScriptStats);
112 
+  }
113 113 
 ?>
114 
-  <script
115 
-      src="<?=STATIC_SERVER?>functions/<?=$Script?>.js?v=<?=filemtime(SERVER_ROOT.'/static/functions/'.$Script.'.js')?>"
116 
-      type="text/javascript"></script>
117 
-<?
118 
-}
119 
-if ($Mobile) { ?>
120 
-  <script src="<?=STATIC_SERVER?>styles/mobile/style.js" type="text/javascript"></script>
114 
+  <script src="<?=STATIC_SERVER."functions/$Script.js?v=$ScriptStats[mtime]"?>" type="text/javascript" integrity="<?="$ScriptStats[algo]-$ScriptStats[hash]"?>"></script>
121 115 
 <?
122 116 
 }
123 117

+ 14
- 7
design/publicheader.php View File 

@@ -9,13 +9,20 @@ define('FOOTER_FILE',SERVER_ROOT.'/design/publicfooter.php');
9 9 
   <meta http-equiv="X-UA-Compatible" content="chrome=1; IE=edge" />
10 10 
   <link rel="shortcut icon" href="favicon.ico?v=<?=md5_file('favicon.ico');?>" />
11 11 
   <link href="<?=STATIC_SERVER ?>styles/public/style.css?v=<?=filemtime(SERVER_ROOT.'/static/styles/public/style.css')?>" rel="stylesheet" type="text/css" />
12 
-  <script src="<?=STATIC_SERVER?>functions/jquery.js" type="text/javascript"></script>
13 
-  <script src="<?=STATIC_SERVER?>functions/script_start.js?v=<?=filemtime(SERVER_ROOT.'/static/functions/script_start.js')?>" type="text/javascript"></script>
14 
-  <script src="<?=STATIC_SERVER?>functions/ajax.class.js?v=<?=filemtime(SERVER_ROOT.'/static/functions/ajax.class.js')?>" type="text/javascript"></script>
15 
-  <script src="<?=STATIC_SERVER?>functions/cookie.class.js?v=<?=filemtime(SERVER_ROOT.'/static/functions/cookie.class.js')?>" type="text/javascript"></script>
16 
-  <script src="<?=STATIC_SERVER?>functions/storage.class.js?v=<?=filemtime(SERVER_ROOT.'/static/functions/storage.class.js')?>" type="text/javascript"></script>
17 
-  <script src="<?=STATIC_SERVER?>functions/global.js?v=<?=filemtime(SERVER_ROOT.'/static/functions/global.js')?>" type="text/javascript"></script>
18 
-<? $img = array_diff(scandir(SERVER_ROOT.'/misc/bg', 1), array('.', '..')); ?>
12 
+<?
13 
+  $Scripts = ['jquery', 'script_start', 'ajax.class', 'cookie.class', 'storage.class', 'global'];
14 
+  foreach($Scripts as $Script) {
15 
+    if (($ScriptStats = G::$Cache->get_value("script_stats_$Script")) === false || $ScriptStats['mtime'] != filemtime(STATIC_SERVER."functions/$Script.js")) {
16 
+      $ScriptStats['mtime'] = filemtime(STATIC_SERVER."functions/$Script.js");
17 
+      $ScriptStats['hash'] = base64_encode(hash_file(INTEGRITY_ALGO, STATIC_SERVER."functions/$Script.js", true));
18 
+      $ScriptStats['algo'] = INTEGRITY_ALGO;
19 
+      G::$Cache->cache_value("script_stats_$Script", $ScriptStats);
20 
+    }
21 
+?>
22 
+    <script src="<?=STATIC_SERVER."functions/$Script.js?v=$ScriptStats[mtime]"?>" type="text/javascript" integrity="<?="$ScriptStats[algo]-$ScriptStats[hash]"?>"></script>
23 
+<?
24 
+  }
25 
+  $img = array_diff(scandir(SERVER_ROOT.'/misc/bg', 1), array('.', '..')); ?>
19 26 
   <style> #content { background-image: url(<? echo("'/misc/bg/" . $img[rand(0,count($img)-1)] . "'"); ?>); }</style>
20 27 
 </head>
21 28 
 <body>

Write Preview
Loading…
Cancel
Save