Skip to content
This repository has been archived by the owner on Aug 12, 2024. It is now read-only.

Commit

Permalink
fix: To media_url() helper; Replace sha384- in CSP header (#97)
Browse files Browse the repository at this point in the history
* And, upgrade legacy Google Analytics javascript to fix `http://` image
* docs: Update PHP version in README
  • Loading branch information
nfreear committed Jun 2, 2021
1 parent f8b60dc commit e77a852
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 6 deletions.
2 changes: 1 addition & 1 deletion .sams
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
#Content-Security-Policy Edited 01/06/2021 N.Freear
####
<IfModule mod_headers.c>
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' https://*.open.ac.uk https://*.google-analytics.com ; font-src 'self' https://*.open.ac.uk https://*.bootstrapcdn.com ; frame-ancestors 'self' https://*.open.ac.uk http://*.open.ac.uk https://*.open.edu https://*.openartsarchive.org ; object-src 'none' ; script-src 'self' 'unsafe-inline' https://*.open.ac.uk https://*.google-analytics.com 'sha384-nvAa0+6Qg9clwYCGGPpDQLVpLNn0fRaROjHqs13t4Ggj3Ez50XnGQqc/r8MhnRDZ' ;"
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' https://*.open.ac.uk https://*.google-analytics.com ; font-src 'self' https://*.open.ac.uk https://*.bootstrapcdn.com ; frame-ancestors 'self' https://*.open.ac.uk http://*.open.ac.uk https://*.open.edu https://*.openartsarchive.org ; object-src 'none' ; script-src 'self' 'unsafe-inline' https://*.open.ac.uk https://*.googleapis.com https://*.google-analytics.com ;"
</IfModule>
#####

Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ See the [open source project](https://iet-ou.github.io/open-media-player/).
## Requirements

* Linux, Mac OS X or Windows
* PHP 5.3.3+ (cURL, SimpleXML)
* PHP 7.2+ (cURL, SimpleXML)
* Apache 2.2+ (mod_rewrite)


Expand Down
4 changes: 2 additions & 2 deletions application/helpers/ouplayer_helper.php
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ function site_url($uri = '')
function media_url($uri, $return = false) {
$CI =& get_instance();
$media_url_regex = $CI->config->item('https_media_url_regex');
$media_url = preg_replace($media_url_regex, '//$1', $uri);
$media_url = preg_replace($media_url_regex, 'https://$1', $uri);
if ($return) {
return $media_url;
}
Expand Down Expand Up @@ -197,7 +197,7 @@ function cache_time($key) {
$CI =& get_instance();
$CI->load->driver('cache', array('adapter'=>'file'));
$stat = $CI->cache->get_metadata($key);

#var_dump($stat);
return $stat['mtime'];
}
17 changes: 15 additions & 2 deletions application/views/ouplayer/oup_analytics.php
Original file line number Diff line number Diff line change
Expand Up @@ -64,18 +64,31 @@ function sitestat(u){
$ga_path .= trim($po->path, '/ ') .'!';
}
?>
<!-- Google Analytics -->
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');

ga('create', 'UA-XXXXX-Y', 'auto');
ga('send', 'pageview');
</script>
<!-- End Google Analytics -->

<?php /* LEGACY - To Delete! <script>
var _gaq = _gaq || [];
_gaq.push(['_setAccount', '<?php echo $google_analytics ?>']);
_gaq.push(['_trackPageview', '<?php echo $ga_path ?>']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = 'https://www.google-analytics.com/ga.js';
<?php /* WAS: ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; */ ?>
<?php /* WAS: ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; *-/ ?>
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
</script> */ ?>

<?php endif; ?>

<?php endif; ?>

0 comments on commit e77a852

Please sign in to comment.