summaryrefslogtreecommitdiff
path: root/app/Core
diff options
context:
space:
mode:
Diffstat (limited to 'app/Core')
-rw-r--r--app/Core/Response.php2
-rw-r--r--app/Core/Session.php6
-rw-r--r--app/Core/Tool.php23
-rw-r--r--app/Core/Translator.php53
4 files changed, 49 insertions, 35 deletions
diff --git a/app/Core/Response.php b/app/Core/Response.php
index 1ccf9f5e..347cdde7 100644
--- a/app/Core/Response.php
+++ b/app/Core/Response.php
@@ -246,7 +246,7 @@ class Response
*/
public function hsts()
{
- if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
+ if (Tool::isHTTPS()) {
header('Strict-Transport-Security: max-age=31536000');
}
}
diff --git a/app/Core/Session.php b/app/Core/Session.php
index f072350d..c824ba64 100644
--- a/app/Core/Session.php
+++ b/app/Core/Session.php
@@ -13,9 +13,11 @@ class Session
/**
* Sesion lifetime
*
+ * http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
+ *
* @var integer
*/
- const SESSION_LIFETIME = 7200; // 2 hours
+ const SESSION_LIFETIME = 0; // Until the browser is closed
/**
* Open a session
@@ -35,7 +37,7 @@ class Session
self::SESSION_LIFETIME,
$base_path ?: '/',
null,
- ! empty($_SERVER['HTTPS']),
+ Tool::isHTTPS(),
true
);
diff --git a/app/Core/Tool.php b/app/Core/Tool.php
index 85b684e2..e54a0d3b 100644
--- a/app/Core/Tool.php
+++ b/app/Core/Tool.php
@@ -32,6 +32,15 @@ class Tool
}
}
+ /**
+ * Load and register a model
+ *
+ * @static
+ * @access public
+ * @param Core\Registry $registry DPI container
+ * @param string $name Model name
+ * @return mixed
+ */
public static function loadModel(Registry $registry, $name)
{
if (! isset($registry->$name)) {
@@ -41,4 +50,18 @@ class Tool
return $registry->shared($name);
}
+
+ /**
+ * Check if the page is requested through HTTPS
+ *
+ * Note: IIS return the value 'off' and other web servers an empty value when it's not HTTPS
+ *
+ * @static
+ * @access public
+ * @return boolean
+ */
+ public static function isHTTPS()
+ {
+ return isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== '' && $_SERVER['HTTPS'] !== 'off';
+ }
}
diff --git a/app/Core/Translator.php b/app/Core/Translator.php
index c34a40ba..43e934a9 100644
--- a/app/Core/Translator.php
+++ b/app/Core/Translator.php
@@ -27,58 +27,47 @@ class Translator
private static $locales = array();
/**
- * Flag to enable HTML escaping
+ * Get a translation
*
- * @static
- * @access private
- * @var boolean
- */
- private static $enable_escaping = true;
-
- /**
- * Disable HTML escaping for translations
+ * $translator->translate('I have %d kids', 5);
*
- * @static
* @access public
+ * @param string $identifier Default string
+ * @return string
*/
- public static function disableEscaping()
+ public function translate($identifier)
{
- self::$enable_escaping = false;
- }
+ $args = func_get_args();
- /**
- * Enable HTML escaping for translations
- *
- * @static
- * @access public
- */
- public static function enableEscaping()
- {
- self::$enable_escaping = true;
+ array_shift($args);
+ array_unshift($args, $this->get($identifier, $identifier));
+
+ foreach ($args as &$arg) {
+ $arg = htmlspecialchars($arg, ENT_QUOTES, 'UTF-8', false);
+ }
+
+ return call_user_func_array(
+ 'sprintf',
+ $args
+ );
}
/**
- * Get a translation
+ * Get a translation with no HTML escaping
*
- * $translator->translate('I have %d kids', 5);
+ * $translator->translateNoEscaping('I have %d kids', 5);
*
* @access public
- * @param $identifier
+ * @param string $identifier Default string
* @return string
*/
- public function translate($identifier)
+ public function translateNoEscaping($identifier)
{
$args = func_get_args();
array_shift($args);
array_unshift($args, $this->get($identifier, $identifier));
- if (self::$enable_escaping) {
- foreach ($args as &$arg) {
- $arg = htmlspecialchars($arg, ENT_QUOTES, 'UTF-8', false);
- }
- }
-
return call_user_func_array(
'sprintf',
$args
generated by cgit v1.2.3 (git 2.46.0) at 2025-02-22 17:04:38 +0000