Skip to content

Commit

Permalink
refs #257 allow eval script for amount calculation
Browse files Browse the repository at this point in the history 
Signed-off-by: Julien Veyssier <[email protected]>
  • Loading branch information
@julien-nc
julien-nc committed Feb 4, 2024
1 parent eca3688 commit 7ef32cc
Showing 1 changed file with 12 additions and 1 deletion.
13 changes: 12 additions & 1 deletion lib/Controller/PageController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\ContentSecurityPolicy;
use OCP\AppFramework\Http\DataDisplayResponse;
use OCP\AppFramework\Http\NotFoundResponse;
use OCP\AppFramework\Http\Response;
Expand Down Expand Up @@ -73,7 +74,11 @@ public function index(?string $projectId = null, ?int $billId = null): TemplateR
$this->initialStateService->provideInitialState('pathProjectId', $projectId ?? '');
$this->initialStateService->provideInitialState('pathBillId', $billId ?? 0);
$this->eventDispatcher->dispatchTyped(new RenderReferenceEvent());
return new TemplateResponse('cospend', 'main');
$response = new TemplateResponse('cospend', 'main');
$csp = new ContentSecurityPolicy();
$csp->allowEvalScript();
$response->setContentSecurityPolicy($csp);
return $response;
}

/**
Expand Down Expand Up @@ -190,6 +195,9 @@ public function publicShareLinkPage(string $token): TemplateResponse {
$this->initialStateService->provideInitialState('password', 'nopass');

$response = new PublicTemplateResponse('cospend', 'main', []);
$csp = new ContentSecurityPolicy();
$csp->allowEvalScript();
$response->setContentSecurityPolicy($csp);
$response->setHeaderDetails($this->trans->t('Project %s', [$publicShareInfo['projectid']]));
}
$response->setHeaderTitle($this->trans->t('Cospend shared link access'));
Expand Down Expand Up @@ -231,6 +239,9 @@ public function pubProject(string $token, ?string $password = null): TemplateRes
$response->setHeaderTitle($this->trans->t('Cospend shared link access'));
$response->setHeaderDetails($this->trans->t('Project %s', [$info['projectid']]));
$response->setFooterVisible(false);
$csp = new ContentSecurityPolicy();
$csp->allowEvalScript();
$response->setContentSecurityPolicy($csp);
return $response;
} elseif (!is_null($info['projectid'] ?? null)) {
// good token, incorrect password
Expand Down

0 comments on commit 7ef32cc

Please sign in to comment.