Difference between revisions for Users / Eo Ny / dev




← Previous edit
Revision 7 as of 05/05/2026 19:23
10 05/05/2026 19:27 WikiAdmin 9 05/05/2026 19:25 WikiAdmin 8 05/05/2026 19:24 WikiAdmin 7 05/05/2026 19:23 WikiAdmin 6 05/05/2026 19:21 EoNy 5 05/05/2026 19:11 EoNy 4 05/05/2026 19:10 EoNy 3 05/05/2026 19:10 EoNy 2 05/05/2026 19:08 EoNy 1 05/05/2026 19:06 EoNy

(14.8 KiB)
WikiAdmin
 Next edit →
Revision 11 as of 05/05/2026 19:28
18 05/21/2026 16:12 WikiAdmin 17 05/18/2026 15:15 WikiAdmin 16 05/18/2026 05:05 WikiAdmin 15 05/18/2026 05:04 WikiAdmin 14 05/17/2026 21:10 WikiAdmin 13 05/05/2026 19:29 EoNy 12 05/05/2026 19:28 WikiAdmin 11 05/05/2026 19:28 WikiAdmin 10 05/05/2026 19:27 WikiAdmin 9 05/05/2026 19:25 WikiAdmin 8 05/05/2026 19:24 WikiAdmin

(17.6 KiB) +2,875
WikiAdmin

Additions:

Public Properties

Property Type Description
$tls_session bool Indicates if the current session uses HTTPS/TLS encryption
$request_uri string Normalized REQUEST_URI (e.g., 'PageOfNoReturn/show?a=1')
$ip string Client's real IP address (accounts for proxies)
$sess Session Reference to the Session object
$method string Current HTTP method/request type

Private Properties

Property Type Description
$db object Database connection reference
$tls_mark string Cookie name for TLS session marking
$page string Current page name being processed
$hash string SHA1 hash of the page name
$query string Encoded query string
$lang string Current language code
$file string Cache file path
$caching int Flag indicating if page should be cached (0 or 1)

http_security_headers(): void

Sets security-related HTTP headers.
Header Purpose Config Key
Content-Security-Policy XSS/injection protection csp
Permissions-Policy Control browser features permissions_policy
Referrer-Policy Control referrer information referrer_policy
Strict-Transport-Security Force HTTPS Auto (TLS only)
X-Frame-Options Clickjacking protection Hardcoded: SAMEORIGIN
X-Content-Type-Options MIME sniffing prevention Hardcoded: nosniff
CSP Configuration Options:
  • 0 - Disabled
  • 1 - Default policy (from csp.conf)
  • 2 - Custom policy (from csp_custom.conf)

Configuration Dependencies

The class relies on these database configuration settings:
Setting Type Purpose
base_url string Wiki's base URL
tls bool Enable HTTPS enforcement
cache bool Enable page caching
cache_ttl int Cache lifetime in seconds
session_store int 1=File, 0=Database
system_seed_hash string Session encryption seed
cookie_prefix string Session cookie prefix
cookie_path string Cookie path
allow_persistent_cookie bool Allow persistent login
session_length int Session lifetime in seconds
reverse_proxy_addresses string Comma/space-separated proxy IPs
reverse_proxy_header string Custom X-Forwarded header
language string Default language code
multilanguage bool Enable language negotiation
allowed_languages string Comma/space-separated allowed langs
enable_security_headers bool Send security headers
csp int CSP setting (0/1/2)
permissions_policy int Permissions-Policy setting (0/1/2)
referrer_policy int Referrer-Policy setting (0-8)

Deletions:

Public Properties

Private Properties

http_security_headers(): void

Configuration Dependencies