restricted) { # access restriction if (!$User->login) { http_response_code(303); $target = urlencode($Page->link); header("Location: /login?goto=$target"); exit; } } # prepare page contents header(sprintf('Content-Security-Policy: %s', implode('; ', [ "default-src 'self' 'unsafe-inline' http://cdn.ckeditor.com", # some overrides remain "img-src 'self' data: blob: http://cdn.ckeditor.com", # inline svg (in css) "base-uri 'self'", # only local pages "frame-ancestors 'none'", # prevent malicious embedding ]))); $Page->place += [ 'user' => $User->login ?: '', 'url' => htmlspecialchars($_SERVER['REQUEST_URI']), ]; if ($User->admin("edit {$Page->link}")) { include_once 'edit/head.inc.php'; } if (isset($Page->raw)) { $Page->raw = '

'."\n\n".$Page->raw."

\n\n"; } # output dynamic and/or static html include_once 'format.inc.php'; ob_start(); if ($Page->handler and !require("./{$Page->handler}/index.php")) { # replace contents by code output on false return $Page->raw = ob_get_clean(); } else { # keep article contents if (!isset($Page->body)) { # no resulting output http_response_code(404); @require '404.inc.html'; $Page->raw = ob_get_clean() . $Page->raw; } } include_once 'page.inc.php';