ncp-web: small fixes

2026-01-10 15:12:01 -03:30 · 2017-09-30 17:27:55 +02:00 · 2017-09-30 17:27:55 +02:00 · 6e129da180
commit 6e129da180
parent 99126b6144
3 changed files with 19 additions and 0 deletions
--- a/ncp-web/ncp-launcher.php
+++ b/ncp-web/ncp-launcher.php
@ -39,6 +39,7 @@ if ( $_POST['action'] == "cfgreq" )
    // checkbox (yes/no) field
    if ( preg_match('/^(\w+)_=(yes|no)$/', $line, $matches) )
    {
+      $checked = "";
      if ( $matches[2] == "yes" )
        $checked = "checked";
      $output = $output . "<tr>";
--- a/ncp-web/ncp-output.php
+++ b/ncp-web/ncp-output.php
@ -48,6 +48,12 @@ function follow($file)
  $size = 0;
  while (true) 
  {
+    if ( !file_exists($file) )
+    {
+      usleep(200000); // 0.2s
+      continue;
+    }
+
    clearstatcache();
    $currentSize = filesize($file);
    if ($size == $currentSize) 
--- a/ncp-web/wizard/index.php
+++ b/ncp-web/wizard/index.php
@ -9,6 +9,18 @@
 		<link href="CSS/wizard.css" rel="stylesheet">
        <?php 
            session_start();
+
+            // security headers
+            header("Content-Security-Policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; object-src 'self';");
+            header("X-XSS-Protection: 1; mode=block");
+            header("X-Content-Type-Options: nosniff");
+            header("X-Robots-Tag: none");
+            header("X-Permitted-Cross-Domain-Policies: none");
+            header("X-Frame-Options: DENY");
+            header("Cache-Control: max-age=15778463");
+            ini_set('session.cookie_httponly', 1);
+            if ( isset($_SERVER['HTTPS']) )
+              ini_set('session.cookie_secure', 1); 
        ?>
 	</head>
 <body>