Url();}, $Servers)); switch ($view) { case 'login': { if (defined('ZM_OPT_USE_GOOG_RECAPTCHA') && defined('ZM_OPT_GOOG_RECAPTCHA_SITEKEY') && defined('ZM_OPT_GOOG_RECAPTCHA_SECRETKEY') && ZM_OPT_USE_GOOG_RECAPTCHA && ZM_OPT_GOOG_RECAPTCHA_SITEKEY && ZM_OPT_GOOG_RECAPTCHA_SECRETKEY) { $additionalScriptSrc = ' https://www.google.com'; } // fall through } case 'bandwidth': case 'blank': case 'console': case 'controlcap': case 'cycle': case 'donate': case 'download': case 'error': case 'events': case 'export': case 'frame': case 'function': case 'log': case 'logout': case 'optionhelp': case 'options': case 'plugin': case 'postlogin': case 'privacy': case 'server': case 'state': case 'status': case 'storage': case 'version': { // Enforce script-src on pages where inline scripts and event handlers have been fixed. // 'unsafe-inline' is only for backwards compatibility with browsers which // only support CSP 1 (with no nonce-* support). header("Content-Security-Policy: script-src 'unsafe-inline' 'self' 'nonce-$nonce' $additionalScriptSrc"); break; } default: { // Use Report-Only mode on all other pages. header("Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'self' 'nonce-$nonce' $additionalScriptSrc;". (ZM_CSP_REPORT_URI ? ' report-uri '.ZM_CSP_REPORT_URI : '' ) ); break; } } } function CORSHeaders() { if ( isset($_SERVER['HTTP_ORIGIN']) ) { # The following is left for future reference/use. $valid = false; global $Servers; if ( ! $Servers ) $Servers = ZM\Server::find(); if ( sizeof($Servers) < 1 ) { # Only need CORSHeaders in the event that there are multiple servers in use. # ICON: Might not be true. multi-port? if ( ZM_MIN_STREAMING_PORT ) { ZM\Logger::Debug('Setting default Access-Control-Allow-Origin from ' . $_SERVER['HTTP_ORIGIN']); header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']); header('Access-Control-Allow-Headers: x-requested-with,x-request'); } return; } foreach ( $Servers as $Server ) { if ( preg_match('/^(https?:\/\/)?'.preg_quote($Server->Hostname(),'/').'/i', $_SERVER['HTTP_ORIGIN']) or preg_match('/^(https?:\/\/)?'.preg_quote($Server->Name(),'/').'/i', $_SERVER['HTTP_ORIGIN']) ) { $valid = true; ZM\Logger::Debug('Setting Access-Control-Allow-Origin from '.$_SERVER['HTTP_ORIGIN']); header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']); header('Access-Control-Allow-Headers: x-requested-with,x-request'); break; } } if ( !$valid ) { ZM\Warning($_SERVER['HTTP_ORIGIN'] . ' is not found in servers list.'); } } } function getMimeType( $file ) { if ( function_exists('mime_content_type') ) { return mime_content_type($file); } elseif ( function_exists('finfo_file') ) { $finfo = finfo_open(FILEINFO_MIME); $mimeType = finfo_file($finfo, $file); finfo_close($finfo); return $mimeType; } return trim(exec('file -bi '.escapeshellarg($file).' 2>/dev/null')); } function outputVideoStream($id, $src, $width, $height, $format, $title='') { echo getVideoStreamHTML($id, $src, $width, $height, $format, $title); } function getVideoStreamHTML($id, $src, $width, $height, $format, $title='') { $html = ''; $width = validInt($width); $height = validInt($height); $title = validHtmlStr($title); if ( file_exists($src) ) { $mimeType = getMimeType($src); } else { switch( $format ) { case 'asf' : $mimeType = 'video/x-ms-asf'; break; case 'avi' : case 'wmv' : $mimeType = 'video/x-msvideo'; break; case 'mov' : $mimeType = 'video/quicktime'; break; case 'mpg' : case 'mpeg' : $mimeType = 'video/mpeg'; break; case 'swf' : $mimeType = 'application/x-shockwave-flash'; break; case '3gp' : $mimeType = 'video/3gpp'; break; default : $mimeType = "video/$format"; break; } } if ( !$mimeType || ($mimeType == 'application/octet-stream') ) $mimeType = 'video/'.$format; if ( ZM_WEB_USE_OBJECT_TAGS ) { switch( $mimeType ) { case 'video/x-ms-asf' : case 'video/x-msvideo' : case 'video/mp4' : if ( isWindows() ) { return ' '; } case 'video/quicktime' : return ' '; case 'application/x-shockwave-flash' : return ' '; } # end switch } # end if use object tags return ' '; } function outputImageStream( $id, $src, $width, $height, $title='' ) { echo getImageStreamHTML( $id, $src, $width, $height, $title ); } // width and height MUST be valid and include the px function getImageStreamHTML( $id, $src, $width, $height, $title='' ) { if ( canStreamIframe() ) { return '