mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 11:09:18 +02:00
f5d3281c43
Item 13 — Remove deprecated X-XSS-Protection header
- nginx/posterg.conf: header removed (was '1; mode=block')
- nginx/SECURITY_HEADERS.md: new file documenting header decisions
and explaining why X-XSS-Protection is counterproductive
Item 14 — Add rel="noreferrer" to external target="_blank" link
- public/admin/thanks.php: rel="noopener" → rel="noopener noreferrer"
Item 15 — Explicit (int) casts on all integer HTML outputs
- public/index.php: (int) on item id, page numbers
- public/search.php: (int) on totalItems, year options, item id, pagination
Item 16 — Remove unused DATABASE_PATH constant
- config/bootstrap.php: define('DATABASE_PATH', ...) removed
docs/TODO.SECURITY.md updated: items 13-16 marked resolved and
moved to the ✅ Resolved section.
33 lines
742 B
PHP
33 lines
742 B
PHP
<?php
|
|
/**
|
|
* Simple configuration for website
|
|
*/
|
|
|
|
// Define application root
|
|
define('APP_ROOT', dirname(__DIR__));
|
|
|
|
// Error reporting
|
|
if (php_sapi_name() === 'cli-server') {
|
|
// Development mode
|
|
error_reporting(E_ALL);
|
|
ini_set('display_errors', '1');
|
|
} else {
|
|
// Production mode
|
|
error_reporting(E_ALL);
|
|
ini_set('display_errors', '0');
|
|
ini_set('log_errors', '1');
|
|
}
|
|
|
|
// Simple helper function for including templates
|
|
function include_template($name) {
|
|
$path = APP_ROOT . '/includes/' . $name;
|
|
if (file_exists($path)) {
|
|
include $path;
|
|
}
|
|
}
|
|
|
|
// Autoload Composer dependencies if available
|
|
if (file_exists(APP_ROOT . '/vendor/autoload.php')) {
|
|
require_once APP_ROOT . '/vendor/autoload.php';
|
|
}
|