I'm creating a very simple plugin for my own personal use/learning project. It's a beyond basic security plugin that changes the HTTP headers for security purposes. I've got everything working as intended. BUT, I would like to leave certain fields blank under the Content Security Policy. These blank fields would autopopulate a wildcard and place them into the CSP header code. So far, I've placed my variables in an array and I am using a foreach loop along with an if statement. Array works fine but the foreach and if statement are not doing what they're supposed to do. Is it a syntax mistake? Not enough code? I'm absolutely stuck and I've looked through the PHP manual site and it's not helping.
Here is the code:
// Get and save text field option
$default = "*";
$csp_callback = get_option('csp_attributes');
$imgsrc = get_option('image_src');
add_action( 'admin_init', 'my_plugin_settings' );
function my_plugin_settings() {
register_setting( 'my-plugin-settings-group', 'csp_attributes' );
register_setting('my-plugin-settings-group', 'image_src');
}
add_action('admin_menu', 'my_plugin_menu');
function my_plugin_menu() {
add_menu_page('My Plugin Settings', 'A Security Plugin', 'administrator', 'my-plugin-settings', 'my_plugin_settings_page', 'dashicons-admin-generic');
}
function my_plugin_settings_page() {
// Settings fields
?>
<div class="wrap">
<h2>Staff Details</h2>
<form method="post" action="options.php">
<?php settings_fields( 'my-plugin-settings-group' ); ?>
<?php do_settings_sections( 'my-plugin-settings-group' ); ?>
<table class="form-table">
<tr valign="top">
<th scope="row">Default Source</th>
<td><input type="text" name="csp_attributes" value="<?php echo esc_attr( get_option('csp_attributes') ); ?>" /></td>
</tr>
<tr valign="top">
<th scope="row">Image Source</th>
<td><input type="text" name="image_src" value="<?php echo esc_attr( get_option('image_src') ); ?>" /></td>
</tr>
</table>
<?php submit_button(); ?>
//<?php print_r(array_values(array($attrib_array)));?>
<?php
echo '</form>
</div>';
}
// Array for CSP attributes
$attrib_array = array(
"csp_callback" => get_option('csp_attributes'),
"imgsrc" => get_option('image_src'),
"default" => "*"
);
// Foreach loop to check if text field is null
foreach ($attrib_array as $value) {
if (!isset($value) || empty($value)) {
$value = $default;
}
}
// HTTP header callouts
header("X-Frame-Options: deny");
header("X-XSS-Protection: 1; mode=block");
header("X-Content-Type-Options: nosniff");
header("Content-Security-Policy: $attrib_array[csp_callback]; img-src $attrib_array[imgsrc]");
Aucun commentaire:
Enregistrer un commentaire