restricted) { # access restriction if (!$User->login) { http_response_code(303); $target = urlencode($Page->link); header("Location: /login?goto=$target"); exit; } } # prepare page contents header(sprintf('Content-Security-Policy: %s', implode('; ', [ "default-src 'self' 'unsafe-inline' http://cdn.ckeditor.com", # some overrides remain "img-src 'self' data: http://cdn.ckeditor.com", # inline svg (in css) "base-uri 'self'", # only local pages "frame-ancestors 'none'", # prevent malicious embedding ]))); $Page->place += [ 'user' => $User->login ?: '', 'url' => htmlspecialchars($_SERVER['REQUEST_URI']), ]; if ($User->admin("edit {$Page->link}")) { include_once 'edit/head.inc.php'; } if (isset($Page->raw)) { $Page->raw = '