diff --git a/ChangeLog b/ChangeLog index c5f75ecbe89..2f37db92cc3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,7 @@ English Dolibarr ChangeLog For users: ---------- +NEW: Feature to make inventories NEW: Several security issues after a second private bug bounty campaign. NEW: Add a security center page with all information and advices related to the security of your instance NEW: Add a performance center page with all information and advices related to the performance of your instance diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 755cd8674df..ce5e7129bcf 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -62,8 +62,10 @@ function dol_dir_list($path, $types = "all", $recursive = 0, $filter = "", $excl global $db, $hookmanager; global $object; - dol_syslog("files.lib.php::dol_dir_list path=".$path." types=".$types." recursive=".$recursive." filter=".$filter." excludefilter=".json_encode($excludefilter)); - //print 'xxx'."files.lib.php::dol_dir_list path=".$path." types=".$types." recursive=".$recursive." filter=".$filter." excludefilter=".json_encode($excludefilter); + if ($recursive <= 1) { // Avoid too verbose log + dol_syslog("files.lib.php::dol_dir_list path=".$path." types=".$types." recursive=".$recursive." filter=".$filter." excludefilter=".json_encode($excludefilter)); + //print 'xxx'."files.lib.php::dol_dir_list path=".$path." types=".$types." recursive=".$recursive." filter=".$filter." excludefilter=".json_encode($excludefilter); + } $loaddate = ($mode == 1 || $mode == 2) ?true:false; $loadsize = ($mode == 1 || $mode == 3) ?true:false; @@ -133,7 +135,7 @@ function dol_dir_list($path, $types = "all", $recursive = 0, $filter = "", $excl if ($qualified) { $isdir = is_dir(dol_osencode($path."/".$file)); // Check whether this is a file or directory and whether we're interested in that type - if ($isdir && (($types == "directories") || ($types == "all") || $recursive)) { + if ($isdir && (($types == "directories") || ($types == "all") || $recursive > 0)) { // Add entry into file_list array if (($types == "directories") || ($types == "all")) { if ($loaddate || $sortcriteria == 'date') { @@ -165,10 +167,10 @@ function dol_dir_list($path, $types = "all", $recursive = 0, $filter = "", $excl } // if we're in a directory and we want recursive behavior, call this function again - if ($recursive) { + if ($recursive > 0) { if (empty($donotfollowsymlinks) || !is_link($path."/".$file)) { //var_dump('eee '. $path."/".$file. ' '.is_dir($path."/".$file).' '.is_link($path."/".$file)); - $file_list = array_merge($file_list, dol_dir_list($path."/".$file, $types, $recursive, $filter, $excludefilter, $sortcriteria, $sortorder, $mode, $nohook, ($relativename != '' ? $relativename.'/' : '').$file, $donotfollowsymlinks)); + $file_list = array_merge($file_list, dol_dir_list($path."/".$file, $types, $recursive + 1, $filter, $excludefilter, $sortcriteria, $sortorder, $mode, $nohook, ($relativename != '' ? $relativename.'/' : '').$file, $donotfollowsymlinks)); } } } elseif (!$isdir && (($types == "files") || ($types == "all"))) { diff --git a/htdocs/core/lib/images.lib.php b/htdocs/core/lib/images.lib.php index 36e8cef6bfe..25833df624f 100644 --- a/htdocs/core/lib/images.lib.php +++ b/htdocs/core/lib/images.lib.php @@ -148,10 +148,11 @@ function dol_getImageSize($file, $url = false) * @param int $src_x Position of croping image in source image (not use if mode=0) * @param int $src_y Position of croping image in source image (not use if mode=0) * @param string $filetowrite Path of file to write (overwrite source file if not provided) + * @param int $newquality Value for the new quality of image, for supported format (use 0 for maximum/unchanged). * @return string File name if OK, error message if KO * @see dol_convert_file() */ -function dol_imageResizeOrCrop($file, $mode, $newWidth, $newHeight, $src_x = 0, $src_y = 0, $filetowrite = '') +function dol_imageResizeOrCrop($file, $mode, $newWidth, $newHeight, $src_x = 0, $src_y = 0, $filetowrite = '', $newquality = 0) { require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; @@ -234,7 +235,7 @@ function dol_imageResizeOrCrop($file, $mode, $newWidth, $newHeight, $src_x = 0, case 2: // Jpg $img = imagecreatefromjpeg($filetoread); $extImg = '.jpg'; - $newquality = 100; // % quality maximum + $newquality = ($newquality ? $newquality : '100'); // % quality maximum break; case 3: // Png $img = imagecreatefrompng($filetoread); @@ -249,7 +250,7 @@ function dol_imageResizeOrCrop($file, $mode, $newWidth, $newHeight, $src_x = 0, case 18: // Webp $img = imagecreatefromwebp($filetoread); $extImg = '.webp'; - $newquality = '100'; // % quality maximum + $newquality = ($newquality ? $newquality : '100'); // % quality maximum break; } diff --git a/htdocs/core/tpl/filemanager.tpl.php b/htdocs/core/tpl/filemanager.tpl.php index 592c3283a1b..c98dcec2a43 100644 --- a/htdocs/core/tpl/filemanager.tpl.php +++ b/htdocs/core/tpl/filemanager.tpl.php @@ -71,44 +71,56 @@ print '
'; // Toolbar if ($permtoadd) { - $websitekeyandpageid = (!empty($websitekey) ? '&website='.$websitekey : '').(!empty($pageid) ? '&pageid='.$pageid : ''); - print ''; + $websitekeyandpageid = (!empty($websitekey) ? '&website='.urlencode($websitekey) : '').(!empty($pageid) ? '&pageid='.urlencode($pageid) : ''); + print ''; print img_picto('', 'folder-plus', '', false, 0, 0, '', 'size15x marginrightonly'); print ''; } else { - print ''; + print ''; print img_picto('', 'folder-plus', 'disabled', false, 0, 0, '', 'size15x marginrightonly'); print ''; } if ($module == 'ecm') { $tmpurl = ((!empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_ECM_DISABLE_JS)) ? '#' : ($_SERVER["PHP_SELF"].'?action=refreshmanual'.($module ? '&module='.$module : '').($section ? '&section='.$section : ''))); - print ''; + print ''; print img_picto('', 'refresh', 'id="refreshbutton"', false, 0, 0, '', 'size15x marginrightonly'); print ''; } if ($permtoadd && GETPOSTISSET('website')) { // If on file manager to manage medias of a web site - print 'ref.'" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans("GenerateImgWebp")).'">'; - print img_picto('', 'images', '', false, 0, 0, '', 'size15x flip marginrightonly'); - print ''; -} -if ($permtoadd && $module == 'ecm') { // If on file manager medias in ecm - print ''; + print 'ref.'" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans("GenerateImgWebp")).'">'; + print img_picto('', 'images', '', false, 0, 0, '', 'size15x flip marginrightonly'); + print ''; +} elseif ($permtoadd && $module == 'ecm') { // If on file manager medias in ecm + print ''; print img_picto('', 'images', '', false, 0, 0, '', 'size15x flip marginrightonly'); print ''; } + print ""; // Start "Add new file" area @@ -157,6 +169,7 @@ if ($action == 'delete_section') { } // End confirm +// Ask confirmation to build webp images if ($action == 'confirmconvertimgwebp') { $section_dir=GETPOST('section_dir', 'alpha'); $section=GETPOST('section', 'alpha'); @@ -170,9 +183,10 @@ if ($action == 'confirmconvertimgwebp') { $action = 'file_manager'; } +// Duplicate images into .webp if ($action == 'convertimgwebp' && $permtoadd) { if ($module == 'medias') { - $imagefolder = $conf->website->dir_output.'/'.$websitekey.'/medias/'.dol_sanitizeFileName(GETPOST('section_dir', 'alpha')); + $imagefolder = $conf->website->dir_output.'/'.$websitekey.'/medias/'.dol_sanitizePathName(GETPOST('section_dir', 'alpha')); } else { $imagefolder = $conf->ecm->dir_output.'/'.dol_sanitizePathName(GETPOST('section_dir', 'alpha')); } @@ -188,10 +202,13 @@ if ($action == 'convertimgwebp' && $permtoadd) { if (!(substr_compare($filepath, 'webp', -strlen('webp')) === 0)) { if (image_format_supported($filepath) == 1) { $filepathnoext = preg_replace("/\..*/", "", $filepath); - $result = dol_imageResizeOrCrop($filepath, 0, 0, 0, 0, 0, $filepathnoext.'.webp'); - if (!dol_is_file($result)) { - $error++; - setEventMessages($result, null, 'errors'); + + if (! dol_is_file($filepathnoext.'.webp')) { // If file does not exists yet + $result = dol_imageResizeOrCrop($filepath, 0, 0, 0, 0, 0, $filepathnoext.'.webp', 90); + if (!dol_is_file($result)) { + $error++; + setEventMessages($result, null, 'errors'); + } } } } @@ -213,7 +230,7 @@ if (empty($action) || $action == 'editfile' || $action == 'file_manager' || preg print ''."\n"; print ''."\n"; print ''; - print ' '.$langs->trans("ECMSections"); + print ''.$langs->trans("ECMSections").''; print ''; $showonrightsize = ''; @@ -224,7 +241,7 @@ if (empty($action) || $action == 'editfile' || $action == 'file_manager' || preg if (!empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_ECM_DISABLE_JS)) { // Show the link to "Root" if ($showroot) { - print '
'; + print '
'; if ($module == 'medias') { print $langs->trans("RootOfMedias"); } else { diff --git a/htdocs/ecm/dir_add_card.php b/htdocs/ecm/dir_add_card.php index f5140cf296a..4cf557acde6 100644 --- a/htdocs/ecm/dir_add_card.php +++ b/htdocs/ecm/dir_add_card.php @@ -23,6 +23,8 @@ * \brief Main page for ECM section area */ +if (! defined('DISABLE_JS_GRAHP')) define('DISABLE_JS_GRAPH', 1); + require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/ecm/class/htmlecm.form.class.php'; @@ -124,7 +126,7 @@ if ($action == 'add' && $permtoadd) { } $ref = (string) GETPOST("ref", 'alpha'); - $label = (string) GETPOST("label", 'alpha'); + $label = dol_sanitizeFileName(GETPOST("label", 'alpha')); $desc = (string) GETPOST("desc", 'alpha'); $catParent = GETPOST("catParent", 'alpha'); // Can be an int (with ECM) or a string (with generic filemanager) if ($catParent == '-1') { @@ -153,8 +155,7 @@ if ($action == 'add' && $permtoadd) { setEventMessages($ecmdir->error, $ecmdir->errors, 'errors'); $action = 'create'; } - } else // For example $module == 'medias' - { + } else { // For example $module == 'medias' $dirfornewdir = ''; if ($module == 'medias') { $dirfornewdir = $conf->medias->multidir_output[$conf->entity]; @@ -168,6 +169,7 @@ if ($action == 'add' && $permtoadd) { $fullpathofdir = $dirfornewdir.'/'.($catParent ? $catParent.'/' : '').$label; $result = dol_mkdir($fullpathofdir, DOL_DATA_ROOT); if ($result < 0) { + $langs->load("errors"); setEventMessages($langs->trans('ErrorFailToCreateDir', $label), null, 'errors'); $error++; } else { diff --git a/htdocs/ecm/tpl/enablefiletreeajax.tpl.php b/htdocs/ecm/tpl/enablefiletreeajax.tpl.php index b1be94524cf..17c185426c0 100644 --- a/htdocs/ecm/tpl/enablefiletreeajax.tpl.php +++ b/htdocs/ecm/tpl/enablefiletreeajax.tpl.php @@ -62,7 +62,7 @@ $(document).ready(function() { id=elem.attr('id').substr(12); // We get id that is 'fmdirlia_id_xxx' (id we want is xxx) rel=elem.attr('rel') console.log("We click on a dir, we call the ajaxdirtree.php with modulepart=, param="); - console.log("We also save dir name or id into _section_... with name section_... id="+id+" rel="+rel); + console.log("We also save id and dir name into _section_id|dir (vars into form to attach new file in filemanager.tpl.php) with id="+id+" and rel="+rel); jQuery("#_section_dir").val(rel); jQuery("#_section_id").val(id); jQuery("#section_dir").val(rel); diff --git a/htdocs/langs/en_US/ecm.lang b/htdocs/langs/en_US/ecm.lang index c4ea8018111..bc18bed4a29 100644 --- a/htdocs/langs/en_US/ecm.lang +++ b/htdocs/langs/en_US/ecm.lang @@ -42,6 +42,6 @@ ExtraFieldsEcmFiles=Extrafields Ecm Files ExtraFieldsEcmDirectories=Extrafields Ecm Directories ECMSetup=ECM Setup GenerateImgWebp=Duplicate all images with another version with .webp format -ConfirmGenerateImgWebp=If you confirm, you will generate an image in .webp format for all images currently into this folder and its subfolder... +ConfirmGenerateImgWebp=If you confirm, you will generate an image in .webp format for all images currently into this folder (subfolders are not included)... ConfirmImgWebpCreation=Confirm all images duplication SucessConvertImgWebp=Images successfully duplicated diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang index de0ab6a15d9..b6d2e4c4ef8 100644 --- a/htdocs/langs/en_US/main.lang +++ b/htdocs/langs/en_US/main.lang @@ -1131,3 +1131,4 @@ ConfirmAffectTagQuestion=Are you sure you want to affect tags to the %s selected CategTypeNotFound=No tag type found for type of records CopiedToClipboard=Copied to clipboard InformationOnLinkToContract=This amount is only the total of all the lines of the contract. No notion of time is taken into consideration. +ConfirmCancel=Are you sure you want to cancel \ No newline at end of file diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 0e13a072a39..4231160b64f 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -1579,7 +1579,7 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr print ''."\n"; } // Chart - if (empty($conf->global->MAIN_JS_GRAPH) || $conf->global->MAIN_JS_GRAPH == 'chart') { + if ((empty($conf->global->MAIN_JS_GRAPH) || $conf->global->MAIN_JS_GRAPH == 'chart') && !defined('DISABLE_JS_GRAPH')) { print ''."\n"; } diff --git a/htdocs/product/inventory/card.php b/htdocs/product/inventory/card.php index dda16746398..6a29a414ed7 100644 --- a/htdocs/product/inventory/card.php +++ b/htdocs/product/inventory/card.php @@ -398,35 +398,35 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea if (empty($reshook)) { // Send if (empty($user->socid)) { - print ''.$langs->trans('SendMail').''."\n"; + print ''.$langs->trans('SendMail').''."\n"; } // Back to draft if ($object->status == $object::STATUS_VALIDATED) { if ($permissiontoadd) { - print ''.$langs->trans("SetToDraft").''; + print ''.$langs->trans("SetToDraft").''; } } // Back to validate if ($object->status == $object::STATUS_RECORDED) { if ($permissiontoadd) { - print ''.$langs->trans("ReOpen").''; + print ''.$langs->trans("ReOpen").''; } } // Modify if ($object->status == $object::STATUS_DRAFT) { if ($permissiontoadd) { - print ''.$langs->trans("Modify").''."\n"; + print ''.$langs->trans("Modify").''."\n"; } else { print ''.$langs->trans('Modify').''."\n"; } } // Validate - if ($object->status == $object::STATUS_DRAFT) { + if ($object->status == $object::STATUS_DRAFT || $object->status == $object::STATUS_CANCELED) { if ($permissiontoadd) { - print ''.$langs->trans("Validate").' ('.$langs->trans("Start").')'; + print ''.$langs->trans("Validate").' ('.$langs->trans("Start").')'; } } @@ -438,7 +438,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Delete (need delete permission, or if draft, just need create/modify permission) if ($permissiontodelete || ($object->status == $object::STATUS_DRAFT && $permissiontoadd)) { - print ''.$langs->trans('Delete').''."\n"; + print ''.$langs->trans('Delete').''."\n"; } else { print ''.$langs->trans('Delete').''."\n"; } diff --git a/htdocs/product/inventory/class/inventory.class.php b/htdocs/product/inventory/class/inventory.class.php index 064be57091a..126fff5b96b 100644 --- a/htdocs/product/inventory/class/inventory.class.php +++ b/htdocs/product/inventory/class/inventory.class.php @@ -619,7 +619,12 @@ class Inventory extends CommonObject $labelStatusShort[self::STATUS_CANCELED] = $langs->trans('Canceled'); $labelStatusShort[self::STATUS_RECORDED] = $langs->trans('Closed'); - return dolGetStatus($labelStatus[$status], $labelStatusShort[$status], '', 'status'.$status, $mode); + $statusType = 'status'.$status; + if ($status == self::STATUS_RECORDED) { + $statusType = 'status5'; + } + + return dolGetStatus($labelStatus[$status], $labelStatusShort[$status], '', $statusType, $mode); } /** diff --git a/htdocs/product/inventory/inventory.php b/htdocs/product/inventory/inventory.php index bc927a06c50..ecad54a4a73 100644 --- a/htdocs/product/inventory/inventory.php +++ b/htdocs/product/inventory/inventory.php @@ -160,27 +160,55 @@ if ($action == 'update' && $user->rights->stock->mouvement->creer) { } } -if ($action =='updateinventorylines' && $permissiontoadd) { +if (($action == 'record' || $action =='updateinventorylines') && $permissiontoadd) { $sql = 'SELECT id.rowid, id.datec as date_creation, id.tms as date_modification, id.fk_inventory, id.fk_warehouse,'; $sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated'; $sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id'; $sql .= ' WHERE id.fk_inventory = '.$object->id; + $db->begin(); + $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); $i = 0; $totalarray = array(); + $inventoryline = new InventoryLine($db); + while ($i < $num) { $line = $db->fetch_object($resql); $lineid = $line->rowid; - $inventoryline = new InventoryLine($db); - $inventoryline->fetch($lineid); - $inventoryline->qty_view = GETPOST("id_".$inventoryline->id); - $inventoryline->update($user); + + if (GETPOST("id_".$lineid, 'alpha') != '') { // If a value was set ('0' or something else) + $qtytoupdate = price2num(GETPOST("id_".$lineid, 'alpha'), 'MS'); + + $result = $inventoryline->fetch($lineid); + if ($result > 0) { + $inventoryline->qty_view = $qtytoupdate; + $resultupdate = $inventoryline->update($user); + } + } else { + // Delete record + $result = $inventoryline->fetch($lineid); + if ($result > 0) { + $inventoryline->qty_view = null; + $resultupdate = $inventoryline->update($user); + } + } + + if ($result < 0 || $resultupdate < 0) { + $error++; + } + $i++; } } + + if (!$error) { + $db->commit(); + } else { + $db->rollback(); + } } $parameters = array(); @@ -242,6 +270,7 @@ if (empty($reshook)) { $tmp->fk_product = $fk_product; $tmp->batch = $batch; $tmp->datec = $now; + $tmp->qty_view = (GETPOST('qtytoadd') != '' ? price2num(GETPOST('qtytoadd', 'MS')) : null); $result = $tmp->create($user); if ($result < 0) { @@ -270,6 +299,23 @@ $help_url = ''; llxHeader('', $langs->trans('Inventory'), $help_url); +// Disable button Generate movement if data were not saved +print ''; + + // Part to show record if ($object->id > 0) { $res = $object->fetch_optionals(); @@ -411,7 +457,7 @@ if ($object->id > 0) { if (empty($reshook)) { if ($object->status == Inventory::STATUS_DRAFT) { if ($permissiontoadd) { - print ''.$langs->trans("Validate").' ('.$langs->trans("Start").')'."\n"; + print ''.$langs->trans("Validate").' ('.$langs->trans("Start").')'."\n"; } else { print ''.$langs->trans('Validate').' ('.$langs->trans("Start").')'."\n"; } @@ -419,16 +465,14 @@ if ($object->id > 0) { // Save if ($object->status == $object::STATUS_VALIDATED) { - if ($object->status == Inventory::STATUS_VALIDATED) { - if ($permissiontoadd) { - print ''.$langs->trans("MakeMovementsAndClose").''."\n"; - } else { - print ''.$langs->trans('MakeMovementsAndClose').''."\n"; - } + if ($permissiontoadd) { + print ''.$langs->trans("MakeMovementsAndClose").''."\n"; + } else { + print ''.$langs->trans('MakeMovementsAndClose').''."\n"; } if ($permissiontoadd) { - print ''.$langs->trans("Cancel").''."\n"; + print ''.$langs->trans("Cancel").''."\n"; } } } @@ -458,14 +502,17 @@ if ($object->id > 0) { print ''; } @@ -553,11 +600,11 @@ if ($object->id > 0) { } print ''; print ''; - print ''; - //print ''; + print ''; print ''; // Actions print ''; + print ''; print ''; print ''; } @@ -617,13 +664,16 @@ if ($object->id > 0) { print ''; } + // Expected quantity print ''; print $obj->qty_stock; print ''; + + // Real quantity print ''; if ($object->status == $object::STATUS_VALIDATED) { $qty_view = GETPOST("id_".$obj->rowid) ? GETPOST("id_".$obj->rowid) : $obj->qty_view; - print ''; + print ''; print ''; print ''; print ''.img_delete().''; @@ -644,7 +694,9 @@ if ($object->id > 0) { print '
'; - print '
'; + if ($object->status == $object::STATUS_VALIDATED) { + print '
'; + } print '
'; diff --git a/htdocs/theme/eldy/btn.inc.php b/htdocs/theme/eldy/btn.inc.php index 9d59357279e..9f057fe46c1 100644 --- a/htdocs/theme/eldy/btn.inc.php +++ b/htdocs/theme/eldy/btn.inc.php @@ -85,9 +85,9 @@ span.butAction, span.butActionDelete { display: inline-block; text-align: center; cursor: pointer; - /* color: #fff; */ - /* background: rgb(); */ color: #444; + border: 1px solid transparent; /* So for buttonRefused with a border, it will not have any flash effect */ + /* border: 1px solid #aaa; */ /* border-color: rgba(0, 0, 0, 0.15) rgba(0, 0, 0, 0.15) rgba(0, 0, 0, 0.25); */ @@ -161,17 +161,16 @@ span.butActionNewRefused>span.fa, span.butActionNewRefused>span.fa:hover white-space: nowrap !important; cursor: not-allowed !important; - margin: 0em em; - padding: 0.6em em; font-family: !important; display: inline-block; text-align: center; cursor: pointer; - color: #999 !important; - border: 1px solid #ccc; box-sizing: border-box; -moz-box-sizing: border-box; -webkit-box-sizing: border-box; + color: #999 !important; + + border: 1px solid #ccc; } .butActionNewRefused, .butActionNewRefused:link, .butActionNewRefused:visited, .butActionNewRefused:hover, .butActionNewRefused:active { text-decoration: none !important; diff --git a/htdocs/website/index.php b/htdocs/website/index.php index fe37cb68418..1a71a162cb6 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -26,6 +26,7 @@ define('NOSCANPOSTFORINJECTION', 1); define('NOSTYLECHECK', 1); define('USEDOLIBARREDITOR', 1); define('FORCE_CKEDITOR', 1); // We need CKEditor, even if module is off. +if (!defined('DISABLE_JS_GRAHP')) define('DISABLE_JS_GRAPH', 1); //header('X-XSS-Protection:0'); // Disable XSS filtering protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated.