1<?php 2# MantisBT - A PHP based bugtracking system 3 4# MantisBT is free software: you can redistribute it and/or modify 5# it under the terms of the GNU General Public License as published by 6# the Free Software Foundation, either version 2 of the License, or 7# (at your option) any later version. 8# 9# MantisBT is distributed in the hope that it will be useful, 10# but WITHOUT ANY WARRANTY; without even the implied warranty of 11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12# GNU General Public License for more details. 13# 14# You should have received a copy of the GNU General Public License 15# along with MantisBT. If not, see <http://www.gnu.org/licenses/>. 16 17/** 18 * Handle configuration required for javascript 19 * @package MantisBT 20 * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org 21 * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net 22 * @link http://www.mantisbt.org 23 * 24 * @uses config_api.php 25 */ 26 27# Prevent output of HTML in the content if errors occur 28define( 'DISABLE_INLINE_ERROR_REPORTING', true ); 29 30require_once( 'core.php' ); 31require_api( 'config_api.php' ); 32 33/** 34 * Print array of configuration option->values for javascript. 35 * @param string $p_config_key Configuration option. 36 * @return void 37 */ 38function print_config_value( $p_config_key ) { 39 echo "config['" . $p_config_key . "'] = '" . addslashes( config_get( $p_config_key ) ) . "';\n"; 40} 41 42# Send correct MIME Content-Type header for JavaScript content. 43# See http://www.rfc-editor.org/rfc/rfc4329.txt for details on why application/javascript is the correct MIME type. 44header( 'Content-Type: application/javascript; charset=UTF-8' ); 45 46 47# Don't let Internet Explorer second-guess our content-type, as per 48# http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx 49header( 'X-Content-Type-Options: nosniff' ); 50 51# rewrite headers to allow caching 52if( gpc_isset( 'cache_key' ) ) { 53 http_caching_headers( true ); 54} 55 56# WARNING: DO NOT EXPOSE SENSITIVE CONFIGURATION VALUES! 57# 58# All configuration values below are publicly available to visitors of the bug 59# tracker regardless of whether they're authenticated. Server paths should not 60# be exposed. It is OK to expose paths that the user sees directly (short 61# paths) but you do need to be careful in your selections. Consider servers 62# using URL rewriting engines to mask/convert user-visible paths to paths that 63# should only be known internally to the server. 64 65echo "var config = new Array();\n"; 66print_config_value( 'datetime_picker_format' ); 67print_config_value( 'short_path' ); 68