1<?php
2# MantisBT - A PHP based bugtracking system
3
4# MantisBT is free software: you can redistribute it and/or modify
5# it under the terms of the GNU General Public License as published by
6# the Free Software Foundation, either version 2 of the License, or
7# (at your option) any later version.
8#
9# MantisBT is distributed in the hope that it will be useful,
10# but WITHOUT ANY WARRANTY; without even the implied warranty of
11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12# GNU General Public License for more details.
13#
14# You should have received a copy of the GNU General Public License
15# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * Handle configuration required for javascript
19 * @package MantisBT
20 * @copyright Copyright 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
21 * @copyright Copyright 2002  MantisBT Team - mantisbt-dev@lists.sourceforge.net
22 * @link http://www.mantisbt.org
23 *
24 * @uses config_api.php
25 */
26
27# Prevent output of HTML in the content if errors occur
28define( 'DISABLE_INLINE_ERROR_REPORTING', true );
29
30require_once( 'core.php' );
31require_api( 'config_api.php' );
32
33/**
34 * Print array of configuration option->values for javascript.
35 * @param string $p_config_key Configuration option.
36 * @return void
37 */
38function print_config_value( $p_config_key ) {
39	echo "config['" . $p_config_key . "'] = '" . addslashes( config_get( $p_config_key ) ) . "';\n";
40}
41
42# Send correct MIME Content-Type header for JavaScript content.
43# See http://www.rfc-editor.org/rfc/rfc4329.txt for details on why application/javascript is the correct MIME type.
44header( 'Content-Type: application/javascript; charset=UTF-8' );
45
46
47# Don't let Internet Explorer second-guess our content-type, as per
48# http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
49header( 'X-Content-Type-Options: nosniff' );
50
51# rewrite headers to allow caching
52if( gpc_isset( 'cache_key' ) ) {
53	http_caching_headers( true );
54}
55
56# WARNING: DO NOT EXPOSE SENSITIVE CONFIGURATION VALUES!
57#
58# All configuration values below are publicly available to visitors of the bug
59# tracker regardless of whether they're authenticated. Server paths should not
60# be exposed. It is OK to expose paths that the user sees directly (short
61# paths) but you do need to be careful in your selections. Consider servers
62# using URL rewriting engines to mask/convert user-visible paths to paths that
63# should only be known internally to the server.
64
65echo "var config = new Array();\n";
66print_config_value( 'datetime_picker_format' );
67print_config_value( 'short_path' );
68