javascript_config.php

   1 <?php
   2 # MantisBT - A PHP based bugtracking system
   3
   4 # MantisBT is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU General Public License as published by
   6 # the Free Software Foundation, either version 2 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # MantisBT is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License
  15 # along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * @package MantisBT
  19  * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
  20  * @copyright Copyright (C) 2002 - 2011  MantisBT Team - mantisbt-dev@lists.sourceforge.net
  21  * @link http://www.mantisbt.org
  22  *
  23  * @uses config_api.php
  24  */
  25
  26 /**
  27  * MantisBT Core API's
  28  */
  29 require_once( 'core.php' );
  30 require_api( 'config_api.php' );
  31
  32 function print_config_value( $p_config_key ) {
  33         echo "config['" . $p_config_key . "'] = '" . addslashes( config_get( $p_config_key ) ) . "';\n";
  34 }
  35
  36 /**
  37  * Send correct MIME Content-Type header for JavaScript content.
  38  * See http://www.rfc-editor.org/rfc/rfc4329.txt for details on why
  39  * application/javasscript is the correct MIME type.
  40  */
  41 header( 'Content-Type: application/javascript; charset=UTF-8' );
  42
  43 /**
  44  * Disallow Internet Explorer from attempting to second guess the Content-Type
  45  * header as per http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
  46  */
  47 header( 'X-Content-Type-Options: nosniff' );
  48
  49 /**
  50  * WARNING: DO NOT EXPOSE SENSITIVE CONFIGURATION VALUES!
  51  *
  52  * All configuration values below are publicly available to visitors of the bug
  53  * tracker regardless of whether they're authenticated. Server paths should not
  54  * be exposed. It is OK to expose paths that the user sees directly (short
  55  * paths) but you do need to be careful in your selections. Consider servers
  56  * using URL rewriting engines to mask/convert user-visible paths to paths that
  57  * should only be known internally to the server.
  58  */
  59
  60 echo "var config = new Array();\n";
  61 print_config_value( 'calendar_js_date_format' );
  62 print_config_value( 'icon_path' );
  63 print_config_value( 'short_path' );