[Summary view] [Print] [Text view]

   1  <?php
   2  # MantisBT - A PHP based bugtracking system
   3  
   4  # MantisBT is free software: you can redistribute it and/or modify
   5  # it under the terms of the GNU General Public License as published by
   6  # the Free Software Foundation, either version 2 of the License, or
   7  # (at your option) any later version.
   8  #
   9  # MantisBT is distributed in the hope that it will be useful,
  10  # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  # GNU General Public License for more details.
  13  #
  14  # You should have received a copy of the GNU General Public License
  15  # along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * @package MantisBT
  19   * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
  20   * @copyright Copyright (C) 2002 - 2011  MantisBT Team - mantisbt-dev@lists.sourceforge.net
  21   * @link http://www.mantisbt.org
  22   *
  23   * @uses config_api.php
  24   */
  25  
  26  /**
  27   * MantisBT Core API's
  28   */
  29  require_once ( 'core.php' );
  30  require_api( 'config_api.php' );
  31  
  32  function print_config_value( $p_config_key ) {
  33      echo "config['" . $p_config_key . "'] = '" . addslashes( config_get( $p_config_key ) ) . "';\n";
  34  }
  35  
  36  /**
  37   * Send correct MIME Content-Type header for JavaScript content.
  38   * See http://www.rfc-editor.org/rfc/rfc4329.txt for details on why
  39   * application/javasscript is the correct MIME type.
  40   */
  41  header( 'Content-Type: application/javascript; charset=UTF-8' );
  42  
  43  /**
  44   * Disallow Internet Explorer from attempting to second guess the Content-Type
  45   * header as per http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
  46   */
  47  header( 'X-Content-Type-Options: nosniff' );
  48  
  49  /**
  50   * WARNING: DO NOT EXPOSE SENSITIVE CONFIGURATION VALUES!
  51   *
  52   * All configuration values below are publicly available to visitors of the bug
  53   * tracker regardless of whether they're authenticated. Server paths should not
  54   * be exposed. It is OK to expose paths that the user sees directly (short
  55   * paths) but you do need to be careful in your selections. Consider servers
  56   * using URL rewriting engines to mask/convert user-visible paths to paths that
  57   * should only be known internally to the server.
  58   */
  59  
  60  echo "var config = new Array();\n";
  61  print_config_value( 'calendar_js_date_format' );
  62  print_config_value( 'icon_path' );
  63  print_config_value( 'short_path' );