itflow-org · johnnyq · Dec 28, 2024 · Dec 27, 2024
diff --git a/login.php b/login.php
@@ -1,7 +1,7 @@
 <?php
 
 // Enforce a Content Security Policy for security against cross-site scripting
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 if (!file_exists('config.php')) {
     header("Location: setup.php");
@@ -316,8 +316,7 @@
 
     <!-- Theme style -->
     <link rel="stylesheet" href="dist/css/adminlte.min.css">
-    <!-- Google Font: Source Sans Pro -->
-    <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
+
 </head>
 <body class="hold-transition login-page">
 

diff --git a/portal/certificates.php b/portal/certificates.php
@@ -4,7 +4,7 @@
 * Certificate listing for PTC / technical contacts
 */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

diff --git a/portal/contact_add.php b/portal/contact_add.php
@@ -4,7 +4,7 @@
  * Contact management for PTC / technical contacts
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

diff --git a/portal/contact_edit.php b/portal/contact_edit.php
@@ -4,7 +4,7 @@
  * Contact management for PTC / technical contacts
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

diff --git a/portal/contacts.php b/portal/contacts.php
@@ -4,7 +4,7 @@
 * Contact management for PTC / technical contacts
 */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

diff --git a/portal/document.php b/portal/document.php
@@ -4,7 +4,7 @@
  * Docs for PTC / technical contacts
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com; img-src 'self' data:");
+header("Content-Security-Policy: default-src 'self'; img-src 'self' data:");
 
 require_once "inc_portal.php";
 

diff --git a/portal/documents.php b/portal/documents.php
@@ -4,7 +4,7 @@
  * Docs for PTC / technical contacts
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

diff --git a/portal/domains.php b/portal/domains.php
@@ -4,7 +4,7 @@
 * Domain listing for PTC / technical contacts
 */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

diff --git a/portal/index.php b/portal/index.php
@@ -4,7 +4,7 @@
  * Landing / Home page for the client portal
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

diff --git a/portal/invoices.php b/portal/invoices.php
@@ -4,7 +4,7 @@
  * Invoices for PTC
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

diff --git a/portal/login.php b/portal/login.php
@@ -4,7 +4,7 @@
  * Landing / Home page for the client portal
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once '../config.php';
 
@@ -50,13 +50,13 @@
     $password = $_POST['password'];
 
     if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
-        
+
         header("HTTP/1.1 401 Unauthorized");
-        
+
         $_SESSION['login_message'] = 'Invalid e-mail';
-    
+
     } else {
-        
+
         $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_type = 2 AND user_status = 1 LIMIT 1");
         $row = mysqli_fetch_array($sql);
         $client_id = intval($row['contact_client_id']);
@@ -82,7 +82,7 @@
                 logAction("Client Login", "Success", "Client contact $user_email successfully logged in locally", $client_id, $user_id);
 
             } else {
-                
+
                 // Logging
                 logAction("Client Login", "Failed", "Failed client portal login attempt using $email (incorrect password for contact ID $contact_id)", $client_id, $user_id);
 
@@ -92,14 +92,14 @@
             }
 
         } else {
-            
+
             // Logging
             logAction("Client Login", "Failed", "Failed client portal login attempt using $email (invalid email/not allowed local auth)");
-            
+
             header("HTTP/1.1 401 Unauthorized");
-            
+
             $_SESSION['login_message'] = 'Incorrect username or password.';
-        
+
         }
     }
 }
@@ -127,8 +127,6 @@
         <!-- Theme style -->
         <link rel="stylesheet" href="../dist/css/adminlte.min.css">
 
-        <!-- Google Font: Source Sans Pro -->
-        <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
     </head>
 
     <body class="hold-transition login-page">

diff --git a/portal/login_reset.php b/portal/login_reset.php
@@ -4,7 +4,7 @@
  * Password reset page
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once '../config.php';
 require_once '../functions.php';
@@ -195,8 +195,6 @@
     <!-- Theme style -->
     <link rel="stylesheet" href="../dist/css/adminlte.min.css">
 
-    <!-- Google Font: Source Sans Pro -->
-    <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
 </head>
 
 <body class="hold-transition login-page">

diff --git a/portal/portal_header.php b/portal/portal_header.php
@@ -29,8 +29,6 @@
     <!-- Theme style -->
     <link rel="stylesheet" href="../dist/css/adminlte.min.css">
 
-    <!-- Google Font: Source Sans Pro -->
-    <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
 </head>
 
 <!-- Navbar -->

diff --git a/portal/profile.php b/portal/profile.php
@@ -4,7 +4,7 @@
  * User profile
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once 'inc_portal.php';
 

diff --git a/portal/quotes.php b/portal/quotes.php
@@ -4,7 +4,7 @@
  * Quotes for PTC / billing contacts
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

diff --git a/portal/tickets.php b/portal/tickets.php
@@ -4,7 +4,7 @@
  * Landing / Home page for the client portal
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";