~ apply patch

Author: Hanmac

app/code/core/Mage/Csp/Block/Adminhtml/Csp.php

@@ -1,20 +1,21 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * OpenMage
  *
- * This source file is subject to the Academic Free License (AFL 3.0)
- * that is bundled with this package in the file LICENSE_AFL.txt.
- * It is also available at https://opensource.org/license/afl-3-0-php
+ * This source file is subject to the Open Software License (OSL 3.0)
+ * that is bundled with this package in the file LICENSE.txt.
+ * It is also available at https://opensource.org/license/osl-3-0-php
  *
  * @category   Mage
  * @package    Mage_Csp
  * @copyright  Copyright (c) 2025 The OpenMage Contributors (https://www.openmage.org)
- * @license    https://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
+ * @license    https://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
  */
 
 class Mage_Csp_Block_Adminhtml_Csp extends Mage_Csp_Block_Csp
 {
     protected string $section = 'admin';
-
 }

app/code/core/Mage/Csp/Block/Csp.php

@@ -15,12 +15,13 @@
 
 class Mage_Csp_Block_Csp extends Mage_Core_Block_Abstract
 {
+    /** @var array<string, array<int, string>> */
     protected array $items = [];
     protected string $section = 'system';
 
     public function addItem(string $type, string $data): self
     {
-        $this->items[$type] [] = $data;
+        $this->items[$type][] = $data;
         return $this;
     }
 
@@ -34,17 +35,14 @@ protected function _toHtml(): string
             return '';
         }
 
-        /**
-         * @var Mage_Csp_Helper_Data $helper
-         */
+        /** @var Mage_Csp_Helper_Data $helper */
         $helper = Mage::helper('csp');
 
-        if (!Mage::getStoreConfigFlag("$this->section/csp/enabled")) {
+        if (!$helper->isCspEnabled($this->section)) {
             return '';
         }
-        /**
-         * @var Mage_Csp_Model_Config $config
-         */
+
+        /** @var Mage_Csp_Model_Config $config */
         $config = Mage::getSingleton('csp/config');
         $directives = array_merge_recursive(
             $helper->getPolicies($this->section),
@@ -56,8 +54,7 @@ protected function _toHtml(): string
             $cspHeader[] = $directive . ' ' . (is_array($value) ? implode(' ', $value) : (string) $value);
         }
 
-        $header = Mage::getStoreConfigFlag("$this->section/csp/report_only") ?
-            'Content-Security-Policy-Report-Only' : 'Content-Security-Policy';
+        $header = $helper->getCspHeader($this->section);
         $response->setHeader($header, implode('; ', $cspHeader));
         return '';
     }

app/code/core/Mage/Csp/Helper/Data.php

@@ -1,19 +1,24 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * OpenMage
  *
- * This source file is subject to the Academic Free License (AFL 3.0)
- * that is bundled with this package in the file LICENSE_AFL.txt.
- * It is also available at https://opensource.org/license/afl-3-0-php
+ * This source file is subject to the Open Software License (OSL 3.0)
+ * that is bundled with this package in the file LICENSE.txt.
+ * It is also available at https://opensource.org/license/osl-3-0-php
  *
  * @category   Mage
  * @package    Mage_Csp
  * @copyright  Copyright (c) 2025 The OpenMage Contributors (https://www.openmage.org)
- * @license    https://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
+ * @license    https://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
  */
+
 class Mage_Csp_Helper_Data extends Mage_Core_Helper_Abstract
 {
+    protected $_moduleName = 'Mage_Csp';
+
     public const CONFIG_MAPPING = [
         'default-src',
         'script-src',
@@ -27,15 +32,41 @@ class Mage_Csp_Helper_Data extends Mage_Core_Helper_Abstract
         'form-action',
     ];
 
+    /**
+     * @return array<string, string>
+     */
     public function getPolicies(string $section): array
     {
-        if (!Mage::getStoreConfigFlag("$section/csp/enabled")) {
-            return [];
-        }
         $result = [];
+
+        if (!$this->isCspEnabled($section)) {
+            return $result;
+        }
+
         foreach (self::CONFIG_MAPPING as $key) {
-            $result [$key] = Mage::getStoreConfig("$section/csp/$key");
+            $result[$key] = $this->getCspConfigByKey($section, $key);
         }
         return $result;
     }
+
+    public function isCspEnabled(string $section): bool
+    {
+        return Mage::getStoreConfigFlag("$section/csp/enabled");
+    }
+
+    public function isCspReportOnly(string $section): bool
+    {
+        return Mage::getStoreConfigFlag("$section/csp/report_only");
+    }
+
+    public function getCspConfigByKey(string $section, string $key): string
+    {
+        return Mage::getStoreConfig("$section/csp/$key");
+    }
+
+    public function getCspHeader(string $section): string
+    {
+        return $this->isCspReportOnly($section) ?
+            'Content-Security-Policy-Report-Only' : 'Content-Security-Policy';
+    }
 }

app/code/core/Mage/Csp/Model/Config.php

@@ -1,17 +1,20 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * OpenMage
  *
- * This source file is subject to the Academic Free License (AFL 3.0)
- * that is bundled with this package in the file LICENSE_AFL.txt.
- * It is also available at https://opensource.org/license/afl-3-0-php
+ * This source file is subject to the Open Software License (OSL 3.0)
+ * that is bundled with this package in the file LICENSE.txt.
+ * It is also available at https://opensource.org/license/osl-3-0-php
  *
  * @category   Mage
  * @package    Mage_Csp
  * @copyright  Copyright (c) 2025 The OpenMage Contributors (https://www.openmage.org)
- * @license    https://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
+ * @license    https://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
  */
+
 class Mage_Csp_Model_Config extends Varien_Simplexml_Config
 {
     public const CACHE_TYPE = 'config';
@@ -39,28 +42,38 @@ public function __construct($sourceData = null)
      */
     protected function _construct(): self
     {
-        if (Mage::app()->useCache(self::CACHE_TYPE) && $this->loadCache()) {
+        if ($this->hasUseCache() && $this->loadCache()) {
             return $this;
         }
 
         $this->loadString('<config/>');
         $config = Mage::getConfig()->loadModulesConfiguration('csp.xml', $this);
 
-        $this->setXml($config->getNode());
+        $node = $config->getNode();
+        if ($node) {
+            $this->setXml($node);
+        }
 
-        if (Mage::app()->useCache(self::CACHE_TYPE)) {
+        if ($this->hasUseCache()) {
             $this->saveCache();
         }
         return $this;
     }
 
     /**
      * Retrieve all adapters
+     * @return array<string, array<int, string>>
      */
     public function getPolicies(): array
     {
         $policies = [];
-        foreach ($this->getXpath('csp') as $config) {
+
+        $xpaths = $this->getXpath('csp/policy');
+        if (!$xpaths) {
+            return $policies;
+        }
+
+        foreach ($xpaths as $config) {
             foreach ($config as $policy => $rules) {
                 foreach ($rules as $host) {
                     $policies[$policy][] = (string) $host;
@@ -92,7 +105,7 @@ protected function _loadCache($id): bool
     /**
      * @param string $data
      * @param string $id
-     * @param array $tags
+     * @param array<int, string> $tags
      * @param false|int $lifetime
      */
     protected function _saveCache($data, $id, $tags = [], $lifetime = false): bool
@@ -121,7 +134,10 @@ public function extend(Varien_Simplexml_Config $config, $overwrite = false): sel
             return $this;
         }
 
-        $this->_extendNode($this->getNode(), $config, $overwrite);
+        $node = $this->getNode();
+        if ($node) {
+            $this->_extendNode($node, $config, $overwrite);
+        }
 
         return $this;
     }
@@ -139,4 +155,12 @@ protected function _extendNode(Varien_Simplexml_Element $baseNode, Varien_Simple
             $this->_extendNode($newChild, $child, $overwrite);
         }
     }
+
+    /**
+     * @return array<mixed>|false
+     */
+    protected function hasUseCache(): array|false
+    {
+        return Mage::app()->useCache(self::CACHE_TYPE);
+    }
 }