Fix target='_blank' securty issues with rel='noopener noreferrer'

src/Form/Type/GlobalConfigurationFormType.php

@@ -100,7 +100,7 @@ class GlobalConfigurationFormType extends AbstractType
                     new RegexConstraint(['pattern' => '/^\[[0-9]+\.[0-9]+,[0-9]+\.[0-9]+\]/', 'message' => 'Coordonnées invalide, format attendu : [45.7,3.2]']),
                 ],
                 'help_html' => true,
-                'help' => "Pour déterminer le centre et zoom de la carte <a target='_blank' href='https://www.openstreetmap.org/'>Ouvrir OpenStreetMap</a><br/>
+                'help' => "Pour déterminer le centre et zoom de la carte <a target='_blank' rel='noopener noreferrer' href='https://www.openstreetmap.org/'>Ouvrir OpenStreetMap</a><br/>
                             Exemple : <em>https://www.openstreetmap.org/search?query=clermont#map=12/45.7811/3.0927</em><br/>
                             Zoom de la carte   : 12<br/>
                             Centre de la carte : [45.7811,3.0927]",

templates/themes/kohinos/admin/fluxvisualisation.html.twig

@@ -114,7 +114,7 @@
     	<h4><u>{{ "Exemples d'importations possible (Fichiers .csv uniquement):"|trans }}</u></h4>
     	<div class='mb-5'>
     		{% for key, csvparam in csvparams %}
-				<h5><strong>{{ key|capitalize }} : </strong><a class='ml-4' target='_blank' href='{{ csvparam.file }}'>Télécharger un exemple</a></h5>
+				<h5><strong>{{ key|capitalize }} : </strong><a class='ml-4' target='_blank' rel="noopener noreferrer" href='{{ csvparam.file }}'>Télécharger un exemple</a></h5>
 				<p class='ml-4'><i>{{ csvparam.header }}</i></p>
 				<p class='ml-4 mb-4'><i>{{ 'Exemple'|trans }} :</i> {{ csvparam.example }}</p>
 	    	{% endfor %}

templates/themes/kohinos/admin/import.html.twig

@@ -50,9 +50,9 @@
     		{% for key, csvparam in csvparams %}
 				<h4>{{ key|capitalize }}(s) : </h4>
 				<p>
-					<a class='btn btn-default ml-4' target='_blank' href='{{ csvparam.filexls }}'>Instructions en .xlsx</a>
-					<a class='btn btn-default ml-4' target='_blank' href='{{ csvparam.filenum }}'>Instructions en .numbers</a>
-					<a class='btn btn-default ml-4' target='_blank' href='{{ csvparam.filecsv }}'>Exemple .csv</a>
+					<a class='btn btn-default ml-4' target='_blank' rel="noopener noreferrer" href='{{ csvparam.filexls }}'>Instructions en .xlsx</a>
+					<a class='btn btn-default ml-4' target='_blank' rel="noopener noreferrer" href='{{ csvparam.filenum }}'>Instructions en .numbers</a>
+					<a class='btn btn-default ml-4' target='_blank' rel="noopener noreferrer" href='{{ csvparam.filecsv }}'>Exemple .csv</a>
 				</p>
 				{# <p class='ml-4'><i>{{ csvparam.header }}</i></p>
 				<p class='ml-4 mb-4'><i>{{ 'Exemple'|trans }} :</i> {{ csvparam.example }}</p> #}

templates/themes/kohinos/block/useradmin.html.twig

@@ -66,7 +66,7 @@
 			{% include '@kohinos/presta/block/carte.html.twig' with {'title': 'Situer les Prestataires'|trans}%}
 		{% endif %}
 		{% if app.user and is_granted('ROLE_ADMIN') %}
-			<a href='http://wiki.kohinos.net/doku.php?id=doc:doc' target='_blank' class='ml-2 text-center'><i class="fa fa-book mr-2" aria-hidden="true"></i> Documentation utilisateur</a>
+			<a href='http://wiki.kohinos.net/doku.php?id=doc:doc' target='_blank' rel="noopener noreferrer" class='ml-2 text-center'><i class="fa fa-book mr-2" aria-hidden="true"></i> Documentation utilisateur</a>
 		{% endif %}
 	{% endif %}
 </div>

templates/themes/kohinos/bundles/SonataAdminBundle/CRUD/list__action_showonfront.html.twig

@@ -13,6 +13,7 @@ file that was distributed with this source code.
     <a
         href="{{ admin.getRouteShowOnFront(object) }}"
         target='_blank' 
+        rel="noopener noreferrer"
         class="btn btn-sm btn-default view_link"
         title="{{ 'action_show'|trans({}, 'SonataAdminBundle') }}"
     >

templates/themes/kohinos/bundles/SonataAdminBundle/standard_layout.html.twig

@@ -177,7 +177,7 @@ Modified for MLC from Sonata package.
                         {% block bugreport %}
                             {% set printBugReport = KOH_BUG_REPORT|default('') %}
                             {% if app.user and (is_granted('ROLE_ADMIN') and printBugReport == 'ROLE_ADMIN') or (is_granted('ROLE_USER') and printBugReport == 'ROLE_USER') %}
-                                <a class='sidebar-front' style='color:#a94442 !important;' href='{{ path('bugreport') }}' target='_blank'>
+                                <a class='sidebar-front' style='color:#a94442 !important;' href='{{ path('bugreport') }}' target='_blank' rel="noopener noreferrer">
                                 <i class="fa fa-lg fa-bug"></i>
                                 <span class="sr-only">{{ "Reporter un bug"|trans({}, 'messages') }}</span>
                                 </a>

templates/themes/kohinos/common/footer.html.twig

 <footer class="container clearfix footer">
 	{# TODO : ajouter crédit et lien vers la solution de gestion de la monnaie locale complémentaire libre de droits #}
-	<a href='http://www.kohinos.com' target='_blank'>Kohinos</a>
+	<a href='http://www.kohinos.com' target='_blank' rel="noopener noreferrer">Kohinos</a>
 	<span class='appversion'>
-		<a href='https://www.gnu.org/licenses/agpl-3.0.fr.html' target='_blank' style='color:grey;'>(Licence AGPL v3)</a>
+		<a href='https://www.gnu.org/licenses/agpl-3.0.fr.html' target='_blank' rel="noopener noreferrer" style='color:grey;'>(Licence AGPL v3)</a>
 		<span> - v{{ shivas_app_version }}</span>
 	</span>
 

templates/themes/kohinos/common/menu.html.twig

@@ -36,7 +36,7 @@
 		{% set printBugReport = KOH_BUG_REPORT|default('') %}
         {% if app.user and (is_granted('ROLE_ADMIN') and printBugReport == 'ROLE_ADMIN') or (is_granted('ROLE_USER') and printBugReport == 'ROLE_USER') %}
 			<li class="nav-item" role="menu-item">
-				<a class='nav-link text-warning' href='{{ path('bugreport') }}' target='_blank' data-toggle="tooltip" data-placement="bottom" title="{{ 'Reporter un bug'|trans }}">
+				<a class='nav-link text-warning' href='{{ path('bugreport') }}' target='_blank' rel="noopener noreferrer" data-toggle="tooltip" data-placement="bottom" title="{{ 'Reporter un bug'|trans }}">
 					<i class="fas fa-bug"></i>
 				</a>
 			</li>

templates/themes/kohinos/email/email_layout.html.twig

@@ -54,6 +54,6 @@
       <td></td>
     </tr>
 </table>
-<a href='http://www.kohinos.com' target='_blank'>Kohinos</a> <a href='https://www.gnu.org/licenses/agpl-3.0.fr.html' target='_blank' style='color:grey;'>(Licence AGPL v3)</a> <span class='appversion'> - v{{ shivas_app_version }}</span>
+<a href='http://www.kohinos.com' target='_blank' rel='noopener noreferrer'>Kohinos</a> <a href='https://www.gnu.org/licenses/agpl-3.0.fr.html' target='_blank' rel='noopener noreferrer' style='color:grey;'>(Licence AGPL v3)</a> <span class='appversion'> - v{{ shivas_app_version }}</span>
 </body>
 </html>
\ No newline at end of file

templates/themes/kohinos/presta/show.html.twig

@@ -48,7 +48,7 @@
             <h6 class="card-subtitle text-muted mb-3">{{'Horaires'|trans}} : {{ presta.horaires|raw }}</h6>
           {% endif %}
           {% if presta.web != null %}
-            <h6 class="card-subtitle mb-3">{{'Site web'|trans}} : <a href='{{ presta.web }}' target='_blank'>{{ presta.web }}</a></h6>
+            <h6 class="card-subtitle mb-3">{{'Site web'|trans}} : <a href='{{ presta.web }}' target='_blank' rel='noopener noreferrer'>{{ presta.web }}</a></h6>
           {% endif %}
           {# {% if presta.responsable != null and presta.metier != null %}
             <h6 class="card-title my-3">Responsable : {{ presta.responsable }} ({{ presta.metier }})</h6>