aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-02-03 15:23:24 -0800
committerredmatrix <git@macgirvin.com>2016-02-03 15:23:24 -0800
commit28386d747115598ccd4851e049084219b2f99fef (patch)
tree8fc15cccf8cadebfc78c8653478de95add18dc5c
parenta7ed50ecd4b4defbc1d5fdf0bb4fd7d65d08a0fd (diff)
downloadvolse-hubzilla-28386d747115598ccd4851e049084219b2f99fef.tar.gz
volse-hubzilla-28386d747115598ccd4851e049084219b2f99fef.tar.bz2
volse-hubzilla-28386d747115598ccd4851e049084219b2f99fef.zip
admin security page for configuring white and black lists and other security options.
-rw-r--r--mod/admin.php62
-rw-r--r--mod/oep.php13
-rw-r--r--version.inc2
-rwxr-xr-xview/tpl/admin_security.tpl29
4 files changed, 103 insertions, 3 deletions
diff --git a/mod/admin.php b/mod/admin.php
index b537992d7..7ca2efa35 100644
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -62,6 +62,9 @@ function admin_post(&$a){
case 'hubloc':
admin_page_hubloc_post($a);
break;
+ case 'security':
+ admin_page_security_post($a);
+ break;
case 'features':
admin_page_features_post($a);
break;
@@ -116,6 +119,9 @@ function admin_content(&$a) {
// case 'hubloc':
// $o = admin_page_hubloc($a);
// break;
+ case 'security':
+ $o = admin_page_security($a);
+ break;
case 'features':
$o = admin_page_features($a);
break;
@@ -536,6 +542,15 @@ function admin_page_hubloc_post(&$a){
goaway($a->get_baseurl(true) . '/admin/hubloc' );
}
+function admin_page_security_post(&$a){
+ check_form_security_token_redirectOnErr('/admin/security', 'admin_security');
+
+
+ goaway(z_root() . '/admin/security');
+}
+
+
+
function admin_page_features_post(&$a) {
@@ -626,6 +641,53 @@ function admin_page_hubloc(&$a) {
));
}
+function admin_page_security(&$a) {
+
+ $whitesites = get_config('system','whitelisted_sites');
+ $whitesites_str = ((is_array($whitesites)) ? implode($whitesites,"\n") : '');
+
+ $blacksites = get_config('system','blacklisted_sites');
+ $blacksites_str = ((is_array($blacksites)) ? implode($blacksites,"\n") : '');
+
+
+ $whitechannels = get_config('system','whitelisted_channels');
+ $whitechannels_str = ((is_array($whitechannels)) ? implode($whitechannels,"\n") : '');
+
+ $blackchannels = get_config('system','blacklisted_channels');
+ $blackchannels_str = ((is_array($blackchannels)) ? implode($blackchannels,"\n") : '');
+
+
+ $whiteembeds = get_config('system','embed_allow');
+ $whiteembeds_str = ((is_array($whiteembeds)) ? implode($whiteembeds,"\n") : '');
+
+ $blackembeds = get_config('system','embed_deny');
+ $blackembeds_str = ((is_array($blackembeds)) ? implode($blackembeds,"\n") : '');
+
+ $embed_coop = intval(get_config('system','embed_coop'));
+
+ if((! $whiteembeds) && (! $blackembeds) && (! $embed_coop))
+ $blackembeds_str = "youtube.com\nyoutu.be\ntwitter.com\nvimeo.com\nsoundcloud.com";
+
+ $t = get_markup_template('admin_security.tpl');
+ return replace_macros($t, array(
+ '$title' => t('Administration'),
+ '$page' => t('Security'),
+ '$form_security_token' => get_form_security_token('admin_security'),
+ '$block_public' => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently authenticated.")),
+ '$whitelisted_sites' => array('whitelisted_sites', t('Allow communications only from these sites'), $whitesites_str, t('One site per line. Leave empty to allow communication from anywhere by default')),
+ '$blacklisted_sites' => array('blacklisted_sites', t('Block communications from these sites'), $blacksites_str, ''),
+ '$whitelisted_channels' => array('whitelisted_channels', t('Allow communications only from these channels'), $whitechannels_str, t('One channel (hash) per line. Leave empty to allow from any channel by default')),
+ '$blacklisted_channels' => array('blacklisted_channels', t('Block communications from these channels'), $blackchannels_str, ''),
+ '$embed_allow' => array('embed_allow', t('Allow embedded HTML content only from these domains'), $whiteembeds_str, t('One site per line. Leave empty to allow from any site by default')),
+ '$embed_deny' => array('embed_deny', t('Block embedded HTML from these domains'), $blackembeds_str, ''),
+
+ '$embed_coop' => array('embed_coop', t('Cooperative embed security'), $embed_coop, t('Enable to share embed security with other compatible sites/hubs')),
+ '$submit' => t('Submit')
+ ));
+}
+
+
+
function admin_page_dbsync(&$a) {
$o = '';
diff --git a/mod/oep.php b/mod/oep.php
index 3855a1b4a..42535c069 100644
--- a/mod/oep.php
+++ b/mod/oep.php
@@ -8,6 +8,7 @@ function oep_init(&$a) {
logger('oep: ' . print_r($_REQUEST,true), LOGGER_DEBUG, LOG_INFO);
+ $html = ((argc() > 1 && argv(1) === 'html') ? true : false);
if($_REQUEST['url']) {
$_REQUEST['url'] = strip_zids($_REQUEST['url']);
$url = $_REQUEST['url'];
@@ -38,8 +39,16 @@ function oep_init(&$a) {
$arr = oep_profile_reply($_REQUEST);
if($arr) {
- header('Content-Type: application/json+oembed');
- echo json_encode($arr);
+ if($html) {
+ if($arr['type'] === 'rich') {
+ header('Content-Type: text/html');
+ echo $arr['html'];
+ }
+ }
+ else {
+ header('Content-Type: application/json+oembed');
+ echo json_encode($arr);
+ }
killme();
}
diff --git a/version.inc b/version.inc
index 1d1ae17f2..acec8d8d9 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2016-02-02.1297H
+2016-02-03.1298H
diff --git a/view/tpl/admin_security.tpl b/view/tpl/admin_security.tpl
new file mode 100755
index 000000000..62120c17c
--- /dev/null
+++ b/view/tpl/admin_security.tpl
@@ -0,0 +1,29 @@
+<div class="generic-content-wrapper-styled" id='adminpage'>
+ <h1>{{$title}} - {{$page}}</h1>
+
+ <form action="{{$baseurl}}/admin/security" method="post">
+
+
+ {{include file="field_checkbox.tpl" field=$block_public}}
+
+
+ {{include file="field_textarea.tpl" field=$whitelisted_sites}}
+ {{include file="field_textarea.tpl" field=$blacklisted_sites}}
+
+ {{include file="field_textarea.tpl" field=$whitelisted_channels}}
+ {{include file="field_textarea.tpl" field=$blacklisted_channels}}
+
+
+ {{include file="field_checkbox.tpl" field=$embed_coop}}
+
+ {{include file="field_textarea.tpl" field=$embed_allow}}
+ {{include file="field_textarea.tpl" field=$embed_deny}}
+
+
+ <div class="admin-submit-wrapper" >
+ <input type="submit" name="submit" class="admin-submit" value="{{$submit}}" />
+ </div>
+
+ </form>
+
+</div>