aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module/Admin/Security.php
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2019-11-15 09:55:44 +0000
committerMario <mario@mariovavti.com>2019-11-15 09:55:44 +0000
commitde9a7f0fa909792656d26d369f2ff21c57fc1e4d (patch)
tree4ec11bdc7f3c62a4b5fad29a6740244eb6246cfa /Zotlabs/Module/Admin/Security.php
parent3009c88d246ddcafabf1965f88c5ebd8fe1717fd (diff)
downloadvolse-hubzilla-de9a7f0fa909792656d26d369f2ff21c57fc1e4d.tar.gz
volse-hubzilla-de9a7f0fa909792656d26d369f2ff21c57fc1e4d.tar.bz2
volse-hubzilla-de9a7f0fa909792656d26d369f2ff21c57fc1e4d.zip
make inline pdf a security option, move thumbnail security to security options from admin/site
Diffstat (limited to 'Zotlabs/Module/Admin/Security.php')
-rw-r--r--Zotlabs/Module/Admin/Security.php14
1 files changed, 11 insertions, 3 deletions
diff --git a/Zotlabs/Module/Admin/Security.php b/Zotlabs/Module/Admin/Security.php
index 80c1d85b7..16045f9ed 100644
--- a/Zotlabs/Module/Admin/Security.php
+++ b/Zotlabs/Module/Admin/Security.php
@@ -43,6 +43,12 @@ class Security {
$be = $this->trim_array_elems(explode("\n",$_POST['embed_deny']));
set_config('system','embed_deny',$be);
+
+ $thumbnail_security = ((x($_POST,'thumbnail_security')) ? intval($_POST['thumbnail_security']) : 0);
+ set_config('system', 'thumbnail_security' , $thumbnail_security);
+
+ $inline_pdf = ((x($_POST,'inline_pdf')) ? intval($_POST['inline_pdf']) : 0);
+ set_config('system', 'inline_pdf' , $inline_pdf);
$ts = ((x($_POST,'transport_security')) ? True : False);
set_config('system','transport_security_header',$ts);
@@ -86,7 +92,7 @@ class Security {
$embedhelp2 = t("The recommended setting is to only allow unfiltered HTML from the following sites:");
$embedhelp3 = t("https://youtube.com/<br />https://www.youtube.com/<br />https://youtu.be/<br />https://vimeo.com/<br />https://soundcloud.com/<br />");
$embedhelp4 = t("All other embedded content will be filtered, <strong>unless</strong> embedded content from that site is explicitly blocked.");
-
+
$t = get_markup_template('admin_security.tpl');
return replace_macros($t, array(
'$title' => t('Administration'),
@@ -106,7 +112,9 @@ class Security {
'$embed_sslonly' => array('embed_sslonly',t('Only allow embeds from secure (SSL) websites and links.'), intval(get_config('system','embed_sslonly')),''),
'$embed_allow' => array('embed_allow', t('Allow unfiltered embedded HTML content only from these domains'), $whiteembeds_str, t('One site per line. By default embedded content is filtered.')),
'$embed_deny' => array('embed_deny', t('Block embedded HTML from these domains'), $blackembeds_str, ''),
-
+ '$thumbnail_security' => [ 'thumbnail_security', t("Allow SVG thumbnails in file browser"), get_config('system','thumbnail_security',0), t("WARNING: SVG images may contain malicious code.") ],
+ '$inline_pdf' => [ 'inline_pdf', t("Allow embedded (inline) PDF files"), get_config('system','inline_pdf',0), '' ],
+
// '$embed_coop' => array('embed_coop', t('Cooperative embed security'), $embed_coop, t('Enable to share embed security with other compatible sites/hubs')),
'$submit' => t('Submit')
@@ -128,4 +136,4 @@ class Security {
}
-} \ No newline at end of file
+}