diff options
author | redmatrix <git@macgirvin.com> | 2016-02-03 15:23:24 -0800 |
---|---|---|
committer | redmatrix <git@macgirvin.com> | 2016-02-03 15:23:24 -0800 |
commit | 28386d747115598ccd4851e049084219b2f99fef (patch) | |
tree | 8fc15cccf8cadebfc78c8653478de95add18dc5c /mod | |
parent | a7ed50ecd4b4defbc1d5fdf0bb4fd7d65d08a0fd (diff) | |
download | volse-hubzilla-28386d747115598ccd4851e049084219b2f99fef.tar.gz volse-hubzilla-28386d747115598ccd4851e049084219b2f99fef.tar.bz2 volse-hubzilla-28386d747115598ccd4851e049084219b2f99fef.zip |
admin security page for configuring white and black lists and other security options.
Diffstat (limited to 'mod')
-rw-r--r-- | mod/admin.php | 62 | ||||
-rw-r--r-- | mod/oep.php | 13 |
2 files changed, 73 insertions, 2 deletions
diff --git a/mod/admin.php b/mod/admin.php index b537992d7..7ca2efa35 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -62,6 +62,9 @@ function admin_post(&$a){ case 'hubloc': admin_page_hubloc_post($a); break; + case 'security': + admin_page_security_post($a); + break; case 'features': admin_page_features_post($a); break; @@ -116,6 +119,9 @@ function admin_content(&$a) { // case 'hubloc': // $o = admin_page_hubloc($a); // break; + case 'security': + $o = admin_page_security($a); + break; case 'features': $o = admin_page_features($a); break; @@ -536,6 +542,15 @@ function admin_page_hubloc_post(&$a){ goaway($a->get_baseurl(true) . '/admin/hubloc' ); } +function admin_page_security_post(&$a){ + check_form_security_token_redirectOnErr('/admin/security', 'admin_security'); + + + goaway(z_root() . '/admin/security'); +} + + + function admin_page_features_post(&$a) { @@ -626,6 +641,53 @@ function admin_page_hubloc(&$a) { )); } +function admin_page_security(&$a) { + + $whitesites = get_config('system','whitelisted_sites'); + $whitesites_str = ((is_array($whitesites)) ? implode($whitesites,"\n") : ''); + + $blacksites = get_config('system','blacklisted_sites'); + $blacksites_str = ((is_array($blacksites)) ? implode($blacksites,"\n") : ''); + + + $whitechannels = get_config('system','whitelisted_channels'); + $whitechannels_str = ((is_array($whitechannels)) ? implode($whitechannels,"\n") : ''); + + $blackchannels = get_config('system','blacklisted_channels'); + $blackchannels_str = ((is_array($blackchannels)) ? implode($blackchannels,"\n") : ''); + + + $whiteembeds = get_config('system','embed_allow'); + $whiteembeds_str = ((is_array($whiteembeds)) ? implode($whiteembeds,"\n") : ''); + + $blackembeds = get_config('system','embed_deny'); + $blackembeds_str = ((is_array($blackembeds)) ? implode($blackembeds,"\n") : ''); + + $embed_coop = intval(get_config('system','embed_coop')); + + if((! $whiteembeds) && (! $blackembeds) && (! $embed_coop)) + $blackembeds_str = "youtube.com\nyoutu.be\ntwitter.com\nvimeo.com\nsoundcloud.com"; + + $t = get_markup_template('admin_security.tpl'); + return replace_macros($t, array( + '$title' => t('Administration'), + '$page' => t('Security'), + '$form_security_token' => get_form_security_token('admin_security'), + '$block_public' => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently authenticated.")), + '$whitelisted_sites' => array('whitelisted_sites', t('Allow communications only from these sites'), $whitesites_str, t('One site per line. Leave empty to allow communication from anywhere by default')), + '$blacklisted_sites' => array('blacklisted_sites', t('Block communications from these sites'), $blacksites_str, ''), + '$whitelisted_channels' => array('whitelisted_channels', t('Allow communications only from these channels'), $whitechannels_str, t('One channel (hash) per line. Leave empty to allow from any channel by default')), + '$blacklisted_channels' => array('blacklisted_channels', t('Block communications from these channels'), $blackchannels_str, ''), + '$embed_allow' => array('embed_allow', t('Allow embedded HTML content only from these domains'), $whiteembeds_str, t('One site per line. Leave empty to allow from any site by default')), + '$embed_deny' => array('embed_deny', t('Block embedded HTML from these domains'), $blackembeds_str, ''), + + '$embed_coop' => array('embed_coop', t('Cooperative embed security'), $embed_coop, t('Enable to share embed security with other compatible sites/hubs')), + '$submit' => t('Submit') + )); +} + + + function admin_page_dbsync(&$a) { $o = ''; diff --git a/mod/oep.php b/mod/oep.php index 3855a1b4a..42535c069 100644 --- a/mod/oep.php +++ b/mod/oep.php @@ -8,6 +8,7 @@ function oep_init(&$a) { logger('oep: ' . print_r($_REQUEST,true), LOGGER_DEBUG, LOG_INFO); + $html = ((argc() > 1 && argv(1) === 'html') ? true : false); if($_REQUEST['url']) { $_REQUEST['url'] = strip_zids($_REQUEST['url']); $url = $_REQUEST['url']; @@ -38,8 +39,16 @@ function oep_init(&$a) { $arr = oep_profile_reply($_REQUEST); if($arr) { - header('Content-Type: application/json+oembed'); - echo json_encode($arr); + if($html) { + if($arr['type'] === 'rich') { + header('Content-Type: text/html'); + echo $arr['html']; + } + } + else { + header('Content-Type: application/json+oembed'); + echo json_encode($arr); + } killme(); } |