From ca9491d343cd03acfb0bb48017df48ca8ffb761d Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Sat, 29 Apr 2023 22:43:49 +0200
Subject: move trusted directory servers to security and implement in backend

---
 Zotlabs/Lib/Libzotdir.php         |  2 +-
 Zotlabs/Module/Admin/Security.php | 61 ++++++++++++++++++++++-----------------
 Zotlabs/Module/Admin/Site.php     |  6 ----
 view/tpl/admin_security.tpl       |  5 +++-
 view/tpl/admin_site.tpl           |  3 --
 5 files changed, 40 insertions(+), 37 deletions(-)

diff --git a/Zotlabs/Lib/Libzotdir.php b/Zotlabs/Lib/Libzotdir.php
index 1f3c4d728..6c4c4965e 100644
--- a/Zotlabs/Lib/Libzotdir.php
+++ b/Zotlabs/Lib/Libzotdir.php
@@ -232,7 +232,7 @@ class Libzotdir {
 		if (! $r)
 			return;
 
-		$dir_trusted_hosts = get_directory_fallback_servers();
+		$dir_trusted_hosts = array_merge(get_directory_fallback_servers(), get_config('system', 'trusted_directory_servers'));
 
 		foreach ($r as $rr) {
 			if (! $rr['site_directory'])
diff --git a/Zotlabs/Module/Admin/Security.php b/Zotlabs/Module/Admin/Security.php
index 16045f9ed..499572170 100644
--- a/Zotlabs/Module/Admin/Security.php
+++ b/Zotlabs/Module/Admin/Security.php
@@ -7,12 +7,12 @@ class Security {
 
 	function post() {
 		check_form_security_token_redirectOnErr('/admin/security', 'admin_security');
-	
+
 		$allowed_email        = ((x($_POST,'allowed_email'))	    ? notags(trim($_POST['allowed_email']))		: '');
 		$not_allowed_email    = ((x($_POST,'not_allowed_email'))	? notags(trim($_POST['not_allowed_email']))		: '');
 
 		set_config('system','allowed_email', $allowed_email);
-		set_config('system','not_allowed_email', $not_allowed_email);	
+		set_config('system','not_allowed_email', $not_allowed_email);
 
 		$block_public         = ((x($_POST,'block_public'))		? True	: False);
 		set_config('system','block_public',$block_public);
@@ -25,22 +25,22 @@ class Security {
 
 		$ws = $this->trim_array_elems(explode("\n",$_POST['whitelisted_sites']));
 		set_config('system','whitelisted_sites',$ws);
-	
+
 		$bs = $this->trim_array_elems(explode("\n",$_POST['blacklisted_sites']));
 		set_config('system','blacklisted_sites',$bs);
-	
+
 		$wc = $this->trim_array_elems(explode("\n",$_POST['whitelisted_channels']));
 		set_config('system','whitelisted_channels',$wc);
-	
+
 		$bc = $this->trim_array_elems(explode("\n",$_POST['blacklisted_channels']));
 		set_config('system','blacklisted_channels',$bc);
-	
+
 		$embed_sslonly         = ((x($_POST,'embed_sslonly'))		? True	: False);
 		set_config('system','embed_sslonly',$embed_sslonly);
-	
+
 		$we = $this->trim_array_elems(explode("\n",$_POST['embed_allow']));
 		set_config('system','embed_allow',$we);
-	
+
 		$be = $this->trim_array_elems(explode("\n",$_POST['embed_deny']));
 		set_config('system','embed_deny',$be);
 
@@ -49,47 +49,54 @@ class Security {
 
 		$inline_pdf = ((x($_POST,'inline_pdf')) ? intval($_POST['inline_pdf']) : 0);
 		set_config('system', 'inline_pdf' , $inline_pdf);
-	
+
 		$ts = ((x($_POST,'transport_security')) ? True : False);
 		set_config('system','transport_security_header',$ts);
 
 		$cs = ((x($_POST,'content_security')) ? True : False);
 		set_config('system','content_security_policy',$cs);
 
+		$trusted_directory_servers = $this->trim_array_elems(explode("\n", $_POST['trusted_directory_servers']));
+		set_config('system', 'trusted_directory_servers', $trusted_directory_servers);
+
 		goaway(z_root() . '/admin/security');
 	}
-	
-	
+
+
 
 	function get() {
-	
+
 		$whitesites = get_config('system','whitelisted_sites');
 		$whitesites_str = ((is_array($whitesites)) ? implode("\n",$whitesites) : '');
-	
+
 		$blacksites = get_config('system','blacklisted_sites');
 		$blacksites_str = ((is_array($blacksites)) ? implode("\n",$blacksites) : '');
-	
-	
+
+
 		$whitechannels = get_config('system','whitelisted_channels');
 		$whitechannels_str = ((is_array($whitechannels)) ? implode("\n",$whitechannels) : '');
-	
+
 		$blackchannels = get_config('system','blacklisted_channels');
 		$blackchannels_str = ((is_array($blackchannels)) ? implode("\n",$blackchannels) : '');
-	
-	
+
+
 		$whiteembeds = get_config('system','embed_allow');
 		$whiteembeds_str = ((is_array($whiteembeds)) ? implode("\n",$whiteembeds) : '');
-	
+
 		$blackembeds = get_config('system','embed_deny');
 		$blackembeds_str = ((is_array($blackembeds)) ? implode("\n",$blackembeds) : '');
-	
+
+		$trusted_directory_servers = get_config('system', 'trusted_directory_servers');
+		$trusted_directory_servers_str = ((is_array($trusted_directory_servers)) ? implode("\n", $trusted_directory_servers) : '');
+		$is_dir = (intval(get_config('system', 'directory_mode', DIRECTORY_MODE_NORMAL)) !== DIRECTORY_MODE_NORMAL);
+
 		$embed_coop = intval(get_config('system','embed_coop'));
-	
+
 		if((! $whiteembeds) && (! $blackembeds)) {
 			$embedhelp1 = t("By default, unfiltered HTML is allowed in embedded media. This is inherently insecure.");
 		}
 
-		$embedhelp2 = t("The recommended setting is to only allow unfiltered HTML from the following sites:"); 
+		$embedhelp2 = t("The recommended setting is to only allow unfiltered HTML from the following sites:");
 		$embedhelp3 = t("https://youtube.com/<br />https://www.youtube.com/<br />https://youtu.be/<br />https://vimeo.com/<br />https://soundcloud.com/<br />");
 		$embedhelp4 = t("All other embedded content will be filtered, <strong>unless</strong> embedded content from that site is explicitly blocked.");
 
@@ -99,7 +106,7 @@ class Security {
 			'$page' => t('Security'),
 			'$form_security_token' => get_form_security_token('admin_security'),
 	        '$block_public'     => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently authenticated.")),
-			'$cloud_noroot'     => [ 'cloud_noroot', t('Provide a cloud root directory'), 1 - intval(get_config('system','cloud_disable_siteroot')), t('The cloud root directory lists all channel names which provide public files') ], 
+			'$cloud_noroot'     => [ 'cloud_noroot', t('Provide a cloud root directory'), 1 - intval(get_config('system','cloud_disable_siteroot')), t('The cloud root directory lists all channel names which provide public files') ],
 			'$cloud_disksize'     => [ 'cloud_disksize', t('Show total disk space available to cloud uploads'), intval(get_config('system','cloud_report_disksize')), '' ],
 			'$transport_security' => array('transport_security', t('Set "Transport Security" HTTP header'),intval(get_config('system','transport_security_header')),''),
 			'$content_security' => array('content_security', t('Set "Content Security Policy" HTTP header'),intval(get_config('system','content_security_policy')),''),
@@ -115,6 +122,8 @@ class Security {
 			'$thumbnail_security'   => [ 'thumbnail_security', t("Allow SVG thumbnails in file browser"), get_config('system','thumbnail_security',0), t("WARNING: SVG images may contain malicious code.") ],
 			'$inline_pdf'   => [ 'inline_pdf', t("Allow embedded (inline) PDF files"), get_config('system','inline_pdf',0), '' ],
 
+			'$trusted_directory_servers' => (($is_dir) ? ['trusted_directory_servers', t('Additional trusted directory server URLs'), $trusted_directory_servers_str, t('Accept directory flags (spam, nsfw) from those servers. One per line like https://example.tld')] : ''),
+
 //	        '$embed_coop'     => array('embed_coop', t('Cooperative embed security'), $embed_coop, t('Enable to share embed security with other compatible sites/hubs')),
 
 			'$submit' => t('Submit')
@@ -124,7 +133,7 @@ class Security {
 
 	function trim_array_elems($arr) {
 		$narr = array();
-	
+
 		if($arr && is_array($arr)) {
 			for($x = 0; $x < count($arr); $x ++) {
 				$y = trim($arr[$x]);
@@ -134,6 +143,6 @@ class Security {
 		}
 		return $narr;
 	}
-	
-	
+
+
 }
diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php
index 9c26bad7a..b24821b28 100644
--- a/Zotlabs/Module/Admin/Site.php
+++ b/Zotlabs/Module/Admin/Site.php
@@ -60,7 +60,6 @@ class Site {
 		}
 		$mirror_frontpage	=	((x($_POST,'mirror_frontpage'))	? intval(trim($_POST['mirror_frontpage']))		: 0);
 		$directory_server	=	((x($_POST,'directory_server')) ? trim($_POST['directory_server']) : '');
-		$trusted_directory_servers = ((!empty($_POST['trusted_directory_servers'])) ? trim($_POST['trusted_directory_servers']) : '');
 		$allowed_sites		=	((x($_POST,'allowed_sites'))	? notags(trim($_POST['allowed_sites']))		: '');
 		$force_publish		=	((x($_POST,'publish_all'))		? True	: False);
 		$disable_discover_tab =	((x($_POST,'disable_discover_tab'))		? False	:	True);
@@ -167,10 +166,6 @@ class Site {
 		if($directory_server)
 			set_config('system','directory_server',$directory_server);
 
-		if($trusted_directory_servers) {
-			set_config('system', 'trusted_directory_servers', $trusted_directory_servers);
-		}
-
 		if ($banner == '') {
 			del_config('system', 'banner');
 		} else {
@@ -529,7 +524,6 @@ class Site {
 			'$from_email_name' => [ 'from_email_name', t('Name of email sender for system generated email.'), get_config('system','from_email_name',\Zotlabs\Lib\System::get_site_name()),'' ],
 
 			'$directory_server' => (($dir_choices) ? array('directory_server', t("Directory Server URL"), get_config('system','directory_server'), t("Default directory server"), $dir_choices) : null),
-			'$trusted_directory_servers' => ((!$dir_choices) ? ['trusted_directory_servers', t('Additional trusted directory server URLs'), get_config('system','trusted_directory_servers'), t('Accept directory flags (spam, nsfw) from those servers. One per line like https://example.tld')] : ''),
 
 			'$sse_enabled'		=> array('sse_enabled', t('Enable SSE Notifications'), get_config('system', 'sse_enabled', 0), t('If disabled, traditional polling will be used. Warning: this setting might not be suited for shared hosting')),
 
diff --git a/view/tpl/admin_security.tpl b/view/tpl/admin_security.tpl
index 3cc23f5b2..29c6bcb34 100644
--- a/view/tpl/admin_security.tpl
+++ b/view/tpl/admin_security.tpl
@@ -17,7 +17,7 @@
 	{{include file="field_checkbox.tpl" field=$inline_pdf}}
 
 	{{include file="field_textarea.tpl" field=$allowed_email}}
-	{{include file="field_textarea.tpl" field=$not_allowed_email}}	
+	{{include file="field_textarea.tpl" field=$not_allowed_email}}
 
 	{{include file="field_textarea.tpl" field=$whitelisted_sites}}
 	{{include file="field_textarea.tpl" field=$blacklisted_sites}}
@@ -27,6 +27,9 @@
 
 	{{include file="field_textarea.tpl" field=$embed_allow}}
 	{{include file="field_textarea.tpl" field=$embed_deny}}
+	{{if $trusted_directory_servers}}
+		{{include file="field_textarea.tpl" field=$trusted_directory_servers}}
+	{{/if}}
 
 
 	<div class="admin-submit-wrapper">
diff --git a/view/tpl/admin_site.tpl b/view/tpl/admin_site.tpl
index 0e5b91376..bad68361b 100644
--- a/view/tpl/admin_site.tpl
+++ b/view/tpl/admin_site.tpl
@@ -24,9 +24,6 @@
 	{{if $directory_server}}
 		{{include file="field_select.tpl" field=$directory_server}}
 	{{/if}}
-	{{if $trusted_directory_servers}}
-		{{include file="field_textarea.tpl" field=$trusted_directory_servers}}
-	{{/if}}
 
 	<div class="submit">
 	    <input type="submit" name="page_site" class="btn btn-primary" value="{{$submit}}" />
-- 
cgit v1.2.3