From 28386d747115598ccd4851e049084219b2f99fef Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Wed, 3 Feb 2016 15:23:24 -0800
Subject: admin security page for configuring white and black lists and other
 security options.

---
 mod/admin.php | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 mod/oep.php   | 13 +++++++++++--
 2 files changed, 73 insertions(+), 2 deletions(-)

(limited to 'mod')

diff --git a/mod/admin.php b/mod/admin.php
index b537992d7..7ca2efa35 100644
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -62,6 +62,9 @@ function admin_post(&$a){
 			case 'hubloc':
 				admin_page_hubloc_post($a);
 				break;
+			case 'security':
+				admin_page_security_post($a);
+				break;
 			case 'features':
 				admin_page_features_post($a);
 				break;
@@ -116,6 +119,9 @@ function admin_content(&$a) {
 //			case 'hubloc':
 //				$o = admin_page_hubloc($a);
 //				break;
+			case 'security':
+				$o = admin_page_security($a);
+				break;
 			case 'features':
 				$o = admin_page_features($a);
 				break;
@@ -536,6 +542,15 @@ function admin_page_hubloc_post(&$a){
 	goaway($a->get_baseurl(true) . '/admin/hubloc' );
 }
 
+function admin_page_security_post(&$a){
+	check_form_security_token_redirectOnErr('/admin/security', 'admin_security');
+
+
+	goaway(z_root() . '/admin/security');
+}
+
+
+
 
 function admin_page_features_post(&$a) {
 
@@ -626,6 +641,53 @@ function admin_page_hubloc(&$a) {
 	));
 }
 
+function admin_page_security(&$a) {
+
+	$whitesites = get_config('system','whitelisted_sites');
+	$whitesites_str = ((is_array($whitesites)) ? implode($whitesites,"\n") : '');
+
+	$blacksites = get_config('system','blacklisted_sites');
+	$blacksites_str = ((is_array($blacksites)) ? implode($blacksites,"\n") : '');
+
+
+	$whitechannels = get_config('system','whitelisted_channels');
+	$whitechannels_str = ((is_array($whitechannels)) ? implode($whitechannels,"\n") : '');
+
+	$blackchannels = get_config('system','blacklisted_channels');
+	$blackchannels_str = ((is_array($blackchannels)) ? implode($blackchannels,"\n") : '');
+
+
+	$whiteembeds = get_config('system','embed_allow');
+	$whiteembeds_str = ((is_array($whiteembeds)) ? implode($whiteembeds,"\n") : '');
+
+	$blackembeds = get_config('system','embed_deny');
+	$blackembeds_str = ((is_array($blackembeds)) ? implode($blackembeds,"\n") : '');
+
+	$embed_coop = intval(get_config('system','embed_coop'));
+
+	if((! $whiteembeds) && (! $blackembeds) && (! $embed_coop))
+		$blackembeds_str = "youtube.com\nyoutu.be\ntwitter.com\nvimeo.com\nsoundcloud.com";
+
+	$t = get_markup_template('admin_security.tpl');
+	return replace_macros($t, array(
+		'$title' => t('Administration'),
+		'$page' => t('Security'),
+		'$form_security_token' => get_form_security_token('admin_security'),
+        '$block_public'     => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently authenticated.")),
+		'$whitelisted_sites' => array('whitelisted_sites', t('Allow communications only from these sites'), $whitesites_str, t('One site per line. Leave empty to allow communication from anywhere by default')),
+		'$blacklisted_sites' => array('blacklisted_sites', t('Block communications from these sites'), $blacksites_str, ''),
+		'$whitelisted_channels' => array('whitelisted_channels', t('Allow communications only from these channels'), $whitechannels_str, t('One channel (hash) per line. Leave empty to allow from any channel by default')),
+		'$blacklisted_channels' => array('blacklisted_channels', t('Block communications from these channels'), $blackchannels_str, ''),
+		'$embed_allow' => array('embed_allow', t('Allow embedded HTML content only from these domains'), $whiteembeds_str, t('One site per line. Leave empty to allow from any site by default')),
+		'$embed_deny' => array('embed_deny', t('Block embedded HTML from these domains'), $blackembeds_str, ''),
+
+        '$embed_coop'     => array('embed_coop', t('Cooperative embed security'), $embed_coop, t('Enable to share embed security with other compatible sites/hubs')),
+		'$submit' => t('Submit')
+	));
+}
+
+
+
 
 function admin_page_dbsync(&$a) {
 	$o = '';
diff --git a/mod/oep.php b/mod/oep.php
index 3855a1b4a..42535c069 100644
--- a/mod/oep.php
+++ b/mod/oep.php
@@ -8,6 +8,7 @@ function oep_init(&$a) {
 
 	logger('oep: ' . print_r($_REQUEST,true), LOGGER_DEBUG, LOG_INFO);
 
+	$html = ((argc() > 1 && argv(1) === 'html') ? true : false);
 	if($_REQUEST['url']) {
 		$_REQUEST['url'] = strip_zids($_REQUEST['url']);
 		$url = $_REQUEST['url'];
@@ -38,8 +39,16 @@ function oep_init(&$a) {
 		$arr = oep_profile_reply($_REQUEST);
 
 	if($arr) {
-		header('Content-Type: application/json+oembed');
-		echo json_encode($arr);
+		if($html) {
+			if($arr['type'] === 'rich') {
+				header('Content-Type: text/html');
+				echo $arr['html'];
+			}
+		}
+		else {
+			header('Content-Type: application/json+oembed');
+			echo json_encode($arr);
+		}
 		killme();
 	}
 
-- 
cgit v1.2.3