fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-09 20:12:14 +09:00
Code Issues Projects Releases Packages Wiki Activity

Update all other places to use new MediaFilter class

Browse source
This commit is contained in:
Kijin Sung 2016-03-13 09:59:26 +09:00
parent 7ecd9230c2
commit 2effbea06f
6 changed files with 29 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

4
classes/context/Context.class.php
View file

@ -574,8 +574,8 @@ class Context
$db_info->sitelock_title = $config['lock']['title']; $db_info->sitelock_title = $config['lock']['title'];
$db_info->sitelock_message = $config['lock']['message']; $db_info->sitelock_message = $config['lock']['message'];
$db_info->sitelock_whitelist = count($config['lock']['allow']) ? $config['lock']['allow'] : array('127.0.0.1'); $db_info->sitelock_whitelist = count($config['lock']['allow']) ? $config['lock']['allow'] : array('127.0.0.1');
$db_info->embed_white_iframe = $config['embedfilter']['iframe']; $db_info->embed_white_iframe = $config['mediafilter']['iframe'] ?: $config['embedfilter']['iframe'];
$db_info->embed_white_object = $config['embedfilter']['object']; $db_info->embed_white_object = $config['mediafilter']['object'] ?: $config['embedfilter']['object'];
$db_info->use_mobile_view = $config['use_mobile_view'] ? 'Y' : 'N'; $db_info->use_mobile_view = $config['use_mobile_view'] ? 'Y' : 'N';
$db_info->use_prepared_statements = $config['use_prepared_statements'] ? 'Y' : 'N'; $db_info->use_prepared_statements = $config['use_prepared_statements'] ? 'Y' : 'N';
$db_info->use_rewrite = $config['use_rewrite'] ? 'Y' : 'N'; $db_info->use_rewrite = $config['use_rewrite'] ? 'Y' : 'N';

2
common/defaults/config.php
View file

@ -97,7 +97,7 @@ return array(
'display_to' => 'admin', 'display_to' => 'admin',
'allow' => array(), 'allow' => array(),
), ),
'embedfilter' => array( 'mediafilter' => array(
'iframe' => array(), 'iframe' => array(),
'object' => array(), 'object' => array(),
), ),

6
common/framework/compat/configparser.php
View file

@ -216,14 +216,14 @@ class ConfigParser
} }
$config['lock']['allow'] = array_values($db_info->sitelock_whitelist); $config['lock']['allow'] = array_values($db_info->sitelock_whitelist);
// Convert embed filter configuration. // Convert media filter configuration.
if (is_array($db_info->embed_white_iframe)) if (is_array($db_info->embed_white_iframe))
{ {
$whitelist = array_unique(array_map(function($item) { $whitelist = array_unique(array_map(function($item) {
return preg_match('@^https?://(.*)$@i', $item, $matches) ? $matches[1] : $item; return preg_match('@^https?://(.*)$@i', $item, $matches) ? $matches[1] : $item;
}, $db_info->embed_white_iframe)); }, $db_info->embed_white_iframe));
natcasesort($whitelist); natcasesort($whitelist);
$config['embedfilter']['iframe'] = $whitelist; $config['mediafilter']['iframe'] = $whitelist;
} }
if (is_array($db_info->embed_white_object)) if (is_array($db_info->embed_white_object))
{ {
@ -231,7 +231,7 @@ class ConfigParser
return preg_match('@^https?://(.*)$@i', $item, $matches) ? $matches[1] : $item; return preg_match('@^https?://(.*)$@i', $item, $matches) ? $matches[1] : $item;
}, $db_info->embed_white_object)); }, $db_info->embed_white_object));
natcasesort($whitelist); natcasesort($whitelist);
$config['embedfilter']['object'] = $whitelist; $config['mediafilter']['object'] = $whitelist;
} }
// Convert miscellaneous configuration. // Convert miscellaneous configuration.

29
modules/admin/admin.admin.controller.php
View file

@ -556,26 +556,31 @@ class adminAdminController extends admin
$vars = Context::getRequestVars(); $vars = Context::getRequestVars();
// iframe filter // iframe filter
$embed_iframe = $vars->embedfilter_iframe; $iframe_whitelist = $vars->mediafilter_iframe;
$embed_iframe = array_filter(array_map('trim', preg_split('/[\r\n]/', $embed_iframe)), function($item) { $iframe_whitelist = array_filter(array_map('trim', preg_split('/[\r\n]/', $iframe_whitelist)), function($item) {
return $item !== ''; return $item !== '';
}); });
$embed_iframe = array_unique(array_map(function($item) { $iframe_whitelist = array_unique(array_map(function($item) {
return preg_match('@^https?://(.*)$@i', $item, $matches) ? $matches[1] : $item; return preg_match('@^https?://(.*)$@i', $item, $matches) ? $matches[1] : $item;
}, $embed_iframe)); }, $iframe_whitelist));
natcasesort($embed_iframe); natcasesort($iframe_whitelist);
Rhymix\Framework\Config::set('embedfilter.iframe', array_values($embed_iframe)); Rhymix\Framework\Config::set('mediafilter.iframe', array_values($iframe_whitelist));
// object filter // object filter
$embed_object = $vars->embedfilter_object; $object_whitelist = $vars->mediafilter_object;
$embed_object = array_filter(array_map('trim', preg_split('/[\r\n]/', $embed_object)), function($item) { $object_whitelist = array_filter(array_map('trim', preg_split('/[\r\n]/', $object_whitelist)), function($item) {
return $item !== ''; return $item !== '';
}); });
$embed_object = array_unique(array_map(function($item) { $object_whitelist = array_unique(array_map(function($item) {
return preg_match('@^https?://(.*)$@i', $item, $matches) ? $matches[1] : $item; return preg_match('@^https?://(.*)$@i', $item, $matches) ? $matches[1] : $item;
}, $embed_object)); }, $object_whitelist));
natcasesort($embed_object); natcasesort($object_whitelist);
Rhymix\Framework\Config::set('embedfilter.object', array_values($embed_object)); Rhymix\Framework\Config::set('mediafilter.object', array_values($object_whitelist));
// Remove old embed filter
$config = Rhymix\Framework\Config::getAll();
unset($config['embedfilter']);
Rhymix\Framework\Config::setAll($config);
// Admin IP access control // Admin IP access control
$allowed_ip = array_map('trim', preg_split('/[\r\n]/', $vars->admin_allowed_ip)); $allowed_ip = array_map('trim', preg_split('/[\r\n]/', $vars->admin_allowed_ip));

5
modules/admin/admin.admin.view.php
View file

@ -418,9 +418,8 @@ class adminAdminView extends admin
function dispAdminConfigSecurity() function dispAdminConfigSecurity()
{ {
// Load embed filter. // Load embed filter.
$oEmbedFilter = EmbedFilter::getInstance(); context::set('mediafilter_iframe', implode(PHP_EOL, Rhymix\Framework\Security\MediaFilter::getIframeWhitelist()));
context::set('embedfilter_iframe', implode(PHP_EOL, $oEmbedFilter->whiteIframeUrlList)); context::set('mediafilter_object', implode(PHP_EOL, Rhymix\Framework\Security\MediaFilter::getObjectWhitelist()));
context::set('embedfilter_object', implode(PHP_EOL, $oEmbedFilter->whiteUrlList));
// Admin IP access control // Admin IP access control
$allowed_ip = Rhymix\Framework\Config::get('admin.allow'); $allowed_ip = Rhymix\Framework\Config::get('admin.allow');

8
modules/admin/tpl/config_security.html
View file

@ -8,15 +8,15 @@
<input type="hidden" name="act" value="procAdminUpdateSecurity" /> <input type="hidden" name="act" value="procAdminUpdateSecurity" />
<input type="hidden" name="xe_validator_id" value="modules/admin/tpl/config_security/1" /> <input type="hidden" name="xe_validator_id" value="modules/admin/tpl/config_security/1" />
<div class="x_control-group"> <div class="x_control-group">
<label class="x_control-label" for="embedfilter_iframe">iframe</label> <label class="x_control-label" for="mediafilter_iframe">iframe</label>
<div class="x_controls" style="margin-right:14px"> <div class="x_controls" style="margin-right:14px">
<textarea name="embedfilter_iframe" id="embedfilter_iframe" rows="8" style="width:100%;">{$embedfilter_iframe}</textarea> <textarea name="mediafilter_iframe" id="mediafilter_iframe" rows="8" style="width:100%;">{$mediafilter_iframe}</textarea>
</div> </div>
</div> </div>
<div class="x_control-group"> <div class="x_control-group">
<label class="x_control-label" for="embedfilter_object">object/embed</label> <label class="x_control-label" for="mediafilter_object">object/embed</label>
<div class="x_controls" style="margin-right:14px"> <div class="x_controls" style="margin-right:14px">
<textarea name="embedfilter_object" id="embedfilter_object" rows="8" style="width:100%;">{$embedfilter_object}</textarea> <textarea name="mediafilter_object" id="mediafilter_object" rows="8" style="width:100%;">{$mediafilter_object}</textarea>
</div> </div>
</div> </div>
<div class="x_control-group"> <div class="x_control-group">