From 64bc9205ff15b4ac5dae07bcf4b94ce8ea809beb Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Tue, 2 Oct 2018 15:17:23 +0900
Subject: [PATCH] Add option to apply rel="nofollow" to all user-submitted
 links
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

참고: xpressengine/xe-core#2278

정상적인 사이트들 사이의 상호 교류를 저해할 위험이 있으므로
옵션으로 제공하고 기본값은 OFF로 함.
---
 common/defaults/config.php               | 3 +++
 common/framework/filters/htmlfilter.php  | 1 +
 modules/admin/admin.admin.controller.php | 1 +
 modules/admin/admin.admin.view.php       | 1 +
 modules/admin/lang/en.php                | 2 ++
 modules/admin/lang/ko.php                | 2 ++
 modules/admin/tpl/config_security.html   | 9 +++++++++
 7 files changed, 19 insertions(+)

diff --git a/common/defaults/config.php b/common/defaults/config.php
index de2059c96..3f14c2900 100644
--- a/common/defaults/config.php
+++ b/common/defaults/config.php
@@ -113,6 +113,9 @@ return array(
 		'object' => array(),
 		'classes' => array(),
 	),
+	'security' => array(
+		'nofollow' => false,
+	),
 	'mobile' => array(
 		'enabled' => true,
 		'tablets' => false,
diff --git a/common/framework/filters/htmlfilter.php b/common/framework/filters/htmlfilter.php
index 7ee1fa77e..c880a2e6a 100644
--- a/common/framework/filters/htmlfilter.php
+++ b/common/framework/filters/htmlfilter.php
@@ -149,6 +149,7 @@ class HTMLFilter
 			$config->set('Core.Encoding', 'UTF-8');
 			$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
 			$config->set('HTML.FlashAllowFullScreen', true);
+			$config->set('HTML.Nofollow', config('security.nofollow') ? true : false);
 			$config->set('HTML.MaxImgLength', null);
 			$config->set('CSS.MaxImgLength', null);
 			$config->set('CSS.Proprietary', true);
diff --git a/modules/admin/admin.admin.controller.php b/modules/admin/admin.admin.controller.php
index 7f5136405..9572a46f2 100644
--- a/modules/admin/admin.admin.controller.php
+++ b/modules/admin/admin.admin.controller.php
@@ -685,6 +685,7 @@ class adminAdminController extends admin
 		Rhymix\Framework\Config::set('session.use_keys', $vars->use_session_keys === 'Y');
 		Rhymix\Framework\Config::set('session.use_ssl', $vars->use_session_ssl === 'Y');
 		Rhymix\Framework\Config::set('session.use_ssl_cookies', $vars->use_cookies_ssl === 'Y');
+		Rhymix\Framework\Config::set('security.nofollow', $vars->use_nofollow === 'Y');
 		
 		// Save
 		if (!Rhymix\Framework\Config::save())
diff --git a/modules/admin/admin.admin.view.php b/modules/admin/admin.admin.view.php
index 6702a44b8..60b8135ff 100644
--- a/modules/admin/admin.admin.view.php
+++ b/modules/admin/admin.admin.view.php
@@ -444,6 +444,7 @@ class adminAdminView extends admin
 		Context::set('use_session_keys', Rhymix\Framework\Config::get('session.use_keys'));
 		Context::set('use_session_ssl', Rhymix\Framework\Config::get('session.use_ssl'));
 		Context::set('use_cookies_ssl', Rhymix\Framework\Config::get('session.use_ssl_cookies'));
+		Context::set('use_nofollow', Rhymix\Framework\Config::get('security.nofollow'));
 		
 		$this->setTemplateFile('config_security');
 	}
diff --git a/modules/admin/lang/en.php b/modules/admin/lang/en.php
index 1b414f3a5..1d9e7ae95 100644
--- a/modules/admin/lang/en.php
+++ b/modules/admin/lang/en.php
@@ -170,6 +170,8 @@ $lang->use_session_ssl = 'Use SSL-only session';
 $lang->about_use_session_ssl = 'Force the session to be SSL-only.<br>This helps improve security if your site always uses SSL.';
 $lang->use_cookies_ssl = 'Use SSL-only cookies';
 $lang->about_use_cookies_ssl = 'Force all cookies to be SSL-only.';
+$lang->use_nofollow = 'Use nofollow attribute';
+$lang->about_use_nofollow = 'Add rel=&quot;nofollow&quot; to all links submitted by users in order to reduce the effectiveness of spamming.<br>This does not apply to content submitted by the administrator.';
 $lang->use_object_cache = 'Use Cache';
 $lang->cache_default_ttl = 'Cache default TTL';
 $lang->cache_host = 'Host';
diff --git a/modules/admin/lang/ko.php b/modules/admin/lang/ko.php
index b440b4e67..feef4875b 100644
--- a/modules/admin/lang/ko.php
+++ b/modules/admin/lang/ko.php
@@ -171,6 +171,8 @@ $lang->use_session_ssl = 'SSL 전용 세션 사용';
 $lang->about_use_session_ssl = '세션을 SSL 전용으로 지정하여 SSL이 아닌 페이지에서는 사용할 수 없도록 합니다.<br>SSL을 항상 사용하도록 설정되어 있는 경우에만 활성화됩니다.';
 $lang->use_cookies_ssl = 'SSL 전용 쿠키 사용';
 $lang->about_use_cookies_ssl = '세션뿐 아니라 모든 쿠키를 SSL 전용으로 지정합니다.<br>SSL을 항상 사용하도록 설정되어 있는 경우에만 활성화됩니다.';
+$lang->use_nofollow = 'Nofollow 속성 사용';
+$lang->about_use_nofollow = '사용자들이 작성한 글에 포함된 모든 링크에 rel=&quot;nofollow&quot; 속성을 추가하여 스팸으로 인한 사이트 신뢰도 저하를 방지합니다.<br>관리자가 작성한 글에는 적용되지 않습니다.';
 $lang->use_object_cache = '캐시 사용';
 $lang->cache_default_ttl = '캐시 기본 TTL';
 $lang->cache_host = '호스트';
diff --git a/modules/admin/tpl/config_security.html b/modules/admin/tpl/config_security.html
index e6dbe3598..8bfe25717 100644
--- a/modules/admin/tpl/config_security.html
+++ b/modules/admin/tpl/config_security.html
@@ -66,6 +66,15 @@
 				<p class="x_help-block">{$lang->about_use_cookies_ssl}</p>
 			</div>
 		</div>
+		<div class="x_control-group">
+			<label class="x_control-label">{$lang->use_nofollow}</label>
+			<div class="x_controls">
+				<label for="use_nofollow_y" class="x_inline"><input type="radio" name="use_nofollow" id="use_nofollow_y" value="Y" checked="checked"|cond="$use_nofollow" /> {$lang->cmd_yes}</label>
+				<label for="use_nofollow_n" class="x_inline"><input type="radio" name="use_nofollow" id="use_nofollow_n" value="N" checked="checked"|cond="!$use_nofollow" /> {$lang->cmd_no}</label>
+				<br />
+				<p class="x_help-block">{$lang->about_use_nofollow}</p>
+			</div>
+		</div>
 		<div class="x_clearfix btnArea">
 			<div class="x_pull-right">
 				<button type="submit" class="x_btn x_btn-primary">{$lang->cmd_save}</button>