mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-09 03:32:00 +09:00
Merge branch 'feature/embed-whitelist' into develop
This commit is contained in:
bnu
commit
880b9a25b8
7 changed files with 163 additions and 178 deletions
|
|
@ -441,6 +441,23 @@ body,table,input,textarea,select,button{font-family:나눔고딕,NanumGothic,NG,
|
|||
<dd>파일박스를 관리할 수 있습니다. 파일박스는 관리자가 재사용할 수 있는 이미지 파일을 관리하는 기능입니다. 회원 그룹 아이콘을 등록하면 이미지 파일은 파일박스에 업로드됩니다.</dd>
|
||||
</dl>
|
||||
</section>
|
||||
<section class="h3">
|
||||
<h1 id="UMAN_config_embed_filter">embed Filter</h1>
|
||||
<p><iframe> 또는 <object>, <embed> 태그에 허용 할 URL을 지정할 수 있습니다.<br>주로 domain을 포함한 URL을 지정하여 허용 URL을 지정할 수 있습니다.</p>
|
||||
<p>domain을 포함하지 않은 짧거나 단순한 단어('video', 'swf' 등)만을 지정할 경우 손쉽게 악의적인 접근을 시도할 수 있으니 주의해야 합니다.</p>
|
||||
<dl>
|
||||
<dt id="UMAN_config_embed_filter_iframe">iFrame</dt>
|
||||
<dd>
|
||||
<p><iframe> 태그에 허용 할 URL을 지정할 수 있습니다.</p>
|
||||
<p>예시 : 'http://www.youtube.com/v/...'와 같은 URL을 <iframe>에 허용 하려면 'http://www.youtube.com/v/'처럼 입력하면 됩니다.</p>
|
||||
</dd>
|
||||
<dt id="UMAN_config_embed_filter_object">object / embed</dt>
|
||||
<dd>
|
||||
<p><object>, <embed> 태그에 허용 할 URL을 지정할 수 있습니다.</p>
|
||||
<p>주로 domain을 포함한 URL을 지정하여 허용 URL을 지정할 수 있습니다.<br>예시 : 'http://www.youtube.com/v/...'와 같은 URL을 <object>, <embed>에 허용 하려면 'http://www.youtube.com/v/'처럼 입력하면 됩니다.</p>
|
||||
</dd>
|
||||
</dl>
|
||||
</section>
|
||||
<section class="h3">
|
||||
<h1 id="UMAN_advanced">고급</h1>
|
||||
<dl>
|
||||
|
|
|
|||
|
|
@ -590,37 +590,55 @@ class EmbedFilter
|
|||
|
||||
/**
|
||||
* Make white domain list cache file from xml config file.
|
||||
* @param $whitelist array
|
||||
* @return void
|
||||
*/
|
||||
function _makeWhiteDomainList()
|
||||
function _makeWhiteDomainList($whitelist = NULL)
|
||||
{
|
||||
$whiteUrlXmlFile = FileHandler::getRealPath($this->whiteUrlXmlFile);
|
||||
$whiteUrlCacheFile = FileHandler::getRealPath($this->whiteUrlCacheFile);
|
||||
|
||||
$isMake = false;
|
||||
$isMake = FALSE;
|
||||
if(!file_exists($whiteUrlCacheFile))
|
||||
{
|
||||
$isMake = true;
|
||||
$isMake = TRUE;
|
||||
}
|
||||
if(file_exists($whiteUrlCacheFile) && filemtime($whiteUrlCacheFile) < filemtime($whiteUrlXmlFile))
|
||||
{
|
||||
$isMake = true;
|
||||
$isMake = TRUE;
|
||||
}
|
||||
|
||||
if(gettype($whitelist) == 'array' && gettype($whitelist['object']) == 'array' && gettype($whitelist['iframe']) == 'array')
|
||||
{
|
||||
$isMake = FALSE;
|
||||
}
|
||||
|
||||
if(isset($whitelist) && gettype($whitelist) == 'object')
|
||||
{
|
||||
$isMake = TRUE;
|
||||
}
|
||||
|
||||
if($isMake)
|
||||
{
|
||||
$xmlBuff = FileHandler::readFile($this->whiteUrlXmlFile);
|
||||
$whiteUrlList = array();
|
||||
$whiteIframeUrlList = array();
|
||||
|
||||
$xmlParser = new XmlParser();
|
||||
$domainListObj = $xmlParser->parse($xmlBuff);
|
||||
$embedDomainList = $domainListObj->whiteurl->embed->domain;
|
||||
$iframeDomainList = $domainListObj->whiteurl->iframe->domain;
|
||||
|
||||
$buff = '<?php if(!defined("__XE__")) exit();';
|
||||
$buff .= '$whiteUrlList = array();';
|
||||
$buff .= '$whiteIframeUrlList = array();';
|
||||
if(is_array($embedDomainList))
|
||||
if(gettype($whitelist->object) == 'array' && gettype($whitelist->iframe) == 'array')
|
||||
{
|
||||
$whiteUrlList = $whitelist->object;
|
||||
$whiteIframeUrlList = $whitelist->iframe;
|
||||
}
|
||||
else
|
||||
{
|
||||
$xmlBuff = FileHandler::readFile($this->whiteUrlXmlFile);
|
||||
|
||||
$xmlParser = new XmlParser();
|
||||
$domainListObj = $xmlParser->parse($xmlBuff);
|
||||
$embedDomainList = $domainListObj->whiteurl->embed->domain;
|
||||
$iframeDomainList = $domainListObj->whiteurl->iframe->domain;
|
||||
if(!is_array($embedDomainList)) $embedDomainList = array();
|
||||
if(!is_array($iframeDomainList)) $iframeDomainList = array();
|
||||
|
||||
foreach($embedDomainList AS $key => $value)
|
||||
{
|
||||
$patternList = $value->pattern;
|
||||
|
|
@ -628,16 +646,15 @@ class EmbedFilter
|
|||
{
|
||||
foreach($patternList AS $key => $value)
|
||||
{
|
||||
$buff .= sprintf('$whiteUrlList[] = \'%s\';', $value->body);
|
||||
$whiteUrlList[] = $value->body;
|
||||
}
|
||||
}
|
||||
else
|
||||
$buff .= sprintf('$whiteUrlList[] = \'%s\';', $patternList->body);
|
||||
{
|
||||
$whiteUrlList[] = $patternList->body;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(is_array($iframeDomainList))
|
||||
{
|
||||
foreach($iframeDomainList AS $key => $value)
|
||||
{
|
||||
$patternList = $value->pattern;
|
||||
|
|
@ -645,20 +662,39 @@ class EmbedFilter
|
|||
{
|
||||
foreach($patternList AS $key => $value)
|
||||
{
|
||||
$buff .= sprintf('$whiteIframeUrlList[] = \'%s\';', $value->body);
|
||||
$whiteIframeUrlList[] = $value->body;
|
||||
}
|
||||
}
|
||||
else
|
||||
$buff .= sprintf('$whiteIframeUrlList[] = \'%s\';', $patternList->body);
|
||||
{
|
||||
$whiteIframeUrlList[] = $patternList->body;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(Context::getDefaultUrl())
|
||||
$db_info = Context::getDBInfo();
|
||||
|
||||
if($db_info->embed_white_object)
|
||||
{
|
||||
$buff .= sprintf('$whiteIframeUrlList[] = \'%s\';', Context::getDefaultUrl());
|
||||
$whiteUrlList = array_merge($whiteUrlList, $db_info->embed_white_object);
|
||||
}
|
||||
$buff .= '?>';
|
||||
FileHandler::writeFile($this->whiteUrlCacheFile, $buff);
|
||||
|
||||
if($db_info->embed_white_iframe)
|
||||
{
|
||||
$whiteIframeUrlList = array_merge($whiteIframeUrlList, $db_info->embed_white_iframe);
|
||||
}
|
||||
|
||||
$whiteUrlList = array_unique($whiteUrlList);
|
||||
$whiteIframeUrlList = array_unique($whiteIframeUrlList);
|
||||
asort($whiteUrlList);
|
||||
asort($whiteIframeUrlList);
|
||||
|
||||
$buff = array();
|
||||
$buff[] = '<?php if(!defined("__XE__")) exit();';
|
||||
$buff[] = '$whiteUrlList = ' . var_export($whiteUrlList, TRUE) . ';';
|
||||
$buff[] = '$whiteIframeUrlList = ' . var_export($whiteIframeUrlList, TRUE) . ';';
|
||||
|
||||
FileHandler::writeFile($this->whiteUrlCacheFile, implode(PHP_EOL, $buff));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,22 +7,8 @@
|
|||
<pattern>http://event.dn.naver.com/sbsplayer/vmplayer.xap</pattern>
|
||||
</domain>
|
||||
<domain name="" isNAVER="true" desc="네이버 뮤직 서비스">
|
||||
<pattern>http://test-player.naver.com/naverPlayer/posting/</pattern>
|
||||
<pattern>http://alpha-player.naver.com/naverPlayer/posting/</pattern>
|
||||
<pattern>http://beta-player.naver.com/naverPlayer/posting/</pattern>
|
||||
<pattern>http://musicplayer.naver.com/naverPlayer/posting/</pattern>
|
||||
<pattern>http://player.music.naver.com/naverPlayer/posting/</pattern>
|
||||
<pattern>http://dev.player.music.naver.com/</pattern>
|
||||
<pattern>http://test.player.music.naver.com/</pattern>
|
||||
<pattern>http://qa.player.music.naver.com/</pattern>
|
||||
<pattern>http://staging.player.music.naver.com/</pattern>
|
||||
<pattern>http://alpha.player.music.naver.com/</pattern>
|
||||
<pattern>http://beta.player.music.naver.com/</pattern>
|
||||
<pattern>http://stage.player.music.naver.com/</pattern>
|
||||
</domain>
|
||||
<domain name="" isNAVER="true" desc="네이버 아이두게임">
|
||||
<pattern>http://dev-idogame.hangame.com/idogame/ClientBin/iDoGamePlayer.xap</pattern>
|
||||
<pattern>http://idogame.hangame.com/idogame/ClientBin/iDoGamePlayer.xap</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.daum.net" desc="다음">
|
||||
<pattern>http://flvs.daum.net/flvPlayer.swf</pattern>
|
||||
|
|
@ -55,101 +41,17 @@
|
|||
<pattern>http://play.tagstory.com/player/</pattern>
|
||||
<pattern>http://www.tagstory.com/player/basic/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.pullbbang.com" desc="풀빵닷컴">
|
||||
<pattern>http://play.pullbbang.com/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="미래에셋 미디어">
|
||||
<pattern>http://media.miraeasset.com/swf/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="서울시 인터넷방송">
|
||||
<pattern>http://tv.seoul.go.kr/common/player/posting/window_media_player.asp</pattern>
|
||||
<pattern>http://stream.seoul.go.kr</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="게임스팟 동영상">
|
||||
<pattern>mms://vod.gamespot.lgcdn.com/</pattern>
|
||||
<pattern>http://image.com/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="광고정보센터">
|
||||
<pattern>mms://media.adic.co.kr/</pattern>
|
||||
<pattern>http://static.adwaple.net/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="비법닷컴">
|
||||
<pattern>http://www.vipup.com/scrap/scrap.asp</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="영상 역사관">
|
||||
<pattern>mms://125.60.2.110/e_history/</pattern>
|
||||
<pattern>mms://218.38.152.33/e_history/</pattern>
|
||||
<pattern>http://125.60.2.110/e_history/</pattern>
|
||||
<pattern>http://218.38.152.33/e_history/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="중소기업청">
|
||||
<pattern>http://www.smba.go.kr/mov/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="트라트라고">
|
||||
<pattern>http://ucc.tlatlago.com/html/uccPlayer/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="싸이월드">
|
||||
<pattern>http://dbi.video.cyworld.com/v.sk/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="이글루스 동영상">
|
||||
<pattern>http://v.egloos.com/v.sk/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="뮤직쉐이크">
|
||||
<pattern>http://www.musicshake.com/musicshakePlayer.swf</pattern>
|
||||
<pattern>http://eng.musicshake.com/musicshakePlayer.swf</pattern>
|
||||
<pattern>http://us.musicshake.com/musicshakePlayer.swf</pattern>
|
||||
<pattern>http://ip.musicshake.com/musicshakePlayer.swf</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="아프리카">
|
||||
<pattern>http://live.afreeca.com:8057/</pattern>
|
||||
<pattern>http://afbbs.afreeca.com:8080/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="플레이NC">
|
||||
<pattern>http://static.plaync.co.kr/plaza/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="XTM">
|
||||
<pattern>http://img.xtmtv.com/images/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="아이서브">
|
||||
<pattern>http://tv.co.kr/pum/tvcell_basic.swf</pattern>
|
||||
<pattern>http://tv.co.kr/pum/tvcell_mini.swf</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="UC씽">
|
||||
<pattern>http://ucsing.mnet.com/L_swf/ucsing_player.swf</pattern>
|
||||
<pattern>http://flvfile.mnet.com</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.snaps.co.kr" desc="SNAPS">
|
||||
<pattern>http://www.snaps.co.kr/swf/LinkedApp.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.nate.com" desc="네이트">
|
||||
<pattern>http://v.nate.com/v.sk/</pattern>
|
||||
<pattern>http://w.blogdoc.nate.com/</pattern>
|
||||
<pattern>http://blogdoc.nate.com/flash/blogdoc_widget_reco.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.paoin.com" desc="파오인 신문지면 뷰어">
|
||||
<pattern>http://www.paoin.com/Common/swf/ArticleViewer02.swf</pattern>
|
||||
<pattern>http://thumb.paoin.com/paoweb/common/flash/ArticleViewer02.swf</pattern>
|
||||
<pattern>http://thumb.paoin.com/paoweb/common/flash/ArticleShare.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.atzine.com" desc="엣진 서비스">
|
||||
<pattern>http://www.atzine.com/swf/TakeOutWrapper.swf?</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.ohmynews.com" desc="오마이뉴스">
|
||||
<pattern>http://www.ohmynews.com/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.jjanglive.com" desc="짱라이브 위젯">
|
||||
<pattern>http://www.jjanglive.com/flash/webClient.swf</pattern>
|
||||
<pattern>http://www.jjanglive.com/flash/AdShowClient.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.pmang.com" desc="피망">
|
||||
<pattern>http://file.pmang.com/images/pmang/fifaonline/season2/img/squad/squadmaker_ot.swf</pattern>
|
||||
<pattern>http://fifaonline.pmang.com/squad/t.nwz</pattern>
|
||||
<pattern>http://file.pmang.com/images/pmang/gamepub/player/pm_player.swf</pattern>
|
||||
<pattern>http://www.pmang.com/gamepub/media/player.nwz</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.ccmpia.com" desc="CCMPIA">
|
||||
<pattern>http://www.ccmpia.com/scripts/bgm2.php</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.kbs.co.kr" desc="KBS">
|
||||
<pattern>http://www.kbs.co.kr/zzim/vmplayer/vmplayer.xap</pattern>
|
||||
<pattern>http://vmark.kbs.co.kr/zzim/vmplayer/vmplayer.xap</pattern>
|
||||
|
|
@ -163,35 +65,6 @@
|
|||
<domain name="http://www.imbc.com" desc="MBC">
|
||||
<pattern>http://onemore.imbc.com/ClientBin/oneplus.xap</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.xtmtv.com" desc="XTM">
|
||||
<pattern>http://www.xtmtv.com/xtmPlayer/javascript/XTM_Scrap_Player.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.chtvn.com" desc="TVN">
|
||||
<pattern>http://player.chtvn.com/tvN_Scrap_Player.swf?</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.detailview.co.kr" desc="디테일뷰">
|
||||
<pattern>http://storage.detailview.co.kr/</pattern>
|
||||
<pattern>http://beta.detailview.co.kr/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.brightcove.com" desc="Brightcove">
|
||||
<pattern>http://c.brightcove.com/services/viewer</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.hyundai-kiamotors.com" desc="현대기아자동차">
|
||||
<pattern>http://vod.hyundai-kiamotors.com/Flash/PlayerTest/WebPlayer.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.techdays.co.kr" desc="techdays">
|
||||
<pattern>http://www.techdays.co.kr/2010spring/remix10/ClientBin/MediaPlayerTemplate.xap</pattern>
|
||||
<pattern>http://www.microsoft.com</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.wowplan.co.kr" desc="와우플랜">
|
||||
<pattern>http://www.wowplan.co.kr/schedule/bin-debug/scheduleBlogPost.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.allblet.net" desc="allblet.net">
|
||||
<pattern>http://showman.allblet.net/abp.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://dotsub.com" desc="dotsub.com">
|
||||
<pattern>http://dotsub.com/static/players/portalplayer.swf</pattern>
|
||||
</domain>
|
||||
<domain name="" isNAVER="true" desc="socialsearch">
|
||||
<pattern>http://static.campaign.naver.com/0/campaign/2010/10/socialsearch/swf/</pattern>
|
||||
</domain>
|
||||
|
|
@ -203,8 +76,8 @@
|
|||
<pattern>http://www.youtube-nocookie.com/</pattern>
|
||||
<pattern>https://www.youtube-nocookie.com/</pattern>
|
||||
<pattern>//www.youtube.com/v/</pattern>
|
||||
<pattern>//www.youtube-nocookie.com/</pattern>
|
||||
<pattern>//www.youtube.com/embed/</pattern>
|
||||
<pattern>//www.youtube-nocookie.com/</pattern>
|
||||
</domain>
|
||||
<domain name="http://maps.google.com" desc="구글맵스" mobile="true">
|
||||
<pattern>http://maps.google.com/</pattern>
|
||||
|
|
@ -213,25 +86,9 @@
|
|||
<domain name="http://flvs.daum.net" desc="다음 TV 팟 동영상" mobile="false">
|
||||
<pattern>http://flvs.daum.net/</pattern>
|
||||
</domain>
|
||||
<domain name="http://play.pullbbang.com" desc="풀빵 동영상" mobile="false">
|
||||
<pattern>http://play.pullbbang.com/#.swf</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="게임스팟 동영상">
|
||||
<pattern>http://www.gamespot.com</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.sbs.co.kr" desc="SBS">
|
||||
<pattern>http://sbsplayer.sbs.co.kr/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.techdays.co.kr" desc="techdays">
|
||||
<pattern>http://www.techdays.co.kr/2010spring/remix10/ClientBin/MediaPlayerTemplate.xap</pattern>
|
||||
<pattern>http://www.microsoft.com</pattern>
|
||||
</domain>
|
||||
<domain name="http://dotsub.com" desc="dotsub.com">
|
||||
<pattern>http://dotsub.com/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.travelro.co.kr" desc="트래블로">
|
||||
<pattern>http://www.travelro.co.kr/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.vimeo.com" desc="vimeo.com">
|
||||
<pattern>http://player.vimeo.com/</pattern>
|
||||
</domain>
|
||||
|
|
|
|||
|
|
@ -490,7 +490,7 @@ class adminAdminController extends admin
|
|||
$db_info->use_sitelock = ($vars->use_sitelock) ? $vars->use_sitelock : 'N';
|
||||
$db_info->sitelock_title = $vars->sitelock_title;
|
||||
$db_info->sitelock_message = $vars->sitelock_message;
|
||||
|
||||
|
||||
$whitelist = $vars->sitelock_whitelist;
|
||||
$whitelist = preg_replace("/[\r|\n|\r\n]+/",",",$whitelist);
|
||||
$whitelist = preg_replace("/\s+/","",$whitelist);
|
||||
|
|
@ -505,16 +505,15 @@ class adminAdminController extends admin
|
|||
if(!IpFilter::validate($whitelist)) {
|
||||
return new Object(-1, 'msg_invalid_ip');
|
||||
}
|
||||
|
||||
|
||||
$db_info->sitelock_whitelist = $whitelist;
|
||||
|
||||
|
||||
$oInstallController = getController('install');
|
||||
if(!$oInstallController->makeConfigFile())
|
||||
{
|
||||
return new Object(-1, 'msg_invalid_request');
|
||||
}
|
||||
|
||||
|
||||
if(!in_array(Context::getRequestMethod(), array('XMLRPC','JSON')))
|
||||
{
|
||||
$returnUrl = Context::get('success_return_url');
|
||||
|
|
@ -522,12 +521,50 @@ class adminAdminController extends admin
|
|||
header('location:' . $returnUrl);
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
function procAdminUpdateEmbedWhitelist()
|
||||
{
|
||||
$vars = Context::getRequestVars();
|
||||
|
||||
$db_info = Context::getDbInfo();
|
||||
|
||||
$white_object = $vars->embed_white_object;
|
||||
$white_object = preg_replace("/[\r\n|\r|\n]+/", '|@|', $white_object);
|
||||
$white_object = preg_replace("/[\s\'\"]+/", '', $white_object);
|
||||
$white_object = explode('|@|', $white_object);
|
||||
$white_object = array_unique($white_object);
|
||||
|
||||
$white_iframe = $vars->embed_white_iframe;
|
||||
$white_iframe = preg_replace("/[\r\n|\r|\n]+/", '|@|', $white_iframe);
|
||||
$white_iframe = preg_replace("/[\s\'\"]+/", '', $white_iframe);
|
||||
$white_iframe = explode('|@|', $white_iframe);
|
||||
$white_iframe = array_unique($white_iframe);
|
||||
|
||||
$whitelist = new stdClass;
|
||||
$whitelist->object = $white_object;
|
||||
$whitelist->iframe = $white_iframe;
|
||||
|
||||
$db_info->embed_white_object = $white_object;
|
||||
$db_info->embed_white_iframe = $white_iframe;
|
||||
|
||||
$oInstallController = getController('install');
|
||||
if(!$oInstallController->makeConfigFile())
|
||||
{
|
||||
return new Object(-1, 'msg_invalid_request');
|
||||
}
|
||||
|
||||
require_once(_XE_PATH_ . 'classes/security/EmbedFilter.class.php');
|
||||
$oEmbedFilter = EmbedFilter::getInstance();
|
||||
$oEmbedFilter->_makeWhiteDomainList($whitelist);
|
||||
|
||||
if(!in_array(Context::getRequestMethod(), array('XMLRPC','JSON')))
|
||||
{
|
||||
$returnUrl = Context::get('success_return_url');
|
||||
if(!$returnUrl) $returnUrl = getNotEncodedUrl('', 'act', 'dispAdminConfigGeneral');
|
||||
header('location:' . $returnUrl);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -446,6 +446,11 @@ class adminAdminView extends admin
|
|||
Context::set('siteTitle', $config->siteTitle);
|
||||
Context::set('htmlFooter', $config->htmlFooter);
|
||||
|
||||
// embed filter
|
||||
require_once(_XE_PATH_ . 'classes/security/EmbedFilter.class.php');
|
||||
$oEmbedFilter = EmbedFilter::getInstance();
|
||||
context::set('embed_white_object', implode(PHP_EOL, $oEmbedFilter->whiteUrlList));
|
||||
context::set('embed_white_iframe', implode(PHP_EOL, $oEmbedFilter->whiteIframeUrlList));
|
||||
|
||||
$columnList = array('modules.mid', 'modules.browser_title', 'sites.index_module_srl');
|
||||
$start_module = $oModuleModel->getSiteInfo(0, $columnList);
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@
|
|||
<action name="procAdminDeleteLogo" type="controller" />
|
||||
<action name="procAdminMenuReset" type="controller" />
|
||||
<action name="procAdminUpdateSitelock" type="controller" />
|
||||
<action name="procAdminUpdateEmbedWhitelist" type="controller" />
|
||||
|
||||
<action name="getAdminFTPList" type="model" />
|
||||
<action name="getAdminFTPPath" type="model" />
|
||||
|
|
|
|||
|
|
@ -131,6 +131,38 @@
|
|||
</div>
|
||||
</div>
|
||||
</section>
|
||||
|
||||
|
||||
<section class="section">
|
||||
<h1>embed Filter {$lang->subtitle_embed_whitelist} <a class="x_icon-question-sign" href="./admin/help/index.html#UMAN_config_embed_filter" target="_blank">{$lang->help}</a></h1>
|
||||
<form action="./" method="post" class="x_form-horizontal">
|
||||
<input type="hidden" name="module" value="admin" />
|
||||
<input type="hidden" name="act" value="procAdminUpdateEmbedWhitelist" />
|
||||
<input type="hidden" name="xe_validator_id" value="modules/admin/tpl/config_general/1" />
|
||||
|
||||
<div class="x_control-group">
|
||||
<label class="x_control-label" for="embed_white_iframe">iFrame <a class="x_icon-question-sign" href="./admin/help/index.html#UMAN_config_embed_filter_iframe" target="_blank">{$lang->help}</a></label>
|
||||
<div class="x_controls" style="margin-right:14px">
|
||||
<textarea name="embed_white_iframe" id="embed_white_iframe" rows="4" style="width:100%;">{$embed_white_iframe}</textarea>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="x_control-group">
|
||||
<label class="x_control-label" for="embed_white_object">object/embed</label>
|
||||
<div class="x_controls" style="margin-right:14px">
|
||||
<textarea name="embed_white_object" id="embed_white_object" rows="4" cols="42" style="width:100%;">{$embed_white_object}</textarea>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="x_clearfix btnArea">
|
||||
<div class="x_pull-right">
|
||||
<button type="submit" class="x_btn x_btn-primary">{$lang->cmd_save}</button>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
</section>
|
||||
|
||||
|
||||
<section class="section collapsed">
|
||||
<h1>{$lang->subtitle_advanced}</h1>
|
||||
<form action="./" method="post" enctype="multipart/form-data" class="x_form-horizontal">
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue