mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-04-21 03:12:55 +09:00
Move remainder of system config actions to respective controller classes
This commit is contained in:
Kijin Sung
parent
ba18143dd6
commit
b9e55c05e6
11 changed files with 921 additions and 1026 deletions
133
modules/admin/controllers/systemconfig/Security.php
Normal file
133
modules/admin/controllers/systemconfig/Security.php
Normal file
|
|
@ -0,0 +1,133 @@
|
|||
<?php
|
||||
|
||||
namespace Rhymix\Modules\Admin\Controllers\SystemConfig;
|
||||
|
||||
use Context;
|
||||
use Rhymix\Framework\Config;
|
||||
use Rhymix\Framework\Exception;
|
||||
use Rhymix\Framework\Filters\IpFilter;
|
||||
use Rhymix\Framework\Filters\MediaFilter;
|
||||
use Rhymix\Modules\Admin\Controllers\Base;
|
||||
|
||||
class Security extends Base
|
||||
{
|
||||
/**
|
||||
* Display Security Settings page
|
||||
*/
|
||||
public function dispAdminConfigSecurity()
|
||||
{
|
||||
// Load embed filter.
|
||||
context::set('mediafilter_whitelist', implode(PHP_EOL, MediaFilter::getWhitelist()));
|
||||
context::set('mediafilter_classes', implode(PHP_EOL, Config::get('mediafilter.classes') ?: array()));
|
||||
|
||||
// Load robot user agents.
|
||||
$robot_user_agents = Config::get('security.robot_user_agents') ?: array();
|
||||
Context::set('robot_user_agents', implode(PHP_EOL, $robot_user_agents));
|
||||
|
||||
// Admin IP access control
|
||||
$allowed_ip = Config::get('admin.allow');
|
||||
Context::set('admin_allowed_ip', implode(PHP_EOL, $allowed_ip));
|
||||
$denied_ip = Config::get('admin.deny');
|
||||
Context::set('admin_denied_ip', implode(PHP_EOL, $denied_ip));
|
||||
Context::set('remote_addr', RX_CLIENT_IP);
|
||||
|
||||
// Session and cookie security settings
|
||||
Context::set('use_samesite', Config::get('session.samesite'));
|
||||
Context::set('use_session_keys', Config::get('session.use_keys'));
|
||||
Context::set('use_session_ssl', Config::get('session.use_ssl'));
|
||||
Context::set('use_cookies_ssl', Config::get('session.use_ssl_cookies'));
|
||||
Context::set('check_csrf_token', Config::get('security.check_csrf_token'));
|
||||
Context::set('use_nofollow', Config::get('security.nofollow'));
|
||||
|
||||
$this->setTemplateFile('config_security');
|
||||
}
|
||||
|
||||
/**
|
||||
* Update security configuration.
|
||||
*/
|
||||
public function procAdminUpdateSecurity()
|
||||
{
|
||||
$vars = Context::getRequestVars();
|
||||
|
||||
// Media Filter iframe/embed whitelist
|
||||
$whitelist = $vars->mediafilter_whitelist;
|
||||
$whitelist = array_filter(array_map('trim', preg_split('/[\r\n]/', $whitelist)), function($item) {
|
||||
return $item !== '';
|
||||
});
|
||||
$whitelist = array_unique(array_map(function($item) {
|
||||
return MediaFilter::formatPrefix($item);
|
||||
}, $whitelist));
|
||||
natcasesort($whitelist);
|
||||
Config::set('mediafilter.whitelist', array_values($whitelist));
|
||||
Config::set('mediafilter.iframe', []);
|
||||
Config::set('mediafilter.object', []);
|
||||
|
||||
// HTML classes
|
||||
$classes = $vars->mediafilter_classes;
|
||||
$classes = array_filter(array_map('trim', preg_split('/[\r\n]/', $classes)), function($item) {
|
||||
return preg_match('/^[a-zA-Z0-9_-]+$/u', $item);
|
||||
});
|
||||
natcasesort($classes);
|
||||
Config::set('mediafilter.classes', array_values($classes));
|
||||
|
||||
// Robot user agents
|
||||
$robot_user_agents = $vars->robot_user_agents;
|
||||
$robot_user_agents = array_filter(array_map('trim', preg_split('/[\r\n]/', $robot_user_agents)), function($item) {
|
||||
return $item !== '';
|
||||
});
|
||||
Config::set('security.robot_user_agents', array_values($robot_user_agents));
|
||||
|
||||
// Remove old embed filter
|
||||
$config = Config::getAll();
|
||||
unset($config['embedfilter']);
|
||||
Config::setAll($config);
|
||||
|
||||
// Admin IP access control
|
||||
$allowed_ip = array_map('trim', preg_split('/[\r\n]/', $vars->admin_allowed_ip));
|
||||
$allowed_ip = array_unique(array_filter($allowed_ip, function($item) {
|
||||
return $item !== '';
|
||||
}));
|
||||
if (!IpFilter::validateRanges($allowed_ip)) {
|
||||
throw new Exception('msg_invalid_ip');
|
||||
}
|
||||
|
||||
$denied_ip = array_map('trim', preg_split('/[\r\n]/', $vars->admin_denied_ip));
|
||||
$denied_ip = array_unique(array_filter($denied_ip, function($item) {
|
||||
return $item !== '';
|
||||
}));
|
||||
if (!IpFilter::validateRanges($denied_ip)) {
|
||||
throw new Exception('msg_invalid_ip');
|
||||
}
|
||||
|
||||
$oMemberAdminModel = getAdminModel('member');
|
||||
if (!$oMemberAdminModel->getMemberAdminIPCheck($allowed_ip, $denied_ip))
|
||||
{
|
||||
throw new Exception('msg_current_ip_will_be_denied');
|
||||
}
|
||||
|
||||
$site_module_info = Context::get('site_module_info');
|
||||
$vars->use_samesite = preg_replace('/[^a-zA-Z]/', '', $vars->use_samesite);
|
||||
if ($vars->use_samesite === 'None' && ($vars->use_session_ssl !== 'Y' || $site_module_info->security !== 'always'))
|
||||
{
|
||||
$vars->use_samesite = '';
|
||||
}
|
||||
|
||||
Config::set('admin.allow', array_values($allowed_ip));
|
||||
Config::set('admin.deny', array_values($denied_ip));
|
||||
Config::set('session.samesite', $vars->use_samesite);
|
||||
Config::set('session.use_keys', $vars->use_session_keys === 'Y');
|
||||
Config::set('session.use_ssl', $vars->use_session_ssl === 'Y');
|
||||
Config::set('session.use_ssl_cookies', $vars->use_cookies_ssl === 'Y');
|
||||
Config::set('security.check_csrf_token', $vars->check_csrf_token === 'Y');
|
||||
Config::set('security.nofollow', $vars->use_nofollow === 'Y');
|
||||
|
||||
// Save
|
||||
if (!Config::save())
|
||||
{
|
||||
throw new Exception('msg_failed_to_save_config');
|
||||
}
|
||||
|
||||
$this->setMessage('success_updated');
|
||||
$this->setRedirectUrl(Context::get('success_return_url') ?: getNotEncodedUrl('', 'module', 'admin', 'act', 'dispAdminConfigSecurity'));
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue