/**
* Update security configuration.
*/
function procAdminUpdateSecurity()
{
$vars = Context::getRequestVars();
// iframe filter
$iframe_whitelist = $vars->mediafilter_iframe;
$iframe_whitelist = array_filter(array_map('trim', preg_split('/[\\r\\n]/', $iframe_whitelist)), function ($item) {
return $item !== '';
});
$iframe_whitelist = array_unique(array_map(function ($item) {
return Rhymix\Framework\Filters\MediaFilter::formatPrefix($item);
}, $iframe_whitelist));
natcasesort($iframe_whitelist);
Rhymix\Framework\Config::set('mediafilter.iframe', array_values($iframe_whitelist));
// object filter
$object_whitelist = $vars->mediafilter_object;
$object_whitelist = array_filter(array_map('trim', preg_split('/[\\r\\n]/', $object_whitelist)), function ($item) {
return $item !== '';
});
$object_whitelist = array_unique(array_map(function ($item) {
return Rhymix\Framework\Filters\MediaFilter::formatPrefix($item);
}, $object_whitelist));
natcasesort($object_whitelist);
Rhymix\Framework\Config::set('mediafilter.object', array_values($object_whitelist));
// Remove old embed filter
$config = Rhymix\Framework\Config::getAll();
unset($config['embedfilter']);
Rhymix\Framework\Config::setAll($config);
// Admin IP access control
$allowed_ip = array_map('trim', preg_split('/[\\r\\n]/', $vars->admin_allowed_ip));
$allowed_ip = array_unique(array_filter($allowed_ip, function ($item) {
return $item !== '';
}));
if (!Rhymix\Framework\Filters\IpFilter::validateRanges($allowed_ip)) {
return new Object(-1, 'msg_invalid_ip');
}
$denied_ip = array_map('trim', preg_split('/[\\r\\n]/', $vars->admin_denied_ip));
$denied_ip = array_unique(array_filter($denied_ip, function ($item) {
return $item !== '';
}));
if (!Rhymix\Framework\Filters\IpFilter::validateRanges($denied_ip)) {
return new Object(-1, 'msg_invalid_ip');
}
$oMemberAdminModel = getAdminModel('member');
if (!$oMemberAdminModel->getMemberAdminIPCheck($allowed_ip, $denied_ip)) {
return new Object(-1, 'msg_current_ip_will_be_denied');
}
Rhymix\Framework\Config::set('admin.allow', array_values($allowed_ip));
Rhymix\Framework\Config::set('admin.deny', array_values($denied_ip));
// Save
Rhymix\Framework\Config::save();
$this->setMessage('success_updated');
$this->setRedirectUrl(Context::get('success_return_url') ?: getNotEncodedUrl('', 'module', 'admin', 'act', 'dispAdminConfigSecurity'));
}
/**
* Display Security Settings page
* @return void
*/
function dispAdminConfigSecurity()
{
// Load embed filter.
context::set('mediafilter_iframe', implode(PHP_EOL, Rhymix\Framework\Filters\MediaFilter::getIframeWhitelist()));
context::set('mediafilter_object', implode(PHP_EOL, Rhymix\Framework\Filters\MediaFilter::getObjectWhitelist()));
// Admin IP access control
$allowed_ip = Rhymix\Framework\Config::get('admin.allow');
Context::set('admin_allowed_ip', implode(PHP_EOL, $allowed_ip));
$denied_ip = Rhymix\Framework\Config::get('admin.deny');
Context::set('admin_denied_ip', implode(PHP_EOL, $denied_ip));
Context::set('remote_addr', RX_CLIENT_IP);
$this->setTemplateFile('config_security');
}
/**
* Remove embed media for admin
*
* @param string $content
* @param int $writer_member_srl
* @return void
*/
function stripEmbedTagForAdmin(&$content, $writer_member_srl)
{
if (!Context::get('is_logged')) {
return;
}
$logged_info = Context::get('logged_info');
if ($logged_info->member_srl == $writer_member_srl) {
return;
}
if ($logged_info->is_admin === 'Y' || getModel('module')->isSiteAdmin($logged_info)) {
if ($writer_member_srl) {
$member_info = getModel('member')->getMemberInfoByMemberSrl($writer_member_srl);
if ($member_info && $member_info->is_admin === 'Y') {
return;
}
}
$security_msg = '<div style="border: 1px solid #DDD; background: #FAFAFA; text-align:center; margin: 1em 0;">' . '<p style="margin: 1em;">' . lang('security_warning_embed') . '</p></div>';
$content = Rhymix\Framework\Filters\MediaFilter::removeEmbeddedMedia($content, $security_msg);
}
return;
}
function isWhiteIframeDomain($urlAttribute)
{
return Rhymix\Framework\Filters\MediaFilter::matchIframeWhitelist($urlAttribute);
}
