/** * Update security configuration. */ function procAdminUpdateSecurity() { $vars = Context::getRequestVars(); // iframe filter $iframe_whitelist = $vars->mediafilter_iframe; $iframe_whitelist = array_filter(array_map('trim', preg_split('/[\\r\\n]/', $iframe_whitelist)), function ($item) { return $item !== ''; }); $iframe_whitelist = array_unique(array_map(function ($item) { return Rhymix\Framework\Filters\MediaFilter::formatPrefix($item); }, $iframe_whitelist)); natcasesort($iframe_whitelist); Rhymix\Framework\Config::set('mediafilter.iframe', array_values($iframe_whitelist)); // object filter $object_whitelist = $vars->mediafilter_object; $object_whitelist = array_filter(array_map('trim', preg_split('/[\\r\\n]/', $object_whitelist)), function ($item) { return $item !== ''; }); $object_whitelist = array_unique(array_map(function ($item) { return Rhymix\Framework\Filters\MediaFilter::formatPrefix($item); }, $object_whitelist)); natcasesort($object_whitelist); Rhymix\Framework\Config::set('mediafilter.object', array_values($object_whitelist)); // Remove old embed filter $config = Rhymix\Framework\Config::getAll(); unset($config['embedfilter']); Rhymix\Framework\Config::setAll($config); // Admin IP access control $allowed_ip = array_map('trim', preg_split('/[\\r\\n]/', $vars->admin_allowed_ip)); $allowed_ip = array_unique(array_filter($allowed_ip, function ($item) { return $item !== ''; })); if (!Rhymix\Framework\Filters\IpFilter::validateRanges($allowed_ip)) { return new Object(-1, 'msg_invalid_ip'); } $denied_ip = array_map('trim', preg_split('/[\\r\\n]/', $vars->admin_denied_ip)); $denied_ip = array_unique(array_filter($denied_ip, function ($item) { return $item !== ''; })); if (!Rhymix\Framework\Filters\IpFilter::validateRanges($denied_ip)) { return new Object(-1, 'msg_invalid_ip'); } $oMemberAdminModel = getAdminModel('member'); if (!$oMemberAdminModel->getMemberAdminIPCheck($allowed_ip, $denied_ip)) { return new Object(-1, 'msg_current_ip_will_be_denied'); } Rhymix\Framework\Config::set('admin.allow', array_values($allowed_ip)); Rhymix\Framework\Config::set('admin.deny', array_values($denied_ip)); // Save Rhymix\Framework\Config::save(); $this->setMessage('success_updated'); $this->setRedirectUrl(Context::get('success_return_url') ?: getNotEncodedUrl('', 'module', 'admin', 'act', 'dispAdminConfigSecurity')); }
/** * Load the database information * * @return void */ public static function loadDBInfo($config = null) { // Load new configuration format. if ($config === null) { $config = Rhymix\Framework\Config::getAll(); } if (!count($config)) { self::$_instance->db_info = self::$_instance->db_info ?: new stdClass(); return; } // Copy to old format for backward compatibility. self::$_instance->db_info = self::convertDBInfo($config); self::$_instance->allow_rewrite = self::$_instance->db_info->use_rewrite === 'Y'; self::set('_http_port', self::$_instance->db_info->http_port ?: null); self::set('_https_port', self::$_instance->db_info->https_port ?: null); self::set('_use_ssl', self::$_instance->db_info->use_ssl); $GLOBALS['_time_zone'] = self::$_instance->db_info->time_zone; }