/** * Update security configuration. */ function procAdminUpdateSecurity() { $vars = Context::getRequestVars(); // iframe filter $iframe_whitelist = $vars->mediafilter_iframe; $iframe_whitelist = array_filter(array_map('trim', preg_split('/[\\r\\n]/', $iframe_whitelist)), function ($item) { return $item !== ''; }); $iframe_whitelist = array_unique(array_map(function ($item) { return Rhymix\Framework\Filters\MediaFilter::formatPrefix($item); }, $iframe_whitelist)); natcasesort($iframe_whitelist); Rhymix\Framework\Config::set('mediafilter.iframe', array_values($iframe_whitelist)); // object filter $object_whitelist = $vars->mediafilter_object; $object_whitelist = array_filter(array_map('trim', preg_split('/[\\r\\n]/', $object_whitelist)), function ($item) { return $item !== ''; }); $object_whitelist = array_unique(array_map(function ($item) { return Rhymix\Framework\Filters\MediaFilter::formatPrefix($item); }, $object_whitelist)); natcasesort($object_whitelist); Rhymix\Framework\Config::set('mediafilter.object', array_values($object_whitelist)); // Remove old embed filter $config = Rhymix\Framework\Config::getAll(); unset($config['embedfilter']); Rhymix\Framework\Config::setAll($config); // Admin IP access control $allowed_ip = array_map('trim', preg_split('/[\\r\\n]/', $vars->admin_allowed_ip)); $allowed_ip = array_unique(array_filter($allowed_ip, function ($item) { return $item !== ''; })); if (!Rhymix\Framework\Filters\IpFilter::validateRanges($allowed_ip)) { return new Object(-1, 'msg_invalid_ip'); } $denied_ip = array_map('trim', preg_split('/[\\r\\n]/', $vars->admin_denied_ip)); $denied_ip = array_unique(array_filter($denied_ip, function ($item) { return $item !== ''; })); if (!Rhymix\Framework\Filters\IpFilter::validateRanges($denied_ip)) { return new Object(-1, 'msg_invalid_ip'); } $oMemberAdminModel = getAdminModel('member'); if (!$oMemberAdminModel->getMemberAdminIPCheck($allowed_ip, $denied_ip)) { return new Object(-1, 'msg_current_ip_will_be_denied'); } Rhymix\Framework\Config::set('admin.allow', array_values($allowed_ip)); Rhymix\Framework\Config::set('admin.deny', array_values($denied_ip)); // Save Rhymix\Framework\Config::save(); $this->setMessage('success_updated'); $this->setRedirectUrl(Context::get('success_return_url') ?: getNotEncodedUrl('', 'module', 'admin', 'act', 'dispAdminConfigSecurity')); }
/** * Display Security Settings page * @return void */ function dispAdminConfigSecurity() { // Load embed filter. context::set('mediafilter_iframe', implode(PHP_EOL, Rhymix\Framework\Filters\MediaFilter::getIframeWhitelist())); context::set('mediafilter_object', implode(PHP_EOL, Rhymix\Framework\Filters\MediaFilter::getObjectWhitelist())); // Admin IP access control $allowed_ip = Rhymix\Framework\Config::get('admin.allow'); Context::set('admin_allowed_ip', implode(PHP_EOL, $allowed_ip)); $denied_ip = Rhymix\Framework\Config::get('admin.deny'); Context::set('admin_denied_ip', implode(PHP_EOL, $denied_ip)); Context::set('remote_addr', RX_CLIENT_IP); $this->setTemplateFile('config_security'); }
/** * Remove embed media for admin * * @param string $content * @param int $writer_member_srl * @return void */ function stripEmbedTagForAdmin(&$content, $writer_member_srl) { if (!Context::get('is_logged')) { return; } $logged_info = Context::get('logged_info'); if ($logged_info->member_srl == $writer_member_srl) { return; } if ($logged_info->is_admin === 'Y' || getModel('module')->isSiteAdmin($logged_info)) { if ($writer_member_srl) { $member_info = getModel('member')->getMemberInfoByMemberSrl($writer_member_srl); if ($member_info && $member_info->is_admin === 'Y') { return; } } $security_msg = '<div style="border: 1px solid #DDD; background: #FAFAFA; text-align:center; margin: 1em 0;">' . '<p style="margin: 1em;">' . lang('security_warning_embed') . '</p></div>'; $content = Rhymix\Framework\Filters\MediaFilter::removeEmbeddedMedia($content, $security_msg); } return; }
function isWhiteIframeDomain($urlAttribute) { return Rhymix\Framework\Filters\MediaFilter::matchIframeWhitelist($urlAttribute); }