/**
* transform method
*
* @param mixed $input
* @return array
*/
public function transform($input)
{
$data = [];
$embeds = $this->embedFilter->filter();
if (is_array($input) && !empty($input[0]) && is_object($input[0])) {
// This is an array of objects, loops and transforms each item
foreach ($input as $item) {
$data[] = $this->transformOnce($item, $embeds);
}
} elseif (is_object($input)) {
// This is an object, transform once
$data = $this->transformOnce($input, $embeds);
} else {
// Not sure what is this, might be complex array,
// maybe primitive variable, just return
return $input;
}
return $data;
}
private function _getWhiteDomainRegx()
{
require_once _XE_PATH_ . 'classes/security/EmbedFilter.class.php';
$oEmbedFilter = EmbedFilter::getInstance();
$whiteIframeUrlList = $oEmbedFilter->getWhiteIframeUrlList();
$whiteDomainRegex = '%^(';
$whiteDomainCount = count($whiteIframeUrlList);
$i = 1;
if (is_array($whiteIframeUrlList)) {
foreach ($whiteIframeUrlList as $value) {
$whiteDomainRegex .= $value;
if ($i < $whiteDomainCount) {
$whiteDomainRegex .= '|';
}
$i++;
}
}
$whiteDomainRegex .= ')%';
return $whiteDomainRegex;
}
/**
* Pre-block the codes which may be hacking attempts
*
* @param string $content Taget content
* @return string
*/
function removeHackTag($content)
{
require_once _XE_PATH_ . 'classes/security/EmbedFilter.class.php';
$oEmbedFilter = EmbedFilter::getInstance();
$oEmbedFilter->check($content);
purifierHtml($content);
// change the specific tags to the common texts
$content = preg_replace('@<(\\/?(?:html|body|head|title|meta|base|link|script|style|applet)(/*).*?>)@i', '<$1', $content);
/**
* Remove codes to abuse the admin session in src by tags of imaages and video postings
* - Issue reported by Sangwon Kim
*/
$content = preg_replace_callback('@<(/?)([a-z]+[0-9]?)((?>"[^"]*"|\'[^\']*\'|[^>])*?\\b(?:on[a-z]+|data|style|background|href|(?:dyn|low)?src)\\s*=[\\s\\S]*?)(/?)($|>|<)@i', 'removeSrcHack', $content);
$content = checkXmpTag($content);
$content = blockWidgetCode($content);
return $content;
}
function procAdminUpdateEmbedWhitelist()
{
$vars = Context::getRequestVars();
$db_info = Context::getDbInfo();
$white_object = $vars->embed_white_object;
$white_object = preg_replace("/[\r\n|\r|\n]+/", '|@|', $white_object);
$white_object = preg_replace("/[\\s\\'\"]+/", '', $white_object);
$white_object = explode('|@|', $white_object);
$white_object = array_unique($white_object);
$white_iframe = $vars->embed_white_iframe;
$white_iframe = preg_replace("/[\r\n|\r|\n]+/", '|@|', $white_iframe);
$white_iframe = preg_replace("/[\\s\\'\"]+/", '', $white_iframe);
$white_iframe = explode('|@|', $white_iframe);
$white_iframe = array_unique($white_iframe);
$whitelist = new stdClass();
$whitelist->object = $white_object;
$whitelist->iframe = $white_iframe;
$db_info->embed_white_object = $white_object;
$db_info->embed_white_iframe = $white_iframe;
$oInstallController = getController('install');
if (!$oInstallController->makeConfigFile()) {
return new Object(-1, 'msg_invalid_request');
}
require_once _XE_PATH_ . 'classes/security/EmbedFilter.class.php';
$oEmbedFilter = EmbedFilter::getInstance();
$oEmbedFilter->_makeWhiteDomainList($whitelist);
if (!in_array(Context::getRequestMethod(), array('XMLRPC', 'JSON'))) {
$returnUrl = Context::get('success_return_url');
if (!$returnUrl) {
$returnUrl = getNotEncodedUrl('', 'act', 'dispAdminConfigGeneral');
}
header('location:' . $returnUrl);
return;
}
}
/**
* Display Configuration(settings) page
* @return void
*/
function dispAdminConfigGeneral()
{
Context::loadLang('modules/install/lang');
$db_info = Context::getDBInfo();
Context::set('selected_lang', $db_info->lang_type);
if (strpos($db_info->default_url, 'xn--') !== FALSE) {
$db_info->default_url = Context::decodeIdna($db_info->default_url);
}
Context::set('default_url', $db_info->default_url);
Context::set('langs', Context::loadLangSupported());
// site lock
Context::set('IP', $_SERVER['REMOTE_ADDR']);
if (!$db_info->sitelock_title) {
$db_info->sitelock_title = 'Maintenance in progress...';
}
if (!in_array('127.0.0.1', $db_info->sitelock_whitelist)) {
$db_info->sitelock_whitelist[] = '127.0.0.1';
}
if (!in_array($_SERVER['REMOTE_ADDR'], $db_info->sitelock_whitelist)) {
$db_info->sitelock_whitelist[] = $_SERVER['REMOTE_ADDR'];
}
$db_info->sitelock_whitelist = array_unique($db_info->sitelock_whitelist);
Context::set('remote_addr', $_SERVER['REMOTE_ADDR']);
Context::set('use_sitelock', $db_info->use_sitelock);
Context::set('sitelock_title', $db_info->sitelock_title);
Context::set('sitelock_message', htmlspecialchars($db_info->sitelock_message, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
$whitelist = implode("\r\n", $db_info->sitelock_whitelist);
Context::set('sitelock_whitelist', $whitelist);
if ($db_info->admin_ip_list) {
$admin_ip_list = implode("\r\n", $db_info->admin_ip_list);
} else {
$admin_ip_list = '';
}
Context::set('admin_ip_list', $admin_ip_list);
Context::set('lang_selected', Context::loadLangSelected());
$oAdminModel = getAdminModel('admin');
$favicon_url = $oAdminModel->getFaviconUrl();
$mobicon_url = $oAdminModel->getMobileIconUrl();
Context::set('favicon_url', $favicon_url . '?' . $_SERVER['REQUEST_TIME']);
Context::set('mobicon_url', $mobicon_url . '?' . $_SERVER['REQUEST_TIME']);
$oDocumentModel = getModel('document');
$config = $oDocumentModel->getDocumentConfig();
Context::set('thumbnail_type', $config->thumbnail_type);
$oModuleModel = getModel('module');
$config = $oModuleModel->getModuleConfig('module');
Context::set('siteTitle', $config->siteTitle);
Context::set('htmlFooter', htmlspecialchars($config->htmlFooter));
// embed filter
require_once _XE_PATH_ . 'classes/security/EmbedFilter.class.php';
$oEmbedFilter = EmbedFilter::getInstance();
context::set('embed_white_object', implode(PHP_EOL, $oEmbedFilter->whiteUrlList));
context::set('embed_white_iframe', implode(PHP_EOL, $oEmbedFilter->whiteIframeUrlList));
$columnList = array('modules.mid', 'modules.browser_title', 'sites.index_module_srl');
$start_module = $oModuleModel->getSiteInfo(0, $columnList);
Context::set('start_module', $start_module);
Context::set('pwd', $pwd);
$this->setTemplateFile('config_general');
$security = new Security();
$security->encodeHTML('news..', 'released_version', 'download_link', 'selected_lang', 'module_list..', 'module_list..author..', 'addon_list..', 'addon_list..author..', 'start_module.');
}
private function _getWhiteDomainRegexp()
{
$oEmbedFilter = EmbedFilter::getInstance();
$whiteIframeUrlList = $oEmbedFilter->getWhiteIframeUrlList();
$whiteDomains = array();
foreach ($whiteIframeUrlList as $domain) {
$whiteDomains[] = preg_quote($domain, '%');
}
return '%^https?://(' . implode('|', $whiteDomains) . ')%';
}
private function _getWhiteDomainRegx()
{
$oEmbedFilter = EmbedFilter::getInstance();
$whiteIframeUrlList = $oEmbedFilter->getWhiteIframeUrlList();
$whiteDomain = array();
foreach ($whiteIframeUrlList as $value) {
$whiteDomain[] = preg_quote($value, '%');
}
$whiteDomainRegex = '%^(' . implode('|', $whiteDomain) . ')%';
return $whiteDomainRegex;
}
/**
* Display Security Settings page
* @return void
*/
function dispAdminConfigSecurity()
{
// Load embed filter.
$oEmbedFilter = EmbedFilter::getInstance();
context::set('embedfilter_iframe', implode(PHP_EOL, $oEmbedFilter->whiteIframeUrlList));
context::set('embedfilter_object', implode(PHP_EOL, $oEmbedFilter->whiteUrlList));
// Admin IP access control
$allowed_ip = Rhymix\Framework\Config::get('admin.allow');
Context::set('admin_allowed_ip', implode(PHP_EOL, $allowed_ip));
$denied_ip = Rhymix\Framework\Config::get('admin.deny');
Context::set('admin_denied_ip', implode(PHP_EOL, $denied_ip));
Context::set('remote_addr', RX_CLIENT_IP);
$this->setTemplateFile('config_security');
}
