TheRON/core
1
0
Fork 0
mirror of https://framagit.org/hubzilla/core.git synced 2026-06-21 00:52:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

move trusted directory servers to security and implement in backend

Browse Source
This commit is contained in:
Mario Vavti
2023-04-29 22:43:49 +02:00
parent 96ae569eaf
commit ca9491d343
5 changed files with 40 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Zotlabs/Lib/Libzotdir.php
View File

@@ -232,7 +232,7 @@ class Libzotdir {
if (! $r) if (! $r)
return; return;
$dir_trusted_hosts = get_directory_fallback_servers(); $dir_trusted_hosts = array_merge(get_directory_fallback_servers(), get_config('system', 'trusted_directory_servers'));
foreach ($r as $rr) { foreach ($r as $rr) {
if (! $rr['site_directory']) if (! $rr['site_directory'])

61
Zotlabs/Module/Admin/Security.php
View File

@@ -7,12 +7,12 @@ class Security {
function post() { function post() {
check_form_security_token_redirectOnErr('/admin/security', 'admin_security'); check_form_security_token_redirectOnErr('/admin/security', 'admin_security');
$allowed_email = ((x($_POST,'allowed_email')) ? notags(trim($_POST['allowed_email'])) : ''); $allowed_email = ((x($_POST,'allowed_email')) ? notags(trim($_POST['allowed_email'])) : '');
$not_allowed_email = ((x($_POST,'not_allowed_email')) ? notags(trim($_POST['not_allowed_email'])) : ''); $not_allowed_email = ((x($_POST,'not_allowed_email')) ? notags(trim($_POST['not_allowed_email'])) : '');
set_config('system','allowed_email', $allowed_email); set_config('system','allowed_email', $allowed_email);
set_config('system','not_allowed_email', $not_allowed_email); set_config('system','not_allowed_email', $not_allowed_email);
$block_public = ((x($_POST,'block_public')) ? True : False); $block_public = ((x($_POST,'block_public')) ? True : False);
set_config('system','block_public',$block_public); set_config('system','block_public',$block_public);
@@ -25,22 +25,22 @@ class Security {
$ws = $this->trim_array_elems(explode("\n",$_POST['whitelisted_sites'])); $ws = $this->trim_array_elems(explode("\n",$_POST['whitelisted_sites']));
set_config('system','whitelisted_sites',$ws); set_config('system','whitelisted_sites',$ws);
$bs = $this->trim_array_elems(explode("\n",$_POST['blacklisted_sites'])); $bs = $this->trim_array_elems(explode("\n",$_POST['blacklisted_sites']));
set_config('system','blacklisted_sites',$bs); set_config('system','blacklisted_sites',$bs);
$wc = $this->trim_array_elems(explode("\n",$_POST['whitelisted_channels'])); $wc = $this->trim_array_elems(explode("\n",$_POST['whitelisted_channels']));
set_config('system','whitelisted_channels',$wc); set_config('system','whitelisted_channels',$wc);
$bc = $this->trim_array_elems(explode("\n",$_POST['blacklisted_channels'])); $bc = $this->trim_array_elems(explode("\n",$_POST['blacklisted_channels']));
set_config('system','blacklisted_channels',$bc); set_config('system','blacklisted_channels',$bc);
$embed_sslonly = ((x($_POST,'embed_sslonly')) ? True : False); $embed_sslonly = ((x($_POST,'embed_sslonly')) ? True : False);
set_config('system','embed_sslonly',$embed_sslonly); set_config('system','embed_sslonly',$embed_sslonly);
$we = $this->trim_array_elems(explode("\n",$_POST['embed_allow'])); $we = $this->trim_array_elems(explode("\n",$_POST['embed_allow']));
set_config('system','embed_allow',$we); set_config('system','embed_allow',$we);
$be = $this->trim_array_elems(explode("\n",$_POST['embed_deny'])); $be = $this->trim_array_elems(explode("\n",$_POST['embed_deny']));
set_config('system','embed_deny',$be); set_config('system','embed_deny',$be);
@@ -49,47 +49,54 @@ class Security {
$inline_pdf = ((x($_POST,'inline_pdf')) ? intval($_POST['inline_pdf']) : 0); $inline_pdf = ((x($_POST,'inline_pdf')) ? intval($_POST['inline_pdf']) : 0);
set_config('system', 'inline_pdf' , $inline_pdf); set_config('system', 'inline_pdf' , $inline_pdf);
$ts = ((x($_POST,'transport_security')) ? True : False); $ts = ((x($_POST,'transport_security')) ? True : False);
set_config('system','transport_security_header',$ts); set_config('system','transport_security_header',$ts);
$cs = ((x($_POST,'content_security')) ? True : False); $cs = ((x($_POST,'content_security')) ? True : False);
set_config('system','content_security_policy',$cs); set_config('system','content_security_policy',$cs);
$trusted_directory_servers = $this->trim_array_elems(explode("\n", $_POST['trusted_directory_servers']));
set_config('system', 'trusted_directory_servers', $trusted_directory_servers);
goaway(z_root() . '/admin/security'); goaway(z_root() . '/admin/security');
} }
function get() { function get() {
$whitesites = get_config('system','whitelisted_sites'); $whitesites = get_config('system','whitelisted_sites');
$whitesites_str = ((is_array($whitesites)) ? implode("\n",$whitesites) : ''); $whitesites_str = ((is_array($whitesites)) ? implode("\n",$whitesites) : '');
$blacksites = get_config('system','blacklisted_sites'); $blacksites = get_config('system','blacklisted_sites');
$blacksites_str = ((is_array($blacksites)) ? implode("\n",$blacksites) : ''); $blacksites_str = ((is_array($blacksites)) ? implode("\n",$blacksites) : '');
$whitechannels = get_config('system','whitelisted_channels'); $whitechannels = get_config('system','whitelisted_channels');
$whitechannels_str = ((is_array($whitechannels)) ? implode("\n",$whitechannels) : ''); $whitechannels_str = ((is_array($whitechannels)) ? implode("\n",$whitechannels) : '');
$blackchannels = get_config('system','blacklisted_channels'); $blackchannels = get_config('system','blacklisted_channels');
$blackchannels_str = ((is_array($blackchannels)) ? implode("\n",$blackchannels) : ''); $blackchannels_str = ((is_array($blackchannels)) ? implode("\n",$blackchannels) : '');
$whiteembeds = get_config('system','embed_allow'); $whiteembeds = get_config('system','embed_allow');
$whiteembeds_str = ((is_array($whiteembeds)) ? implode("\n",$whiteembeds) : ''); $whiteembeds_str = ((is_array($whiteembeds)) ? implode("\n",$whiteembeds) : '');
$blackembeds = get_config('system','embed_deny'); $blackembeds = get_config('system','embed_deny');
$blackembeds_str = ((is_array($blackembeds)) ? implode("\n",$blackembeds) : ''); $blackembeds_str = ((is_array($blackembeds)) ? implode("\n",$blackembeds) : '');
$trusted_directory_servers = get_config('system', 'trusted_directory_servers');
$trusted_directory_servers_str = ((is_array($trusted_directory_servers)) ? implode("\n", $trusted_directory_servers) : '');
$is_dir = (intval(get_config('system', 'directory_mode', DIRECTORY_MODE_NORMAL)) !== DIRECTORY_MODE_NORMAL);
$embed_coop = intval(get_config('system','embed_coop')); $embed_coop = intval(get_config('system','embed_coop'));
if((! $whiteembeds) && (! $blackembeds)) { if((! $whiteembeds) && (! $blackembeds)) {
$embedhelp1 = t("By default, unfiltered HTML is allowed in embedded media. This is inherently insecure."); $embedhelp1 = t("By default, unfiltered HTML is allowed in embedded media. This is inherently insecure.");
} }
$embedhelp2 = t("The recommended setting is to only allow unfiltered HTML from the following sites:"); $embedhelp2 = t("The recommended setting is to only allow unfiltered HTML from the following sites:");
$embedhelp3 = t("https://youtube.com/<br />https://www.youtube.com/<br />https://youtu.be/<br />https://vimeo.com/<br />https://soundcloud.com/<br />"); $embedhelp3 = t("https://youtube.com/<br />https://www.youtube.com/<br />https://youtu.be/<br />https://vimeo.com/<br />https://soundcloud.com/<br />");
$embedhelp4 = t("All other embedded content will be filtered, <strong>unless</strong> embedded content from that site is explicitly blocked."); $embedhelp4 = t("All other embedded content will be filtered, <strong>unless</strong> embedded content from that site is explicitly blocked.");
@@ -99,7 +106,7 @@ class Security {
'$page' => t('Security'), '$page' => t('Security'),
'$form_security_token' => get_form_security_token('admin_security'), '$form_security_token' => get_form_security_token('admin_security'),
'$block_public' => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently authenticated.")), '$block_public' => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently authenticated.")),
'$cloud_noroot' => [ 'cloud_noroot', t('Provide a cloud root directory'), 1 - intval(get_config('system','cloud_disable_siteroot')), t('The cloud root directory lists all channel names which provide public files') ], '$cloud_noroot' => [ 'cloud_noroot', t('Provide a cloud root directory'), 1 - intval(get_config('system','cloud_disable_siteroot')), t('The cloud root directory lists all channel names which provide public files') ],
'$cloud_disksize' => [ 'cloud_disksize', t('Show total disk space available to cloud uploads'), intval(get_config('system','cloud_report_disksize')), '' ], '$cloud_disksize' => [ 'cloud_disksize', t('Show total disk space available to cloud uploads'), intval(get_config('system','cloud_report_disksize')), '' ],
'$transport_security' => array('transport_security', t('Set "Transport Security" HTTP header'),intval(get_config('system','transport_security_header')),''), '$transport_security' => array('transport_security', t('Set "Transport Security" HTTP header'),intval(get_config('system','transport_security_header')),''),
'$content_security' => array('content_security', t('Set "Content Security Policy" HTTP header'),intval(get_config('system','content_security_policy')),''), '$content_security' => array('content_security', t('Set "Content Security Policy" HTTP header'),intval(get_config('system','content_security_policy')),''),
@@ -115,6 +122,8 @@ class Security {
'$thumbnail_security' => [ 'thumbnail_security', t("Allow SVG thumbnails in file browser"), get_config('system','thumbnail_security',0), t("WARNING: SVG images may contain malicious code.") ], '$thumbnail_security' => [ 'thumbnail_security', t("Allow SVG thumbnails in file browser"), get_config('system','thumbnail_security',0), t("WARNING: SVG images may contain malicious code.") ],
'$inline_pdf' => [ 'inline_pdf', t("Allow embedded (inline) PDF files"), get_config('system','inline_pdf',0), '' ], '$inline_pdf' => [ 'inline_pdf', t("Allow embedded (inline) PDF files"), get_config('system','inline_pdf',0), '' ],
'$trusted_directory_servers' => (($is_dir) ? ['trusted_directory_servers', t('Additional trusted directory server URLs'), $trusted_directory_servers_str, t('Accept directory flags (spam, nsfw) from those servers. One per line like https://example.tld')] : ''),
// '$embed_coop' => array('embed_coop', t('Cooperative embed security'), $embed_coop, t('Enable to share embed security with other compatible sites/hubs')), // '$embed_coop' => array('embed_coop', t('Cooperative embed security'), $embed_coop, t('Enable to share embed security with other compatible sites/hubs')),
'$submit' => t('Submit') '$submit' => t('Submit')
@@ -124,7 +133,7 @@ class Security {
function trim_array_elems($arr) { function trim_array_elems($arr) {
$narr = array(); $narr = array();
if($arr && is_array($arr)) { if($arr && is_array($arr)) {
for($x = 0; $x < count($arr); $x ++) { for($x = 0; $x < count($arr); $x ++) {
$y = trim($arr[$x]); $y = trim($arr[$x]);
@@ -134,6 +143,6 @@ class Security {
} }
return $narr; return $narr;
} }
} }

6
Zotlabs/Module/Admin/Site.php
View File

@@ -60,7 +60,6 @@ class Site {
} }
$mirror_frontpage = ((x($_POST,'mirror_frontpage')) ? intval(trim($_POST['mirror_frontpage'])) : 0); $mirror_frontpage = ((x($_POST,'mirror_frontpage')) ? intval(trim($_POST['mirror_frontpage'])) : 0);
$directory_server = ((x($_POST,'directory_server')) ? trim($_POST['directory_server']) : ''); $directory_server = ((x($_POST,'directory_server')) ? trim($_POST['directory_server']) : '');
$trusted_directory_servers = ((!empty($_POST['trusted_directory_servers'])) ? trim($_POST['trusted_directory_servers']) : '');
$allowed_sites = ((x($_POST,'allowed_sites')) ? notags(trim($_POST['allowed_sites'])) : ''); $allowed_sites = ((x($_POST,'allowed_sites')) ? notags(trim($_POST['allowed_sites'])) : '');
$force_publish = ((x($_POST,'publish_all')) ? True : False); $force_publish = ((x($_POST,'publish_all')) ? True : False);
$disable_discover_tab = ((x($_POST,'disable_discover_tab')) ? False : True); $disable_discover_tab = ((x($_POST,'disable_discover_tab')) ? False : True);
@@ -167,10 +166,6 @@ class Site {
if($directory_server) if($directory_server)
set_config('system','directory_server',$directory_server); set_config('system','directory_server',$directory_server);
if($trusted_directory_servers) {
set_config('system', 'trusted_directory_servers', $trusted_directory_servers);
}
if ($banner == '') { if ($banner == '') {
del_config('system', 'banner'); del_config('system', 'banner');
} else { } else {
@@ -529,7 +524,6 @@ class Site {
'$from_email_name' => [ 'from_email_name', t('Name of email sender for system generated email.'), get_config('system','from_email_name',\Zotlabs\Lib\System::get_site_name()),'' ], '$from_email_name' => [ 'from_email_name', t('Name of email sender for system generated email.'), get_config('system','from_email_name',\Zotlabs\Lib\System::get_site_name()),'' ],
'$directory_server' => (($dir_choices) ? array('directory_server', t("Directory Server URL"), get_config('system','directory_server'), t("Default directory server"), $dir_choices) : null), '$directory_server' => (($dir_choices) ? array('directory_server', t("Directory Server URL"), get_config('system','directory_server'), t("Default directory server"), $dir_choices) : null),
'$trusted_directory_servers' => ((!$dir_choices) ? ['trusted_directory_servers', t('Additional trusted directory server URLs'), get_config('system','trusted_directory_servers'), t('Accept directory flags (spam, nsfw) from those servers. One per line like https://example.tld')] : ''),
'$sse_enabled' => array('sse_enabled', t('Enable SSE Notifications'), get_config('system', 'sse_enabled', 0), t('If disabled, traditional polling will be used. Warning: this setting might not be suited for shared hosting')), '$sse_enabled' => array('sse_enabled', t('Enable SSE Notifications'), get_config('system', 'sse_enabled', 0), t('If disabled, traditional polling will be used. Warning: this setting might not be suited for shared hosting')),

5
view/tpl/admin_security.tpl
View File

@@ -17,7 +17,7 @@
{{include file="field_checkbox.tpl" field=$inline_pdf}} {{include file="field_checkbox.tpl" field=$inline_pdf}}
{{include file="field_textarea.tpl" field=$allowed_email}} {{include file="field_textarea.tpl" field=$allowed_email}}
{{include file="field_textarea.tpl" field=$not_allowed_email}} {{include file="field_textarea.tpl" field=$not_allowed_email}}
{{include file="field_textarea.tpl" field=$whitelisted_sites}} {{include file="field_textarea.tpl" field=$whitelisted_sites}}
{{include file="field_textarea.tpl" field=$blacklisted_sites}} {{include file="field_textarea.tpl" field=$blacklisted_sites}}
@@ -27,6 +27,9 @@
{{include file="field_textarea.tpl" field=$embed_allow}} {{include file="field_textarea.tpl" field=$embed_allow}}
{{include file="field_textarea.tpl" field=$embed_deny}} {{include file="field_textarea.tpl" field=$embed_deny}}
{{if $trusted_directory_servers}}
{{include file="field_textarea.tpl" field=$trusted_directory_servers}}
{{/if}}
<div class="admin-submit-wrapper"> <div class="admin-submit-wrapper">

3
view/tpl/admin_site.tpl
View File

@@ -24,9 +24,6 @@
{{if $directory_server}} {{if $directory_server}}
{{include file="field_select.tpl" field=$directory_server}} {{include file="field_select.tpl" field=$directory_server}}
{{/if}} {{/if}}
{{if $trusted_directory_servers}}
{{include file="field_textarea.tpl" field=$trusted_directory_servers}}
{{/if}}
<div class="submit"> <div class="submit">
<input type="submit" name="page_site" class="btn btn-primary" value="{{$submit}}" /> <input type="submit" name="page_site" class="btn btn-primary" value="{{$submit}}" />