PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-10 21:50:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add configuration for allowed image hosts

Browse source
This commit is contained in:
Floorb 2023-05-23 12:31:11 -04:00
parent 1ec073081b
commit ac14a2628d
3 changed files with 219 additions and 186 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
config/site.example.php
View file

@ -9,6 +9,7 @@ return array (
'site_name' => 'PonePaste',
'email' => ''
),
'allowed_image_hosts' => array(),
'interface' =>
array (
'language' => 'en',
@ -19,16 +20,6 @@ return array (
'disable_guest' => false,
'private' => false,
),
'mail' =>
array (
'verification' => false,
'smtp_host' => '',
'smtp_port' => '',
'smtp_user' => '',
'socket' => '',
'auth' => '',
'protocol' => '',
),
'captcha' =>
array (
'enabled' => true,

2
includes/common.php
View file

@ -292,4 +292,4 @@ $script_bundles = [];
/* Security headers */
header('X-Frame-Options: SAMEORIGIN');
header('X-Content-Type-Options: nosniff');
header("Content-Security-Policy: default-src 'self' data: 'unsafe-inline'");
header("Content-Security-Policy: default-src 'self' data: 'unsafe-inline'; img-src " . implode(' ', $site_info['allowed_image_hosts']));

392
public/admin/configuration.php
View file

@ -23,8 +23,8 @@ function updateConfiguration(string $path, array $new_config) : void {
$current_config = require(CONFIG_FILE_PATH);
$current_site_info = $current_config['site_info'];
$current_allowed_image_hosts = $current_config['allowed_image_hosts'];
$current_permissions = $current_config['permissions'];
$current_mail = $current_config['mail'];
$current_captcha = $current_config['captcha'];
/* Update the configuration if necessary */
@ -48,6 +48,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$msg = '<div class="paste-alert alert3" style="text-align: center;">
Configuration saved.
</div>';
} elseif ($action === 'allowed_image_hosts') {
$new_allowed_image_hosts = array_filter($_POST['allowed_image_hosts'], function ($host) {
return !empty($host);
});
$current_config['allowed_image_hosts'] = $new_allowed_image_hosts;
$current_allowed_image_hosts = $new_allowed_image_hosts;
updateConfiguration(CONFIG_FILE_PATH, $current_config);
$msg = '<div class="paste-alert alert3" style="text-align: center;">
Allowed image hosts saved.
</div>';
} elseif ($action === 'permissions') {
$new_permissions = [
'disable_guest' => trim($_POST['disableguest']),
@ -89,6 +100,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<title>Paste - Configuration</title>
<link rel="shortcut icon" href="favicon.ico">
<link href="css/paste.css" rel="stylesheet" type="text/css"/>
<style>
</style>
</head>
<body>
@ -103,7 +117,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<ul class="top-right">
<li class="dropdown link">
<a href="#" data-toggle="dropdown" class="dropdown-toggle profilebox"><b>Admin</b><span
class="caret"></span></a>
class="caret"></span></a>
<ul class="dropdown-menu dropdown-menu-list dropdown-menu-right">
<li><a href="admin.php">Settings</a></li>
<li><a href="?logout">Logout</a></li>
@ -128,206 +142,234 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<div class="panel-body">
<?php if (isset($msg)) echo $msg; ?>
<div role="tabpanel">
<!-- Nav tabs -->
<ul class="nav nav-tabs nav-line" role="tablist" style="text-align: center;">
<li role="presentation" class="active"><a href="#siteinfo" aria-controls="siteinfo"
role="tab" data-toggle="tab">Site Info</a>
</li>
<li role="presentation"><a href="#permissions" aria-controls="permissions" role="tab"
data-toggle="tab">Permissions</a></li>
<li role="presentation"><a href="#captcha" aria-controls="captcha" role="tab"
data-toggle="tab">Captcha Settings</a></li>
</ul>
<div class="tabs">
<div class="tabs__content">
<h2>General Settings</h2>
<form class="form-horizontal" method="POST"
action="<?= $_SERVER['PHP_SELF']; ?>">
<!-- Tab panes -->
<div class="tab-content">
<div role="tabpanel" class="tab-pane active" id="siteinfo">
<form class="form-horizontal" method="POST"
action="<?= $_SERVER['PHP_SELF']; ?>">
<div class="form-group">
<label class="col-sm-2 control-label form-label" for="site_info_name">Site
Name</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="site_info[site_name]"
id="site_info_name"
placeholder="The name of your site"
value="<?= pp_html_escape($current_site_info['site_name']); ?>">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label" for="site_info_title">Site
Title</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="site_info[title]"
id="site_info_title"
placeholder="Site title tag"
value="<?= pp_html_escape($current_site_info['title']); ?>">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label"
for="site_info_description">Site Description</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="site_info[description]"
id="site_info_description"
placeholder="Site description"
value="<?= pp_html_escape($current_site_info['description']); ?>">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label" for="site_info_keywords">Site
Keywords</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="site_info[keywords]"
id="site_info_keywords"
placeholder="Keywords (separated by a comma)"
value="<?= pp_html_escape($current_site_info['keywords']); ?>">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label" for="site_info_email">Admin
Email</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="site_info[email]"
placeholder="Email" id="site_info_email"
value="<?= pp_html_escape($current_site_info['email']); ?>">
</div>
</div>
<input type="hidden" name="action" value="site_info"/>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-default">Save</button>
</div>
</div>
</form>
</div>
<!-- Allowed Image Hosts -->
<h2>Allowed Image Hosts</h2>
<div class="tabs__content">
<form class="form-horizontal" method="POST"
action="<?= $_SERVER['PHP_SELF']; ?>">
<?php foreach ($current_allowed_image_hosts as $index => $host): ?>
<div class="form-group">
<label class="col-sm-2 control-label form-label" for="site_info_name">Site
Name</label>
<label class="col-sm-2 control-label form-label">Allowed Image Host
#<?= $index ?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="site_info[site_name]"
id="site_info_name"
placeholder="The name of your site"
value="<?= pp_html_escape($current_site_info['site_name']); ?>">
<input type="text" class="form-control" name="allowed_image_hosts[]"
placeholder="URL..."
value="<?= pp_html_escape($host); ?>">
</div>
</div>
<?php endforeach; ?>
<div class="form-group">
<label class="col-sm-2 control-label form-label">Add another?</label>
<div class="form-group">
<label class="col-sm-2 control-label form-label" for="site_info_title">Site
Title</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="site_info[title]"
id="site_info_title"
placeholder="Site title tag"
value="<?= pp_html_escape($current_site_info['title']); ?>">
</div>
<div class="col-sm-10">
<input type="text" class="form-control" name="allowed_image_hosts[]"
placeholder="Add another...">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label"
for="site_info_description">Site Description</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="site_info[description]"
id="site_info_description"
placeholder="Site description"
value="<?= pp_html_escape($current_site_info['description']); ?>">
</div>
<input type="hidden" name="action" value="allowed_image_hosts"/>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-default">Save</button>
</div>
</div>
</form>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label" for="site_info_keywords">Site
Keywords</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="site_info[keywords]"
id="site_info_keywords"
placeholder="Keywords (separated by a comma)"
value="<?= pp_html_escape($current_site_info['keywords']); ?>">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label" for="site_info_email">Admin
Email</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="site_info[email]"
placeholder="Email" id="site_info_email"
value="<?= pp_html_escape($current_site_info['email']); ?>">
</div>
</div>
<!-- CAPTCHA -->
<div class="tabs__content">
<input type="hidden" name="action" value="site_info"/>
<h2>CAPTCHA</h2>
<form class="form-horizontal" method="POST"
action="<?= $_SERVER['PHP_SELF']; ?>">
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-default">Save</button>
</div>
</div>
</form>
</div>
<!-- Permissions -->
<div role="tabpanel" class="tab-pane" id="permissions">
<form class="form-horizontal" method="POST"
action="<?php echo $_SERVER['PHP_SELF']; ?>">
<div class="checkbox checkbox-primary">
<input <?php if ($site_disable_guests) echo 'checked="true"'; ?>
type="checkbox" name="disableguest" id="disableguest">
<label for="disableguest">
Only allow registered users to paste
</label>
</div>
<div class="checkbox checkbox-primary">
<input <?php if ($site_is_private) echo 'checked="true"'; ?>
type="checkbox" name="siteprivate" id="siteprivate">
<label for="siteprivate">
Make site private (no Recent Pastes or Archives)
</label>
</div>
<br/>
<input type="hidden" name="permissions" value="permissions"/>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-default">Save</button>
</div>
</div>
</form>
</div>
<!-- Captcha pane -->
<div role="tabpanel" class="tab-pane" id="captcha">
<form class="form-horizontal" method="POST"
action="<?= $_SERVER['PHP_SELF']; ?>">
<div class="form-group">
<div class="checkbox checkbox-primary">
<input <?php if ($current_captcha['enabled']) echo 'checked="true"'; ?>
type="checkbox"
name="captcha[enabked]"
id="captcha_enabled">
type="checkbox"
name="captcha[enabked]"
id="captcha_enabled">
<label for="captcha_enabled">Enable Captcha</label>
</div>
<br/>
</div>
<div class="form-group row">
<label for="captcha_mode" class="col-sm-1 col-form-label">Captcha
Type</label>
<select id="captcha_mode" class="selectpicker" name="captcha[mode]">
<?php
if ($current_captcha['mode'] == "Easy") {
echo '<option selected="">Easy</option>';
} else {
echo '<option>Easy</option>';
}
<div class="form-group">
<label class="col-sm-2 control-label form-label" for="captcha_mode">Captcha
Type</label>
<select class="form-control col-sm-10" id="captcha_mode" class="" name="captcha[mode]">
<?php
if ($current_captcha['mode'] == "Easy") {
echo '<option selected="">Easy</option>';
} else {
echo '<option>Easy</option>';
}
if ($current_captcha['mode'] == "Normal") {
echo '<option selected="">Normal</option>';
} else {
echo '<option>Normal</option>';
}
if ($current_captcha['mode'] == "Normal") {
echo '<option selected="">Normal</option>';
} else {
echo '<option>Normal</option>';
}
if ($current_captcha['mode'] == "Tough") {
echo '<option selected="">Tough</option>';
} else {
echo '<option>Tough</option>';
}
?>
</select>
if ($current_captcha['mode'] == "Tough") {
echo '<option selected="">Tough</option>';
} else {
echo '<option>Tough</option>';
}
?>
</select>
</div>
<hr/>
<div class="panel-title">
Internal Captcha Settings:
</div>
<div class="checkbox checkbox-primary">
<input <?php if ($current_captcha['multiple']) echo 'checked="checked"'; ?>
type="checkbox"
name="captcha[multiple]"
id="captcha_multiple">
<label for="captcha_multiple">Enable multiple backgrounds</label>
</div>
<br/>
<div class="form-group row">
<label for="captcha_allowed" class="col-sm-1 col-form-label">Captcha
Characters</label>
<div class="col-sm-10">
<input type="text" id="captcha_allowed" name="captcha[allowed]"
placeholder="Allowed Characters"
value="<?php echo $current_captcha['allowed']; ?>">
</div>
</div>
<hr/>
<div class="panel-title">
Internal Captcha Settings:
</div>
<div class="checkbox checkbox-primary">
<input <?php if ($current_captcha['multiple']) echo 'checked="checked"'; ?>
type="checkbox"
name="captcha[multiple]"
id="captcha_multiple">
<label for="captcha_multiple">Enable multiple backgrounds</label>
</div>
<br/>
<div class="form-group row">
<label for="captcha_allowed" class="col-sm-1 col-form-label">Captcha
Characters</label>
<div class="col-sm-10">
<input type="text" id="captcha_allowed" name="captcha[allowed]"
placeholder="Allowed Characters"
value="<?php echo $current_captcha['allowed']; ?>">
</div>
<div class="form-group row">
<label for="captcha_colour" class="col-sm-1 col-form-label">Captcha Text
Colour</label>
<div class="col-sm-10">
<input type="text" id="captcha_colour" name="captcha[colour]"
placeholder="Captcha Text Colour"
value="<?= $current_captcha['colour']; ?>">
</div>
</div>
<div class="form-group row">
<label for="captcha_colour" class="col-sm-1 col-form-label">Captcha Text
Colour</label>
<div class="col-sm-10">
<input type="text" id="captcha_colour" name="captcha[colour]"
placeholder="Captcha Text Colour"
value="<?= $current_captcha['colour']; ?>">
</div>
<hr/>
<input type="hidden" name="cap" value="cap"/>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-default">Save</button>
</div>
<hr/>
<input type="hidden" name="cap" value="cap"/>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-default">Save</button>
</div>
</div>
</form>
</div>
</div>
</form>
</div>
<h2>Permissions</h2>
<form class="form-horizontal" method="POST"
action="<?php echo $_SERVER['PHP_SELF']; ?>">
<div class="checkbox checkbox-primary">
<input <?php if ($site_disable_guests) echo 'checked="true"'; ?>
type="checkbox" name="disableguest" id="disableguest">
<label for="disableguest">
Only allow registered users to paste
</label>
</div>
<div class="form-group">
<div class="checkbox checkbox-primary">
<input <?php if ($site_is_private) echo 'checked="true"'; ?>
type="checkbox" name="siteprivate" id="siteprivate">
<label for="siteprivate">
Make site private (no Recent Pastes or Archives)
</label>
</div>
</div>
<input type="hidden" name="permissions" value="permissions"/>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-default">Save</button>
</div>
</div>
</form>
</div>
</div>
</div>