TPS
/
ORIENT
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Create a safe mode to disable code field in the CMS 

Fixes #1756
This commit is contained in:
Samuel Georges 2016-03-25 10:05:04 +11:00
parent 680887f452
commit f1aa720086
3 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
config/cms.php
View File

@ -251,6 +251,19 @@ return [
'defaultMask' => ['file' => null, 'folder' => null], 'defaultMask' => ['file' => null, 'folder' => null],
/*
|--------------------------------------------------------------------------
| Safe Mode
|--------------------------------------------------------------------------
|
| If safe mode is enabled, the PHP code section is disabled in the CMS
| for security reasons. If set to null, safe mode is on when debug mode
| (app.debug) is disabled.
|
*/
'enableSafeMode' => null,
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Cross Site Request Forgery (CSRF) Protection | Cross Site Request Forgery (CSRF) Protection

28
modules/cms/classes/CmsCompoundObject.php
View File

@ -1,6 +1,7 @@
<?php namespace Cms\Classes; <?php namespace Cms\Classes;
use Ini; use Ini;
use Lang;
use Cache; use Cache;
use Config; use Config;
use Cms\Twig\Loader as TwigLoader; use Cms\Twig\Loader as TwigLoader;
@ -8,6 +9,7 @@ use Cms\Twig\Extension as CmsTwigExtension;
use System\Twig\Extension as SystemTwigExtension; use System\Twig\Extension as SystemTwigExtension;
use October\Rain\Halcyon\Processors\SectionParser; use October\Rain\Halcyon\Processors\SectionParser;
use Twig_Environment; use Twig_Environment;
use ApplicationException;
/** /**
* This is a base class for CMS objects that have multiple sections - pages, partials and layouts. * This is a base class for CMS objects that have multiple sections - pages, partials and layouts.
@ -87,6 +89,15 @@ class CmsCompoundObject extends CmsObject
$this->parseSettings(); $this->parseSettings();
} }
/**
* Triggered when the model is saved.
* @return void
*/
public function beforeSave()
{
$this->checkSafeMode();
}
/** /**
* Create a new Collection instance. * Create a new Collection instance.
* *
@ -123,6 +134,23 @@ class CmsCompoundObject extends CmsObject
$this->fillViewBagArray(); $this->fillViewBagArray();
} }
/**
* This method checks if safe mode is enabled by config, and the code
* attribute is modified and populated. If so an exception is thrown.
* @return void
*/
protected function checkSafeMode()
{
$safeMode = Config::get('cms.enableSafeMode', false);
if ($safeMode === null) {
$safeMode = !Config::get('app.debug', false);
}
if ($safeMode && $this->isDirty('code') && strlen(trim($this->code))) {
throw new ApplicationException(Lang::get('cms::lang.cms_object.safe_mode_enabled'));
}
}
// //
// Components // Components
// //

3
modules/cms/lang/en/lang.php
View File

@ -10,7 +10,8 @@ return [
'invalid_file_extension'=>'Invalid file extension: :invalid. Allowed extensions are: :allowed.', 'invalid_file_extension'=>'Invalid file extension: :invalid. Allowed extensions are: :allowed.',
'error_deleting' => "Error deleting the template file ':name'. Please check write permissions.", 'error_deleting' => "Error deleting the template file ':name'. Please check write permissions.",
'delete_success' => 'Templates were successfully deleted: :count.', 'delete_success' => 'Templates were successfully deleted: :count.',
'file_name_required' => 'The File Name field is required.' 'file_name_required' => 'The File Name field is required.',
'safe_mode_enabled' => 'Safe mode is currently enabled.',
], ],
'theme' => [ 'theme' => [
'not_found_name' => "The theme ':name' is not found.", 'not_found_name' => "The theme ':name' is not found.",