Security.php at 0a360f7 ⋅ terrylinooo/shieldon

<?php
/**
 * This file is part of the Shieldon package.
 *
 * (c) Terry L. <contact@terryl.in>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 * 
 * php version 7.1.0
 * 
 * @category  Web-security
 * @package   Shieldon
 * @author    Terry Lin <contact@terryl.in>
 * @copyright 2019 terrylinooo
 * @license   https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
 * @link      https://github.com/terrylinooo/shieldon
 * @see       https://shieldon.io
 */

declare(strict_types=1);

namespace Shieldon\Firewall\Panel;

use Psr\Http\Message\ResponseInterface;
use Shieldon\Firewall\Panel\BaseController;
use function Shieldon\Firewall\__;
use function Shieldon\Firewall\get_request;
use function Shieldon\Firewall\unset_superglobal;
use function array_push;
use function array_values;
use function ctype_alnum;
use function str_replace;

/**
 * Security
 */
class Security extends BaseController
{
    /**
     *   Public methods       | Desctiotion
     *  ----------------------|---------------------------------------------
     *   authentication       | The page for managing page authentication.
     *   actionLog            | The page for managing XSS protection.
     *  ----------------------|---------------------------------------------
     */

    /**
     * Constructor
     */
    public function __construct() 
    {
        parent::__construct();
    }

    /**
     * WWW-Authenticate.
     *
     * @return ResponseInterface
     */
    public function authentication(): ResponseInterface
    {
        $postParams = get_request()->getParsedBody();

        if ($this->checkPostParamsExist('url', 'user', 'pass', 'action')) {

            $url = $postParams['url'];
            $user = $postParams['user'];
            $pass = $postParams['pass'];
            $action = $postParams['action'];
            $order = (int) $postParams['order'];

            $authenticatedList = (array) $this->getConfig('www_authenticate');

            if ('add' === $action) {
                array_push(
                    $authenticatedList,
                    [
                        'url' => $url,
                        'user' => $user,
                        'pass' => password_hash($pass, PASSWORD_BCRYPT),
                    ]
                );

            } elseif ('remove' === $action) {
                unset($authenticatedList[$order]);
                $authenticatedList = array_values($authenticatedList);
            }

            $this->setConfig('www_authenticate', $authenticatedList);

            unset_superglobal('url', 'post');
            unset_superglobal('user', 'post');
            unset_superglobal('pass', 'post');
            unset_superglobal('action', 'post');
            unset_superglobal('order', 'post');

            $this->saveConfig();
        }

        $data = [];

        $data['authentication_list'] = $this->getConfig('www_authenticate');

        $data['title'] = __('panel', 'title_web_authentication', 'Web Page Authentication');

        return $this->renderPage('panel/authentication', $data);
    }

    /**
     * XSS Protection.
     *
     * @return ResponseInterface
     */
    public function xssProtection(): ResponseInterface
    {
        $postParams = get_request()->getParsedBody();

        if ($this->checkPostParamsExist('xss_form_1')) {
            unset_superglobal('xss_form_1', 'post');
            unset_superglobal('order', 'post');
            unset_superglobal('submit', 'post');

            $this->saveConfig();

        } elseif ($this->checkPostParamsExist('xss_form_2', 'type', 'action')) {

            $type     = $postParams['type'];
            $variable = $postParams['variable'];
            $action   = $postParams['action'];

            // The index number in the $xssProtectedList, see below.
            $order = (int) $postParams['order'];

            // Check variable name. Should be mixed with a-zA-Z and underscore.
            if (!ctype_alnum(str_replace('_', '', $variable))) {

                // @codeCoverageIgnoreStart
                // Ignore the `add` process.
                $action = 'undefined';
                // @codeCoverageIgnoreEnd
            }

            $xssProtectedList = (array) $this->getConfig('xss_protected_list');

            if ('add' === $action) {
                array_push(
                    $xssProtectedList, 
                    [
                        'type'     => $type,
                        'variable' => $variable
                    ]
                );
                
            } elseif ('remove' === $action) {
                unset($xssProtectedList[$order]);
                $xssProtectedList = array_values($xssProtectedList);
            }

            $this->setConfig('xss_protected_list', $xssProtectedList);

            unset_superglobal('xss_form_2', 'post');
            unset_superglobal('type', 'post');
            unset_superglobal('variable', 'post');
            unset_superglobal('action', 'post');
            unset_superglobal('order', 'post');
            unset_superglobal('submit', 'post');

            $this->saveConfig();
        }

        $data = [];

        $data['xss_protected_list'] = $this->getConfig('xss_protected_list');

        $data['title'] = __('panel', 'title_xss_protection', 'XSS Protection');

        return $this->renderPage('panel/xss_protection', $data);
    }
}

Read our documentation on viewing source code .

1		<?php
2		/**
3		* This file is part of the Shieldon package.
4		*
5		* (c) Terry L. <contact@terryl.in>
6		*
7		* For the full copyright and license information, please view the LICENSE
8		* file that was distributed with this source code.
9		*
10		* php version 7.1.0
11		*
12		* @category Web-security
13		* @package Shieldon
14		* @author Terry Lin <contact@terryl.in>
15		* @copyright 2019 terrylinooo
16		* @license https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
17		* @link https://github.com/terrylinooo/shieldon
18		* @see https://shieldon.io
19		*/
20
21		declare(strict_types=1);
22
23		namespace Shieldon\Firewall\Panel;
24
25		use Psr\Http\Message\ResponseInterface;
26		use Shieldon\Firewall\Panel\BaseController;
27		use function Shieldon\Firewall\__;
28		use function Shieldon\Firewall\get_request;
29		use function Shieldon\Firewall\unset_superglobal;
30		use function array_push;
31		use function array_values;
32		use function ctype_alnum;
33		use function str_replace;
34
35		/**
36		* Security
37		*/
38		class Security extends BaseController
39		{
40		/**
41		* Public methods \| Desctiotion
42		* ----------------------\|---------------------------------------------
43		* authentication \| The page for managing page authentication.
44		* actionLog \| The page for managing XSS protection.
45		* ----------------------\|---------------------------------------------
46		*/
47
48		/**
49		* Constructor
50		*/
51	3	public function __construct()
52		{
53	3	parent::__construct();
54		}
55
56		/**
57		* WWW-Authenticate.
58		*
59		* @return ResponseInterface
60		*/
61	3	public function authentication(): ResponseInterface
62		{
63	3	$postParams = get_request()->getParsedBody();
64
65	3	if ($this->checkPostParamsExist('url', 'user', 'pass', 'action')) {
66
67	3	$url = $postParams['url'];
68	3	$user = $postParams['user'];
69	3	$pass = $postParams['pass'];
70	3	$action = $postParams['action'];
71	3	$order = (int) $postParams['order'];
72
73	3	$authenticatedList = (array) $this->getConfig('www_authenticate');
74
75	3	if ('add' === $action) {
76	3	array_push(
77	2	$authenticatedList,
78		[
79	3	'url' => $url,
80	3	'user' => $user,
81	3	'pass' => password_hash($pass, PASSWORD_BCRYPT),
82		]
83		);
84
85	3	} elseif ('remove' === $action) {
86	3	unset($authenticatedList[$order]);
87	3	$authenticatedList = array_values($authenticatedList);
88		}
89
90	3	$this->setConfig('www_authenticate', $authenticatedList);
91
92	3	unset_superglobal('url', 'post');
93	3	unset_superglobal('user', 'post');
94	3	unset_superglobal('pass', 'post');
95	3	unset_superglobal('action', 'post');
96	3	unset_superglobal('order', 'post');
97
98	3	$this->saveConfig();
99		}
100
101	3	$data = [];
102
103	3	$data['authentication_list'] = $this->getConfig('www_authenticate');
104
105	3	$data['title'] = __('panel', 'title_web_authentication', 'Web Page Authentication');
106
107	3	return $this->renderPage('panel/authentication', $data);
108		}
109
110		/**
111		* XSS Protection.
112		*
113		* @return ResponseInterface
114		*/
115	3	public function xssProtection(): ResponseInterface
116		{
117	3	$postParams = get_request()->getParsedBody();
118
119	3	if ($this->checkPostParamsExist('xss_form_1')) {
120	3	unset_superglobal('xss_form_1', 'post');
121	3	unset_superglobal('order', 'post');
122	3	unset_superglobal('submit', 'post');
123
124	3	$this->saveConfig();
125
126	3	} elseif ($this->checkPostParamsExist('xss_form_2', 'type', 'action')) {
127
128	3	$type = $postParams['type'];
129	3	$variable = $postParams['variable'];
130	3	$action = $postParams['action'];
131
132		// The index number in the $xssProtectedList, see below.
133	3	$order = (int) $postParams['order'];
134
135		// Check variable name. Should be mixed with a-zA-Z and underscore.
136	3	if (!ctype_alnum(str_replace('_', '', $variable))) {
137
138		// @codeCoverageIgnoreStart
139		// Ignore the `add` process.
140		$action = 'undefined';
141		// @codeCoverageIgnoreEnd
142		}
143
144	3	$xssProtectedList = (array) $this->getConfig('xss_protected_list');
145
146	3	if ('add' === $action) {
147	3	array_push(
148	2	$xssProtectedList,
149		[
150	3	'type' => $type,
151	3	'variable' => $variable
152		]
153		);
154
155	3	} elseif ('remove' === $action) {
156	3	unset($xssProtectedList[$order]);
157	3	$xssProtectedList = array_values($xssProtectedList);
158		}
159
160	3	$this->setConfig('xss_protected_list', $xssProtectedList);
161
162	3	unset_superglobal('xss_form_2', 'post');
163	3	unset_superglobal('type', 'post');
164	3	unset_superglobal('variable', 'post');
165	3	unset_superglobal('action', 'post');
166	3	unset_superglobal('order', 'post');
167	3	unset_superglobal('submit', 'post');
168
169	3	$this->saveConfig();
170		}
171
172	3	$data = [];
173
174	3	$data['xss_protected_list'] = $this->getConfig('xss_protected_list');
175
176	3	$data['title'] = __('panel', 'title_xss_protection', 'XSS Protection');
177
178	3	return $this->renderPage('panel/xss_protection', $data);
179		}
180		}

Navigation	Overlay
`t` Navigate files	`h` Toggle hits
`y` Change url to tip of branch	`m` Toggle misses
`b / v` Jump to prev/next hit line	`p` Toggle partial
`z / x` Jump to prev/next missed or partial line	`1..9` Toggle flags
`shift + o` Open current page in GitHub	`a` Toggle all on
`/ or ?` Show keyboard shortcuts dialog	`c` Toggle context lines or commits