mirror of
https://github.com/silverstripe/silverstripe-iframe
synced 2024-10-22 11:05:51 +02:00
Converted to PSR-2
This commit is contained in:
parent
91f9c9cb5b
commit
15ec879c70
@ -4,120 +4,128 @@
|
||||
* CMS editor can choose width, height, or set it to attempt automatic size configuration.
|
||||
*/
|
||||
|
||||
class IFramePage extends Page {
|
||||
static $db = array(
|
||||
'IFrameURL' => 'Text',
|
||||
'AutoHeight' => 'Boolean(1)',
|
||||
'AutoWidth' => 'Boolean(1)',
|
||||
'FixedHeight' => 'Int(500)',
|
||||
'FixedWidth' => 'Int(0)',
|
||||
'AlternateContent' => 'HTMLText',
|
||||
'BottomContent' => 'HTMLText',
|
||||
'ForceProtocol' => 'Varchar',
|
||||
);
|
||||
class IFramePage extends Page
|
||||
{
|
||||
public static $db = array(
|
||||
'IFrameURL' => 'Text',
|
||||
'AutoHeight' => 'Boolean(1)',
|
||||
'AutoWidth' => 'Boolean(1)',
|
||||
'FixedHeight' => 'Int(500)',
|
||||
'FixedWidth' => 'Int(0)',
|
||||
'AlternateContent' => 'HTMLText',
|
||||
'BottomContent' => 'HTMLText',
|
||||
'ForceProtocol' => 'Varchar',
|
||||
);
|
||||
|
||||
static $defaults = array(
|
||||
'AutoHeight' => '1',
|
||||
'AutoWidth' => '1',
|
||||
'FixedHeight' => '500',
|
||||
'FixedWidth' => '0'
|
||||
);
|
||||
public static $defaults = array(
|
||||
'AutoHeight' => '1',
|
||||
'AutoWidth' => '1',
|
||||
'FixedHeight' => '500',
|
||||
'FixedWidth' => '0'
|
||||
);
|
||||
|
||||
static $description = 'Embeds an iframe into the body of the page.';
|
||||
|
||||
function getCMSFields() {
|
||||
$fields = parent::getCMSFields();
|
||||
public static $description = 'Embeds an iframe into the body of the page.';
|
||||
|
||||
public function getCMSFields()
|
||||
{
|
||||
$fields = parent::getCMSFields();
|
||||
|
||||
$fields->removeFieldFromTab('Root.Main', 'Content');
|
||||
$fields->addFieldToTab('Root.Main', $url = new TextField('IFrameURL', 'Iframe URL'), 'Metadata');
|
||||
$url->setRightTitle('Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).');
|
||||
$fields->addFieldToTab(
|
||||
'Root.Main',
|
||||
DropdownField::create('ForceProtocol', 'Force protocol?')
|
||||
->setSource(array('http://' => 'http://', 'https://' => 'https://'))
|
||||
->setEmptyString('')
|
||||
->setDescription('Avoids mixed content warnings when iframe content is just available under a specific protocol'),
|
||||
'Metadata'
|
||||
);
|
||||
$fields->addFieldToTab('Root.Main', new CheckboxField('AutoHeight', 'Auto height (only works with same domain URLs)'), 'Metadata');
|
||||
$fields->addFieldToTab('Root.Main', new CheckboxField('AutoWidth', 'Auto width (100% of the available space)'), 'Metadata');
|
||||
$fields->addFieldToTab('Root.Main', new NumericField('FixedHeight', 'Fixed height (in pixels)'), 'Metadata');
|
||||
$fields->addFieldToTab('Root.Main', new NumericField('FixedWidth', 'Fixed width (in pixels)'), 'Metadata');
|
||||
$fields->addFieldToTab('Root.Main', new HtmlEditorField('Content', 'Content (appears above iframe)'), 'Metadata');
|
||||
$fields->addFieldToTab('Root.Main', new HtmlEditorField('BottomContent', 'Content (appears below iframe)'), 'Metadata');
|
||||
$fields->addFieldToTab('Root.Main', new HtmlEditorField('AlternateContent', 'Alternate Content (appears when user has iframes disabled)'), 'Metadata');
|
||||
$fields->removeFieldFromTab('Root.Main', 'Content');
|
||||
$fields->addFieldToTab('Root.Main', $url = new TextField('IFrameURL', 'Iframe URL'), 'Metadata');
|
||||
$url->setRightTitle('Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).');
|
||||
$fields->addFieldToTab(
|
||||
'Root.Main',
|
||||
DropdownField::create('ForceProtocol', 'Force protocol?')
|
||||
->setSource(array('http://' => 'http://', 'https://' => 'https://'))
|
||||
->setEmptyString('')
|
||||
->setDescription('Avoids mixed content warnings when iframe content is just available under a specific protocol'),
|
||||
'Metadata'
|
||||
);
|
||||
$fields->addFieldToTab('Root.Main', new CheckboxField('AutoHeight', 'Auto height (only works with same domain URLs)'), 'Metadata');
|
||||
$fields->addFieldToTab('Root.Main', new CheckboxField('AutoWidth', 'Auto width (100% of the available space)'), 'Metadata');
|
||||
$fields->addFieldToTab('Root.Main', new NumericField('FixedHeight', 'Fixed height (in pixels)'), 'Metadata');
|
||||
$fields->addFieldToTab('Root.Main', new NumericField('FixedWidth', 'Fixed width (in pixels)'), 'Metadata');
|
||||
$fields->addFieldToTab('Root.Main', new HtmlEditorField('Content', 'Content (appears above iframe)'), 'Metadata');
|
||||
$fields->addFieldToTab('Root.Main', new HtmlEditorField('BottomContent', 'Content (appears below iframe)'), 'Metadata');
|
||||
$fields->addFieldToTab('Root.Main', new HtmlEditorField('AlternateContent', 'Alternate Content (appears when user has iframes disabled)'), 'Metadata');
|
||||
|
||||
return $fields;
|
||||
}
|
||||
return $fields;
|
||||
}
|
||||
|
||||
/**
|
||||
* Compute class from the size parameters.
|
||||
*/
|
||||
function getClass() {
|
||||
$class = '';
|
||||
if ($this->AutoHeight) {
|
||||
$class .= 'iframepage-height-auto';
|
||||
}
|
||||
/**
|
||||
* Compute class from the size parameters.
|
||||
*/
|
||||
public function getClass()
|
||||
{
|
||||
$class = '';
|
||||
if ($this->AutoHeight) {
|
||||
$class .= 'iframepage-height-auto';
|
||||
}
|
||||
|
||||
return $class;
|
||||
}
|
||||
return $class;
|
||||
}
|
||||
|
||||
/**
|
||||
* Compute style from the size parameters.
|
||||
*/
|
||||
function getStyle() {
|
||||
$style = '';
|
||||
/**
|
||||
* Compute style from the size parameters.
|
||||
*/
|
||||
public function getStyle()
|
||||
{
|
||||
$style = '';
|
||||
|
||||
// Always add fixed height as a fallback if autosetting or JS fails.
|
||||
$height = $this->FixedHeight;
|
||||
if (!$height) $height = 800;
|
||||
$style .= "height: {$height}px; ";
|
||||
// Always add fixed height as a fallback if autosetting or JS fails.
|
||||
$height = $this->FixedHeight;
|
||||
if (!$height) {
|
||||
$height = 800;
|
||||
}
|
||||
$style .= "height: {$height}px; ";
|
||||
|
||||
if ($this->AutoWidth) {
|
||||
$style .= "width: 100%; ";
|
||||
}
|
||||
else if ($this->FixedWidth) {
|
||||
$style .= "width: {$this->FixedWidth}px; ";
|
||||
}
|
||||
if ($this->AutoWidth) {
|
||||
$style .= "width: 100%; ";
|
||||
} elseif ($this->FixedWidth) {
|
||||
$style .= "width: {$this->FixedWidth}px; ";
|
||||
}
|
||||
|
||||
return $style;
|
||||
}
|
||||
return $style;
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensure that the IFrameURL is a valid url and prevents XSS
|
||||
*
|
||||
* @throws ValidationException
|
||||
* @return ValidationResult
|
||||
*/
|
||||
public function validate() {
|
||||
$result = parent::validate();
|
||||
/**
|
||||
* Ensure that the IFrameURL is a valid url and prevents XSS
|
||||
*
|
||||
* @throws ValidationException
|
||||
* @return ValidationResult
|
||||
*/
|
||||
public function validate()
|
||||
{
|
||||
$result = parent::validate();
|
||||
|
||||
//whitelist allowed URL schemes
|
||||
$allowed_schemes = array('http', 'https');
|
||||
if($matches = parse_url($this->IFrameURL)) {
|
||||
if(isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
|
||||
$result->error(_t('IFramePage.VALIDATION.BANNEDURLSCHEME', "This URL scheme is not allowed."));
|
||||
}
|
||||
}
|
||||
//whitelist allowed URL schemes
|
||||
$allowed_schemes = array('http', 'https');
|
||||
if ($matches = parse_url($this->IFrameURL)) {
|
||||
if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
|
||||
$result->error(_t('IFramePage.VALIDATION.BANNEDURLSCHEME', "This URL scheme is not allowed."));
|
||||
}
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
}
|
||||
|
||||
class IFramePage_Controller extends Page_Controller {
|
||||
function init() {
|
||||
parent::init();
|
||||
class IFramePage_Controller extends Page_Controller
|
||||
{
|
||||
public function init()
|
||||
{
|
||||
parent::init();
|
||||
|
||||
if($this->ForceProtocol) {
|
||||
if($this->ForceProtocol == 'http://' && Director::protocol() != 'http://') {
|
||||
return $this->redirect(preg_replace('#https://#', 'http://', $this->AbsoluteLink()));
|
||||
} else if($this->ForceProtocol == 'https://' && Director::protocol() != 'https://') {
|
||||
return $this->redirect(preg_replace('#http://#', 'https://', $this->AbsoluteLink()));
|
||||
}
|
||||
}
|
||||
if ($this->ForceProtocol) {
|
||||
if ($this->ForceProtocol == 'http://' && Director::protocol() != 'http://') {
|
||||
return $this->redirect(preg_replace('#https://#', 'http://', $this->AbsoluteLink()));
|
||||
} elseif ($this->ForceProtocol == 'https://' && Director::protocol() != 'https://') {
|
||||
return $this->redirect(preg_replace('#http://#', 'https://', $this->AbsoluteLink()));
|
||||
}
|
||||
}
|
||||
|
||||
if ($this->IFrameURL) {
|
||||
Requirements::javascript('iframe/javascript/iframe_page.js');
|
||||
}
|
||||
}
|
||||
if ($this->IFrameURL) {
|
||||
Requirements::javascript('iframe/javascript/iframe_page.js');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1,133 +1,139 @@
|
||||
<?php
|
||||
|
||||
class IFramePageTest extends SapphireTest {
|
||||
class IFramePageTest extends SapphireTest
|
||||
{
|
||||
public function setUp()
|
||||
{
|
||||
parent::setUp();
|
||||
Config::nest();
|
||||
}
|
||||
|
||||
public function setUp() {
|
||||
parent::setUp();
|
||||
Config::nest();
|
||||
}
|
||||
public function tearDown()
|
||||
{
|
||||
Config::unnest();
|
||||
parent::tearDown();
|
||||
}
|
||||
|
||||
public function tearDown() {
|
||||
Config::unnest();
|
||||
parent::tearDown();
|
||||
}
|
||||
public function testGetClass()
|
||||
{
|
||||
$iframe = new IFramePage();
|
||||
$iframe->AutoHeight = 1;
|
||||
$iframe->getClass();
|
||||
|
||||
function testGetClass() {
|
||||
$iframe = new IFramePage();
|
||||
$iframe->AutoHeight = 1;
|
||||
$iframe->getClass();
|
||||
$this->assertContains('iframepage-height-auto', $iframe->getClass());
|
||||
|
||||
$this->assertContains('iframepage-height-auto', $iframe->getClass());
|
||||
$iframe->AutoHeight = 0;
|
||||
$iframe->getClass();
|
||||
|
||||
$iframe->AutoHeight = 0;
|
||||
$iframe->getClass();
|
||||
$this->assertNotContains('iframepage-height-auto', $iframe->getClass());
|
||||
}
|
||||
|
||||
$this->assertNotContains('iframepage-height-auto', $iframe->getClass());
|
||||
}
|
||||
public function testGetStyle()
|
||||
{
|
||||
$iframe = new IFramePage();
|
||||
|
||||
function testGetStyle() {
|
||||
$iframe = new IFramePage();
|
||||
$iframe->FixedHeight = 0;
|
||||
$iframe->getStyle();
|
||||
$this->assertContains('height: 800px', $iframe->getStyle(), 'Height defaults to 800 if not set.');
|
||||
|
||||
$iframe->FixedHeight = 0;
|
||||
$iframe->getStyle();
|
||||
$this->assertContains('height: 800px', $iframe->getStyle(), 'Height defaults to 800 if not set.');
|
||||
$iframe->FixedHeight = 100;
|
||||
$iframe->getStyle();
|
||||
$this->assertContains('height: 100px', $iframe->getStyle(), 'Fixed height is settable');
|
||||
|
||||
$iframe->FixedHeight = 100;
|
||||
$iframe->getStyle();
|
||||
$this->assertContains('height: 100px', $iframe->getStyle(), 'Fixed height is settable');
|
||||
$iframe->AutoWidth = 1;
|
||||
$iframe->FixedWidth = '200';
|
||||
$this->assertContains('width: 100%', $iframe->getStyle(), 'Auto width overrides fixed width');
|
||||
|
||||
$iframe->AutoWidth = 1;
|
||||
$iframe->FixedWidth = '200';
|
||||
$this->assertContains('width: 100%', $iframe->getStyle(), 'Auto width overrides fixed width');
|
||||
$iframe->AutoWidth = 0;
|
||||
$iframe->FixedWidth = '200';
|
||||
$this->assertContains('width: 200px', $iframe->getStyle(), 'Fixed width is settable');
|
||||
}
|
||||
|
||||
$iframe->AutoWidth = 0;
|
||||
$iframe->FixedWidth = '200';
|
||||
$this->assertContains('width: 200px', $iframe->getStyle(), 'Fixed width is settable');
|
||||
}
|
||||
public function testAllowedUrls()
|
||||
{
|
||||
$iframe = new IFramePage();
|
||||
|
||||
function testAllowedUrls() {
|
||||
$iframe = new IFramePage();
|
||||
$tests = array(
|
||||
'allowed' => array(
|
||||
'http://anything',
|
||||
'https://anything',
|
||||
'page',
|
||||
'sub-page/link',
|
||||
'page/link',
|
||||
'page.html',
|
||||
'page.htm',
|
||||
'page.phpissoawesomewhywouldiuseanythingelse',
|
||||
'//url.com/page',
|
||||
'/root/page/link',
|
||||
'http://intranet:8888',
|
||||
'http://javascript:8080',
|
||||
'http://username:password@hostname/path?arg=value#anchor'
|
||||
),
|
||||
'banned' => array(
|
||||
'javascript:alert',
|
||||
'tel:0210001234',
|
||||
'ftp://url',
|
||||
'ssh://1.2.3.4',
|
||||
'ssh://url.com/page'
|
||||
)
|
||||
);
|
||||
|
||||
$tests = array(
|
||||
'allowed' => array(
|
||||
'http://anything',
|
||||
'https://anything',
|
||||
'page',
|
||||
'sub-page/link',
|
||||
'page/link',
|
||||
'page.html',
|
||||
'page.htm',
|
||||
'page.phpissoawesomewhywouldiuseanythingelse',
|
||||
'//url.com/page',
|
||||
'/root/page/link',
|
||||
'http://intranet:8888',
|
||||
'http://javascript:8080',
|
||||
'http://username:password@hostname/path?arg=value#anchor'
|
||||
),
|
||||
'banned' => array(
|
||||
'javascript:alert',
|
||||
'tel:0210001234',
|
||||
'ftp://url',
|
||||
'ssh://1.2.3.4',
|
||||
'ssh://url.com/page'
|
||||
)
|
||||
);
|
||||
foreach ($tests['allowed'] as $url) {
|
||||
$iframe->IFrameURL = $url;
|
||||
$iframe->write();
|
||||
$this->assertContains($iframe->IFrameURL, $url);
|
||||
}
|
||||
|
||||
foreach($tests['allowed'] as $url) {
|
||||
$iframe->IFrameURL = $url;
|
||||
$iframe->write();
|
||||
$this->assertContains($iframe->IFrameURL, $url);
|
||||
}
|
||||
foreach ($tests['banned'] as $url) {
|
||||
$iframe->IFrameURL = $url;
|
||||
$this->setExpectedException('ValidationException');
|
||||
$iframe->write();
|
||||
}
|
||||
}
|
||||
|
||||
foreach($tests['banned'] as $url) {
|
||||
$iframe->IFrameURL = $url;
|
||||
$this->setExpectedException('ValidationException');
|
||||
$iframe->write();
|
||||
}
|
||||
}
|
||||
public function testForceProtocol()
|
||||
{
|
||||
$origServer = $_SERVER;
|
||||
|
||||
public function testForceProtocol() {
|
||||
$origServer = $_SERVER;
|
||||
$page = new IFramePage();
|
||||
$page->URLSegment = 'iframe';
|
||||
$page->IFrameURL = 'http://target.com';
|
||||
|
||||
$page = new IFramePage();
|
||||
$page->URLSegment = 'iframe';
|
||||
$page->IFrameURL = 'http://target.com';
|
||||
Config::inst()->update('Director', 'alternate_protocol', 'http');
|
||||
Config::inst()->update('Director', 'alternate_base_url', 'http://host.com');
|
||||
$page->ForceProtocol = '';
|
||||
$controller = new IFramePage_Controller($page);
|
||||
$response = $controller->init();
|
||||
$this->assertNull($response);
|
||||
|
||||
Config::inst()->update('Director', 'alternate_protocol', 'http');
|
||||
Config::inst()->update('Director', 'alternate_base_url', 'http://host.com');
|
||||
$page->ForceProtocol = '';
|
||||
$controller = new IFramePage_Controller($page);
|
||||
$response = $controller->init();
|
||||
$this->assertNull($response);
|
||||
Config::inst()->update('Director', 'alternate_protocol', 'https');
|
||||
Config::inst()->update('Director', 'alternate_base_url', 'https://host.com');
|
||||
$page->ForceProtocol = '';
|
||||
$controller = new IFramePage_Controller($page);
|
||||
$response = $controller->init();
|
||||
$this->assertNull($response);
|
||||
|
||||
Config::inst()->update('Director', 'alternate_protocol', 'https');
|
||||
Config::inst()->update('Director', 'alternate_base_url', 'https://host.com');
|
||||
$page->ForceProtocol = '';
|
||||
$controller = new IFramePage_Controller($page);
|
||||
$response = $controller->init();
|
||||
$this->assertNull($response);
|
||||
Config::inst()->update('Director', 'alternate_protocol', 'http');
|
||||
Config::inst()->update('Director', 'alternate_base_url', 'http://host.com');
|
||||
$page->ForceProtocol = 'http://';
|
||||
$controller = new IFramePage_Controller($page);
|
||||
$response = $controller->init();
|
||||
$this->assertNull($response);
|
||||
|
||||
Config::inst()->update('Director', 'alternate_protocol', 'http');
|
||||
Config::inst()->update('Director', 'alternate_base_url', 'http://host.com');
|
||||
$page->ForceProtocol = 'http://';
|
||||
$controller = new IFramePage_Controller($page);
|
||||
$response = $controller->init();
|
||||
$this->assertNull($response);
|
||||
Config::inst()->update('Director', 'alternate_protocol', 'http');
|
||||
Config::inst()->update('Director', 'alternate_base_url', 'http://host.com');
|
||||
$page->ForceProtocol = 'https://';
|
||||
$controller = new IFramePage_Controller($page);
|
||||
$response = $controller->init();
|
||||
$this->assertEquals($response->getHeader('Location'), 'https://host.com/iframe/');
|
||||
|
||||
Config::inst()->update('Director', 'alternate_protocol', 'http');
|
||||
Config::inst()->update('Director', 'alternate_base_url', 'http://host.com');
|
||||
$page->ForceProtocol = 'https://';
|
||||
$controller = new IFramePage_Controller($page);
|
||||
$response = $controller->init();
|
||||
$this->assertEquals($response->getHeader('Location'), 'https://host.com/iframe/');
|
||||
Config::inst()->update('Director', 'alternate_protocol', 'https');
|
||||
Config::inst()->update('Director', 'alternate_base_url', 'https://host.com');
|
||||
$page->ForceProtocol = 'http://';
|
||||
$controller = new IFramePage_Controller($page);
|
||||
$response = $controller->init();
|
||||
$this->assertEquals($response->getHeader('Location'), 'http://host.com/iframe/');
|
||||
|
||||
Config::inst()->update('Director', 'alternate_protocol', 'https');
|
||||
Config::inst()->update('Director', 'alternate_base_url', 'https://host.com');
|
||||
$page->ForceProtocol = 'http://';
|
||||
$controller = new IFramePage_Controller($page);
|
||||
$response = $controller->init();
|
||||
$this->assertEquals($response->getHeader('Location'), 'http://host.com/iframe/');
|
||||
|
||||
$_SERVER = $origServer;
|
||||
}
|
||||
$_SERVER = $origServer;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user