From 97b536e3dfd35d1e51ecf866ccb433745c33309a Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Thu, 21 Aug 2014 22:22:35 +0200 Subject: [PATCH] Add a trusted domain wizard Adds a little button to the trusted domain warning, if an admin clicks on the warning he will be redirected to ownCloud and asked whether he want to trust this domain. By far not the cleanest code, or clean at all, but does the job and I don't see a reason to make a lot of changes for this little improvement. --- core/css/styles.css | 4 ++++ core/templates/untrustedDomain.php | 19 +++++++++++++++++++ lib/base.php | 7 +++---- settings/ajax/setsecurity.php | 12 ++++++++++-- settings/js/admin.js | 16 ++++++++++++++++ 5 files changed, 52 insertions(+), 6 deletions(-) create mode 100644 core/templates/untrustedDomain.php diff --git a/core/css/styles.css b/core/css/styles.css index f1ce49cfe2..292fb83a05 100644 --- a/core/css/styles.css +++ b/core/css/styles.css @@ -611,6 +611,10 @@ label.infield { margin-left: -200px !important; } +.error-wide .button { + color: black !important; +} + /* Fixes for log in page, TODO should be removed some time */ #body-login .update, #body-login .error { diff --git a/core/templates/untrustedDomain.php b/core/templates/untrustedDomain.php new file mode 100644 index 0000000000..b661834318 --- /dev/null +++ b/core/templates/untrustedDomain.php @@ -0,0 +1,19 @@ + + + diff --git a/lib/base.php b/lib/base.php index 759a417703..499ef29f30 100644 --- a/lib/base.php +++ b/lib/base.php @@ -689,10 +689,9 @@ class OC { ) { header('HTTP/1.1 400 Bad Request'); header('Status: 400 Bad Request'); - OC_Template::printErrorPage( - $l->t('You are accessing the server from an untrusted domain.'), - $l->t('Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domain" setting in config/config.php. An example configuration is provided in config/config.sample.php.') - ); + $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); + $tmpl->assign('domain', $_SERVER['SERVER_NAME']); + $tmpl->printPage(); return; } diff --git a/settings/ajax/setsecurity.php b/settings/ajax/setsecurity.php index 675d7eced4..3cb1d05ee6 100644 --- a/settings/ajax/setsecurity.php +++ b/settings/ajax/setsecurity.php @@ -1,6 +1,6 @@ + * Copyright (c) 2013-2014, Lukas Reschke * This file is licensed under the Affero General Public License version 3 or later. * See the COPYING-README file. */ @@ -8,6 +8,14 @@ OC_Util::checkAdminUser(); OCP\JSON::callCheck(); -OC_Config::setValue( 'forcessl', filter_var($_POST['enforceHTTPS'], FILTER_VALIDATE_BOOLEAN)); +if(isset($_POST['enforceHTTPS'])) { + OC_Config::setValue( 'forcessl', filter_var($_POST['enforceHTTPS'], FILTER_VALIDATE_BOOLEAN)); +} + +if(isset($_POST['trustedDomain'])) { + $trustedDomains = OC_Config::getValue('trusted_domains'); + $trustedDomains[] = $_POST['trustedDomain']; + OC_Config::setValue('trusted_domains', $trustedDomains); +} echo 'true'; diff --git a/settings/js/admin.js b/settings/js/admin.js index a202feb4f6..b09704f87b 100644 --- a/settings/js/admin.js +++ b/settings/js/admin.js @@ -38,6 +38,22 @@ var SharingGroupList = { }; $(document).ready(function(){ + var params = OC.Util.History.parseUrlQuery(); + + // Hack to add a trusted domain + if (params.trustDomain) { + OC.dialogs.confirm(t('core', 'Are you really sure you want add "{domain}" as trusted domain?', {domain: params.trustDomain}), + t('core', 'Add trusted domain'), function(answer) { + if(answer) { + $.ajax({ + type: 'POST', + url: OC.generateUrl('settings/ajax/setsecurity.php'), + data: { trustedDomain: params.trustDomain} + }); + } + }); + } + $('select#excludedGroups[multiple]').each(function (index, element) { SharingGroupList.applyMultipleSelect($(element));