/
_security.php
100 lines (91 loc) · 3.78 KB
/
_security.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
<?php
/**
* This view generate the 'security' tab inside global settings.
*
*/
?>
<div class="form-group">
<label class=" control-label" for='surveyPreview_require_Auth'><?php eT("Survey preview only for administration users:"); ?></label>
<div class="">
<?php $this->widget('yiiwheels.widgets.switch.WhSwitch', array(
'name' => 'surveyPreview_require_Auth',
'id'=>'surveyPreview_require_Auth',
'value' => getGlobalSetting('surveyPreview_require_Auth'),
'onLabel'=>gT('On'),
'offLabel' => gT('Off')));
?>
</div>
</div>
<div class="form-group">
<label class=" control-label" for='filterxsshtml'><?php eT("Filter HTML for XSS:"); echo ((Yii::app()->getConfig("demoMode")==true)?'*':''); ?></label>
<div class="">
<?php $this->widget('yiiwheels.widgets.switch.WhSwitch', array(
'name' => 'filterxsshtml',
'id'=>'filterxsshtml',
'value' => getGlobalSetting('filterxsshtml'),
'onLabel'=>gT('On'),
'offLabel' => gT('Off')
));
?>
</div>
<div class="">
<span class='hint'><?php eT("Note: XSS filtering is always disabled for the superadministrator."); ?></span>
</div>
</div>
<div class="form-group">
<label class=" control-label" for='usercontrolSameGroupPolicy'><?php eT("Group member can only see own group:"); ?></label>
<div class="">
<?php $this->widget('yiiwheels.widgets.switch.WhSwitch', array(
'name' => 'usercontrolSameGroupPolicy',
'id'=>'usercontrolSameGroupPolicy',
'value' => getGlobalSetting('usercontrolSameGroupPolicy'),
'onLabel'=>gT('On'),
'offLabel' => gT('Off')));
?>
</div>
</div>
<div class="form-group">
<label class=" control-label" for="x_frame_options">
<?php if (Yii::app()->getConfig("demoMode")==true){ ?>
<span class="text-danger asterisk"></span>
<?php }; ?>
<?php eT('IFrame embedding allowed:'); echo ((Yii::app()->getConfig("demoMode")==true)?'*':'');?></label>
<div class="">
<?php $this->widget('yiiwheels.widgets.buttongroup.WhButtonGroup', array(
'name' => 'x_frame_options',
'value'=> getGlobalSetting('x_frame_options'),
'selectOptions'=>array(
"allow"=>gT("Allow",'unescaped'),
"sameorigin"=>gT("Same origin",'unescaped')
)
));?>
</div>
</div>
<div class="form-group">
<label class=" control-label" for="force_ssl">
<?php if (Yii::app()->getConfig("demoMode")==true){ ?>
<span class="text-danger asterisk"></span>
<?php }; ?>
<?php eT('Force HTTPS:'); echo ((Yii::app()->getConfig("demoMode")==true)?'*':'');?></label>
<div class="">
<?php $this->widget('yiiwheels.widgets.buttongroup.WhButtonGroup', array(
'name' => 'force_ssl',
'value'=> getGlobalSetting('force_ssl'),
'selectOptions'=>array(
"on"=>gT("On",'unescaped'),
"off"=>gT("Off",'unescaped')
)
));?>
</div>
</div>
<?php
$warning_force_ssl = sprintf(gT('Warning: Before turning on HTTPS,%s check if this link works.%s'),'<a href="https://'.$_SERVER['HTTP_HOST'].$this->createUrl("admin/globalsettings/sa").'" title="'. gT('Test if your server has SSL enabled by clicking on this link.').'">','</a>')
.'<br/> '
. gT("If the link does not work and you turn on HTTPS, LimeSurvey will break and you won't be able to access it.");
?>
<div class="form-group">
<span style='font-size:0.7em;'><?php echo $warning_force_ssl; ?></span>
</div>
<?php if (Yii::app()->getConfig("demoMode")==true):?>
<p><?php eT("Note: Demo mode is activated. Marked (*) settings can't be changed."); ?></p>
<?php endif; ?>