From 26bad92b0b12b857c24ceb388bd51ac980d4af8b Mon Sep 17 00:00:00 2001 From: FayCross Date: Fri, 8 Sep 2017 14:24:17 +0100 Subject: [PATCH] Close #399 Access set to 'other' now accepts multiple domains separated by commas --- .../php/properties/properties_library.inc | 2 +- play.php | 39 +++++++++++---- play_site.php | 49 +++++++++++++------ 3 files changed, 66 insertions(+), 24 deletions(-) diff --git a/languages/en-GB/website_code/php/properties/properties_library.inc b/languages/en-GB/website_code/php/properties/properties_library.inc index 2611fc4bda..ec9f79296d 100644 --- a/languages/en-GB/website_code/php/properties/properties_library.inc +++ b/languages/en-GB/website_code/php/properties/properties_library.inc @@ -169,7 +169,7 @@ define("PROPERTIES_LIBRARY_ACCESS_OTHER", "Other"); - define("PROPERTIES_LIBRARY_ACCESS_OTHER_EXPLAINED", "Using this setting restricts access to your content. Your content will only be visible to people following links to your content from the site you provide. Enter the site URL below."); + define("PROPERTIES_LIBRARY_ACCESS_OTHER_EXPLAINED", "Using this setting restricts access to your content. Your content will only be visible to people following links to your content from the sites you provide. Enter the site URLs below, separating individual URLs with commas."); define("PROPERTIES_LIBRARY_ACCESS_PRIVATE", "Private"); diff --git a/play.php b/play.php index 3abc99d6ce..43055477bf 100644 --- a/play.php +++ b/play.php @@ -314,29 +314,50 @@ function check_security_type($security_setting) } else if (substr($row_play['access_to_whom'], 0, 5) == "Other") { /* - * The Other attribute has been set - so break the string down to obtain the host + * The Other attribute has been set - so break the string down to obtain the host - this can now be a comma separated list to allow for more than one referrer */ $test_string = substr($row_play['access_to_whom'], 6, strlen($row_play['access_to_whom'])); + _debug("'Other' security is active for '" . $test_string . "', the current referrer is: '" . $_SERVER['HTTP_REFERER'] . "'"); + + $test_string = explode(",", $test_string); + /* * Can only check against this variable, if I can't find it (say pop ups) no choice but to fail */ if (strlen($_SERVER['HTTP_REFERER']) != 0) { - - if (strpos($_SERVER['HTTP_REFERER'], $test_string) == 0) { - - db_query("UPDATE {$xerte_toolkits_site->database_table_prefix}templatedetails SET number_of_uses=number_of_uses+1 WHERE template_id=?", array($safe_template_id)); - - show_template($row_play); - - } else { + + $ok = false; + + foreach($test_string as $item) { + + if (strpos($_SERVER['HTTP_REFERER'], $item) === 0) { + + $ok = true; + + db_query("UPDATE {$xerte_toolkits_site->database_table_prefix}templatedetails SET number_of_uses=number_of_uses+1 WHERE template_id=?", array($safe_template_id)); + + show_template($row_play); + + break; + + } + } + + if ($ok == false) { + dont_show_template('Doesnt Match Referer:' . $_SERVER['HTTP_REFERER']); + } + } else { + dont_show_template('No HTTP Referer'); + } + } else if (sizeof($query_for_security_content_response) > 0) { /* diff --git a/play_site.php b/play_site.php index ee3027de42..7a54631de8 100644 --- a/play_site.php +++ b/play_site.php @@ -309,35 +309,56 @@ function check_security_type($security_setting) } else if (substr($row_play['access_to_whom'], 0, 5) == "Other") { /* - * The Other attribute has been set - so break the string down to obtain the host + * The Other attribute has been set - so break the string down to obtain the host - this can now be a comma separated list to allow for more than one referrer */ $test_string = substr($row_play['access_to_whom'], 6, strlen($row_play['access_to_whom'])); + _debug("'Other' security is active for '" . $test_string . "', the current referrer is: '" . $_SERVER['HTTP_REFERER'] . "'"); + + $test_string = explode(",", $test_string); + /* * Can only check against this variable, if I can't find it (say pop ups) no choice but to fail */ if (strlen($_SERVER['HTTP_REFERER']) != 0) { - - if (strpos($_SERVER['HTTP_REFERER'], $test_string) == 0) { - - db_query("UPDATE {$xerte_toolkits_site->database_table_prefix}templatedetails SET number_of_uses=number_of_uses+1 WHERE template_id=?", array($safe_template_id)); - - require_once $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play_site.php"; - - show_template($row_play); + + $ok = false; + + foreach($test_string as $item) { - } else { - - require_once $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play_site.php"; + if (strpos($_SERVER['HTTP_REFERER'], $item) === 0) { + + $ok = true; + + db_query("UPDATE {$xerte_toolkits_site->database_table_prefix}templatedetails SET number_of_uses=number_of_uses+1 WHERE template_id=?", array($safe_template_id)); + require_once $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play_site.php"; + + show_template($row_play); + + break; + + } + } + + if ($ok == false) { + + require_once $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play_site.php"; + dont_show_template('Doesnt Match Referer:' . $_SERVER['HTTP_REFERER']); + } + } else { - require_once $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play_site.php"; - dont_show_template('No HTTP Referer'); + + require_once $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play_site.php"; + + dont_show_template('No HTTP Referer'); + } + } else if (sizeof($query_for_security_content_response) > 0) { /*