Disallow mail addresses for registration (#13920)

* Disallow mail addresses for registration

* Order for allow/disallow has been changed
This commit is contained in:
Michael Vogel 2024-02-19 09:33:20 +01:00 committed by GitHub
parent cb294cf411
commit d5c0f086bd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 282 additions and 264 deletions

View File

@ -380,7 +380,7 @@ class OEmbed
$allowed = explode(',', $str_allowed);
return Network::isDomainAllowed($domain, $allowed);
return Network::isDomainMatch($domain, $allowed);
}
/**

View File

@ -80,6 +80,7 @@ class Site extends BaseAdmin
$allowed_sites = (!empty($_POST['allowed_sites']) ? trim($_POST['allowed_sites']) : '');
$allowed_email = (!empty($_POST['allowed_email']) ? trim($_POST['allowed_email']) : '');
$disallowed_email = (!empty($_POST['disallowed_email']) ? trim($_POST['disallowed_email']) : '');
$forbidden_nicknames = (!empty($_POST['forbidden_nicknames']) ? strtolower(trim($_POST['forbidden_nicknames'])) : '');
$system_actor_name = (!empty($_POST['system_actor_name']) ? trim($_POST['system_actor_name']) : '');
$no_oembed_rich_content = !empty($_POST['no_oembed_rich_content']);
@ -255,6 +256,7 @@ class Site extends BaseAdmin
$transactionConfig->set('config', 'register_text' , $register_text);
$transactionConfig->set('system', 'allowed_sites' , $allowed_sites);
$transactionConfig->set('system', 'allowed_email' , $allowed_email);
$transactionConfig->set('system', 'disallowed_email' , $disallowed_email);
$transactionConfig->set('system', 'forbidden_nicknames' , $forbidden_nicknames);
$transactionConfig->set('system', 'system_actor_name' , $system_actor_name);
$transactionConfig->set('system', 'no_oembed_rich_content' , $no_oembed_rich_content);
@ -505,6 +507,7 @@ class Site extends BaseAdmin
'$abandon_days' => ['abandon_days', DI::l10n()->t('Accounts abandoned after x days'), DI::config()->get('system', 'account_abandon_days'), DI::l10n()->t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.')],
'$allowed_sites' => ['allowed_sites', DI::l10n()->t('Allowed friend domains'), DI::config()->get('system', 'allowed_sites'), DI::l10n()->t('Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains')],
'$allowed_email' => ['allowed_email', DI::l10n()->t('Allowed email domains'), DI::config()->get('system', 'allowed_email'), DI::l10n()->t('Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains')],
'$disallowed_email' => ['disallowed_email', DI::l10n()->t('Disallowed email domains'), DI::config()->get('system', 'disallowed_email'), DI::l10n()->t('Comma separated list of domains which are rejected as email addresses for registrations to this site. Wildcards are accepted.')],
'$no_oembed_rich_content' => ['no_oembed_rich_content', DI::l10n()->t('No OEmbed rich content'), DI::config()->get('system', 'no_oembed_rich_content'), DI::l10n()->t('Don\'t show the rich content (e.g. embedded PDF), except from the domains listed below.')],
'$allowed_oembed' => ['allowed_oembed', DI::l10n()->t('Trusted third-party domains'), DI::config()->get('system', 'allowed_oembed'), DI::l10n()->t('Comma separated list of domains from which content is allowed to be embedded in posts like with OEmbed. All sub-domains of the listed domains are allowed as well.')],
'$block_public' => ['block_public', DI::l10n()->t('Block public'), DI::config()->get('system', 'block_public'), DI::l10n()->t('Check to block public access to all otherwise public personal pages on this site unless you are currently logged in.')],

View File

@ -271,14 +271,17 @@ class Network
return false;
}
$str_allowed = DI::config()->get('system', 'allowed_email', '');
if (empty($str_allowed)) {
$allowed = DI::config()->get('system', 'allowed_email');
if (!empty($allowed) && self::isDomainMatch($domain, explode(',', $allowed))) {
return true;
}
$allowed = explode(',', $str_allowed);
$disallowed = DI::config()->get('system', 'disallowed_email');
if (!empty($disallowed) && self::isDomainMatch($domain, explode(',', $disallowed))) {
return false;
}
return self::isDomainAllowed($domain, $allowed);
return true;
}
/**
@ -289,7 +292,7 @@ class Network
*
* @return boolean
*/
public static function isDomainAllowed(string $domain, array $domain_list): bool
public static function isDomainMatch(string $domain, array $domain_list): bool
{
$found = false;

File diff suppressed because it is too large Load Diff

View File

@ -38,6 +38,9 @@
{{include file="field_checkbox.tpl" field=$enable_openid}}
{{include file="field_checkbox.tpl" field=$enable_regfullname}}
{{include file="field_checkbox.tpl" field=$register_notification}}
{{include file="field_textarea.tpl" field=$allowed_email}}
{{include file="field_textarea.tpl" field=$disallowed_email}}
{{include file="field_textarea.tpl" field=$forbidden_nicknames}}
<div class="submit"><input type="submit" name="page_site" value="{{$submit}}"/></div>
<h2>{{$upload}}</h2>
@ -48,8 +51,6 @@
<h2>{{$corporate}}</h2>
{{include file="field_input.tpl" field=$allowed_sites}}
{{include file="field_input.tpl" field=$allowed_email}}
{{include file="field_input.tpl" field=$forbidden_nicknames}}
{{include file="field_checkbox.tpl" field=$no_oembed_rich_content}}
{{include file="field_input.tpl" field=$allowed_oembed}}
{{include file="field_checkbox.tpl" field=$block_public}}

View File

@ -77,6 +77,9 @@
{{include file="field_checkbox.tpl" field=$enable_openid}}
{{include file="field_checkbox.tpl" field=$enable_regfullname}}
{{include file="field_checkbox.tpl" field=$register_notification}}
{{include file="field_textarea.tpl" field=$allowed_email}}
{{include file="field_textarea.tpl" field=$disallowed_email}}
{{include file="field_textarea.tpl" field=$forbidden_nicknames}}
</div>
<div class="panel-footer">
<input type="submit" name="page_site" class="btn btn-primary" value="{{$submit}}"/>
@ -126,8 +129,6 @@
<div id="admin-settings-corporate-collapse" class="panel-collapse collapse" role="tabpanel" aria-labelledby="admin-settings-corporate">
<div class="panel-body">
{{include file="field_input.tpl" field=$allowed_sites}}
{{include file="field_input.tpl" field=$allowed_email}}
{{include file="field_input.tpl" field=$forbidden_nicknames}}
{{include file="field_checkbox.tpl" field=$no_oembed_rich_content}}
{{include file="field_input.tpl" field=$allowed_oembed}}
{{include file="field_checkbox.tpl" field=$block_public}}