-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAshSecurityHeadersSettingsForm.php
More file actions
120 lines (102 loc) · 3.87 KB
/
AshSecurityHeadersSettingsForm.php
File metadata and controls
120 lines (102 loc) · 3.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<?php
/**
* @file plugins/generic/ashSecurityHeaders/AshSecurityHeadersSettingsForm.inc.php
*
* Copyright (c) 2021-2025 AshVisualTheme
* Copyright (c) 2014-2025 Simon Fraser University
* Copyright (c) 2003-2025 John Willinsky
* Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
*
* @class SecurityHeadersSettingsForm
* @brief Form for managing the Security Headers plugin settings.
*/
namespace APP\plugins\generic\ashSecurityHeaders;
use APP\core\Application;
use APP\notification\Notification;
use APP\notification\NotificationManager;
use APP\template\TemplateManager;
use PKP\form\Form;
use PKP\form\validation\FormValidatorCSRF;
use PKP\form\validation\FormValidatorPost;
class AshSecurityHeadersSettingsForm extends Form
{
public AshSecurityHeadersPlugin $plugin;
private $settingKeys;
public function __construct(AshSecurityHeadersPlugin $plugin)
{
parent::__construct($plugin->getTemplateResource('settings.tpl'));
$this->plugin = $plugin;
$this->settingKeys = [
'headerXfo',
'headerXcto',
'headerXxss',
'headerCsp',
'headerCoep',
'headerCoop',
'headerCorp',
'headerPp',
'headerRp',
'headerHsts'
];
$this->addCheck(new FormValidatorPost($this));
$this->addCheck(new FormValidatorCSRF($this));
}
public function initData()
{
$context = Application::get()->getRequest()->getContext();
$contextId = $context ? $context->getId() : CONTEXT_SITE;
$defaultHeaders = $this->plugin->getDefaultHeaders();
$settingMap = [
'headerXfo' => 'X-Frame-Options',
'headerXcto' => 'X-Content-Type-Options',
'headerXxss' => 'X-XSS-Protection',
'headerCsp' => 'Content-Security-Policy',
'headerCoep' => 'Cross-Origin-Embedder-Policy',
'headerCoop' => 'Cross-Origin-Opener-Policy',
'headerCorp' => 'Cross-Origin-Resource-Policy',
'headerPp' => 'Permissions-Policy',
'headerRp' => 'Referrer-Policy',
'headerHsts' => 'Strict-Transport-Security',
];
foreach ($this->settingKeys as $key) {
$savedValue = $this->plugin->getSetting($contextId, $key);
if ($savedValue === null) {
$headerName = $settingMap[$key] ?? null;
if ($headerName && isset($defaultHeaders[$headerName])) {
$this->setData($key, $defaultHeaders[$headerName]);
}
} else {
$this->setData($key, $savedValue);
}
}
parent::initData();
}
public function readInputData()
{
$this->readUserVars($this->settingKeys);
parent::readInputData();
}
public function fetch($request, $template = null, $display = false)
{
$templateMgr = TemplateManager::getManager($request);
$templateMgr->assign('pluginName', $this->plugin->getName());
return parent::fetch($request, $template, $display);
}
public function execute(...$functionArgs)
{
$context = Application::get()->getRequest()->getContext();
$contextId = $context ? $context->getId() : CONTEXT_SITE;
foreach ($this->settingKeys as $key) {
$value = $this->getData($key);
$sanitizedValue = is_string($value) ? preg_replace('/[\r\n]/', '', $value) : $value;
$this->plugin->updateSetting($contextId, $key, $sanitizedValue);
}
$notificationMgr = new NotificationManager();
$notificationMgr->createTrivialNotification(
Application::get()->getRequest()->getUser()->getId(),
Notification::NOTIFICATION_TYPE_SUCCESS,
['contents' => __('common.changesSaved')]
);
return parent::execute(...$functionArgs);
}
}