2015-10-01 17:07:34 -04:00
|
|
|
<?php
|
2016-02-08 09:41:00 -05:00
|
|
|
/* Icinga Web 2 | (c) 2015 Icinga Development Team | GPLv2+ */
|
2015-10-01 17:07:34 -04:00
|
|
|
|
2016-02-09 07:37:53 -05:00
|
|
|
namespace Icinga\Controllers;
|
2015-10-01 17:07:34 -04:00
|
|
|
|
2025-02-21 10:18:16 -05:00
|
|
|
use Icinga\Web\Session;
|
|
|
|
|
use ipl\Html\BaseHtmlElement;
|
|
|
|
|
use ipl\Html\Html;
|
|
|
|
|
use ipl\Html\HtmlString;
|
|
|
|
|
use ipl\Html\Text;
|
|
|
|
|
use ipl\Web\Compat\CompatController;
|
|
|
|
|
use ipl\Web\Url;
|
|
|
|
|
use ipl\Web\Widget\Icon;
|
|
|
|
|
use ipl\Web\Widget\Tabs;
|
2015-10-01 17:07:34 -04:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Display external or internal links within an iframe
|
|
|
|
|
*/
|
2025-02-21 10:18:16 -05:00
|
|
|
class IframeController extends CompatController
|
2015-10-01 17:07:34 -04:00
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* Display iframe w/ the given URL
|
|
|
|
|
*/
|
2025-02-21 10:18:16 -05:00
|
|
|
public function indexAction(): void
|
2015-10-01 17:07:34 -04:00
|
|
|
{
|
2025-02-21 10:18:16 -05:00
|
|
|
$url = Url::fromPath($this->params->getRequired('url'));
|
|
|
|
|
$urlHash = $this->getRequest()->getHeader('X-Icinga-URLHash');
|
|
|
|
|
$expectedHash = hash('sha256', $url->getAbsoluteUrl() . Session::getSession()->getId());
|
|
|
|
|
$iframeUrl = Url::fromPath('iframe', ['url' => $url->getAbsoluteUrl()]);
|
|
|
|
|
|
|
|
|
|
if (! in_array($url->getScheme(), ['http', 'https'], true)) {
|
|
|
|
|
$this->httpBadRequest('Invalid URL scheme');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->injectTabs();
|
|
|
|
|
|
|
|
|
|
$this->getTabs()->setRefreshUrl($iframeUrl);
|
|
|
|
|
|
|
|
|
|
if ($urlHash) {
|
|
|
|
|
if ($urlHash !== $expectedHash) {
|
|
|
|
|
$this->httpBadRequest('Invalid URL hash');
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$this->addContent(Html::tag('div', ['class' => 'iframe-warning'], [
|
|
|
|
|
Html::tag('h2', $this->translate('Attention!')),
|
|
|
|
|
Html::tag('p', ['class' => 'note'], $this->translate(
|
|
|
|
|
'You are about to open untrusted content embedded in Icinga Web! Only proceed,'
|
|
|
|
|
.' by clicking the link below, if you recognize and trust the source!'
|
|
|
|
|
)),
|
|
|
|
|
Html::tag('a', ['data-url-hash' => $expectedHash, 'href' => Html::escape($iframeUrl)], $url),
|
|
|
|
|
Html::tag('p', ['class' => 'reason'], [
|
|
|
|
|
new Icon('circle-info'),
|
|
|
|
|
Text::create($this->translate(
|
|
|
|
|
'You see this warning because you do not seem to have followed a link in Icinga Web.'
|
|
|
|
|
. ' You can bypass this in the future by configuring a navigation item instead.'
|
|
|
|
|
))
|
|
|
|
|
])
|
|
|
|
|
]));
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->getTabs()->setHash($expectedHash);
|
|
|
|
|
|
|
|
|
|
$this->addContent(Html::tag(
|
|
|
|
|
'div',
|
|
|
|
|
['class' => 'iframe-container'],
|
|
|
|
|
Html::tag('iframe', [
|
|
|
|
|
'src' => $url,
|
|
|
|
|
'sandbox' => 'allow-same-origin allow-scripts allow-popups allow-forms',
|
|
|
|
|
])
|
|
|
|
|
));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function injectTabs(): void
|
|
|
|
|
{
|
|
|
|
|
$this->tabs = new class extends Tabs {
|
|
|
|
|
private $hash;
|
|
|
|
|
|
|
|
|
|
public function setHash($hash)
|
|
|
|
|
{
|
|
|
|
|
$this->hash = $hash;
|
|
|
|
|
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected function assemble()
|
|
|
|
|
{
|
|
|
|
|
$tabHtml = substr($this->tabs->render(), 34, -5);
|
|
|
|
|
if ($this->refreshUrl !== null) {
|
|
|
|
|
$tabHtml = preg_replace(
|
|
|
|
|
[
|
|
|
|
|
'/(?<=class="refresh-container-control spinner" href=")([^"]*)/',
|
|
|
|
|
'/(\s)(?=href)/'
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
$this->refreshUrl->getAbsoluteUrl(),
|
|
|
|
|
' data-url-hash="' . $this->hash . '" '
|
|
|
|
|
],
|
|
|
|
|
$tabHtml
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
BaseHtmlElement::add(HtmlString::create($tabHtml));
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
$this->controls->setTabs($this->tabs);
|
2015-10-01 17:07:34 -04:00
|
|
|
}
|
|
|
|
|
}
|
