Add setting to disallow anonymous users from invoking the external renderer on new input

2019-10-24 21:08:18 +01:00 · 2019-10-24 21:08:18 +01:00 · bba614df2f
parent b75ad067eb
commit bba614df2f
3 changed files with 10 additions and 2 deletions
--- a/module_index.json
+++ b/module_index.json
@ -337,7 +337,7 @@
        "version": "0.10",
        "author": "Emanuil Rusev & Starbeamrainbowlabs",
        "description": "An upgraded (now default!) parser based on Emanuil Rusev's Parsedown Extra PHP library (https:\/\/github.com\/erusev\/parsedown-extra), which is licensed MIT. Please be careful, as this module adds some weight to your installation.",
-        "lastupdate": 1571944258,
+        "lastupdate": 1571947549,
        "optional": false,
        "extra_data": {
            "Parsedown.php": "https:\/\/raw.githubusercontent.com\/erusev\/parsedown\/fe7a50eceb4a3c867cc9fa9c0aa906b1067d1955\/Parsedown.php",
--- a/modules/parser-parsedown.php
+++ b/modules/parser-parsedown.php
@ -110,6 +110,13 @@ register_module([
 				exit();
 			}
 			
+			if(!$settings->parser_ext_allow_anon && !$env->is_logged_in) {
+				http_response_code(401);
+				header("content-type: image/png");
+				imagepng(errorimage(wordwrap("Error: You aren't logged in, that image hasn't yet been cached, and $settings->sitename does not allow anonymous users to invoke external renderers, so that image can't be generated right now. Try contacting $settings->admindetails_name, $settings->sitename's administrator (their details can be found at the bottom of every page).")));
+				exit();
+			}
+			
 			// Create the cache directory if doesn't exist already
 			if(!file_exists(dirname($cache_file_location)))
 				mkdir(dirname($cache_file_location), 0750, true);
@ -132,7 +139,7 @@ register_module([
 					// Pipe the output to be the cache file
 					$descriptors[1] = fopen($cache_file_location, "wb+");
 					break;
-					
+				
 				case "substitution_pipe":
 					// Update the command that we're going to execute
 					$cli_to_execute = str_replace(
--- a/peppermint.guiconfig.json
+++ b/peppermint.guiconfig.json
@ -57,6 +57,7 @@
 		}
 	} },
 	"parser_ext_time_limit": { "type": "number", "description": "The number of seconds external renderers are allowed to run for. Has no effect if external renderers are turned off. Also currently has no effect on Windows.", "default": 5 },
+	"parser_ext_allow_anon": { "type": "checkbox", "description": "<p>Whether to allow anonymous users to render new diagrams with the external renderer. When disabled, anonymous users will still be allowed to recall pre-rendered items from the cache, but will be unable to generate brand-new diagrams.</p><p>Note that if you allow anonymous edits this setting won't fully protect you: anonymous users could edit a page and insert a malicious diagram, and then laer a logged in user could unwittingly invoke the external renderer on the anonymous user's behalf.", "default": false },
 	"interwiki_index_location": { "type": "text", "description": "The location to find the interwiki wiki definition file, which contains a list of wikis along with their names, prefixes, and root urls. May be a URL, or simply a file path - as it's passed to file_get_contents(). If left blank, interwiki link parsing is disabled.", "default": null },
 	"clean_raw_html": { "type": "checkbox", "description": "Whether page sources should be cleaned of HTML before rendering. It is STRONGLY recommended that you keep this option turned on.", "default": true },
 	"all_untrusted": { "type": "checkbox", "description": "Whether to treat both page sources and comment text as untrusted input. Untrusted input has additional restrictions to protect against XSS attacks etc. Turn on if your wiki allows anonymous edits.", "default": false},