From fe4071fe0526452f1ebddd6c2ae8faa37d646737 Mon Sep 17 00:00:00 2001
From: Starbeamrainbowlabs <sbrl@starbeamrainbowlabs.com>
Date: Sun, 20 Oct 2019 22:00:52 +0100
Subject: [PATCH] Add setting to disable external renderer support

---
 module_index.json            | 2 +-
 modules/parser-parsedown.php | 7 +++++++
 peppermint.guiconfig.json    | 1 +
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/module_index.json b/module_index.json
index 9ac9942..4662338 100755
--- a/module_index.json
+++ b/module_index.json
@@ -337,7 +337,7 @@
         "version": "0.10",
         "author": "Emanuil Rusev & Starbeamrainbowlabs",
         "description": "An upgraded (now default!) parser based on Emanuil Rusev's Parsedown Extra PHP library (https:\/\/github.com\/erusev\/parsedown-extra), which is licensed MIT. Please be careful, as this module adds some weight to your installation.",
-        "lastupdate": 1571604819,
+        "lastupdate": 1571605152,
         "optional": false,
         "extra_data": {
             "Parsedown.php": "https:\/\/raw.githubusercontent.com\/erusev\/parsedown\/fe7a50eceb4a3c867cc9fa9c0aa906b1067d1955\/Parsedown.php",
diff --git a/modules/parser-parsedown.php b/modules/parser-parsedown.php
index 5e084cc..f7d123e 100644
--- a/modules/parser-parsedown.php
+++ b/modules/parser-parsedown.php
@@ -55,6 +55,13 @@ register_module([
 		add_action("parsedown-render-ext", function() {
 			global $settings, $env, $paths;
 			
+			if(!$settings->parser_ext_renderers_enabled) {
+				http_response_code(403);
+				header("content-type: image/png");
+				imagepng(errorimage("Error: External diagram renderer support\nhas been disabled on $settings->sitename.\nTry contacting {$settings->admindetails_name}, $settings->sitename's administrator."));
+				exit();
+			}
+			
 			if(!isset($_GET["source"])) {
 				http_response_code(400);
 				header("content-type: image/png");
diff --git a/peppermint.guiconfig.json b/peppermint.guiconfig.json
index e5f82c9..713b5c1 100644
--- a/peppermint.guiconfig.json
+++ b/peppermint.guiconfig.json
@@ -21,6 +21,7 @@
 	"parser": { "type": "text", "description": "The parser to use when rendering pages. Defaults to an extended version of parsedown (http://parsedown.org/)", "default": "parsedown" },
 	"parser_cache": { "type": "checkbox", "description": "Whether parser output should be cached to speed things up. The cache directory is <code>._cache</code> in the data directory - delete it if you experience issues (unlikely).", "default": true },
 	"parser_cache_min_size": { "type": "number", "description": "The minimum size a source string must be (in bytes) before it's considered eligible for caching.", "default": 1024 },
+	"parser_ext_renderers_enabled": { "type": "checkbox", "description": "Whether to enable external diagram renderer support, which is part of the parsedown parser. See the <code>parser_ext_renderers</code> setting below for more information.", "default": true },
 	"parser_ext_renderers": { "type": "parserext", "description": "Used by the parsedown parser as an object mapping fenced code block languages to their respective external renderers. Should be in the form <code>language_code</code> → <code>external renderer definition</code>. See the default for examples on how to define an external renderer.", "default": {
 		"nomnoml": {
 			"name": "nomnoml",