PageRenderTime 49ms CodeModel.GetById 19ms RepoModel.GetById 0ms app.codeStats 1ms

/web/system/SecurityCenterModule/Controller/AdminController.php

https://github.com/antoniom/core
PHP | 966 lines | 888 code | 25 blank | 53 comment | 14 complexity | 8e29aaf4c55fdff7a2cd39924a0fce5e MD5 | raw file
Possible License(s): GPL-3.0, LGPL-3.0, MIT 
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * Copyright Zikula Foundation 2009 - Zikula Application Framework
    4. 

  4.  *
    5. 

  5.  * This work is contributed to the Zikula Foundation under one or more
    6. 

  6.  * Contributor Agreements and licensed to You under the following license:
    7. 

  7.  *
    8. 

  8.  * @license GNU/LGPLv3 (or at your option, any later version).
    9. 

  9.  * @package Zikula
    10. 

  10.  *
    11. 

  11.  * Please see the NOTICE file distributed with this source code for further
    12. 

  12.  * information regarding copyright and licensing.
    13. 

  13.  */
    14. 

  14. 

  15. namespace SecurityCenterModule\Controller;
    16. 

  16. 

  17. use Zikula_View, LogUtil, SecurityUtil, ModUtil, System, CacheUtil;
    18. 

  18. use DataUtil, DateUtil, UserUtil;
    19. 

  19. use SecurityCenterModule\Util as SecurityCenterUtil;
    20. 

  20. use Zikula\Core\Core;
    21. 

  21. 

  22. /**
    23. 

  23.  * SecurityCenter_Controller_Admin class.
    24. 

  24.  */
    25. 

  25. class AdminController extends \Zikula\Framework\Controller\AbstractController
    26. 

  26. {
    27. 

  27.     /**
    28. 

  28.      * Post initialise.
    29. 

  29.      *
    30. 

  30.      * @return void
    31. 

  31.      */
    32. 

  32.     protected function postInitialize()
    33. 

  33.     {
    34. 

  34.         // In this controller we do not want caching.
    35. 

  35.         $this->view->setCaching(Zikula_View::CACHE_DISABLED);
    36. 

  36.     }
    37. 

  37. 

  38.     /**
    39. 

  39.      * The main administration function.
    40. 

  40.      *
    41. 

  41.      * This function is the default function, and is called whenever the
    42. 

  42.      * module is initiated without defining arguments.  As such it can
    43. 

  43.      * be used for a number of things, but most commonly it either just
    44. 

  44.      * shows the module menu and returns or calls whatever the module
    45. 

  45.      * designer feels should be the default function (often this is the
    46. 

  46.      * view() function).
    47. 

  47.      *
    48. 

  48.      * @return string HTML string.
    49. 

  49.      */
    50. 

  50.     public function indexAction()
    51. 

  51.     {
    52. 

  52.         // Security check will be done in modifyconfig()
    53. 

  53.         return $this->redirect(ModUtil::url('SecurityCenter', 'admin', 'modifyconfig'));
    54. 

  54.     }
    55. 

  55. 

  56.     /**
    57. 

  57.      * This is a standard function to modify the configuration parameters of the module.
    58. 

  58.      *
    59. 

  59.      * @return string HTML string.
    60. 

  60.      */
    61. 

  61.     public function modifyconfigAction()
    62. 

  62.     {
    63. 

  63.         // Security check
    64. 

  64.         if (!SecurityUtil::checkPermission('SecurityCenter::', '::', ACCESS_ADMIN)) {
    65. 

  65.             throw new \Zikula\Framework\Exception\ForbiddenException();
    66. 

  66.         }
    67. 

  67. 

  68.         $this->view->assign('itemsperpage', $this->getVar('itemsperpage'));
    69. 

  69. 

  70.         $this->view->assign('idshtmlfields', implode(PHP_EOL, System::getVar('idshtmlfields')));
    71. 

  71.         $this->view->assign('idsjsonfields', implode(PHP_EOL, System::getVar('idsjsonfields')));
    72. 

  72.         $this->view->assign('idsexceptions', implode(PHP_EOL, System::getVar('idsexceptions')));
    73. 

  73. 

  74.         // Return the output that has been generated by this function
    75. 

  75.         return $this->response($this->view->fetch('Admin/modifyconfig.tpl'));
    76. 

  76.     }
    77. 

  77. 

  78.     /**
    79. 

  79.      * This is a standard function to update the configuration parameters of the
    80. 

  80.      * module given the information passed back by the modification form
    81. 

  81.      * @see Admin/modifyconfig()
    82. 

  82.      *
    83. 

  83.      * @return bool true if successful, false otherwise.
    84. 

  84.      */
    85. 

  85.     public function updateconfigAction()
    86. 

  86.     {
    87. 

  87.         $this->checkCsrfToken();
    88. 

  88. 

  89.         // Security check
    90. 

  90.         if (!SecurityUtil::checkPermission('SecurityCenter::', '::', ACCESS_ADMIN)) {
    91. 

  91.             throw new \Zikula\Framework\Exception\ForbiddenException();
    92. 

  92.         }
    93. 

  93. 

  94.         $validates = true;
    95. 

  95. 

  96.         // Update module variables.
    97. 

  97.         $updatecheck = (int)$this->request->request->get('updatecheck', 0);
    98. 

  98.         System::setVar('updatecheck', $updatecheck);
    99. 

  99. 

  100.         // if update checks are disabled, reset values to force new update check if re-enabled
    101. 

  101.         if ($updatecheck == 0) {
    102. 

  102.             System::setVar('updateversion', Core::VERSION_NUM);
    103. 

  103.             System::setVar('updatelastchecked', 0);
    104. 

  104.         }
    105. 

  105. 

  106.         $updatefrequency = (int)$this->request->request->get('updatefrequency', 30);
    107. 

  107.         System::setVar('updatefrequency', $updatefrequency);
    108. 

  108. 

  109.         $keyexpiry = (int)$this->request->request->get('keyexpiry', 0);
    110. 

  110.         if ($keyexpiry < 0 || $keyexpiry > 3600) {
    111. 

  111.             $keyexpiry = 0;
    112. 

  112.         }
    113. 

  113.         System::setVar('keyexpiry', $keyexpiry);
    114. 

  114. 

  115.         $sessionauthkeyua = (int)$this->request->request->get('sessionauthkeyua', 0);
    116. 

  116.         System::setVar('sessionauthkeyua', $sessionauthkeyua);
    117. 

  117. 

  118.         $secure_domain = $this->request->request->get('secure_domain', '');
    119. 

  119.         System::setVar('secure_domain', $secure_domain);
    120. 

  120. 

  121.         $signcookies = (int)$this->request->request->get('signcookies', 1);
    122. 

  122.         System::setVar('signcookies', $signcookies);
    123. 

  123. 

  124.         $signingkey = $this->request->request->get('signingkey', '');
    125. 

  125.         System::setVar('signingkey', $signingkey);
    126. 

  126. 

  127.         $seclevel = $this->request->request->get('seclevel', 'High');
    128. 

  128.         System::setVar('seclevel', $seclevel);
    129. 

  129. 

  130.         $secmeddays = (int)$this->request->request->get('secmeddays', 7);
    131. 

  131.         if ($secmeddays < 1 || $secmeddays > 365) {
    132. 

  132.             $secmeddays = 7;
    133. 

  133.         }
    134. 

  134.         System::setVar('secmeddays', $secmeddays);
    135. 

  135. 

  136.         $secinactivemins = (int)$this->request->request->get('secinactivemins', 20);
    137. 

  137.         if ($secinactivemins < 1 || $secinactivemins > 1440) {
    138. 

  138.             $secinactivemins = 7;
    139. 

  139.         }
    140. 

  140.         System::setVar('secinactivemins', $secinactivemins);
    141. 

  141. 

  142.         $sessionstoretofile = (int)$this->request->request->get('sessionstoretofile', 0);
    143. 

  143.         $sessionsavepath = $this->request->request->get('sessionsavepath', '');
    144. 

  144. 

  145.         // check session path config is writable (if method is being changed to session file storage)
    146. 

  146.         $cause_logout = false;
    147. 

  147.         $storeTypeCanBeWritten = true;
    148. 

  148.         if ($sessionstoretofile == 1 && !empty($sessionsavepath)) {
    149. 

  149.             // fix path on windows systems
    150. 

  150.             $sessionsavepath = str_replace('\\', '/', $sessionsavepath);
    151. 

  151.             // sanitize the path
    152. 

  152.             $sessionsavepath = trim(stripslashes($sessionsavepath));
    153. 

  153. 

  154.             // check if sessionsavepath is a dir and if it is writable
    155. 

  155.             // if yes, we need to logout
    156. 

  156.             $cause_logout = (is_dir($sessionsavepath)) ? is_writable($sessionsavepath) : false;
    157. 

  157. 

  158.             if ($cause_logout == false) {
    159. 

  159.                 // an error occured - we do not change the way of storing session data
    160. 

  160.                 LogUtil::registerStatus($this->__('Error! Session path not writeable!'));
    161. 

  161.                 $storeTypeCanBeWritten = false;
    162. 

  162.             }
    163. 

  163.         }
    164. 

  164.         if ($storeTypeCanBeWritten == true) {
    165. 

  165.             System::setVar('sessionstoretofile', $sessionstoretofile);
    166. 

  166.             System::setVar('sessionsavepath', $sessionsavepath);
    167. 

  167.         }
    168. 

  168. 

  169.         if ((bool)$sessionstoretofile != (bool)System::getVar('sessionstoretofile')) {
    170. 

  170.             // logout if going from one storage to another one
    171. 

  171.             $cause_logout = true;
    172. 

  172.         }
    173. 

  173. 

  174.         $gc_probability = (int)$this->request->request->get('gc_probability', 100);
    175. 

  175.         if ($gc_probability < 1 || $gc_probability > 10000) {
    176. 

  176.             $gc_probability = 7;
    177. 

  177.         }
    178. 

  178.         System::setVar('gc_probability', $gc_probability);
    179. 

  179. 

  180.         $anonymoussessions = (int)$this->request->request->get('anonymoussessions', 1);
    181. 

  181.         System::setVar('anonymoussessions', $anonymoussessions);
    182. 

  182. 

  183.         $sessionrandregenerate = (int)$this->request->request->get('sessionrandregenerate', 1);
    184. 

  184.         System::setVar('sessionrandregenerate', $sessionrandregenerate);
    185. 

  185. 

  186.         $sessionregenerate = (int)$this->request->request->get('sessionregenerate', 1);
    187. 

  187.         System::setVar('sessionregenerate', $sessionregenerate);
    188. 

  188. 

  189.         $sessionregeneratefreq = (int)$this->request->request->get('sessionregeneratefreq', 10);
    190. 

  190.         if ($sessionregeneratefreq < 1 || $sessionregeneratefreq > 100) {
    191. 

  191.             $sessionregeneratefreq = 10;
    192. 

  192.         }
    193. 

  193.         System::setVar('sessionregeneratefreq', $sessionregeneratefreq);
    194. 

  194. 

  195.         $sessionipcheck = (int)$this->request->request->get('sessionipcheck', 0);
    196. 

  196.         System::setVar('sessionipcheck', $sessionipcheck);
    197. 

  197. 

  198.         $sessionname = $this->request->request->get('sessionname', 'ZSID');
    199. 

  199.         if (strlen($sessionname) < 3) {
    200. 

  200.             $sessionname = 'ZSID';
    201. 

  201.         }
    202. 

  202. 

  203.         $sessioncsrftokenonetime = (int)$this->request->request->get('sessioncsrftokenonetime', 0);
    204. 

  204.         System::setVar('sessioncsrftokenonetime', $sessioncsrftokenonetime);
    205. 

  205. 

  206.         // cause logout if we changed session name
    207. 

  207.         if ($sessionname != System::getVar('sessionname')) {
    208. 

  208.             $cause_logout = true;
    209. 

  209.         }
    210. 

  210. 

  211.         System::setVar('sessionname', $sessionname);
    212. 

  212.         System::setVar('sessionstoretofile', $sessionstoretofile);
    213. 

  213. 

  214.         $outputfilter = $this->request->request->get('outputfilter', 0);
    215. 

  215.         System::setVar('outputfilter', $outputfilter);
    216. 

  216. 

  217.         $useids = (bool)$this->request->request->get('useids', 0);
    218. 

  218.         System::setVar('useids', $useids);
    219. 

  219. 

  220.         // create tmp directory for PHPIDS
    221. 

  221.         if ($useids == 1) {
    222. 

  222.             $idsTmpDir = CacheUtil::getLocalDir() . '/idsTmp';
    223. 

  223.             if (!file_exists($idsTmpDir)) {
    224. 

  224.                 CacheUtil::clearLocalDir('idsTmp');
    225. 

  225.             }
    226. 

  226.         }
    227. 

  227. 

  228.         $idssoftblock = (bool)$this->request->request->get('idssoftblock', 1);
    229. 

  229.         System::setVar('idssoftblock', $idssoftblock);
    230. 

  230. 

  231.         $idsmail = (bool)$this->request->request->get('idsmail', 1);
    232. 

  232.         System::setVar('idsmail', $idsmail);
    233. 

  233. 

  234.         $idsfilter = $this->request->request->get('idsfilter', 'xml');
    235. 

  235.         System::setVar('idsfilter', $idsfilter);
    236. 

  236. 

  237.         $idsrulepath = $this->request->request->get('idsrulepath', 'config/zikula_default.xml');
    238. 

  238.         $idsrulepath = DataUtil::formatForOS($idsrulepath);
    239. 

  239.         if (is_readable($idsrulepath)) {
    240. 

  240.             System::setVar('idsrulepath', $idsrulepath);
    241. 

  241.         } else {
    242. 

  242.             LogUtil::registerError($this->__f('Error! PHPIDS rule file %s does not exist or is not readable.', $idsrulepath));
    243. 

  243.             $validates = false;
    244. 

  244.         }
    245. 

  245. 

  246.         $idsimpactthresholdone = (int)$this->request->request->get('idsimpactthresholdone', 1);
    247. 

  247.         System::setVar('idsimpactthresholdone', $idsimpactthresholdone);
    248. 

  248. 

  249.         $idsimpactthresholdtwo = (int)$this->request->request->get('idsimpactthresholdtwo', 10);
    250. 

  250.         System::setVar('idsimpactthresholdtwo', $idsimpactthresholdtwo);
    251. 

  251. 

  252.         $idsimpactthresholdthree = (int)$this->request->request->get('idsimpactthresholdthree', 25);
    253. 

  253.         System::setVar('idsimpactthresholdthree', $idsimpactthresholdthree);
    254. 

  254. 

  255.         $idsimpactthresholdfour = (int)$this->request->request->get('idsimpactthresholdfour', 75);
    256. 

  256.         System::setVar('idsimpactthresholdfour', $idsimpactthresholdfour);
    257. 

  257. 

  258.         $idsimpactmode = (int)$this->request->request->get('idsimpactmode', 1);
    259. 

  259.         System::setVar('idsimpactmode', $idsimpactmode);
    260. 

  260. 

  261.         $idshtmlfields = $this->request->request->get('idshtmlfields', '');
    262. 

  262.         $idshtmlfields = explode(PHP_EOL, $idshtmlfields);
    263. 

  263.         $idshtmlarray = array();
    264. 

  264.         foreach ($idshtmlfields as $idshtmlfield) {
    265. 

  265.             $idshtmlfield = trim($idshtmlfield);
    266. 

  266.             if (!empty($idshtmlfield)) {
    267. 

  267.                 $idshtmlarray[] = $idshtmlfield;
    268. 

  268.             }
    269. 

  269.         }
    270. 

  270.         System::setVar('idshtmlfields', $idshtmlarray);
    271. 

  271. 

  272.         $idsjsonfields = $this->request->request->get('idsjsonfields', '');
    273. 

  273.         $idsjsonfields = explode(PHP_EOL, $idsjsonfields);
    274. 

  274.         $idsjsonarray = array();
    275. 

  275.         foreach ($idsjsonfields as $idsjsonfield) {
    276. 

  276.             $idsjsonfield = trim($idsjsonfield);
    277. 

  277.             if (!empty($idsjsonfield)) {
    278. 

  278.                 $idsjsonarray[] = $idsjsonfield;
    279. 

  279.             }
    280. 

  280.         }
    281. 

  281.         System::setVar('idsjsonfields', $idsjsonarray);
    282. 

  282. 

  283.         $idsexceptions = $this->request->request->get('idsexceptions', '');
    284. 

  284.         $idsexceptions = explode(PHP_EOL, $idsexceptions);
    285. 

  285.         $idsexceptarray = array();
    286. 

  286.         foreach ($idsexceptions as $idsexception) {
    287. 

  287.             $idsexception = trim($idsexception);
    288. 

  288.             if (!empty($idsexception)) {
    289. 

  289.                 $idsexceptarray[] = $idsexception;
    290. 

  290.             }
    291. 

  291.         }
    292. 

  292.         System::setVar('idsexceptions', $idsexceptarray);
    293. 

  293. 

  294.         // clear all cache and compile directories
    295. 

  295.         ModUtil::apiFunc('SettingsModule', 'admin', 'clearallcompiledcaches');
    296. 

  296. 

  297.         // the module configuration has been updated successfuly
    298. 

  298.         if ($validates) {
    299. 

  299.             $this->registerStatus($this->__('Done! Saved module configuration.'));
    300. 

  300.         }
    301. 

  301. 

  302.         // we need to auto logout the user if they changed from DB to FILE
    303. 

  303.         if ($cause_logout == true) {
    304. 

  304.             UserUtil::logout();
    305. 

  305.             $this->registerStatus($this->__('Session handling variables have changed. You must log in again.'));
    306. 

  306.             $returnPage = urlencode(ModUtil::url('SecurityCenter', 'admin', 'modifyconfig'));
    307. 

  307.             return $this->redirect(ModUtil::url('Users', 'user', 'login', array('returnpage' => $returnPage)));
    308. 

  308.         }
    309. 

  309. 

  310.         // This function generated no output, and so now it is complete we redirect
    311. 

  311.         // the user to an appropriate page for them to carry on their work
    312. 

  312.         return $this->redirect(ModUtil::url('SecurityCenter', 'admin', 'modifyconfig'));
    313. 

  313.     }
    314. 

  314. 

  315.     /**
    316. 

  316.      * HTMLPurifier configuration.
    317. 

  317.      *
    318. 

  318.      * @return void
    319. 

  319.      */
    320. 

  320.     public function purifierconfigAction()
    321. 

  321.     {
    322. 

  322.         // Security check
    323. 

  323.         if (!SecurityUtil::checkPermission('SecurityCenter::', '::', ACCESS_ADMIN)) {
    324. 

  324.             throw new \Zikula\Framework\Exception\ForbiddenException();
    325. 

  325.         }
    326. 

  326. 

  327.         $reset = (bool)($this->request->get('reset', null) == 'default');
    328. 

  328. 

  329.         $this->view->assign('itemsperpage', $this->getVar('itemsperpage'));
    330. 

  330. 

  331.         if ($reset) {
    332. 

  332.             $purifierconfig = SecurityCenterUtil::getPurifierConfig(true);
    333. 

  333.             LogUtil::registerStatus($this->__('Default values for HTML Purifier were successfully loaded. Please store them using the "Save" button at the bottom of this page'));
    334. 

  334.         } else {
    335. 

  335.             $purifierconfig = SecurityCenterUtil::getPurifierConfig(false);
    336. 

  336.         }
    337. 

  337. 

  338.         $purifier = new \HTMLPurifier($purifierconfig);
    339. 

  339. 

  340.         $config = $purifier->config;
    341. 

  341. 

  342.         if (is_array($config) && isset($config[0])) {
    343. 

  343.             $config = $config[1];
    344. 

  344.         }
    345. 

  345. 

  346.         $allowed = \HTMLPurifier_Config::getAllowedDirectivesForForm(true, $config->def);
    347. 

  347. 

  348.         // list of excluded directives, format is $namespace_$directive
    349. 

  349.         $excluded = array('Cache_SerializerPath');
    350. 

  350. 

  351.         $purifierAllowed = array();
    352. 

  352.         foreach ($allowed as $allowedDirective) {
    353. 

  353.             list($namespace, $directive) = $allowedDirective;
    354. 

  354. 

  355.             if (in_array($namespace . '_' . $directive, $excluded)) {
    356. 

  356.                 continue;
    357. 

  357.             }
    358. 

  358. 

  359.             if ($namespace == 'Filter') {
    360. 

  360.                 if (
    361. 

  361.                 // Do not allow Filter.Custom for now. Causing errors.
    362. 

  362.                 // TODO research why Filter.Custom is causing exceptions and correct.
    363. 

  363.                         ($directive == 'Custom')
    364. 

  364.                         // Do not allow Filter.ExtractStyleBlock* for now. Causing errors.
    365. 

  365.                         // TODO Filter.ExtractStyleBlock* requires CSSTidy
    366. 

  366.                         || (stripos($directive, 'ExtractStyleBlock') !== false)
    367. 

  367.                 ) {
    368. 

  368.                     continue;
    369. 

  369.                 }
    370. 

  370.             }
    371. 

  371. 

  372.             $directiveRec = array();
    373. 

  373.             $directiveRec['key'] = $namespace . '.' . $directive;
    374. 

  374.             $def = $config->def->info[$directiveRec['key']];
    375. 

  375.             $directiveRec['value'] = $config->get($directiveRec['key']);
    376. 

  376.             if (is_int($def)) {
    377. 

  377.                 $directiveRec['allowNull'] = ($def < 0);
    378. 

  378.                 $directiveRec['type'] = abs($def);
    379. 

  379.             } else {
    380. 

  380.                 $directiveRec['allowNull'] = (isset($def->allow_null) && $def->allow_null);
    381. 

  381.                 $directiveRec['type'] = (isset($def->type) ? $def->type : 0);
    382. 

  382.                 if (isset($def->allowed)) {
    383. 

  383.                     $directiveRec['allowedValues'] = array();
    384. 

  384.                     foreach ($def->allowed as $val => $b) {
    385. 

  385.                         $directiveRec['allowedValues'][] = $val;
    386. 

  386.                     }
    387. 

  387.                 }
    388. 

  388.             }
    389. 

  389.             if (is_array($directiveRec['value'])) {
    390. 

  390.                 switch ($directiveRec['type']) {
    391. 

  391.                     case \HTMLPurifier_VarParser::LOOKUP:
    392. 

  392.                         $value = array();
    393. 

  393.                         foreach ($directiveRec['value'] as $val => $b) {
    394. 

  394.                             $value[] = $val;
    395. 

  395.                         }
    396. 

  396.                         $directiveRec['value'] = implode(PHP_EOL, $value);
    397. 

  397.                         break;
    398. 

  398.                     case \HTMLPurifier_VarParser::ALIST:
    399. 

  399.                         $directiveRec['value'] = implode(PHP_EOL, $value);
    400. 

  400.                         break;
    401. 

  401.                     case \HTMLPurifier_VarParser::HASH:
    402. 

  402.                         $value = '';
    403. 

  403.                         foreach ($directiveRec['value'] as $i => $v) {
    404. 

  404.                             $value .= "{$i}:{$v}" . PHP_EOL;
    405. 

  405.                         }
    406. 

  406.                         $directiveRec['value'] = $value;
    407. 

  407.                         break;
    408. 

  408.                     default:
    409. 

  409.                         $directiveRec['value'] = '';
    410. 

  410.                 }
    411. 

  411.             }
    412. 

  412.             // Editing for only these types is supported
    413. 

  413.             $directiveRec['supported'] = (($directiveRec['type'] == \HTMLPurifier_VarParser::STRING)
    414. 

  414.                     || ($directiveRec['type'] == \HTMLPurifier_VarParser::ISTRING)
    415. 

  415.                     || ($directiveRec['type'] == \HTMLPurifier_VarParser::TEXT)
    416. 

  416.                     || ($directiveRec['type'] == \HTMLPurifier_VarParser::ITEXT)
    417. 

  417.                     || ($directiveRec['type'] == \HTMLPurifier_VarParser::INT)
    418. 

  418.                     || ($directiveRec['type'] == \HTMLPurifier_VarParser::FLOAT)
    419. 

  419.                     || ($directiveRec['type'] == \HTMLPurifier_VarParser::BOOL)
    420. 

  420.                     || ($directiveRec['type'] == \HTMLPurifier_VarParser::LOOKUP)
    421. 

  421.                     || ($directiveRec['type'] == \HTMLPurifier_VarParser::ALIST)
    422. 

  422.                     || ($directiveRec['type'] == \HTMLPurifier_VarParser::HASH));
    423. 

  423. 

  424.             $purifierAllowed[$namespace][$directive] = $directiveRec;
    425. 

  425.         }
    426. 

  426. 

  427.         $this->view->assign('purifier', $purifier)
    428. 

  428.                 ->assign('purifierTypes', \HTMLPurifier_VarParser::$types)
    429. 

  429.                 ->assign('purifierAllowed', $purifierAllowed);
    430. 

  430. 

  431.         // Return the output that has been generated by this function
    432. 

  432.         return $this->response($this->view->fetch('Admin/purifierconfig.tpl'));
    433. 

  433.     }
    434. 

  434. 

  435.     /**
    436. 

  436.      * Update HTMLPurifier configuration.
    437. 

  437.      *
    438. 

  438.      * @return void
    439. 

  439.      */
    440. 

  440.     public function updatepurifierconfigAction()
    441. 

  441.     {
    442. 

  442.         $this->checkCsrfToken();
    443. 

  443. 

  444.         // Security check
    445. 

  445.         if (!SecurityUtil::checkPermission('SecurityCenter::', '::', ACCESS_ADMIN)) {
    446. 

  446.             throw new \Zikula\Framework\Exception\ForbiddenException();
    447. 

  447.         }
    448. 

  448. 

  449.         // Load HTMLPurifier Classes
    450. 

  450.         $purifier = SecurityCenterUtil::getpurifier();
    451. 

  451. 

  452.         // Update module variables.
    453. 

  453.         $config = $this->request->request->get('purifierConfig', null);
    454. 

  454.         $config = \HTMLPurifier_Config::prepareArrayFromForm($config, false, true, true, $purifier->config->def);
    455. 

  455. //echo "\r\n\r\n<pre>" . print_r($config, true) . "</pre>\r\n\r\n";
    456. 

  456. 

  457.         $allowed = \HTMLPurifier_Config::getAllowedDirectivesForForm(true, $purifier->config->def);
    458. 

  458.         foreach ($allowed as $allowedDirective) {
    459. 

  459.             list($namespace, $directive) = $allowedDirective;
    460. 

  460. 

  461.             $directiveKey = $namespace . '.' . $directive;
    462. 

  462.             $def = $purifier->config->def->info[$directiveKey];
    463. 

  463. 

  464.             if (isset($config[$namespace])
    465. 

  465.                     && array_key_exists($directive, $config[$namespace])
    466. 

  466.                     && is_null($config[$namespace][$directive])) {
    467. 

  467.                 unset($config[$namespace][$directive]);
    468. 

  468. 

  469.                 if (count($config[$namespace]) <= 0) {
    470. 

  470.                     unset($config[$namespace]);
    471. 

  471.                 }
    472. 

  472.             }
    473. 

  473. 

  474.             if (isset($config[$namespace]) && isset($config[$namespace][$directive])) {
    475. 

  475.                 if (is_int($def)) {
    476. 

  476.                     $directiveType = abs($def);
    477. 

  477.                 } else {
    478. 

  478.                     $directiveType = (isset($def->type) ? $def->type : 0);
    479. 

  479.                 }
    480. 

  480. 

  481.                 switch ($directiveType) {
    482. 

  482.                     case \HTMLPurifier_VarParser::LOOKUP:
    483. 

  483.                         $value = explode(PHP_EOL, $config[$namespace][$directive]);
    484. 

  484.                         $config[$namespace][$directive] = array();
    485. 

  485.                         foreach ($value as $val) {
    486. 

  486.                             $val = trim($val);
    487. 

  487.                             if (!empty($val)) {
    488. 

  488.                                 $config[$namespace][$directive][$val] = true;
    489. 

  489.                             }
    490. 

  490.                         }
    491. 

  491.                         if (empty($config[$namespace][$directive])) {
    492. 

  492.                             unset($config[$namespace][$directive]);
    493. 

  493.                         }
    494. 

  494.                         break;
    495. 

  495.                     case \HTMLPurifier_VarParser::ALIST:
    496. 

  496.                         $value = explode(PHP_EOL, $config[$namespace][$directive]);
    497. 

  497.                         $config[$namespace][$directive] = array();
    498. 

  498.                         foreach ($value as $val) {
    499. 

  499.                             $val = trim($val);
    500. 

  500.                             if (!empty($val)) {
    501. 

  501.                                 $config[$namespace][$directive][] = $val;
    502. 

  502.                             }
    503. 

  503.                         }
    504. 

  504.                         if (empty($config[$namespace][$directive])) {
    505. 

  505.                             unset($config[$namespace][$directive]);
    506. 

  506.                         }
    507. 

  507.                         break;
    508. 

  508.                     case \HTMLPurifier_VarParser::HASH:
    509. 

  509.                         $value = explode(PHP_EOL, $config[$namespace][$directive]);
    510. 

  510.                         $config[$namespace][$directive] = array();
    511. 

  511.                         foreach ($value as $val) {
    512. 

  512.                             list($i, $v) = explode(':', $val);
    513. 

  513.                             $i = trim($i);
    514. 

  514.                             $v = trim($v);
    515. 

  515.                             if (!empty($i) && !empty($v)) {
    516. 

  516.                                 $config[$namespace][$directive][$i] = $v;
    517. 

  517.                             }
    518. 

  518.                         }
    519. 

  519.                         if (empty($config[$namespace][$directive])) {
    520. 

  520.                             unset($config[$namespace][$directive]);
    521. 

  521.                         }
    522. 

  522.                         break;
    523. 

  523.                 }
    524. 

  524.             }
    525. 

  525. 

  526.             if (isset($config[$namespace])
    527. 

  527.                     && array_key_exists($directive, $config[$namespace])
    528. 

  528.                     && is_null($config[$namespace][$directive])) {
    529. 

  529.                 unset($config[$namespace][$directive]);
    530. 

  530. 

  531.                 if (count($config[$namespace]) <= 0) {
    532. 

  532.                     unset($config[$namespace]);
    533. 

  533.                 }
    534. 

  534.             }
    535. 

  535.         }
    536. 

  536. 

  537.         //echo "\r\n\r\n<pre>" . print_r($config, true) . "</pre>\r\n\r\n"; exit;
    538. 

  538.         $this->setVar('htmlpurifierConfig', serialize($config));
    539. 

  539. 

  540.         $purifier = SecurityCenterUtil::getpurifier(true);
    541. 

  541. 

  542.         // clear all cache and compile directories
    543. 

  543.         ModUtil::apiFunc('SettingsModule', 'admin', 'clearallcompiledcaches');
    544. 

  544. 

  545.         // the module configuration has been updated successfuly
    546. 

  546.         LogUtil::registerStatus($this->__('Done! Saved HTMLPurifier configuration.'));
    547. 

  547. 

  548.         // This function generated no output, and so now it is complete we redirect
    549. 

  549.         // the user to an appropriate page for them to carry on their work
    550. 

  550.         return $this->redirect(ModUtil::url('SecurityCenter', 'admin', 'modifyconfig'));
    551. 

  551.     }
    552. 

  552. 

  553.     /**
    554. 

  554.      * Function to view ids log events.
    555. 

  555.      *
    556. 

  556.      * @return string HTML output string.
    557. 

  557.      */
    558. 

  558.     public function viewidslogAction()
    559. 

  559.     {
    560. 

  560.         // Security check
    561. 

  561.         if (!SecurityUtil::checkPermission('SecurityCenter::', '::', ACCESS_EDIT)) {
    562. 

  562.             throw new \Zikula\Framework\Exception\ForbiddenException();
    563. 

  563.         }
    564. 

  564. 

  565.         // sorting
    566. 

  566.         $sort = $this->request->get('sort', 'date DESC');
    567. 

  567.         $sort_exp = explode(" ", $sort);
    568. 

  568.         $sorting = array($sort_exp[0] => (isset($sort_exp[1]) ? $sort_exp[1] : 'ASC'));
    569. 

  569. 

  570.         // filtering
    571. 

  571.         $filterdefault = array(
    572. 

  572.             'uid' => 0,
    573. 

  573.             'name' => null,
    574. 

  574.             'tag' => null,
    575. 

  575.             'value' => null,
    576. 

  576.             'page' => null,
    577. 

  577.             'ip' => null,
    578. 

  578.             'impact' => null
    579. 

  579.         );
    580. 

  580.         $filter = $this->request->get('filter', $filterdefault);
    581. 

  581.         $where = array();
    582. 

  582.         foreach ($filter as $flt_key => $flt_value) {
    583. 

  583.             if (isset($flt_value) && !empty($flt_value)) {
    584. 

  584.                 $where[$flt_key] = $flt_value;
    585. 

  585.             }
    586. 

  586.         }
    587. 

  587. 

  588.         // offset
    589. 

  589.         $startnum = (int)$this->request->get('startnum', 0);
    590. 

  590. 

  591.         // number of items to show
    592. 

  592.         $pagesize = (int)$this->getVar('pagesize', 25);
    593. 

  593. 

  594.         // get data
    595. 

  595.         $item_params = array(
    596. 

  596.             'where' => $where,
    597. 

  597.             'sorting' => $sorting,
    598. 

  598.             'limit' => $pagesize,
    599. 

  599.             'offset' => $startnum
    600. 

  600.         );
    601. 

  601.         $items = ModUtil::apiFunc('SecurityCenterModule', 'admin', 'getAllIntrusions', $item_params);
    602. 

  602. 

  603.         $data = array();
    604. 

  604.         foreach ($items as $item) {
    605. 

  605.             $dta = $item->toArray();
    606. 

  606.             $dta['username'] = $dta['user']['uname'];
    607. 

  607.             $dta['filters'] = unserialize($dta['filters']);
    608. 

  608.             unset($dta['user']);
    609. 

  609.             $data[] = $dta;
    610. 

  610.         }
    611. 

  611. 

  612.         // Create output object
    613. 

  613.         $this->view->assign('filter', $filter)
    614. 

  614.                    ->assign('sort', $sort)
    615. 

  615.                    ->assign('objectArray', $data);
    616. 

  616. 

  617.         // Assign the values for the smarty plugin to produce a pager.
    618. 

  618.         $pager = array();
    619. 

  619.         $pager['numitems'] = ModUtil::apiFunc('SecurityCenterModule', 'admin', 'countAllIntrusions', $item_params);
    620. 

  620.         $pager['itemsperpage'] = $pagesize;
    621. 

  621. 

  622.         $this->view->assign('startnum', $startnum)
    623. 

  623.                    ->assign('pager', $pager);
    624. 

  624. 

  625.         $csrftoken = SecurityUtil::generateCsrfToken($this->container, true);
    626. 

  626.         $this->view->assign('csrftoken', $csrftoken);
    627. 

  627. 

  628.         // fetch output from template
    629. 

  629.         return $this->response($this->view->fetch('Admin/viewidslog.tpl'));
    630. 

  630.     }
    631. 

  631. 

  632.     /**
    633. 

  633.      * Export ids log.
    634. 

  634.      *
    635. 

  635.      * @return string
    636. 

  636.      */
    637. 

  637.     public function exportidslogAction()
    638. 

  638.     {
    639. 

  639.         // Security check
    640. 

  640.         if (!SecurityUtil::checkPermission('SecurityCenter::', '::', ACCESS_EDIT)) {
    641. 

  641.             throw new \Zikula\Framework\Exception\ForbiddenException();
    642. 

  642.         }
    643. 

  643. 

  644.         // get input values
    645. 

  645.         $confirmed = (int)$this->request->request->get('confirmed', (isset($args['confirmed']) ? $args['confirmed'] : 0));
    646. 

  646. 

  647.         if ($confirmed == 1) {
    648. 

  648. 

  649.             // export the titles ?
    650. 

  650.             $exportTitles = $this->request->request->get('exportTitles', (isset($args['exportTitles']) ? $args['exportTitles'] : null));
    651. 

  651.             $exportTitles = (!isset($exportTitles) || $exportTitles !== '1') ? false : true;
    652. 

  652. 

  653.             // name of the exported file
    654. 

  654.             $exportFile = $this->request->request->get('exportFile', (isset($args['exportFile']) ? $args['exportFile'] : null));
    655. 

  655.             if (!isset($exportFile) || $exportFile == '') {
    656. 

  656.                 $exportFile = 'idslog.csv';
    657. 

  657.             }
    658. 

  658.             if (!strrpos($exportFile, '.csv')) {
    659. 

  659.                 $exportFile .= '.csv';
    660. 

  660.             }
    661. 

  661. 

  662.             // delimeter
    663. 

  663.             $delimiter = $this->request->request->get('delimiter', (isset($args['delimiter']) ? $args['delimiter'] : null));
    664. 

  664.             if (!isset($delimiter) || $delimiter == '') {
    665. 

  665.                 $delimiter = 1;
    666. 

  666.             }
    667. 

  667.             switch ($delimiter) {
    668. 

  668.                 case 1:
    669. 

  669.                     $delimiter = ",";
    670. 

  670.                     break;
    671. 

  671.                 case 2:
    672. 

  672.                     $delimiter = ";";
    673. 

  673.                     break;
    674. 

  674.                 case 3:
    675. 

  675.                     $delimiter = ":";
    676. 

  676.                     break;
    677. 

  677.                 case 4:
    678. 

  678.                     $delimiter = chr(9);
    679. 

  679.             }
    680. 

  680. 

  681.             // titles
    682. 

  682.             if ($exportTitles == 1) {
    683. 

  683.                 $titles = array(
    684. 

  684.                         $this->__('Name'),
    685. 

  685.                         $this->__('Tag'),
    686. 

  686.                         $this->__('Value'),
    687. 

  687.                         $this->__('Page'),
    688. 

  688.                         $this->__('User Name'),
    689. 

  689.                         $this->__('IP'),
    690. 

  690.                         $this->__('Impact'),
    691. 

  691.                         $this->__('PHPIDS filters used'),
    692. 

  692.                         $this->__('Date')
    693. 

  693.                 );
    694. 

  694.             } else {
    695. 

  695.                 $titles = array();
    696. 

  696.             }
    697. 

  697. 

  698.             // get data
    699. 

  699.             $item_params = array(
    700. 

  700.                 'sorting' => array('date' => 'DESC')
    701. 

  701.             );
    702. 

  702.             $items = ModUtil::apiFunc('SecurityCenterModule', 'admin', 'getAllIntrusions', $item_params);
    703. 

  703. 

  704.             $objData = array();
    705. 

  705.             foreach ($items as $item) {
    706. 

  706.                 $dta = $item->toArray();
    707. 

  707.                 $dta['username'] = $dta['user']['uname'];
    708. 

  708.                 $dta['filters'] = unserialize($dta['filters']);
    709. 

  709.                 $dta['date'] = $dta['date']->format('Y-m-d H:i:s');
    710. 

  710.                 unset($dta['user']);
    711. 

  711.                 $objData[] = $dta;
    712. 

  712.             }
    713. 

  713. 

  714.             $data = array();
    715. 

  715.             $find = array("\r\n", "\n");
    716. 

  716.             $replace = array("", "");
    717. 

  717. 

  718.             foreach ($objData as $key => $idsdata) {
    719. 

  719.                 $filtersused = '';
    720. 

  720.                 foreach ($objData[$key]['filters'] as $filter) {
    721. 

  721.                     $filtersused .= $filter['id'] . " ";
    722. 

  722.                 }
    723. 

  723. 

  724.                 $datarow = array(
    725. 

  725.                     $objData[$key]['name'],
    726. 

  726.                     $objData[$key]['tag'],
    727. 

  727.                     htmlspecialchars(str_replace($find, $replace, $objData[$key]['value']), ENT_COMPAT, 'UTF-8', false),
    728. 

  728.                     htmlspecialchars($objData[$key]['page'], ENT_COMPAT, 'UTF-8', false),
    729. 

  729.                     $objData[$key]['username'],
    730. 

  730.                     $objData[$key]['ip'],
    731. 

  731.                     $objData[$key]['impact'],
    732. 

  732.                     $filtersused,
    733. 

  733.                     $objData[$key]['date']
    734. 

  734.                 );
    735. 

  735. 

  736.                 array_push($data, $datarow);
    737. 

  737.             }
    738. 

  738. 

  739.             // export the csv file
    740. 

  740.             \FileUtil::exportCSV($data, $titles, $delimiter, '"', $exportFile);
    741. 

  741.         }
    742. 

  742. 

  743.         // fetch output from template
    744. 

  744.         return $this->response($this->view->fetch('Admin/exportidslog.tpl'));
    745. 

  745.     }
    746. 

  746. 

  747.     /**
    748. 

  748.      * Purge ids log.
    749. 

  749.      *
    750. 

  750.      * @return void
    751. 

  751.      */
    752. 

  752.     public function purgeidslogAction()
    753. 

  753.     {
    754. 

  754.         // Security check
    755. 

  755.         if (!SecurityUtil::checkPermission('SecurityCenter::', '::', ACCESS_DELETE)) {
    756. 

  756.             throw new \Zikula\Framework\Exception\ForbiddenException();
    757. 

  757.         }
    758. 

  758. 

  759.         $confirmation = $this->request->get('confirmation');
    760. 

  760. 

  761.         // Check for confirmation
    762. 

  762.         if (empty($confirmation)) {
    763. 

  763.             // No confirmation yet - get one
    764. 

  764.             // Return the output that has been generated by this function
    765. 

  765.             return $this->response($this->view->fetch('Admin/purgeidslog.tpl'));
    766. 

  766.         }
    767. 

  767.         // Confirm authorisation code
    768. 

  768.         $this->checkCsrfToken();
    769. 

  769. 

  770.         $redirect_url = ModUtil::url('SecurityCenter', 'admin', 'viewidslog');
    771. 

  771. 

  772.         // delete all entries
    773. 

  773.         if (ModUtil::apiFunc('SecurityCenterModule', 'admin', 'purgeidslog')) {
    774. 

  774.             LogUtil::registerStatus($this->__('Done! Purged IDS Log.'));
    775. 

  775.         }
    776. 

  776. 

  777.        return $this->redirect($redirect_url);
    778. 

  778.     }
    779. 

  779. 

  780.     /**
    781. 

  781.      * Display the allowed html form.
    782. 

  782.      *
    783. 

  783.      * @return string html output.
    784. 

  784.      */
    785. 

  785.     public function allowedhtmlAction(array $args = array())
    786. 

  786.     {
    787. 

  787.         // security check
    788. 

  788.         if (!SecurityUtil::checkPermission('SecurityCenter::', '::', ACCESS_ADMIN)) {
    789. 

  789.             throw new \Zikula\Framework\Exception\ForbiddenException();
    790. 

  790.         }
    791. 

  791. 

  792.         $this->view->assign('htmltags', $this->_gethtmltags())
    793. 

  793.                    ->assign('currenthtmltags', System::getVar('AllowableHTML'))
    794. 

  794.                    ->assign('htmlentities', System::getVar('htmlentities'));
    795. 

  795. 

  796.         // check for HTML Purifier outputfilter
    797. 

  797.         $htmlpurifier = (bool)(System::getVar('outputfilter') == 1);
    798. 

  798.         $this->view->assign('htmlpurifier', $htmlpurifier);
    799. 

  799. 

  800.         $this->view->assign('configurl', ModUtil::url('SecurityCenter', 'admin', 'modifyconfig'));
    801. 

  801. 

  802.         return $this->response($this->view->fetch('Admin/allowedhtml.tpl'));
    803. 

  803.     }
    804. 

  804. 

  805.     /**
    806. 

  806.      * Update allowed html settings.
    807. 

  807.      *
    808. 

  808.      * @return mixed true if successful, false if unsuccessful, error string otherwise.
    809. 

  809.      */
    810. 

  810.     public function updateallowedhtmlAction(array $args = array())
    811. 

  811.     {
    812. 

  812.         $this->checkCsrfToken();
    813. 

  813. 

  814.         // security check
    815. 

  815.         if (!SecurityUtil::checkPermission('SecurityCenter::', '::', ACCESS_ADMIN)) {
    816. 

  816.             throw new \Zikula\Framework\Exception\ForbiddenException();
    817. 

  817.         }
    818. 

  818. 

  819.         // update the allowed html settings
    820. 

  820.         $allowedhtml = array();
    821. 

  821.         $htmltags = $this->_gethtmltags();
    822. 

  822.         foreach ($htmltags as $htmltag => $usagetag) {
    823. 

  823.             $tagval = (int)$this->request->request->get('htmlallow' . $htmltag . 'tag', 0);
    824. 

  824.             if (($tagval != 1) && ($tagval != 2)) {
    825. 

  825.                 $tagval = 0;
    826. 

  826.             }
    827. 

  827.             $allowedhtml[$htmltag] = $tagval;
    828. 

  828.         }
    829. 

  829. 

  830.         System::setVar('AllowableHTML', $allowedhtml);
    831. 

  831. 

  832.         // one additonal config var is set on this page
    833. 

  833.         $htmlentities = $this->request->request->get('xhtmlentities', 0);
    834. 

  834.         System::setVar('htmlentities', $htmlentities);
    835. 

  835. 

  836.         // clear all cache and compile directories
    837. 

  837.         ModUtil::apiFunc('SettingsModule', 'admin', 'clearallcompiledcaches');
    838. 

  838. 

  839.         // all done successfully
    840. 

  840.         LogUtil::registerStatus($this->__('Done! Saved module configuration.'));
    841. 

  841. 

  842.         return $this->redirect(ModUtil::url('SecurityCenter', 'admin', 'allowedhtml'));
    843. 

  843.     }
    844. 

  844. 

  845.     /**
    846. 

  846.      * Utility function to return the list of available tags.
    847. 

  847.      *
    848. 

  848.      * @return string html output.
    849. 

  849.      */
    850. 

  850.     private function _gethtmltags()
    851. 

  851.     {
    852. 

  852.         // Possible allowed HTML tags
    853. 

  853.         return array(
    854. 

  854.                 '!--' => 'http://www.w3schools.com/html5/tag_comment.asp',
    855. 

  855.                 'a' => 'http://www.w3schools.com/html5/tag_a.asp',
    856. 

  856.                 'abbr' => 'http://www.w3schools.com/html5/tag_abbr.asp',
    857. 

  857.                 'acronym' => 'http://www.w3schools.com/html5/tag_acronym.asp',
    858. 

  858.                 'address' => 'http://www.w3schools.com/html5/tag_address.asp',
    859. 

  859.                 'applet' => 'http://www.w3schools.com/tags/tag_applet.asp',
    860. 

  860.                 'area' => 'http://www.w3schools.com/html5/tag_area.asp',
    861. 

  861.                 'article' => 'http://www.w3schools.com/html5/tag_article.asp',
    862. 

  862.                 'aside' => 'http://www.w3schools.com/html5/tag_aside.asp',
    863. 

  863.                 'audio' => 'http://www.w3schools.com/html5/tag_audio.asp',
    864. 

  864.                 'b' => 'http://www.w3schools.com/html5/tag_b.asp',
    865. 

  865.                 'base' => 'http://www.w3schools.com/html5/tag_base.asp',
    866. 

  866.                 'basefont' => 'http://www.w3schools.com/tags/tag_basefont.asp',
    867. 

  867.                 'bdo' => 'http://www.w3schools.com/html5/tag_bdo.asp',
    868. 

  868.                 'big' => 'http://www.w3schools.com/tags/tag_font_style.asp',
    869. 

  869.                 'blockquote' => 'http://www.w3schools.com/html5/tag_blockquote.asp',
    870. 

  870.                 'br' => 'http://www.w3schools.com/html5/tag_br.asp',
    871. 

  871.                 'button' => 'http://www.w3schools.com/html5/tag_button.asp',
    872. 

  872.                 'canvas' => 'http://www.w3schools.com/html5/tag_canvas.asp',
    873. 

  873.                 'caption' => 'http://www.w3schools.com/html5/tag_caption.asp',
    874. 

  874.                 'center' => 'http://www.w3schools.com/tags/tag_center.asp',
    875. 

  875.                 'cite' => 'http://www.w3schools.com/html5/tag_phrase_elements.asp',
    876. 

  876.                 'code' => 'http://www.w3schools.com/html5/tag_phrase_elements.asp',
    877. 

  877.                 'col' => 'http://www.w3schools.com/html5/tag_col.asp',
    878. 

  878.                 'colgroup' => 'http://www.w3schools.com/html5/tag_colgroup.asp',
    879. 

  879.                 'command' => 'http://www.w3schools.com/html5/tag_command.asp',
    880. 

  880.                 'datalist' => 'http://www.w3schools.com/html5/tag_datalist.asp',
    881. 

  881.                 'dd' => 'http://www.w3schools.com/html5/tag_dd.asp',
    882. 

  882.                 'del' => 'http://www.w3schools.com/html5/tag_del.asp',
    883. 

  883.                 'details' => 'http://www.w3schools.com/html5/tag_details.asp',
    884. 

  884.                 'dfn' => 'http://www.w3schools.com/html5/tag_phrase_elements.asp',
    885. 

  885.                 'dir' => 'http://www.w3schools.com/tags/tag_dir.asp',
    886. 

  886.                 'div' => 'http://www.w3schools.com/html5/tag_div.asp',
    887. 

  887.                 'dl' => 'http://www.w3schools.com/html5/tag_dl.asp',
    888. 

  888.                 'dt' => 'http://www.w3schools.com/html5/tag_dt.asp',
    889. 

  889.                 'em' => 'http://www.w3schools.com/html5/tag_phrase_elements.asp',
    890. 

  890.                 'embed' => 'http://www.w3schools.com/html5/tag_embed.asp',
    891. 

  891.                 'fieldset' => 'http://www.w3schools.com/html5/tag_fieldset.asp',
    892. 

  892.                 'figcaption' => 'http://www.w3schools.com/html5/tag_figcaption.asp',
    893. 

  893.                 'figure' => 'http://www.w3schools.com/html5/tag_figure.asp',
    894. 

  894.                 'font' => 'http://www.w3schools.com/tags/tag_font.asp',
    895. 

  895.                 'footer' => 'http://www.w3schools.com/html5/tag_footer.asp',
    896. 

  896.                 'form' => 'http://www.w3schools.com/html5/tag_form.asp',
    897. 

  897.                 'h1' => 'http://www.w3schools.com/html5/tag_hn.asp',
    898. 

  898.                 'h2' => 'http://www.w3schools.com/html5/tag_hn.asp',
    899. 

  899.                 'h3' => 'http://www.w3schools.com/html5/tag_hn.asp',
    900. 

  900.                 'h4' => 'http://www.w3schools.com/html5/tag_hn.asp',
    901. 

  901.                 'h5' => 'http://www.w3schools.com/html5/tag_hn.asp',
    902. 

  902.                 'h6' => 'http://www.w3schools.com/html5/tag_hn.asp',
    903. 

  903.                 'header' => 'http://www.w3schools.com/html5/tag_header.asp',
    904. 

  904.                 'hgroup' => 'http://www.w3schools.com/html5/tag_hgroup.asp',
    905. 

  905.                 'hr' => 'http://www.w3schools.com/html5/tag_hr.asp',
    906. 

  906.                 'i' => 'http://www.w3schools.com/html5/tag_i.asp',
    907. 

  907.                 'iframe' => 'http://www.w3schools.com/html5/tag_iframe.asp',
    908. 

  908.                 'img' => 'http://www.w3schools.com/html5/tag_img.asp',
    909. 

  909.                 'input' => 'http://www.w3schools.com/html5/tag_input.asp',
    910. 

  910.                 'ins' => 'http://www.w3schools.com/html5/tag_ins.asp',
    911. 

  911.                 'keygen' => 'http://www.w3schools.com/html5/tag_keygen.asp',
    912. 

  912.                 'kbd' => 'http://www.w3schools.com/html5/tag_phrase_elements.asp',
    913. 

  913.                 'label' => 'http://www.w3schools.com/html5/tag_label.asp',
    914. 

  914.                 'legend' => 'http://www.w3schools.com/html5/tag_legend.asp',
    915. 

  915.                 'li' => 'http://www.w3schools.com/html5/tag_li.asp',
    916. 

  916.                 'map' => 'http://www.w3schools.com/html5/tag_map.asp',
    917. 

  917.                 'mark' => 'http://www.w3schools.com/html5/tag_mark.asp',
    918. 

  918.                 'menu' => 'http://www.w3schools.com/html5/tag_menu.asp',
    919. 

  919.                 'marquee' => '',
    920. 

  920.                 'meter' => 'http://www.w3schools.com/html5/tag_meter.asp',
    921. 

  921.                 'nav' => 'http://www.w3schools.com/html5/tag_nav.asp',
    922. 

  922.                 'nobr' => '',
    923. 

  923.                 'object' => 'http://www.w3schools.com/html5/tag_object.asp',
    924. 

  924.                 'ol' => 'http://www.w3schools.com/html5/tag_ol.asp',
    925. 

  925.                 'optgroup' => 'http://www.w3schools.com/html5/tag_optgroup.asp',
    926. 

  926.                 'option' => 'http://www.w3schools.com/html5/tag_option.asp',
    927. 

  927.                 'output' => 'http://www.w3schools.com/html5/tag_output.asp',
    928. 

  928.                 'p' => 'http://www.w3schools.com/html5/tag_p.asp',
    929. 

  929.                 'param' => 'http://www.w3schools.com/html5/tag_param.asp',
    930. 

  930.                 'pre' => 'http://www.w3schools.com/html5/tag_pre.asp',
    931. 

  931.                 'progress' => 'http://www.w3schools.com/html5/tag_progress.asp',
    932. 

  932.                 'q' => 'http://www.w3schools.com/html5/tag_q.asp',
    933. 

  933.                 'rp' => 'http://www.w3schools.com/html5/tag_rp.asp',
    934. 

  934.                 'rt' => 'http://www.w3schools.com/html5/tag_rt.asp',
    935. 

  935.                 'ruby' => 'http://www.w3schools.com/html5/tag_ruby.asp',
    936. 

  936.                 's' => 'http://www.w3schools.com/tags/tag_strike.asp',
    937. 

  937.                 'samp' => 'http://www.w3schools.com/html5/tag_phrase_elements.asp',
    938. 

  938.                 'script' => 'http://www.w3schools.com/html5/tag_script.asp',
    939. 

  939.                 'section' => 'http://www.w3schools.com/html5/tag_section.asp',
    940. 

  940.                 'select' => 'http://www.w3schools.com/html5/tag_select.asp',
    941. 

  941.                 'small' => 'http://www.w3schools.com/html5/tag_small.asp',
    942. 

  942.                 'source' => 'http://www.w3schools.com/html5/tag_source.asp',
    943. 

  943.                 'span' => 'http://www.w3schools.com/html5/tag_span.asp',
    944. 

  944.                 'strike' => 'http://www.w3schools.com/tags/tag_strike.asp',
    945. 

  945.                 'strong' => 'http://www.w3schools.com/html5/tag_phrase_elements.asp',
    946. 

  946.                 'sub' => 'http://www.w3schools.com/html5/tag_sup.asp',
    947. 

  947.                 'summary' => 'http://www.w3schools.com/html5/tag_summary.asp',
    948. 

  948.                 'sup' => 'http://www.w3schools.com/html5/tag_sup.asp',
    949. 

  949.                 'table' => 'http://www.w3schools.com/html5/tag_table.asp',
    950. 

  950.                 'tbody' => 'http://www.w3schools.com/html5/tag_tbody.asp',
    951. 

  951.                 'td' => 'http://www.w3schools.com/html5/tag_td.asp',
    952. 

  952.                 'textarea' => 'http://www.w3schools.com/html5/tag_textarea.asp',
    953. 

  953.                 'tfoot' => 'http://www.w3schools.com/html5/tag_tfoot.asp',
    954. 

  954.                 'th' => 'http://www.w3schools.com/html5/tag_th.asp',
    955. 

  955.                 'thead' => 'http://www.w3schools.com/html5/tag_thead.asp',
    956. 

  956.                 'time' => 'http://www.w3schools.com/html5/tag_time.asp',
    957. 

  957.                 'tr' => 'http://www.w3schools.com/html5/tag_tr.asp',
    958. 

  958.                 'tt' => 'http://www.w3schools.com/tags/tag_font_style.asp',
    959. 

  959.                 'u' => 'http://www.w3schools.com/tags/tag_u.asp',
    960. 

  960.                 'ul' => 'http://www.w3schools.com/html5/tag_ul.asp',
    961. 

  961.                 'var' => 'http://www.w3schools.com/html5/tag_phrase_elements.asp',
    962. 

  962.                 'video' => 'http://www.w3schools.com/html5/tag_video.asp',
    963. 

  963.                 'wbr' => 'http://www.w3schools.com/html5/tag_wbr.asp');
    964. 

  964.     }
    965. 

  965. 

  966. }
    967. 

  967.