security_2classes_2general_2frame_8php_source.html

<?

IncludeModuleLangFile(__FILE__);


use \Bitrix\Main\ORM\Query\Query;

use \Bitrix\Security\FrameMaskTable;


class CSecurityFrame

{


    public static function SetHeader()

    {

        if((!defined("BX_SECURITY_SKIP_FRAMECHECK") || BX_SECURITY_SKIP_FRAMECHECK!==true) && !CSecurityFrameMask::Check(SITE_ID, $_SERVER["REQUEST_URI"]))

        {

            header("X-Frame-Options: SAMEORIGIN");

            header("Content-Security-Policy: frame-ancestors 'self';");

        }

    }


    public static function IsActive()

    {

        $bActive = false;

        foreach(GetModuleEvents("main", "OnPageStart", true) as $event)

        {

            if(

                isset($event["TO_MODULE_ID"]) && $event["TO_MODULE_ID"] === "security"

                && isset($event["TO_CLASS"]) && $event["TO_CLASS"] === "CSecurityFrame"

            )

            {

                $bActive = true;

                break;

            }

        }

        return $bActive;

    }


    public static function SetActive($bActive = false)

    {

        if($bActive)

        {

            if(!CSecurityFrame::IsActive())

            {

                RegisterModuleDependences("main", "OnPageStart", "security", "CSecurityFrame", "SetHeader", "0");

            }

        }

        else

        {

            if(CSecurityFrame::IsActive())

            {

                UnRegisterModuleDependences("main", "OnPageStart", "security", "CSecurityFrame", "SetHeader");

            }

        }

    }


}


class CSecurityFrameMask

{


    public static function Update($arMasks)

    {

        global $CACHE_MANAGER;


        if(is_array($arMasks))

        {

            $res = FrameMaskTable::deleteList([]);

            if($res)

            {

                $arLikeSearch = array("?", "*", ".");

                $arLikeReplace = array("_",  "%", "\\.");

                $arPregSearch = array("\\", ".",  "?", "*",   "'");

                $arPregReplace = array("/",  "\.", ".", ".*?", "\'");


                $added = array();

                $i = 10;

                foreach($arMasks as $arMask)

                {

                    $site_id = trim($arMask["SITE_ID"]);

                    if($site_id == "NOT_REF")

                        $site_id = "";


                    $mask = trim($arMask["MASK"]);

                    $mask_site = $mask . "_" . $site_id;

                    if($mask && !array_key_exists($mask_site, $added))

                    {

                        $arMask = array(

                            "SORT" => $i,

                            "FRAME_MASK" => $mask,

                            "LIKE_MASK" => str_replace($arLikeSearch, $arLikeReplace, $mask),

                            "PREG_MASK" => str_replace($arPregSearch, $arPregReplace, $mask),

                        );

                        if($site_id)

                            $arMask["SITE_ID"] = $site_id;


                        FrameMaskTable::add($arMask);

                        $i += 10;

                        $added[$mask_site] = true;

                    }

                }


                if(CACHED_b_sec_frame_mask !== false)

                    $CACHE_MANAGER->CleanDir("b_sec_frame_mask");


            }

        }


        return true;

    }


    public static function GetList()

    {

        $res = FrameMaskTable::getList(['select' => ['SITE_ID', 'FRAME_MASK'], 'order' => 'SORT']);

        return $res;

    }


    public static function Check($siteId, $uri)

    {

        global $DB, $CACHE_MANAGER;

        $bFound = false;


        if(CACHED_b_sec_frame_mask !== false)

        {

            $cache_id = "b_sec_frame_mask";

            if($CACHE_MANAGER->Read(CACHED_b_sec_frame_mask, $cache_id, "b_sec_frame_mask"))

            {

                $arMasks = $CACHE_MANAGER->Get($cache_id);

            }

            else

            {

                $arMasks = array();


                $rs = FrameMaskTable::getList(['order' => 'SORT']);

                while($ar = $rs->Fetch())

                {

                    $site_id = $ar["SITE_ID"]? $ar["SITE_ID"]: "-";

                    $arMasks[$site_id][$ar["SORT"]] = $ar["PREG_MASK"];

                }


                $CACHE_MANAGER->Set($cache_id, $arMasks);

            }


            if(isset($arMasks["-"]) && is_array($arMasks["-"]))

            {

                foreach($arMasks["-"] as $mask)

                {

                    if(preg_match("#^".$mask."$#", $uri))

                    {

                        $bFound = true;

                        break;

                    }

                }

            }


            if(

                !$bFound

                && $siteId

                && isset($arMasks[$siteId])

            )

            {

                foreach($arMasks[$siteId] as $mask)

                {

                    if(preg_match("#^".$mask."$#", $uri))

                    {

                        $bFound = true;

                        break;

                    }

                }

            }


        }

        else

        {

            $sqlHelper = \Bitrix\Main\Application::getConnection()->getSqlHelper();


            $filter = Query::filter()

                ->whereNull('SITE_ID')

                ->whereExpr("'".$sqlHelper->forSql($uri)."' LIKE %s", ['LIKE_MASK']);


            if ($siteId)

            {

                $filterOr = Query::filter()

                    ->where('SITE_ID', $siteId)

                    ->whereExpr("'".$sqlHelper->forSql($uri)."' LIKE %s", ['LIKE_MASK']);


                $filter = Query::filter()

                    ->logic('or')

                    ->where($filter)

                    ->where($filterOr);

            }


            $rs = FrameMaskTable::getList(['filter' => $filter]);

            if($rs->Fetch())

                $bFound = true;

        }


        return $bFound;

    }


}


?>

Bitrix\Main\Application\getConnection
static getConnection($name="")
Определения application.php:638

CSecurityFrame
Определения frame.php:8

CSecurityFrame\IsActive
static IsActive()
Определения frame.php:18

CSecurityFrame\SetActive
static SetActive($bActive=false)
Определения frame.php:35

CSecurityFrame\SetHeader
static SetHeader()
Определения frame.php:9

CSecurityFrameMask
Определения frame.php:55

CSecurityFrameMask\GetList
static GetList()
Определения frame.php:106

CSecurityFrameMask\Update
static Update($arMasks)
Определения frame.php:56

CSecurityFrameMask\Check
static Check($siteId, $uri)
Определения frame.php:112

$CACHE_MANAGER
global $CACHE_MANAGER
Определения clear_component_cache.php:7

array
</td ></tr ></table ></td ></tr >< tr >< td class="bx-popup-label bx-width30"><?=GetMessage("PAGE_NEW_TAGS")?> array( $site)
Определения file_new.php:804

$res
$res
Определения filter_act.php:7

$bFound
$bFound
Определения get_search.php:40

$filter
$filter
Определения iblock_catalog_list.php:54

$_SERVER
$_SERVER["DOCUMENT_ROOT"]
Определения cron_frame.php:9

$DB
global $DB
Определения cron_frame.php:29

$uri
if(file_exists($_SERVER['DOCUMENT_ROOT'] . "/urlrewrite.php")) $uri
Определения urlrewrite.php:61

$siteId
$siteId
Определения ajax.php:8

RegisterModuleDependences
RegisterModuleDependences($FROM_MODULE_ID, $MESSAGE_ID, $TO_MODULE_ID, $TO_CLASS="", $TO_METHOD="", $SORT=100, $TO_PATH="", $TO_METHOD_ARG=[])
Определения tools.php:5295

UnRegisterModuleDependences
UnRegisterModuleDependences($FROM_MODULE_ID, $MESSAGE_ID, $TO_MODULE_ID, $TO_CLASS="", $TO_METHOD="", $TO_PATH="", $TO_METHOD_ARG=[])
Определения tools.php:5289

GetModuleEvents
GetModuleEvents($MODULE_ID, $MESSAGE_ID, $bReturnArray=false)
Определения tools.php:5177

IncludeModuleLangFile
IncludeModuleLangFile($filepath, $lang=false, $bReturnArray=false)
Определения tools.php:3778

$event
$event
Определения prolog_after.php:141

$ar
$ar
Определения options.php:199

$i
$i
Определения factura.php:643

$site_id
$site_id
Определения sonet_set_content_view.php:9

SITE_ID
const SITE_ID
Определения sonet_set_content_view.php:12

$rs
$rs
Определения action.php:82