Completed
Push — master ( e3eece...4cf24a )
by Damian
02:28
created

IFramePage_Controller::init()   B

Complexity

Conditions 7
Paths 6

Size

Total Lines 16
Code Lines 9

Duplication

Lines 0
Ratio 0 %

Importance

Changes 4
Bugs 0 Features 2
Metric Value
c 4
b 0
f 2
dl 0
loc 16
rs 8.2222
cc 7
eloc 9
nc 6
nop 0
1
<?php
2
/**
3
 * Iframe page type embeds an iframe of URL of choice into the page.
4
 * CMS editor can choose width, height, or set it to attempt automatic size configuration.
5
 */
6
7
class IFramePage extends Page
0 ignored issues
show
Coding Style Compatibility introduced by
PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions.

You can fix this by adding a namespace to your class:

namespace YourVendor;

class YourClass { }

When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries.

Loading history...
8
{
9
    public static $db = array(
10
        'IFrameURL' => 'Text',
11
        'AutoHeight' => 'Boolean(1)',
12
        'AutoWidth' => 'Boolean(1)',
13
        'FixedHeight' => 'Int(500)',
14
        'FixedWidth' => 'Int(0)',
15
        'AlternateContent' => 'HTMLText',
16
        'BottomContent' => 'HTMLText',
17
        'ForceProtocol' => 'Varchar',
18
    );
19
20
    public static $defaults = array(
21
        'AutoHeight' => '1',
22
        'AutoWidth' => '1',
23
        'FixedHeight' => '500',
24
        'FixedWidth' => '0'
25
    );
26
27
    public static $description = 'Embeds an iframe into the body of the page.';
28
29
    public function getCMSFields()
30
    {
31
        $fields = parent::getCMSFields();
32
33
        $fields->removeFieldFromTab('Root.Main', 'Content');
34
        $fields->addFieldToTab('Root.Main', $url = new TextField('IFrameURL', 'Iframe URL'));
35
        $url->setRightTitle('Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).');
36
        $fields->addFieldToTab(
37
            'Root.Main',
38
            DropdownField::create('ForceProtocol', 'Force protocol?')
39
                ->setSource(array('http://' => 'http://', 'https://' => 'https://'))
40
                ->setEmptyString('')
41
                ->setDescription('Avoids mixed content warnings when iframe content is just available under a specific protocol'),
42
            'Metadata'
43
        );
44
        $fields->addFieldToTab('Root.Main', new CheckboxField('AutoHeight', 'Auto height (only works with same domain URLs)'));
45
        $fields->addFieldToTab('Root.Main', new CheckboxField('AutoWidth', 'Auto width (100% of the available space)'));
46
        $fields->addFieldToTab('Root.Main', new NumericField('FixedHeight', 'Fixed height (in pixels)'));
47
        $fields->addFieldToTab('Root.Main', new NumericField('FixedWidth', 'Fixed width (in pixels)'));
48
        $fields->addFieldToTab('Root.Main', new HtmlEditorField('Content', 'Content (appears above iframe)'));
49
        $fields->addFieldToTab('Root.Main', new HtmlEditorField('BottomContent', 'Content (appears below iframe)'));
50
        $fields->addFieldToTab('Root.Main', new HtmlEditorField('AlternateContent', 'Alternate Content (appears when user has iframes disabled)'));
51
52
        // Move the Metadata field to last position, but make a check for it's
53
        // existence first.
54
        //
55
        // See https://github.com/silverstripe-labs/silverstripe-iframe/issues/18
56
        $mainTab = $fields->findOrMakeTab('Root.Main');
57
        $mainTabFields = $mainTab->FieldList();
58
        $metaDataField = $mainTabFields->fieldByName('Metadata');
59
        if ($metaDataField) {
60
            $mainTabFields->removeByName('Metadata');
61
            $mainTabFields->push($metaDataField);
62
        }
63
        return $fields;
64
    }
65
66
    /**
67
     * Compute class from the size parameters.
68
     */
69
    public function getClass()
70
    {
71
        $class = '';
72
        if ($this->AutoHeight) {
73
            $class .= 'iframepage-height-auto';
74
        }
75
76
        return $class;
77
    }
78
79
    /**
80
     * Compute style from the size parameters.
81
     */
82
    public function getStyle()
83
    {
84
        $style = '';
85
86
        // Always add fixed height as a fallback if autosetting or JS fails.
87
        $height = $this->FixedHeight;
88
        if (!$height) {
89
            $height = 800;
90
        }
91
        $style .= "height: {$height}px; ";
92
93
        if ($this->AutoWidth) {
94
            $style .= "width: 100%; ";
95
        } elseif ($this->FixedWidth) {
96
            $style .= "width: {$this->FixedWidth}px; ";
97
        }
98
99
        return $style;
100
    }
101
102
    /**
103
     * Ensure that the IFrameURL is a valid url and prevents XSS
104
     *
105
     * @throws ValidationException
106
     * @return ValidationResult
107
     */
108
    public function validate()
109
    {
110
        $result = parent::validate();
111
112
        //whitelist allowed URL schemes
113
        $allowed_schemes = array('http', 'https');
114
        if ($matches = parse_url($this->IFrameURL)) {
115
            if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
116
                $result->error(_t('IFramePage.VALIDATION.BANNEDURLSCHEME', "This URL scheme is not allowed."));
117
            }
118
        }
119
120
        return $result;
121
    }
122
}
123
124
class IFramePage_Controller extends Page_Controller
0 ignored issues
show
Coding Style Compatibility introduced by
PSR1 recommends that each class should be in its own file to aid autoloaders.

Having each class in a dedicated file usually plays nice with PSR autoloaders and is therefore a well established practice. If you use other autoloaders, you might not want to follow this rule.

Loading history...
Coding Style Compatibility introduced by
PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions.

You can fix this by adding a namespace to your class:

namespace YourVendor;

class YourClass { }

When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries.

Loading history...
125
{
126
    public function init()
127
    {
128
        parent::init();
129
130
        if ($this->ForceProtocol) {
131
            if ($this->ForceProtocol == 'http://' && Director::protocol() != 'http://') {
132
                return $this->redirect(preg_replace('#https://#', 'http://', $this->AbsoluteLink()));
133
            } elseif ($this->ForceProtocol == 'https://' && Director::protocol() != 'https://') {
134
                return $this->redirect(preg_replace('#http://#', 'https://', $this->AbsoluteLink()));
135
            }
136
        }
137
138
        if ($this->IFrameURL) {
139
            Requirements::javascript('iframe/javascript/iframe_page.js');
140
        }
141
    }
142
}
143