]> git.mxchange.org Git - quix0rs-gnu-social.git/blobdiff - lib/action.php
projects / quix0rs-gnu-social.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
define Reply::pkeyGet()
[quix0rs-gnu-social.git] / lib / action.php
diff --git a/lib/action.php b/lib/action.php
index 3492873c5981574b7d29e71a08641759f901cca6..d63569cba3596b55fd2e4276216c227985ba72bf 100644 (file)
--- a/lib/action.php
+++ b/lib/action.php
@@ -246,20 +246,6 @@ class Action extends HTMLOutputter // lawsuit
                 Event::handle('EndShowUAStyles', array($this));
             }
 
-            if (Event::handle('StartShowDesign', array($this))) {
-
-                $user = common_current_user();
-
-                if (empty($user) || $user->viewdesigns) {
-                    $design = $this->getDesign();
-
-                    if (!empty($design)) {
-                        $design->showCSS($this);
-                    }
-                }
-
-                Event::handle('EndShowDesign', array($this));
-            }
             Event::handle('EndShowStyles', array($this));
 
             if (common_config('custom_css', 'enabled')) {
@@ -334,9 +320,12 @@ class Action extends HTMLOutputter // lawsuit
                 $this->inlineScript('var _peopletagAC = "' .
                     common_local_url('peopletagautocomplete') . '";');
                 $this->showScriptMessages();
-                // Frame-busting code to avoid clickjacking attacks.
+                // Anti-framing code to avoid clickjacking attacks in older browsers.
+                // This will show a blank page if the page is being framed, which is
+                // consistent with the behavior of the 'X-Frame-Options: SAMEORIGIN'
+                // header, which prevents framing in newer browser.
                 if (common_config('javascript', 'bustframes')) {
-                    $this->inlineScript('if (window.top !== window.self) { window.top.location.href = window.self.location.href; }');
+                    $this->inlineScript('if (window.top !== window.self) { document.write = ""; window.top.location = window.self.location; setTimeout(function () { document.body.innerHTML = ""; }, 1); window.self.onload = function () { document.body.innerHTML = ""; }; }');
                 }
                 Event::handle('EndShowStatusNetScripts', array($this));
                 Event::handle('EndShowLaconicaScripts', array($this));
@@ -1362,15 +1351,22 @@ class Action extends HTMLOutputter // lawsuit
     {
         // Added @id to li for some control.
         // XXX: We might want to move this to htmloutputter.php
-        $lattrs = array();
+        $lattrs  = array();
+        $classes = array();
         if ($class !== null) {
-            $lattrs['class'] = $class;
-            if ($is_selected) {
-                $lattrs['class'] = trim('current ' . $lattrs['class']);
-            }
+            $classes[] = trim($class);
+        }
+        if ($is_selected) {
+            $classes[] = 'current';
         }
 
-        (is_null($id)) ? $lattrs : $lattrs['id'] = $id;
+        if (!empty($classes)) {
+            $lattrs['class'] = implode(' ', $classes);
+        }
+
+        if (!is_null($id)) {
+            $lattrs['id'] = $id;
+        }
 
         $this->elementStart('li', $lattrs);
         $attrs['href'] = $url;
@@ -1439,16 +1435,6 @@ class Action extends HTMLOutputter // lawsuit
         return null;
     }
 
-    /**
-     * A design for this action
-     *
-     * @return Design a design object to use
-     */
-    function getDesign()
-    {
-        return Design::siteDesign();
-    }
-
     /**
      * Check the session token.
      *
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)