// TRANS: Drop down option in Paths admin panel (option for "When to use SSL").
$ssl = array('never' => _('Never'),
- // TRANS: Drop down option in Paths admin panel (option for "When to use SSL").
- 'sometimes' => _('Sometimes'),
// TRANS: Drop down option in Paths admin panel (option for "When to use SSL").
'always' => _('Always'));
$server = common_config('site', 'server');
}
- $ssl = common_config('avatar', 'ssl');
-
- if (is_null($ssl)) { // null -> guess
- if (common_config('site', 'ssl') == 'always' &&
- !common_config('avatar', 'server')) {
- $ssl = true;
- } else {
- $ssl = false;
- }
- }
+ $ssl = (common_config('avatar', 'ssl') || GNUsocial::useHTTPS());
$protocol = ($ssl) ? 'https' : 'http';
$fail = true;
}
- if (!in_array($this->ssl, array('never', 'sometimes', 'always'))) {
+ if (!in_array($this->ssl, array('never', 'always'))) {
$this->updateStatus("Bad value for server SSL enabling.");
$fail = true;
}
'sitename' => $this->sitename,
'server' => $this->server,
'path' => $this->path,
- 'ssl' => in_array($this->ssl, array('never', 'sometimes', 'always'))
+ 'ssl' => in_array($this->ssl, array('never', 'always'))
? $this->ssl
: 'never',
'db_database' => $this->db['database'],
$expiration,
$cookiepath,
$server,
- common_config('site', 'ssl')=='always');
+ GNUsocial::useHTTPS());
}
define('REMEMBERME', 'rememberme');
$r = Router::get();
$path = $r->build($action, $args, $params, $fragment);
- $ssl = common_config('site', 'ssl') === 'always'
- || GNUsocial::isHTTPS()
- || common_is_sensitive($action);
+ $ssl = GNUsocial::useHTTPS();
if (common_config('site','fancy')) {
$url = common_path($path, $ssl, $addSession);
return $url;
}
-function common_is_sensitive($action)
-{
- static $sensitive = array(
- 'login',
- 'register',
- 'passwordsettings',
- 'api',
- 'ApiOAuthRequestToken',
- 'ApiOAuthAccessToken',
- 'ApiOAuthAuthorize',
- 'ApiOAuthPin',
- 'showapplication'
- );
- $ssl = null;
-
- if (Event::handle('SensitiveAction', array($action, &$ssl))) {
- $ssl = in_array($action, $sensitive);
- }
-
- return $ssl;
-}
-
function common_path($relative, $ssl=false, $addSession=true)
{
$pathpart = (common_config('site', 'path')) ? common_config('site', 'path')."/" : '';
- if (($ssl && (common_config('site', 'ssl') === 'sometimes'))
- || GNUsocial::isHTTPS()
- || common_config('site', 'ssl') === 'always') {
+ if ($ssl && GNUsocial::useHTTPS()) {
$proto = 'https';
if (is_string(common_config('site', 'sslserver')) &&
mb_strlen(common_config('site', 'sslserver')) > 0) {
return true;
}
- /*
- * Use SSL for Facebook stuff
- *
- * @param string $action name
- * @param boolean $ssl outval to force SSL
- * @return mixed hook return value
- */
- function onSensitiveAction($action, &$ssl)
- {
- $sensitive = array(
- 'facebookadminpanel',
- 'facebooksettings',
- 'facebooklogin',
- 'facebookfinishlogin'
- );
-
- if (in_array($action, $sensitive)) {
- $ssl = true;
- return false;
- } else {
- return true;
- }
- }
-
/**
* If a notice gets deleted, remove the Notice_to_item mapping and
* delete the item on Facebook
return parent::onAutoload($cls);
}
- /**
- * Sensitive actions
- *
- * These actions should use https when SSL support is 'sometimes'
- *
- * @param Action $action Action to form an URL for
- * @param boolean &$ssl Whether to mark it for SSL
- *
- * @return boolean hook return
- */
- function onSensitiveAction($action, &$ssl)
- {
- switch ($action)
- {
- case 'finishopenidlogin':
- case 'finishaddopenid':
- $ssl = true;
- return false;
- default:
- return true;
- }
- }
-
/**
* Login actions
*
to the bottom of your config.php
The plugin will not do anything unless:
-$config['site']['ssl'] is set to 'always'
+$config['site']['ssl'] is set to something other than 'never'
$config['site']['path'] is either not set, empty, or '/'
Settings
function onArgsInitialize($args)
{
$path = common_config('site', 'path');
- if(common_config('site', 'ssl') == 'always' && ($path == '/' || ! $path )) {
+ if (GNUsocial::useHTTPS() && ($path == '/' || mb_strlen($path)==0 )) {
header('Strict-Transport-Security: max-age=' . $this->max_age
. ($this->includeSubDomains ? '; includeSubDomains' : '')
. ($this->preloadToken ? '; preload' : ''));
return (bool)$this->adminImportControl;
}
- /**
- * When the site is set to ssl=sometimes mode, we should make sure our
- * various auth-related pages are on SSL to keep things looking happy.
- * Although we're not submitting passwords directly, we do link out to
- * an authentication source and it's a lot happier if we've got some
- * protection against MitM.
- *
- * @param string $action name
- * @param boolean $ssl outval to force SSL
- * @return mixed hook return value
- */
- function onSensitiveAction($action, &$ssl)
- {
- $sensitive = array('twitteradminpanel',
- 'twittersettings',
- 'twitterauthorization',
- 'twitterlogin');
- if (in_array($action, $sensitive)) {
- $ssl = true;
- return false;
- } else {
- return true;
- }
- }
-
/**
* Database schema setup
*
--sitename User-friendly site name (required)
--fancy Whether to use fancy URLs (default no)
--ssl Server SSL enabled (default never),
- [never | sometimes | always]
+ [never | always]
--dbtype 'mysql' (default) or 'pgsql'
--host Database hostname (required)
projects / quix0rs-gnu-social.git / commitdiff