From c9e8b1e5c380904e479927e2f24754d8709f590e Mon Sep 17 00:00:00 2001
From: Meitar Moscovitz <meitarm@gmail.com>
Date: Wed, 11 Feb 2009 03:03:16 +1100
Subject: Add streamlined mobile device-friendly styles when enabled in config.

A new mobile-specific style sheet is added and loaded only if the
`$config['site']['mobile']` configuration variable is set to true.
---
 lib/action.php | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'lib')

diff --git a/lib/action.php b/lib/action.php
index ce92addf5..ce37f4760 100644
--- a/lib/action.php
+++ b/lib/action.php
@@ -170,6 +170,13 @@ class Action extends HTMLOutputter // lawsuit
         }
         $this->comment('[if IE]><link rel="stylesheet" type="text/css" '.
                        'href="'.theme_path('css/ie.css', null).'?version='.LACONICA_VERSION.'" /><![endif]');
+        if (common_config('site', 'mobile')) {
+            $this->element('link', array('rel' => 'stylesheet',
+                                         'type' => 'text/css',
+                                         'href' => theme_path('css/mobile.css', 'base') . '?version=' . LACONICA_VERSION,
+                                         // TODO: "handheld" CSS for other mobile devices
+                                         'media' => 'screen and (max-device-width: 480px)')); // Mobile WebKit
+        }
     }
 
     /**
-- 
cgit v1.2.3-54-g00ecf


From beddf906634054b115d41046ac112cd0264dbfe1 Mon Sep 17 00:00:00 2001
From: Meitar Moscovitz <meitarm@gmail.com>
Date: Wed, 11 Feb 2009 03:12:14 +1100
Subject: Trigger only on handheld device screens, not on browser screens,
 d'oh!

---
 lib/action.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/action.php b/lib/action.php
index ce37f4760..3e236d714 100644
--- a/lib/action.php
+++ b/lib/action.php
@@ -175,7 +175,7 @@ class Action extends HTMLOutputter // lawsuit
                                          'type' => 'text/css',
                                          'href' => theme_path('css/mobile.css', 'base') . '?version=' . LACONICA_VERSION,
                                          // TODO: "handheld" CSS for other mobile devices
-                                         'media' => 'screen and (max-device-width: 480px)')); // Mobile WebKit
+                                         'media' => 'only screen and (max-device-width: 480px)')); // Mobile WebKit
         }
     }
 
-- 
cgit v1.2.3-54-g00ecf


From 9d81cef5cc2a0a197a0223206ba3d9a687065886 Mon Sep 17 00:00:00 2001
From: Meitar Moscovitz <meitarm@gmail.com>
Date: Mon, 16 Feb 2009 15:45:18 +1100
Subject: Add framebusting JavaScript to help avoid clickjacking attacks.

---
 lib/action.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lib')

diff --git a/lib/action.php b/lib/action.php
index cd0db5399..48d5821a1 100644
--- a/lib/action.php
+++ b/lib/action.php
@@ -205,6 +205,9 @@ class Action extends HTMLOutputter // lawsuit
                 $this->element('script', array('type' => 'text/javascript',
                                                'src' => common_path('js/util.js?version='.LACONICA_VERSION)),
                                ' ');
+                // Frame-busting code to avoid clickjacking attacks.
+                $this->element('script', array('type' => 'text/javascript'),
+                               'if (window.top !== window.self) { window.top.location.href = window.self.location.href; }');
                 Event::handle('EndShowLaconicaScripts', array($this));
             }
             Event::handle('EndShowScripts', array($this));
-- 
cgit v1.2.3-54-g00ecf


From c9def4a8768239093823fbe34367d97f9e30d320 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@controlyourself.ca>
Date: Wed, 18 Feb 2009 23:43:26 +0000
Subject: more correct handling of etags and last-modified

---
 lib/action.php | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'lib')

diff --git a/lib/action.php b/lib/action.php
index e2d09ace2..b1e700b67 100644
--- a/lib/action.php
+++ b/lib/action.php
@@ -209,12 +209,10 @@ class Action extends HTMLOutputter // lawsuit
                                                'src' => common_path('js/jquery.form.js')),
                                ' ');
 
-
                 $this->element('script', array('type' => 'text/javascript',
                                                'src' => common_path('js/jquery.simplemodal-1.2.2.pack.js')),
                                ' ');
 
-
                 Event::handle('EndShowJQueryScripts', array($this));
             }
             if (Event::handle('StartShowLaconicaScripts', array($this))) {
@@ -813,8 +811,10 @@ class Action extends HTMLOutputter // lawsuit
             if ($if_modified_since) {
                 $ims = strtotime($if_modified_since);
                 if ($lm <= $ims) {
-                    if (!$etag ||
-                        $this->_hasEtag($etag, $_SERVER['HTTP_IF_NONE_MATCH'])) {
+                    $if_none_match = $_SERVER['HTTP_IF_NONE_MATCH'];
+                    if (!$if_none_match ||
+                        !$etag ||
+                        $this->_hasEtag($etag, $if_none_match)) {
                         header('HTTP/1.1 304 Not Modified');
                         // Better way to do this?
                         exit(0);
@@ -832,9 +832,11 @@ class Action extends HTMLOutputter // lawsuit
      *
      * @return boolean
      */
+
     function _hasEtag($etag, $if_none_match)
     {
-        return ($if_none_match) && in_array($etag, explode(',', $if_none_match));
+        $etags = explode(',', $if_none_match);
+        return in_array($etag, $etags) || in_array('*', $etags);
     }
 
     /**
-- 
cgit v1.2.3-54-g00ecf