diff options
| author | Brion Vibber <brion@pobox.com> | 2010-09-02 10:40:41 -0700 |
|---|---|---|
| committer | Brion Vibber <brion@pobox.com> | 2010-09-02 10:55:26 -0700 |
| commit | 4cbbfdab84c3cd58880902dbc560b14b4c66a0e8 (patch) | |
| tree | 0effe84c40438ffb33bab570d897c0a5bba3af2f /plugins/TwitterBridge | |
| parent | 8f06e3b2819936d1a9fe30b1bc44759bdcd56992 (diff) | |
Fix for #2635: use ssl-sometimes settings for Twitter settings & auth pages
Diffstat (limited to 'plugins/TwitterBridge')
| -rw-r--r-- | plugins/TwitterBridge/TwitterBridgePlugin.php | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/plugins/TwitterBridge/TwitterBridgePlugin.php b/plugins/TwitterBridge/TwitterBridgePlugin.php index 0505a328f..8e3eba318 100644 --- a/plugins/TwitterBridge/TwitterBridgePlugin.php +++ b/plugins/TwitterBridge/TwitterBridgePlugin.php @@ -335,5 +335,30 @@ class TwitterBridgePlugin extends Plugin return (bool)$this->adminImportControl; } + /** + * When the site is set to ssl=sometimes mode, we should make sure our + * various auth-related pages are on SSL to keep things looking happy. + * Although we're not submitting passwords directly, we do link out to + * an authentication source and it's a lot happier if we've got some + * protection against MitM. + * + * @param string $action name + * @param boolean $ssl outval to force SSL + * @return mixed hook return value + */ + function onSensitiveAction($action, &$ssl) + { + $sensitive = array('twitteradminpanel', + 'twittersettings', + 'twitterauthorization', + 'twitterlogin'); + if (in_array($action, $sensitive)) { + $ssl = true; + return false; + } else { + return true; + } + } + } |