summaryrefslogtreecommitdiff
path: root/plugins
diff options
context:
space:
mode:
authorEvan Prodromou <evan@status.net>2010-09-02 16:56:52 -0400
committerEvan Prodromou <evan@status.net>2010-09-02 16:56:52 -0400
commit7517409bf16137a9d8a420b7358f30fa55945ba0 (patch)
tree56fe423029a2efa872ca8f30423ec8b4e5672627 /plugins
parent468a15db004ff0e02d15c7ef515aee2c96f441cc (diff)
parent11f7fce3bb59af46dd76c1e219f8df04de9e03af (diff)
Merge branch 'testing' into 0.9.x
Diffstat (limited to 'plugins')
-rw-r--r--plugins/TwitterBridge/TwitterBridgePlugin.php25
1 files changed, 25 insertions, 0 deletions
diff --git a/plugins/TwitterBridge/TwitterBridgePlugin.php b/plugins/TwitterBridge/TwitterBridgePlugin.php
index 0505a328f..8e3eba318 100644
--- a/plugins/TwitterBridge/TwitterBridgePlugin.php
+++ b/plugins/TwitterBridge/TwitterBridgePlugin.php
@@ -335,5 +335,30 @@ class TwitterBridgePlugin extends Plugin
return (bool)$this->adminImportControl;
}
+ /**
+ * When the site is set to ssl=sometimes mode, we should make sure our
+ * various auth-related pages are on SSL to keep things looking happy.
+ * Although we're not submitting passwords directly, we do link out to
+ * an authentication source and it's a lot happier if we've got some
+ * protection against MitM.
+ *
+ * @param string $action name
+ * @param boolean $ssl outval to force SSL
+ * @return mixed hook return value
+ */
+ function onSensitiveAction($action, &$ssl)
+ {
+ $sensitive = array('twitteradminpanel',
+ 'twittersettings',
+ 'twitterauthorization',
+ 'twitterlogin');
+ if (in_array($action, $sensitive)) {
+ $ssl = true;
+ return false;
+ } else {
+ return true;
+ }
+ }
+
}
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2025-02-09 18:51:42 +0000