From 07eae0ce4d927851a839cf50d5cb9b7a06b979a2 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Thu, 26 Mar 2009 15:03:59 -0400 Subject: Support SSL for some, all, or no pages Support SSL URLs either for all pages; no pages; or for sensitive pages accepting passwords, like login, registration, API, and others. --- lib/util.php | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) (limited to 'lib/util.php') diff --git a/lib/util.php b/lib/util.php index a43666fa5..0a1137a77 100644 --- a/lib/util.php +++ b/lib/util.php @@ -713,25 +713,46 @@ function common_relative_profile($sender, $nickname, $dt=null) function common_local_url($action, $args=null, $params=null, $fragment=null) { + static $sensitive = array('login', 'register', 'passwordsettings', + 'twittersettings', 'finishopenidlogin', + 'api'); + $r = Router::get(); $path = $r->build($action, $args, $params, $fragment); + $ssl = in_array($action, $sensitive); + if (common_config('site','fancy')) { - $url = common_path(mb_substr($path, 1)); + $url = common_path(mb_substr($path, 1), $ssl); } else { if (mb_strpos($path, '/index.php') === 0) { - $url = common_path(mb_substr($path, 1)); + $url = common_path(mb_substr($path, 1), $ssl); } else { - $url = common_path('index.php'.$path); + $url = common_path('index.php'.$path, $ssl); } } return $url; } -function common_path($relative) +function common_path($relative, $ssl=false) { $pathpart = (common_config('site', 'path')) ? common_config('site', 'path')."/" : ''; - return "http://".common_config('site', 'server').'/'.$pathpart.$relative; + + if (($ssl && (common_config('site', 'ssl') === 'sometimes')) + || common_config('site', 'ssl') === 'always') { + $proto = 'https'; + if (is_string(common_config('site', 'sslserver')) && + mb_strlen(common_config('site', 'sslserver')) > 0) { + $serverpart = common_config('site', 'sslserver'); + } else { + $serverpart = common_config('site', 'server'); + } + } else { + $proto = 'http'; + $serverpart = common_config('site', 'server'); + } + + return $proto.'://'.$serverpart.'/'.$pathpart.$relative; } function common_date_string($dt) -- cgit v1.2.3-54-g00ecf From 3af66807161628969395bfb65ada38f977c94edf Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 30 Mar 2009 10:17:10 -0400 Subject: add a title to attention notice links --- lib/util.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'lib/util.php') diff --git a/lib/util.php b/lib/util.php index a43666fa5..7b2930914 100644 --- a/lib/util.php +++ b/lib/util.php @@ -622,9 +622,13 @@ function common_at_link($sender_id, $nickname) $url = $recipient->profileurl; } $xs = new XMLStringer(false); + $attrs = array('href' => $url, + 'class' => 'url'); + if (!empty($recipient->fullname)) { + $attrs['title'] = $recipient->fullname . ' (' . $recipient->nickname . ')'; + } $xs->elementStart('span', 'vcard'); - $xs->elementStart('a', array('href' => $url, - 'class' => 'url')); + $xs->elementStart('a', $attrs); $xs->element('span', 'fn nickname', $nickname); $xs->elementEnd('a'); $xs->elementEnd('span'); -- cgit v1.2.3-54-g00ecf From d5ac986b800858348dec746d64c8b907043ba225 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 30 Mar 2009 10:26:36 -0400 Subject: add titles to group links in notices --- lib/util.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'lib/util.php') diff --git a/lib/util.php b/lib/util.php index 7b2930914..ef73adc36 100644 --- a/lib/util.php +++ b/lib/util.php @@ -643,10 +643,14 @@ function common_group_link($sender_id, $nickname) $sender = Profile::staticGet($sender_id); $group = User_group::staticGet('nickname', common_canonical_nickname($nickname)); if ($group && $sender->isMember($group)) { + $attrs = array('href' => $group->permalink(), + 'class' => 'url'); + if (!empty($group->fullname)) { + $attrs['title'] = $group->fullname . ' (' . $group->nickname . ')'; + } $xs = new XMLStringer(); $xs->elementStart('span', 'vcard'); - $xs->elementStart('a', array('href' => $group->permalink(), - 'class' => 'url')); + $xs->elementStart('a', $attrs); $xs->element('span', 'fn nickname', $nickname); $xs->elementEnd('a'); $xs->elementEnd('span'); -- cgit v1.2.3-54-g00ecf From e149f3d64b5c0a58b299fb607824a1cd515836a4 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Thu, 26 Mar 2009 15:03:59 -0400 Subject: Support SSL for some, all, or no pages Support SSL URLs either for all pages; no pages; or for sensitive pages accepting passwords, like login, registration, API, and others. --- README | 10 ++++++++++ config.php.sample | 10 ++++++++++ lib/common.php | 2 ++ lib/util.php | 31 ++++++++++++++++++++++++++----- 4 files changed, 48 insertions(+), 5 deletions(-) (limited to 'lib/util.php') diff --git a/README b/README index 73cb95367..70815c141 100644 --- a/README +++ b/README @@ -925,6 +925,16 @@ dupelimit: Time in which it's not OK for the same person to post the same notice; default = 60 seconds. logo: URL of an image file to use as the logo for the site. Overrides the logo in the theme, if any. +ssl: Whether to use SSL and https:// URLs for some or all pages. + Possible values are 'always' (use it for all pages), 'never' + (don't use it for any pages), or 'sometimes' (use it for + sensitive pages that include passwords like login and registration, + but not for regular pages). Default to 'never'. +sslserver: use an alternate server name for SSL URLs, like + 'secure.example.org'. You should be careful to set cookie + parameters correctly so that both the SSL server and the + "normal" server can access the session cookie and + preferably other cookies as well. db -- diff --git a/config.php.sample b/config.php.sample index 529e86f15..d62a54fe7 100644 --- a/config.php.sample +++ b/config.php.sample @@ -174,3 +174,13 @@ $config['sphinx']['port'] = 3312; #http://taguri.org/ Examples: #$config['integration']['taguri'] = 'example.net,2008'; #$config['integration']['taguri'] = 'admin@example.net,2009-03-09' + +#Don't use SSL +#$config['site']['ssl'] = 'never'; +#Use SSL only for sensitive pages (like login, password change) +#$config['site']['ssl'] = 'sometimes'; +#Use SSL for all pages +#$config['site']['ssl'] = 'always'; + +#Use a different hostname for SSL-encrypted pages +#$config['site']['sslserver'] = 'secure.example.org'; diff --git a/lib/common.php b/lib/common.php index caad705a4..c2037c3ad 100644 --- a/lib/common.php +++ b/lib/common.php @@ -87,6 +87,8 @@ $config = 'closed' => false, 'inviteonly' => false, 'private' => false, + 'ssl' => 'never', + 'sslserver' => null, 'dupelimit' => 60), # default for same person saying the same thing 'syslog' => array('appname' => 'laconica', # for syslog diff --git a/lib/util.php b/lib/util.php index ef73adc36..fdcae0aca 100644 --- a/lib/util.php +++ b/lib/util.php @@ -721,25 +721,46 @@ function common_relative_profile($sender, $nickname, $dt=null) function common_local_url($action, $args=null, $params=null, $fragment=null) { + static $sensitive = array('login', 'register', 'passwordsettings', + 'twittersettings', 'finishopenidlogin', + 'api'); + $r = Router::get(); $path = $r->build($action, $args, $params, $fragment); + $ssl = in_array($action, $sensitive); + if (common_config('site','fancy')) { - $url = common_path(mb_substr($path, 1)); + $url = common_path(mb_substr($path, 1), $ssl); } else { if (mb_strpos($path, '/index.php') === 0) { - $url = common_path(mb_substr($path, 1)); + $url = common_path(mb_substr($path, 1), $ssl); } else { - $url = common_path('index.php'.$path); + $url = common_path('index.php'.$path, $ssl); } } return $url; } -function common_path($relative) +function common_path($relative, $ssl=false) { $pathpart = (common_config('site', 'path')) ? common_config('site', 'path')."/" : ''; - return "http://".common_config('site', 'server').'/'.$pathpart.$relative; + + if (($ssl && (common_config('site', 'ssl') === 'sometimes')) + || common_config('site', 'ssl') === 'always') { + $proto = 'https'; + if (is_string(common_config('site', 'sslserver')) && + mb_strlen(common_config('site', 'sslserver')) > 0) { + $serverpart = common_config('site', 'sslserver'); + } else { + $serverpart = common_config('site', 'server'); + } + } else { + $proto = 'http'; + $serverpart = common_config('site', 'server'); + } + + return $proto.'://'.$serverpart.'/'.$pathpart.$relative; } function common_date_string($dt) -- cgit v1.2.3-54-g00ecf From 1fbf9a042e2e7ed1f67dfad9b7fe3b96019bd1a3 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Tue, 31 Mar 2009 10:09:11 -0400 Subject: give the correct root url when SSL enabled --- lib/openid.php | 2 +- lib/util.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/util.php') diff --git a/lib/openid.php b/lib/openid.php index 3aa488b6d..f3769c6fc 100644 --- a/lib/openid.php +++ b/lib/openid.php @@ -160,7 +160,7 @@ function oid_authenticate($openid_url, $returnto, $immediate=false) $auth_request->addExtension($sreg_request); } - $trust_root = common_path(''); + $trust_root = common_root_url(true); $process_url = common_local_url($returnto); if ($auth_request->shouldSendRedirect()) { diff --git a/lib/util.php b/lib/util.php index fdcae0aca..98a3ae844 100644 --- a/lib/util.php +++ b/lib/util.php @@ -952,9 +952,9 @@ function common_profile_url($nickname) // Should make up a reasonable root URL -function common_root_url() +function common_root_url($ssl=false) { - return common_path(''); + return common_path('', $ssl); } // returns $bytes bytes of random data as a hexadecimal string -- cgit v1.2.3-54-g00ecf From e7381493ad036e686f82f432066f00ff911ad5d5 Mon Sep 17 00:00:00 2001 From: CiaranG Date: Wed, 1 Apr 2009 18:11:02 +0100 Subject: Return redirect code correctly as HTTP status, not a header. Fixes ticket #1371 --- lib/util.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/util.php') diff --git a/lib/util.php b/lib/util.php index fdcae0aca..26f1ff179 100644 --- a/lib/util.php +++ b/lib/util.php @@ -850,7 +850,7 @@ function common_redirect($url, $code=307) 303 => "See Other", 307 => "Temporary Redirect"); - header("Status: ${code} $status[$code]"); + header('HTTP/1.1 '.$code.' '.$status[$code]); header("Location: $url"); $xo = new XMLOutputter(); -- cgit v1.2.3-54-g00ecf From e2898db087c5ae43587235ce3c97b11fff5867a4 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Fri, 3 Apr 2009 12:51:43 -0400 Subject: add finishaddopenid to list of sensitive pages to use with ssl --- lib/util.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/util.php') diff --git a/lib/util.php b/lib/util.php index f08e70754..73410e289 100644 --- a/lib/util.php +++ b/lib/util.php @@ -723,7 +723,7 @@ function common_local_url($action, $args=null, $params=null, $fragment=null) { static $sensitive = array('login', 'register', 'passwordsettings', 'twittersettings', 'finishopenidlogin', - 'api'); + 'finishaddopenid', 'api'); $r = Router::get(); $path = $r->build($action, $args, $params, $fragment); -- cgit v1.2.3-54-g00ecf