ssl_policy stuff
This commit is contained in:
parent
64e3e3590b
commit
f0a62d8908
19
boot.php
19
boot.php
|
@ -379,11 +379,22 @@ class App {
|
||||||
|
|
||||||
$scheme = $this->scheme;
|
$scheme = $this->scheme;
|
||||||
|
|
||||||
if(x($this->config,'ssl_policy')) {
|
if((x($this->config,'system')) && (x($this->config['system'],'ssl_policy'))) {
|
||||||
if(($ssl) || ($this->config['ssl_policy'] == SSL_POLICY_FULL))
|
if($this->config['system']['ssl_policy'] == SSL_POLICY_FULL)
|
||||||
$scheme = 'https';
|
|
||||||
if(($this->config['ssl_policy'] == SSL_POLICY_SELFSIGN) && (local_user() || x($_POST,'auth-params')))
|
|
||||||
$scheme = 'https';
|
$scheme = 'https';
|
||||||
|
|
||||||
|
// We need to populate the $ssl flag across the entire program before turning this on.
|
||||||
|
// Basically, we'll have $ssl = true on any links which can only be seen by a logged in user
|
||||||
|
// (and also the login link). Anything seen by an outsider will have it turned off.
|
||||||
|
// At present, setting SSL_POLICY_SELFSIGN will only force remote contacts to update their
|
||||||
|
// contact links to this site with "http:" if they are currently using "https:"
|
||||||
|
|
||||||
|
// if($this->config['system']['ssl_policy'] == SSL_POLICY_SELFSIGN) {
|
||||||
|
// if($ssl)
|
||||||
|
// $scheme = 'https';
|
||||||
|
// else
|
||||||
|
// $scheme = 'http';
|
||||||
|
// }
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->baseurl = $scheme . "://" . $this->hostname . ((isset($this->path) && strlen($this->path)) ? '/' . $this->path : '' );
|
$this->baseurl = $scheme . "://" . $this->hostname . ((isset($this->path) && strlen($this->path)) ? '/' . $this->path : '' );
|
||||||
|
|
|
@ -1046,6 +1046,21 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
|
||||||
if(! $rino_enable)
|
if(! $rino_enable)
|
||||||
$rino = 0;
|
$rino = 0;
|
||||||
|
|
||||||
|
$ssl_val = intval(get_config('system','ssl_policy'));
|
||||||
|
$ssl_policy = '';
|
||||||
|
switch($ssl_val){
|
||||||
|
case SSL_POLICY_FULL:
|
||||||
|
$ssl_policy = 'full';
|
||||||
|
break;
|
||||||
|
case SSL_POLICY_SELFSIGN:
|
||||||
|
$ssl_policy = 'self';
|
||||||
|
break;
|
||||||
|
case SSL_POLICY_NONE:
|
||||||
|
default:
|
||||||
|
$ssl_policy = 'none';
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
$url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : '');
|
$url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : '');
|
||||||
|
|
||||||
logger('dfrn_deliver: ' . $url);
|
logger('dfrn_deliver: ' . $url);
|
||||||
|
@ -1118,6 +1133,8 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
|
||||||
$postvars['perm'] = 'r';
|
$postvars['perm'] = 'r';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$postvars['ssl_policy'] = $ssl_policy;
|
||||||
|
|
||||||
if($rino && $rino_allowed && (! $dissolve)) {
|
if($rino && $rino_allowed && (! $dissolve)) {
|
||||||
$key = substr(random_string(),0,16);
|
$key = substr(random_string(),0,16);
|
||||||
$data = bin2hex(aes_encrypt($postvars['data'],$key));
|
$data = bin2hex(aes_encrypt($postvars['data'],$key));
|
||||||
|
|
|
@ -152,10 +152,6 @@ function admin_page_summary(&$a) {
|
||||||
$r = q("SELECT COUNT(id) as `count` FROM `register`");
|
$r = q("SELECT COUNT(id) as `count` FROM `register`");
|
||||||
$pending = $r[0]['count'];
|
$pending = $r[0]['count'];
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
$t = get_markup_template("admin_summary.tpl");
|
$t = get_markup_template("admin_summary.tpl");
|
||||||
return replace_macros($t, array(
|
return replace_macros($t, array(
|
||||||
'$title' => t('Administration'),
|
'$title' => t('Administration'),
|
||||||
|
@ -210,7 +206,7 @@ function admin_page_site_post(&$a){
|
||||||
$dfrn_only = ((x($_POST,'dfrn_only')) ? True : False);
|
$dfrn_only = ((x($_POST,'dfrn_only')) ? True : False);
|
||||||
$ostatus_disabled = !((x($_POST,'ostatus_disabled')) ? True : False);
|
$ostatus_disabled = !((x($_POST,'ostatus_disabled')) ? True : False);
|
||||||
$diaspora_enabled = ((x($_POST,'diaspora_enabled')) ? True : False);
|
$diaspora_enabled = ((x($_POST,'diaspora_enabled')) ? True : False);
|
||||||
|
$ssl_policy = ((x($_POST,'ssl_policy')) ? intval($_POST['ssl_policy']) : 0);
|
||||||
|
|
||||||
set_config('config','sitename',$sitename);
|
set_config('config','sitename',$sitename);
|
||||||
if ($banner==""){
|
if ($banner==""){
|
||||||
|
@ -222,6 +218,7 @@ function admin_page_site_post(&$a){
|
||||||
} else {
|
} else {
|
||||||
set_config('system','banner', $banner);
|
set_config('system','banner', $banner);
|
||||||
}
|
}
|
||||||
|
set_config('system','ssl_policy',$ssl_policy);
|
||||||
set_config('system','language', $language);
|
set_config('system','language', $language);
|
||||||
set_config('system','theme', $theme);
|
set_config('system','theme', $theme);
|
||||||
set_config('system','maximagesize', $maximagesize);
|
set_config('system','maximagesize', $maximagesize);
|
||||||
|
@ -306,6 +303,12 @@ function admin_page_site(&$a) {
|
||||||
REGISTER_OPEN => t("Open")
|
REGISTER_OPEN => t("Open")
|
||||||
);
|
);
|
||||||
|
|
||||||
|
$ssl_choices = array(
|
||||||
|
SSL_POLICY_NONE => t("No SSL policy, links will track page SSL state"),
|
||||||
|
SSL_POLICY_FULL => t("Force all links to use SSL"),
|
||||||
|
SSL_POLICY_SELFSIGN => t("Self-signed certificate, use SSL for local links only (discouraged)")
|
||||||
|
);
|
||||||
|
|
||||||
$t = get_markup_template("admin_site.tpl");
|
$t = get_markup_template("admin_site.tpl");
|
||||||
return replace_macros($t, array(
|
return replace_macros($t, array(
|
||||||
'$title' => t('Administration'),
|
'$title' => t('Administration'),
|
||||||
|
@ -322,7 +325,7 @@ function admin_page_site(&$a) {
|
||||||
'$banner' => array('banner', t("Banner/Logo"), $banner, ""),
|
'$banner' => array('banner', t("Banner/Logo"), $banner, ""),
|
||||||
'$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices),
|
'$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices),
|
||||||
'$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles"), $theme_choices),
|
'$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles"), $theme_choices),
|
||||||
|
'$ssl_policy' => array('ssl_policy', t("SSL link policy"), get_config('system','ssl_policy'), t("Determines whether generated links should be forced to use SSL"), $ssl_choices),
|
||||||
'$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")),
|
'$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")),
|
||||||
|
|
||||||
'$register_policy' => array('register_policy', t("Register policy"), $a->config['register_policy'], "", $register_choices),
|
'$register_policy' => array('register_policy', t("Register policy"), $a->config['register_policy'], "", $register_choices),
|
||||||
|
|
|
@ -14,6 +14,7 @@ function dfrn_notify_post(&$a) {
|
||||||
$key = ((x($_POST,'key')) ? $_POST['key'] : '');
|
$key = ((x($_POST,'key')) ? $_POST['key'] : '');
|
||||||
$dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0);
|
$dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0);
|
||||||
$perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r');
|
$perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r');
|
||||||
|
$ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none');
|
||||||
|
|
||||||
$writable = (-1);
|
$writable = (-1);
|
||||||
if($dfrn_version >= 2.21) {
|
if($dfrn_version >= 2.21) {
|
||||||
|
@ -94,6 +95,65 @@ function dfrn_notify_post(&$a) {
|
||||||
$importer['writable'] = $writable;
|
$importer['writable'] = $writable;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// if contact's ssl policy changed, update our links
|
||||||
|
|
||||||
|
$ssl_changed = false;
|
||||||
|
|
||||||
|
if($ssl_policy == 'self' && strstr($importer['url'],'https:')) {
|
||||||
|
$ssl_changed = true;
|
||||||
|
$importer['url'] = str_replace('https:','http:',$importer['url']);
|
||||||
|
$importer['nurl'] = normalise_link($importer['url']);
|
||||||
|
$importer['photo'] = str_replace('https:','http:',$importer['photo']);
|
||||||
|
$importer['thumb'] = str_replace('https:','http:',$importer['thumb']);
|
||||||
|
$importer['micro'] = str_replace('https:','http:',$importer['micro']);
|
||||||
|
$importer['request'] = str_replace('https:','http:',$importer['request']);
|
||||||
|
$importer['notify'] = str_replace('https:','http:',$importer['notify']);
|
||||||
|
$importer['poll'] = str_replace('https:','http:',$importer['poll']);
|
||||||
|
$importer['confirm'] = str_replace('https:','http:',$importer['confirm']);
|
||||||
|
$importer['poco'] = str_replace('https:','http:',$importer['poco']);
|
||||||
|
}
|
||||||
|
|
||||||
|
if($ssl_policy == 'full' && strstr($importer['url'],'http:')) {
|
||||||
|
$ssl_changed = true;
|
||||||
|
$importer['url'] = str_replace('http:','https:',$importer['url']);
|
||||||
|
$importer['nurl'] = normalise_link($importer['url']);
|
||||||
|
$importer['photo'] = str_replace('http:','https:',$importer['photo']);
|
||||||
|
$importer['thumb'] = str_replace('http:','https:',$importer['thumb']);
|
||||||
|
$importer['micro'] = str_replace('http:','https:',$importer['micro']);
|
||||||
|
$importer['request'] = str_replace('http:','https:',$importer['request']);
|
||||||
|
$importer['notify'] = str_replace('http:','https:',$importer['notify']);
|
||||||
|
$importer['poll'] = str_replace('http:','https:',$importer['poll']);
|
||||||
|
$importer['confirm'] = str_replace('http:','https:',$importer['confirm']);
|
||||||
|
$importer['poco'] = str_replace('http:','https:',$importer['poco']);
|
||||||
|
}
|
||||||
|
|
||||||
|
if($ssl_changed) {
|
||||||
|
q("update contact set
|
||||||
|
url = '%s',
|
||||||
|
nurl = '%s',
|
||||||
|
photo = '%s',
|
||||||
|
thumb = '%s',
|
||||||
|
micro = '%s',
|
||||||
|
request = '%s',
|
||||||
|
notify = '%s',
|
||||||
|
poll = '%s',
|
||||||
|
confirm = '%s',
|
||||||
|
poco = '%s'
|
||||||
|
where id = %d limit 1",
|
||||||
|
dbesc($importer['url']),
|
||||||
|
dbesc($importer['nurl']),
|
||||||
|
dbesc($importer['photo']),
|
||||||
|
dbesc($importer['thumb']),
|
||||||
|
dbesc($importer['micro']),
|
||||||
|
dbesc($importer['request']),
|
||||||
|
dbesc($importer['notify']),
|
||||||
|
dbesc($importer['poll']),
|
||||||
|
dbesc($importer['confirm']),
|
||||||
|
dbesc($importer['poco']),
|
||||||
|
intval($importer['id'])
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']);
|
logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']);
|
||||||
logger('dfrn_notify: data: ' . $data, LOGGER_DATA);
|
logger('dfrn_notify: data: ' . $data, LOGGER_DATA);
|
||||||
|
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
{{ inc field_textarea.tpl with $field=$banner }}{{ endinc }}
|
{{ inc field_textarea.tpl with $field=$banner }}{{ endinc }}
|
||||||
{{ inc field_select.tpl with $field=$language }}{{ endinc }}
|
{{ inc field_select.tpl with $field=$language }}{{ endinc }}
|
||||||
{{ inc field_select.tpl with $field=$theme }}{{ endinc }}
|
{{ inc field_select.tpl with $field=$theme }}{{ endinc }}
|
||||||
|
{{ inc field_select.tpl with $field=$ssl_policy }}{{ endinc }}
|
||||||
|
|
||||||
<div class="submit"><input type="submit" name="page_site" value="$submit" /></div>
|
<div class="submit"><input type="submit" name="page_site" value="$submit" /></div>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user