aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xboot.php19
-rwxr-xr-xinclude/items.php17
-rwxr-xr-xmod/admin.php17
-rwxr-xr-xmod/dfrn_notify.php60
-rwxr-xr-xview/admin_site.tpl1
5 files changed, 103 insertions, 11 deletions
diff --git a/boot.php b/boot.php
index ba731ddee..22a4e39be 100755
--- a/boot.php
+++ b/boot.php
@@ -379,11 +379,22 @@ class App {
$scheme = $this->scheme;
- if(x($this->config,'ssl_policy')) {
- if(($ssl) || ($this->config['ssl_policy'] == SSL_POLICY_FULL))
- $scheme = 'https';
- if(($this->config['ssl_policy'] == SSL_POLICY_SELFSIGN) && (local_user() || x($_POST,'auth-params')))
+ if((x($this->config,'system')) && (x($this->config['system'],'ssl_policy'))) {
+ if($this->config['system']['ssl_policy'] == SSL_POLICY_FULL)
$scheme = 'https';
+
+// We need to populate the $ssl flag across the entire program before turning this on.
+// Basically, we'll have $ssl = true on any links which can only be seen by a logged in user
+// (and also the login link). Anything seen by an outsider will have it turned off.
+// At present, setting SSL_POLICY_SELFSIGN will only force remote contacts to update their
+// contact links to this site with "http:" if they are currently using "https:"
+
+// if($this->config['system']['ssl_policy'] == SSL_POLICY_SELFSIGN) {
+// if($ssl)
+// $scheme = 'https';
+// else
+// $scheme = 'http';
+// }
}
$this->baseurl = $scheme . "://" . $this->hostname . ((isset($this->path) && strlen($this->path)) ? '/' . $this->path : '' );
diff --git a/include/items.php b/include/items.php
index 70c72ae16..4b1523ff6 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1046,6 +1046,21 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
if(! $rino_enable)
$rino = 0;
+ $ssl_val = intval(get_config('system','ssl_policy'));
+ $ssl_policy = '';
+ switch($ssl_val){
+ case SSL_POLICY_FULL:
+ $ssl_policy = 'full';
+ break;
+ case SSL_POLICY_SELFSIGN:
+ $ssl_policy = 'self';
+ break;
+ case SSL_POLICY_NONE:
+ default:
+ $ssl_policy = 'none';
+ break;
+ }
+
$url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : '');
logger('dfrn_deliver: ' . $url);
@@ -1118,6 +1133,8 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
$postvars['perm'] = 'r';
}
+ $postvars['ssl_policy'] = $ssl_policy;
+
if($rino && $rino_allowed && (! $dissolve)) {
$key = substr(random_string(),0,16);
$data = bin2hex(aes_encrypt($postvars['data'],$key));
diff --git a/mod/admin.php b/mod/admin.php
index 93714bb5f..2b8d9bcd2 100755
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -151,11 +151,7 @@ function admin_page_summary(&$a) {
$r = q("SELECT COUNT(id) as `count` FROM `register`");
$pending = $r[0]['count'];
-
-
-
-
-
+
$t = get_markup_template("admin_summary.tpl");
return replace_macros($t, array(
'$title' => t('Administration'),
@@ -210,7 +206,7 @@ function admin_page_site_post(&$a){
$dfrn_only = ((x($_POST,'dfrn_only')) ? True : False);
$ostatus_disabled = !((x($_POST,'ostatus_disabled')) ? True : False);
$diaspora_enabled = ((x($_POST,'diaspora_enabled')) ? True : False);
-
+ $ssl_policy = ((x($_POST,'ssl_policy')) ? intval($_POST['ssl_policy']) : 0);
set_config('config','sitename',$sitename);
if ($banner==""){
@@ -222,6 +218,7 @@ function admin_page_site_post(&$a){
} else {
set_config('system','banner', $banner);
}
+ set_config('system','ssl_policy',$ssl_policy);
set_config('system','language', $language);
set_config('system','theme', $theme);
set_config('system','maximagesize', $maximagesize);
@@ -305,6 +302,12 @@ function admin_page_site(&$a) {
REGISTER_APPROVE => t("Requires approval"),
REGISTER_OPEN => t("Open")
);
+
+ $ssl_choices = array(
+ SSL_POLICY_NONE => t("No SSL policy, links will track page SSL state"),
+ SSL_POLICY_FULL => t("Force all links to use SSL"),
+ SSL_POLICY_SELFSIGN => t("Self-signed certificate, use SSL for local links only (discouraged)")
+ );
$t = get_markup_template("admin_site.tpl");
return replace_macros($t, array(
@@ -322,7 +325,7 @@ function admin_page_site(&$a) {
'$banner' => array('banner', t("Banner/Logo"), $banner, ""),
'$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices),
'$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles"), $theme_choices),
-
+ '$ssl_policy' => array('ssl_policy', t("SSL link policy"), get_config('system','ssl_policy'), t("Determines whether generated links should be forced to use SSL"), $ssl_choices),
'$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")),
'$register_policy' => array('register_policy', t("Register policy"), $a->config['register_policy'], "", $register_choices),
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index 0c0c27e3d..3dbdc5b32 100755
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -14,6 +14,7 @@ function dfrn_notify_post(&$a) {
$key = ((x($_POST,'key')) ? $_POST['key'] : '');
$dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0);
$perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r');
+ $ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none');
$writable = (-1);
if($dfrn_version >= 2.21) {
@@ -94,6 +95,65 @@ function dfrn_notify_post(&$a) {
$importer['writable'] = $writable;
}
+ // if contact's ssl policy changed, update our links
+
+ $ssl_changed = false;
+
+ if($ssl_policy == 'self' && strstr($importer['url'],'https:')) {
+ $ssl_changed = true;
+ $importer['url'] = str_replace('https:','http:',$importer['url']);
+ $importer['nurl'] = normalise_link($importer['url']);
+ $importer['photo'] = str_replace('https:','http:',$importer['photo']);
+ $importer['thumb'] = str_replace('https:','http:',$importer['thumb']);
+ $importer['micro'] = str_replace('https:','http:',$importer['micro']);
+ $importer['request'] = str_replace('https:','http:',$importer['request']);
+ $importer['notify'] = str_replace('https:','http:',$importer['notify']);
+ $importer['poll'] = str_replace('https:','http:',$importer['poll']);
+ $importer['confirm'] = str_replace('https:','http:',$importer['confirm']);
+ $importer['poco'] = str_replace('https:','http:',$importer['poco']);
+ }
+
+ if($ssl_policy == 'full' && strstr($importer['url'],'http:')) {
+ $ssl_changed = true;
+ $importer['url'] = str_replace('http:','https:',$importer['url']);
+ $importer['nurl'] = normalise_link($importer['url']);
+ $importer['photo'] = str_replace('http:','https:',$importer['photo']);
+ $importer['thumb'] = str_replace('http:','https:',$importer['thumb']);
+ $importer['micro'] = str_replace('http:','https:',$importer['micro']);
+ $importer['request'] = str_replace('http:','https:',$importer['request']);
+ $importer['notify'] = str_replace('http:','https:',$importer['notify']);
+ $importer['poll'] = str_replace('http:','https:',$importer['poll']);
+ $importer['confirm'] = str_replace('http:','https:',$importer['confirm']);
+ $importer['poco'] = str_replace('http:','https:',$importer['poco']);
+ }
+
+ if($ssl_changed) {
+ q("update contact set
+ url = '%s',
+ nurl = '%s',
+ photo = '%s',
+ thumb = '%s',
+ micro = '%s',
+ request = '%s',
+ notify = '%s',
+ poll = '%s',
+ confirm = '%s',
+ poco = '%s'
+ where id = %d limit 1",
+ dbesc($importer['url']),
+ dbesc($importer['nurl']),
+ dbesc($importer['photo']),
+ dbesc($importer['thumb']),
+ dbesc($importer['micro']),
+ dbesc($importer['request']),
+ dbesc($importer['notify']),
+ dbesc($importer['poll']),
+ dbesc($importer['confirm']),
+ dbesc($importer['poco']),
+ intval($importer['id'])
+ );
+ }
+
logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']);
logger('dfrn_notify: data: ' . $data, LOGGER_DATA);
diff --git a/view/admin_site.tpl b/view/admin_site.tpl
index 9a1229845..01fe893c6 100755
--- a/view/admin_site.tpl
+++ b/view/admin_site.tpl
@@ -7,6 +7,7 @@
{{ inc field_textarea.tpl with $field=$banner }}{{ endinc }}
{{ inc field_select.tpl with $field=$language }}{{ endinc }}
{{ inc field_select.tpl with $field=$theme }}{{ endinc }}
+ {{ inc field_select.tpl with $field=$ssl_policy }}{{ endinc }}
<div class="submit"><input type="submit" name="page_site" value="$submit" /></div>