aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.htaccess2
-rw-r--r--doc/To-Do-Code.md4
-rw-r--r--doc/to_do_code.bb4
-rw-r--r--include/network.php36
-rw-r--r--mod/probe.php4
-rw-r--r--version.inc2
-rw-r--r--view/en/htconfig.tpl7
7 files changed, 42 insertions, 17 deletions
diff --git a/.htaccess b/.htaccess
index 7f752018c..39fd89e04 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,7 +1,7 @@
Options -Indexes
AddType application/x-java-archive .jar
AddType audio/ogg .oga
-#SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
+#SSLCipherSuite HIGH:AES256-SHA:AES128-SHA:RC4:!aNULL:!eNULL:!EDH
# don't allow any web access to logfiles, even after rotation/compression
<FilesMatch "\.(out|log|gz)$">
diff --git a/doc/To-Do-Code.md b/doc/To-Do-Code.md
index 58ecd18c6..fe5ec1842 100644
--- a/doc/To-Do-Code.md
+++ b/doc/To-Do-Code.md
@@ -23,6 +23,10 @@ We need much more than this, but here are areas where developers can help. Pleas
* (Advanced) create a UI for building Comanche pages
+* External post connectors - create standard interface
+
+* External post connectors, add popular services
+
* templatise and translate the Web interface to webDAV
* Extend WebDAV to provide desktop access to photo albums
diff --git a/doc/to_do_code.bb b/doc/to_do_code.bb
index ac337e5d8..fc2c2082d 100644
--- a/doc/to_do_code.bb
+++ b/doc/to_do_code.bb
@@ -28,7 +28,9 @@ We need much more than this, but here are areas where developers can help. Pleas
[li]Extend WebDAV to provide desktop access to photo albums]/li]
-[li]Create a module PDL editor (separate from but integrated with the page layout editor) as a separate module. This will allow folks to view and alter the pre-defined layouts for any module in the system. If the custom module is removed or empty, revert to the system layout.
+[li]External post connectors - create standard interface[/li]
+
+[li]External post connectors, add popular services[/li]
[li]service classes - provide a pluggable subscription payment gateway for premium accounts[/li]
diff --git a/include/network.php b/include/network.php
index 7fc3d835e..0bf05c0f0 100644
--- a/include/network.php
+++ b/include/network.php
@@ -43,8 +43,14 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) {
@curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
@curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Red)");
+ $ciphers = @get_config('system','curl_ssl_ciphers');
+ if(! $ciphers)
+ $ciphers = 'ALL:!eNULL';
+
+ @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $ciphers);
+
if (x($opts,'accept_content')){
- curl_setopt($ch,CURLOPT_HTTPHEADER, array (
+ @curl_setopt($ch,CURLOPT_HTTPHEADER, array (
"Accept: " . $opts['accept_content']
));
}
@@ -138,21 +144,27 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) {
if(($redirects > 8) || (! $ch))
return ret;
- curl_setopt($ch, CURLOPT_HEADER, true);
+ @curl_setopt($ch, CURLOPT_HEADER, true);
@curl_setopt($ch, CURLOPT_CAINFO, get_capath());
- curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
- curl_setopt($ch, CURLOPT_POST,1);
- curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
- curl_setopt($ch, CURLOPT_USERAGENT, "Red");
+ @curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
+ @curl_setopt($ch, CURLOPT_POST,1);
+ @curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
+ @curl_setopt($ch, CURLOPT_USERAGENT, "Red");
+
+ $ciphers = @get_config('system','curl_ssl_ciphers');
+ if(! $ciphers)
+ $ciphers = 'ALL:!eNULL';
+
+ @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, Z_CURL_CIPHERS);
if (x($opts,'accept_content')){
- curl_setopt($ch,CURLOPT_HTTPHEADER, array (
+ @curl_setopt($ch,CURLOPT_HTTPHEADER, array (
"Accept: " . $opts['accept_content']
));
}
if(x($opts,'headers'))
- curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']);
+ @curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']);
if(x($opts,'timeout') && intval($opts['timeout'])) {
@curl_setopt($ch, CURLOPT_TIMEOUT, $opts['timeout']);
@@ -172,11 +184,11 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) {
$prx = get_config('system','proxy');
if(strlen($prx)) {
- curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
- curl_setopt($ch, CURLOPT_PROXY, $prx);
+ @curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
+ @curl_setopt($ch, CURLOPT_PROXY, $prx);
$prxusr = get_config('system','proxyuser');
if(strlen($prxusr))
- curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr);
+ @curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr);
}
// don't let curl abort the entire application
@@ -185,7 +197,7 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) {
$s = @curl_exec($ch);
$base = $s;
- $curl_info = curl_getinfo($ch);
+ $curl_info = @curl_getinfo($ch);
$http_code = $curl_info['http_code'];
$header = '';
diff --git a/mod/probe.php b/mod/probe.php
index 5b226cb6a..8e0b60dcc 100644
--- a/mod/probe.php
+++ b/mod/probe.php
@@ -20,13 +20,13 @@ function probe_content(&$a) {
if($res['success'])
$j = json_decode($res['body'],true);
else {
- $o .= sprintf( t('Fetching URL returns error: $1%s'),$res['error'] . "\r\n\r\n");
+ $o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n");
$o .= "<strong>https connection failed. Trying again with auto failover to http.</strong>\r\n\r\n";
$res = zot_finger($addr,$channel,true);
if($res['success'])
$j = json_decode($res['body'],true);
else
- $o .= sprintf( t('Fetching URL returns error: $1%s'),$res['error'] . "\r\n\r\n");
+ $o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n");
}
if($j && $j['permissions'] && $j['permissions']['iv'])
diff --git a/version.inc b/version.inc
index e3203e51d..a63c71f59 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2014-03-23.625
+2014-03-24.626
diff --git a/view/en/htconfig.tpl b/view/en/htconfig.tpl
index 840e7a124..8e2d32433 100644
--- a/view/en/htconfig.tpl
+++ b/view/en/htconfig.tpl
@@ -85,6 +85,13 @@ $a->config['system']['php_path'] = '{{$phpath}}';
$a->config['system']['directory_mode'] = DIRECTORY_MODE_NORMAL;
+
+// libcurl default ciphers - Redhat and NSS based systems may use a different
+// syntax. This indicates the ciphers we will accept when connecting to any
+// https site. We want this to be as liberal as possible.
+
+$a->config['system']['curl_ssl_ciphers'] = 'ALL:!eNULL';
+
// default system theme
$a->config['system']['theme'] = 'redbasic';