diff options
| -rw-r--r-- | .htaccess | 2 | ||||
| -rw-r--r-- | doc/To-Do-Code.md | 4 | ||||
| -rw-r--r-- | doc/to_do_code.bb | 4 | ||||
| -rw-r--r-- | include/network.php | 36 | ||||
| -rw-r--r-- | mod/probe.php | 4 | ||||
| -rw-r--r-- | version.inc | 2 | ||||
| -rw-r--r-- | view/en/htconfig.tpl | 7 |
7 files changed, 42 insertions, 17 deletions
@@ -1,7 +1,7 @@ Options -Indexes AddType application/x-java-archive .jar AddType audio/ogg .oga -#SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH +#SSLCipherSuite HIGH:AES256-SHA:AES128-SHA:RC4:!aNULL:!eNULL:!EDH # don't allow any web access to logfiles, even after rotation/compression <FilesMatch "\.(out|log|gz)$"> diff --git a/doc/To-Do-Code.md b/doc/To-Do-Code.md index 58ecd18c6..fe5ec1842 100644 --- a/doc/To-Do-Code.md +++ b/doc/To-Do-Code.md @@ -23,6 +23,10 @@ We need much more than this, but here are areas where developers can help. Pleas * (Advanced) create a UI for building Comanche pages +* External post connectors - create standard interface + +* External post connectors, add popular services + * templatise and translate the Web interface to webDAV * Extend WebDAV to provide desktop access to photo albums diff --git a/doc/to_do_code.bb b/doc/to_do_code.bb index ac337e5d8..fc2c2082d 100644 --- a/doc/to_do_code.bb +++ b/doc/to_do_code.bb @@ -28,7 +28,9 @@ We need much more than this, but here are areas where developers can help. Pleas [li]Extend WebDAV to provide desktop access to photo albums]/li]
-[li]Create a module PDL editor (separate from but integrated with the page layout editor) as a separate module. This will allow folks to view and alter the pre-defined layouts for any module in the system. If the custom module is removed or empty, revert to the system layout.
+[li]External post connectors - create standard interface[/li]
+
+[li]External post connectors, add popular services[/li]
[li]service classes - provide a pluggable subscription payment gateway for premium accounts[/li]
diff --git a/include/network.php b/include/network.php index 7fc3d835e..0bf05c0f0 100644 --- a/include/network.php +++ b/include/network.php @@ -43,8 +43,14 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) { @curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); @curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Red)"); + $ciphers = @get_config('system','curl_ssl_ciphers'); + if(! $ciphers) + $ciphers = 'ALL:!eNULL'; + + @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $ciphers); + if (x($opts,'accept_content')){ - curl_setopt($ch,CURLOPT_HTTPHEADER, array ( + @curl_setopt($ch,CURLOPT_HTTPHEADER, array ( "Accept: " . $opts['accept_content'] )); } @@ -138,21 +144,27 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) { if(($redirects > 8) || (! $ch)) return ret; - curl_setopt($ch, CURLOPT_HEADER, true); + @curl_setopt($ch, CURLOPT_HEADER, true); @curl_setopt($ch, CURLOPT_CAINFO, get_capath()); - curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); - curl_setopt($ch, CURLOPT_POST,1); - curl_setopt($ch, CURLOPT_POSTFIELDS,$params); - curl_setopt($ch, CURLOPT_USERAGENT, "Red"); + @curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); + @curl_setopt($ch, CURLOPT_POST,1); + @curl_setopt($ch, CURLOPT_POSTFIELDS,$params); + @curl_setopt($ch, CURLOPT_USERAGENT, "Red"); + + $ciphers = @get_config('system','curl_ssl_ciphers'); + if(! $ciphers) + $ciphers = 'ALL:!eNULL'; + + @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, Z_CURL_CIPHERS); if (x($opts,'accept_content')){ - curl_setopt($ch,CURLOPT_HTTPHEADER, array ( + @curl_setopt($ch,CURLOPT_HTTPHEADER, array ( "Accept: " . $opts['accept_content'] )); } if(x($opts,'headers')) - curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']); + @curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']); if(x($opts,'timeout') && intval($opts['timeout'])) { @curl_setopt($ch, CURLOPT_TIMEOUT, $opts['timeout']); @@ -172,11 +184,11 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) { $prx = get_config('system','proxy'); if(strlen($prx)) { - curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); - curl_setopt($ch, CURLOPT_PROXY, $prx); + @curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); + @curl_setopt($ch, CURLOPT_PROXY, $prx); $prxusr = get_config('system','proxyuser'); if(strlen($prxusr)) - curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); + @curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); } // don't let curl abort the entire application @@ -185,7 +197,7 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) { $s = @curl_exec($ch); $base = $s; - $curl_info = curl_getinfo($ch); + $curl_info = @curl_getinfo($ch); $http_code = $curl_info['http_code']; $header = ''; diff --git a/mod/probe.php b/mod/probe.php index 5b226cb6a..8e0b60dcc 100644 --- a/mod/probe.php +++ b/mod/probe.php @@ -20,13 +20,13 @@ function probe_content(&$a) { if($res['success']) $j = json_decode($res['body'],true); else { - $o .= sprintf( t('Fetching URL returns error: $1%s'),$res['error'] . "\r\n\r\n"); + $o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n"); $o .= "<strong>https connection failed. Trying again with auto failover to http.</strong>\r\n\r\n"; $res = zot_finger($addr,$channel,true); if($res['success']) $j = json_decode($res['body'],true); else - $o .= sprintf( t('Fetching URL returns error: $1%s'),$res['error'] . "\r\n\r\n"); + $o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n"); } if($j && $j['permissions'] && $j['permissions']['iv']) diff --git a/version.inc b/version.inc index e3203e51d..a63c71f59 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2014-03-23.625 +2014-03-24.626 diff --git a/view/en/htconfig.tpl b/view/en/htconfig.tpl index 840e7a124..8e2d32433 100644 --- a/view/en/htconfig.tpl +++ b/view/en/htconfig.tpl @@ -85,6 +85,13 @@ $a->config['system']['php_path'] = '{{$phpath}}'; $a->config['system']['directory_mode'] = DIRECTORY_MODE_NORMAL; + +// libcurl default ciphers - Redhat and NSS based systems may use a different +// syntax. This indicates the ciphers we will accept when connecting to any +// https site. We want this to be as liberal as possible. + +$a->config['system']['curl_ssl_ciphers'] = 'ALL:!eNULL'; + // default system theme $a->config['system']['theme'] = 'redbasic'; |