From f9545dc35916648f88fa04c7003abe1196f38484 Mon Sep 17 00:00:00 2001 From: mrjive Date: Wed, 3 Feb 2016 14:02:34 -0800 Subject: Added section-title-wrapper and section-conent-wrapper to search result page in /help --- mod/help.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mod/help.php b/mod/help.php index e1c6fede8..1539978f7 100644 --- a/mod/help.php +++ b/mod/help.php @@ -145,7 +145,10 @@ function help_content(&$a) { if($_REQUEST['search']) { $o .= '
'; + $o .= '
'; $o .= '

' . t('Documentation Search') . ' - ' . htmlspecialchars($_REQUEST['search']) . '

'; + $o .= '
'; + $o .= '
'; $r = search_doc_files($_REQUEST['search']); if($r) { @@ -162,6 +165,7 @@ function help_content(&$a) { } $o .= ''; $o .= '
'; + $o .= '
'; } return $o; } -- cgit v1.2.3 From 28386d747115598ccd4851e049084219b2f99fef Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 3 Feb 2016 15:23:24 -0800 Subject: admin security page for configuring white and black lists and other security options. --- mod/admin.php | 62 +++++++++++++++++++++++++++++++++++++++++++++ mod/oep.php | 13 ++++++++-- version.inc | 2 +- view/tpl/admin_security.tpl | 29 +++++++++++++++++++++ 4 files changed, 103 insertions(+), 3 deletions(-) create mode 100755 view/tpl/admin_security.tpl diff --git a/mod/admin.php b/mod/admin.php index b537992d7..7ca2efa35 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -62,6 +62,9 @@ function admin_post(&$a){ case 'hubloc': admin_page_hubloc_post($a); break; + case 'security': + admin_page_security_post($a); + break; case 'features': admin_page_features_post($a); break; @@ -116,6 +119,9 @@ function admin_content(&$a) { // case 'hubloc': // $o = admin_page_hubloc($a); // break; + case 'security': + $o = admin_page_security($a); + break; case 'features': $o = admin_page_features($a); break; @@ -536,6 +542,15 @@ function admin_page_hubloc_post(&$a){ goaway($a->get_baseurl(true) . '/admin/hubloc' ); } +function admin_page_security_post(&$a){ + check_form_security_token_redirectOnErr('/admin/security', 'admin_security'); + + + goaway(z_root() . '/admin/security'); +} + + + function admin_page_features_post(&$a) { @@ -626,6 +641,53 @@ function admin_page_hubloc(&$a) { )); } +function admin_page_security(&$a) { + + $whitesites = get_config('system','whitelisted_sites'); + $whitesites_str = ((is_array($whitesites)) ? implode($whitesites,"\n") : ''); + + $blacksites = get_config('system','blacklisted_sites'); + $blacksites_str = ((is_array($blacksites)) ? implode($blacksites,"\n") : ''); + + + $whitechannels = get_config('system','whitelisted_channels'); + $whitechannels_str = ((is_array($whitechannels)) ? implode($whitechannels,"\n") : ''); + + $blackchannels = get_config('system','blacklisted_channels'); + $blackchannels_str = ((is_array($blackchannels)) ? implode($blackchannels,"\n") : ''); + + + $whiteembeds = get_config('system','embed_allow'); + $whiteembeds_str = ((is_array($whiteembeds)) ? implode($whiteembeds,"\n") : ''); + + $blackembeds = get_config('system','embed_deny'); + $blackembeds_str = ((is_array($blackembeds)) ? implode($blackembeds,"\n") : ''); + + $embed_coop = intval(get_config('system','embed_coop')); + + if((! $whiteembeds) && (! $blackembeds) && (! $embed_coop)) + $blackembeds_str = "youtube.com\nyoutu.be\ntwitter.com\nvimeo.com\nsoundcloud.com"; + + $t = get_markup_template('admin_security.tpl'); + return replace_macros($t, array( + '$title' => t('Administration'), + '$page' => t('Security'), + '$form_security_token' => get_form_security_token('admin_security'), + '$block_public' => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently authenticated.")), + '$whitelisted_sites' => array('whitelisted_sites', t('Allow communications only from these sites'), $whitesites_str, t('One site per line. Leave empty to allow communication from anywhere by default')), + '$blacklisted_sites' => array('blacklisted_sites', t('Block communications from these sites'), $blacksites_str, ''), + '$whitelisted_channels' => array('whitelisted_channels', t('Allow communications only from these channels'), $whitechannels_str, t('One channel (hash) per line. Leave empty to allow from any channel by default')), + '$blacklisted_channels' => array('blacklisted_channels', t('Block communications from these channels'), $blackchannels_str, ''), + '$embed_allow' => array('embed_allow', t('Allow embedded HTML content only from these domains'), $whiteembeds_str, t('One site per line. Leave empty to allow from any site by default')), + '$embed_deny' => array('embed_deny', t('Block embedded HTML from these domains'), $blackembeds_str, ''), + + '$embed_coop' => array('embed_coop', t('Cooperative embed security'), $embed_coop, t('Enable to share embed security with other compatible sites/hubs')), + '$submit' => t('Submit') + )); +} + + + function admin_page_dbsync(&$a) { $o = ''; diff --git a/mod/oep.php b/mod/oep.php index 3855a1b4a..42535c069 100644 --- a/mod/oep.php +++ b/mod/oep.php @@ -8,6 +8,7 @@ function oep_init(&$a) { logger('oep: ' . print_r($_REQUEST,true), LOGGER_DEBUG, LOG_INFO); + $html = ((argc() > 1 && argv(1) === 'html') ? true : false); if($_REQUEST['url']) { $_REQUEST['url'] = strip_zids($_REQUEST['url']); $url = $_REQUEST['url']; @@ -38,8 +39,16 @@ function oep_init(&$a) { $arr = oep_profile_reply($_REQUEST); if($arr) { - header('Content-Type: application/json+oembed'); - echo json_encode($arr); + if($html) { + if($arr['type'] === 'rich') { + header('Content-Type: text/html'); + echo $arr['html']; + } + } + else { + header('Content-Type: application/json+oembed'); + echo json_encode($arr); + } killme(); } diff --git a/version.inc b/version.inc index 1d1ae17f2..acec8d8d9 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2016-02-02.1297H +2016-02-03.1298H diff --git a/view/tpl/admin_security.tpl b/view/tpl/admin_security.tpl new file mode 100755 index 000000000..62120c17c --- /dev/null +++ b/view/tpl/admin_security.tpl @@ -0,0 +1,29 @@ +
+

{{$title}} - {{$page}}

+ +
+ + + {{include file="field_checkbox.tpl" field=$block_public}} + + + {{include file="field_textarea.tpl" field=$whitelisted_sites}} + {{include file="field_textarea.tpl" field=$blacklisted_sites}} + + {{include file="field_textarea.tpl" field=$whitelisted_channels}} + {{include file="field_textarea.tpl" field=$blacklisted_channels}} + + + {{include file="field_checkbox.tpl" field=$embed_coop}} + + {{include file="field_textarea.tpl" field=$embed_allow}} + {{include file="field_textarea.tpl" field=$embed_deny}} + + +
+ +
+ +
+ +
-- cgit v1.2.3 From c75f76f740be16f9880650fcff359d7afd85991d Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 3 Feb 2016 20:24:46 -0800 Subject: heavy lifting on admin security page --- include/widgets.php | 1 + mod/admin.php | 40 +++++++++++++++++++++++++++++++++++++++- util/config | 19 ++++++++++++++++--- view/tpl/admin_aside.tpl | 1 + view/tpl/admin_security.tpl | 2 ++ 5 files changed, 59 insertions(+), 4 deletions(-) diff --git a/include/widgets.php b/include/widgets.php index 7e502e4c2..011e3a8d7 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -1269,6 +1269,7 @@ function widget_admin($arr) { 'site' => array(z_root() . '/admin/site/', t('Site'), 'site'), 'users' => array(z_root() . '/admin/users/', t('Accounts'), 'users'), 'channels' => array(z_root() . '/admin/channels/', t('Channels'), 'channels'), + 'security' => array(z_root() . '/admin/security/', t('Security'), 'security'), 'features' => array(z_root() . '/admin/features/', t('Features'), 'features'), 'plugins' => array(z_root() . '/admin/plugins/', t('Plugins'), 'plugins'), 'themes' => array(z_root() . '/admin/themes/', t('Themes'), 'themes'), diff --git a/mod/admin.php b/mod/admin.php index 7ca2efa35..bdb4bf861 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -542,9 +542,47 @@ function admin_page_hubloc_post(&$a){ goaway($a->get_baseurl(true) . '/admin/hubloc' ); } +function trim_array_elems($arr) { + $narr = array(); + + if($arr && is_array($arr)) { + for($x = 0; $x < count($arr); $x ++) { + $y = trim($arr[$x]); + if($y) + $narr[] = $y; + } + } + return $narr; +} + function admin_page_security_post(&$a){ check_form_security_token_redirectOnErr('/admin/security', 'admin_security'); +logger('post: ' . print_r($_POST,true)); + + $block_public = ((x($_POST,'block_public')) ? True : False); + set_config('system','block_public',$block_public); + + $ws = trim_array_elems(explode("\n",$_POST['whitelisted_sites'])); + set_config('system','whitelisted_sites',$ws); + + $bs = trim_array_elems(explode("\n",$_POST['blacklisted_sites'])); + set_config('system','blacklisted_sites',$bs); + + $wc = trim_array_elems(explode("\n",$_POST['whitelisted_channels'])); + set_config('system','whitelisted_channels',$wc); + + $bc = trim_array_elems(explode("\n",$_POST['blacklisted_channels'])); + set_config('system','blacklisted_channels',$bc); + + $embed_coop = ((x($_POST,'embed_coop')) ? True : False); + set_config('system','embed_coop',$embed_coop); + + $we = trim_array_elems(explode("\n",$_POST['embed_allow'])); + set_config('system','embed_allow',$we); + + $be = trim_array_elems(explode("\n",$_POST['embed_deny'])); + set_config('system','embed_deny',$be); goaway(z_root() . '/admin/security'); } @@ -666,7 +704,7 @@ function admin_page_security(&$a) { $embed_coop = intval(get_config('system','embed_coop')); if((! $whiteembeds) && (! $blackembeds) && (! $embed_coop)) - $blackembeds_str = "youtube.com\nyoutu.be\ntwitter.com\nvimeo.com\nsoundcloud.com"; + $whiteembeds_str = "youtube.com\nyoutu.be\ntwitter.com\nvimeo.com\nsoundcloud.com\nwikipedia.com"; $t = get_markup_template('admin_security.tpl'); return replace_macros($t, array( diff --git a/util/config b/util/config index 67fe14f93..74a9219b5 100755 --- a/util/config +++ b/util/config @@ -8,12 +8,14 @@ require_once('include/cli_startup.php'); cli_startup(); if($argc > 3) { + + set_config($argv[1],$argv[2],$argv[3]); - echo "config[{$argv[1]}][{$argv[2]}] = " . get_config($argv[1],$argv[2]) . "\n"; + echo "config[{$argv[1]}][{$argv[2]}] = " . printable_config(get_config($argv[1],$argv[2])) . "\n"; } if($argc == 3) { - echo "config[{$argv[1]}][{$argv[2]}] = " . get_config($argv[1],$argv[2]) . "\n"; + echo "config[{$argv[1]}][{$argv[2]}] = " . printable_config(get_config($argv[1],$argv[2])) . "\n"; } if($argc == 2) { @@ -27,8 +29,19 @@ if($argc == 1) { $r = q("select * from config where 1"); if($r) { foreach($r as $rr) { - echo "config[{$rr['cat']}][{$rr['k']}] = " . $rr['v'] . "\n"; + echo "config[{$rr['cat']}][{$rr['k']}] = " . printable_config($rr['v']) . "\n"; } } } +function printable_config($x) { + $s = ''; + if(is_array($x)) { + foreach($x as $v) { + $s .= $v . "\n"; + } + return $s; + } + else + return $x; +} \ No newline at end of file diff --git a/view/tpl/admin_aside.tpl b/view/tpl/admin_aside.tpl index 0a77ef73c..ab190fc95 100755 --- a/view/tpl/admin_aside.tpl +++ b/view/tpl/admin_aside.tpl @@ -16,6 +16,7 @@
  • {{$admin.site.1}}
  • {{$admin.users.1}}
  • {{$admin.channels.1}}
    • +
  • {{$admin.security.1}}
  • {{$admin.queue.1}}
  • {{$admin.plugins.1}}
  • {{$admin.themes.1}}
    • diff --git a/view/tpl/admin_security.tpl b/view/tpl/admin_security.tpl index 62120c17c..691db2d88 100755 --- a/view/tpl/admin_security.tpl +++ b/view/tpl/admin_security.tpl @@ -3,6 +3,8 @@
    + + {{include file="field_checkbox.tpl" field=$block_public}} -- cgit v1.2.3 From 24e2eedd0f3d119d9483ad787c288265e8429072 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 3 Feb 2016 20:29:46 -0800 Subject: don't implement the default embed whitelist just yet --- mod/admin.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/mod/admin.php b/mod/admin.php index bdb4bf861..dfdc65245 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -703,8 +703,9 @@ function admin_page_security(&$a) { $embed_coop = intval(get_config('system','embed_coop')); - if((! $whiteembeds) && (! $blackembeds) && (! $embed_coop)) - $whiteembeds_str = "youtube.com\nyoutu.be\ntwitter.com\nvimeo.com\nsoundcloud.com\nwikipedia.com"; +// wait to implement this until we have a co-op in place. +// if((! $whiteembeds) && (! $blackembeds) && (! $embed_coop)) +// $whiteembeds_str = "youtube.com\nyoutu.be\ntwitter.com\nvimeo.com\nsoundcloud.com\nwikipedia.com"; $t = get_markup_template('admin_security.tpl'); return replace_macros($t, array( -- cgit v1.2.3 From e6f388d8694b3f33d2039a525a855775487ca77c Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 3 Feb 2016 20:32:26 -0800 Subject: finish moving block_public to the new security page --- mod/admin.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/mod/admin.php b/mod/admin.php index dfdc65245..09bfef84a 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -257,7 +257,6 @@ function admin_page_site_post(&$a){ $allowed_sites = ((x($_POST,'allowed_sites')) ? notags(trim($_POST['allowed_sites'])) : ''); $allowed_email = ((x($_POST,'allowed_email')) ? notags(trim($_POST['allowed_email'])) : ''); $not_allowed_email = ((x($_POST,'not_allowed_email')) ? notags(trim($_POST['not_allowed_email'])) : ''); - $block_public = ((x($_POST,'block_public')) ? True : False); $force_publish = ((x($_POST,'publish_all')) ? True : False); $disable_discover_tab = ((x($_POST,'disable_discover_tab')) ? False : True); $login_on_homepage = ((x($_POST,'login_on_homepage')) ? True : False); @@ -322,7 +321,6 @@ function admin_page_site_post(&$a){ set_config('system','allowed_sites', $allowed_sites); set_config('system','allowed_email', $allowed_email); set_config('system','not_allowed_email', $not_allowed_email); - set_config('system','block_public', $block_public); set_config('system','publish_all', $force_publish); set_config('system','disable_discover_tab', $disable_discover_tab); if ($global_directory == '') { @@ -483,7 +481,6 @@ function admin_page_site(&$a) { '$allowed_sites' => array('allowed_sites', t("Allowed friend domains"), get_config('system','allowed_sites'), t("Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains")), '$allowed_email' => array('allowed_email', t("Allowed email domains"), get_config('system','allowed_email'), t("Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains")), '$not_allowed_email' => array('not_allowed_email', t("Not allowed email domains"), get_config('system','not_allowed_email'), t("Comma separated list of domains which are not allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains, unless allowed domains have been defined.")), - '$block_public' => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently logged in.")), '$verify_email' => array('verify_email', t("Verify Email Addresses"), get_config('system','verify_email'), t("Check to verify email addresses used in account registration (recommended).")), '$force_publish' => array('publish_all', t("Force publish"), get_config('system','publish_all'), t("Check to force all profiles on this site to be listed in the site directory.")), '$disable_discover_tab' => array('disable_discover_tab', t('Import Public Streams'), $discover_tab, t('Import and allow access to public content pulled from other sites. Warning: this content is unmoderated.')), -- cgit v1.2.3 From 18208fab8462ebeffe047110d696c6d6cbf13a05 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 4 Feb 2016 11:58:56 -0800 Subject: poke basic config setting --- include/text.php | 26 +++++++++++++++++--------- version.inc | 2 +- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/include/text.php b/include/text.php index 0b5ad9c72..f6fa1c304 100644 --- a/include/text.php +++ b/include/text.php @@ -968,16 +968,24 @@ function get_poke_verbs() { // index is present tense verb // value is array containing past tense verb, translation of present, translation of past - $arr = array( - 'poke' => array( 'poked', t('poke'), t('poked')), - 'ping' => array( 'pinged', t('ping'), t('pinged')), - 'prod' => array( 'prodded', t('prod'), t('prodded')), - 'slap' => array( 'slapped', t('slap'), t('slapped')), - 'finger' => array( 'fingered', t('finger'), t('fingered')), - 'rebuff' => array( 'rebuffed', t('rebuff'), t('rebuffed')), - ); + if(get_config('system','poke_basic')) { + $arr = array( + 'poke' => array( 'poked', t('poke'), t('poked')), + ); + } + else { + $arr = array( + 'poke' => array( 'poked', t('poke'), t('poked')), + 'ping' => array( 'pinged', t('ping'), t('pinged')), + 'prod' => array( 'prodded', t('prod'), t('prodded')), + 'slap' => array( 'slapped', t('slap'), t('slapped')), + 'finger' => array( 'fingered', t('finger'), t('fingered')), + 'rebuff' => array( 'rebuffed', t('rebuff'), t('rebuffed')), + ); + + call_hooks('poke_verbs', $arr); + } - call_hooks('poke_verbs', $arr); return $arr; } diff --git a/version.inc b/version.inc index acec8d8d9..17c7ed1be 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2016-02-03.1298H +2016-02-04.1299H -- cgit v1.2.3 From 40b00ab3624ba935e9bfdc1bccac373c0daf4597 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 4 Feb 2016 16:09:36 -0800 Subject: add system black/white list for embeds ahead of personal config --- include/oembed.php | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/include/oembed.php b/include/oembed.php index 7c577b6c2..cac0154f6 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -3,6 +3,34 @@ function oembed_replacecb($matches){ $embedurl=$matches[1]; + + // site white/black list + + if(($x = get_config('system','embed_deny'))) { + $l = explode("\n",$x); + if($l) { + foreach($l as $ll) { + if(trim($ll) && strpos($embedurl,trim($ll)) !== false) + return '' . $embedurl . ''; + } + } + } + if(($x = get_config('system','embed_allow'))) { + $found = false; + $l = explode("\n",$x); + if($l) { + foreach($l as $ll) { + if(trim($ll) && strpos($embedurl,trim($ll)) !== false) { + $found = true; + break; + } + } + } + if(! $found) { + return '' . $embedurl . ''; + } + } + // implements a personal embed white/black list for logged in members if(local_channel()) { if(($x = get_pconfig(local_channel(),'system','embed_deny'))) { -- cgit v1.2.3 From d586f64e406306a9fc55e55fa6d153e46fe0796c Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 4 Feb 2016 18:35:40 -0800 Subject: update the poke page layout and UI --- mod/poke.php | 19 +++++++++++--- view/tpl/poke_content.tpl | 64 +++++++++++++++++++++++++++++------------------ 2 files changed, 55 insertions(+), 28 deletions(-) diff --git a/mod/poke.php b/mod/poke.php index f66d28956..15a69780c 100755 --- a/mod/poke.php +++ b/mod/poke.php @@ -158,16 +158,27 @@ function poke_content(&$a) { if($v[1] !== 'NOTRANSLATION') $shortlist[] = array($k,$v[1]); - $tpl = get_markup_template('poke_content.tpl'); - $o = replace_macros($tpl,array( - '$title' => t('Poke/Prod'), - '$desc' => t('poke, prod or do other things to somebody'), + $poke_basic = get_config('system','poke_basic'); + if($poke_basic) { + $title = t('Poke'); + $desc = t('Poke somebody'); + } + else { + $title = t('Poke/Prod'); + $desc = t('Poke, prod or do other things to somebody'); + } + + $o = replace_macros(get_markup_template('poke_content.tpl'),array( + '$title' => $title, + '$poke_basic' => $poke_basic, + '$desc' => $desc, '$clabel' => t('Recipient'), '$choice' => t('Choose what you wish to do to recipient'), '$verbs' => $shortlist, '$parent' => $parent, '$prv_desc' => t('Make this post private'), + '$private' => array('private', t('Make this post private'), false, ''), '$submit' => t('Submit'), '$name' => $name, '$id' => $id diff --git a/view/tpl/poke_content.tpl b/view/tpl/poke_content.tpl index 22a0b291f..f368cb024 100755 --- a/view/tpl/poke_content.tpl +++ b/view/tpl/poke_content.tpl @@ -1,32 +1,48 @@ -

    {{$title}}

    -
    {{$desc}}
    +
    +
    +

    {{$title}}

    +
    +
    - -
    -
    +
    {{$desc}}
    -
    {{$clabel}}
    -
    - - - -
    -
    -
    {{$choice}}
    -
    -
    - -
    -
    -
    {{$prv_desc}}
    -

    + + + + + +
    + + +
    + + + + + +{{if $poke_basic}} + +{{else}} +
    + + +
    +{{/if}} + +{{if ! $parent}} +{{include file="field_checkbox.tpl" field=$private}} +{{/if}} + + +
    +
    -- cgit v1.2.3 From 721f61a71d854ceeba17e216cbe5f5bfd4887508 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 4 Feb 2016 18:38:36 -0800 Subject: update docs --- doc/hidden_configs.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/hidden_configs.bb b/doc/hidden_configs.bb index 0f6c0f635..4418e45ea 100644 --- a/doc/hidden_configs.bb +++ b/doc/hidden_configs.bb @@ -100,6 +100,8 @@ This document assumes you're an administrator. [b]system.paranoia[/b] As the pconfig, but on a site-wide basis. Can be overwritten by member settings. + [b]system.poke_basic[/b] + Reduce the number of poke verbs to exactly 1 ("poke"). Disable other verbs. [b]system.openssl_conf_file[/b] Specify a file containing OpenSSL configuration. Read the code first. If you can't read the code, don't play with it. -- cgit v1.2.3 From bfeb89075f5e9d3a966c35fd1d0ec56e637a1522 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 4 Feb 2016 19:06:11 -0800 Subject: comment buttons hook --- include/ItemObject.php | 6 ++++++ view/tpl/comment_item.tpl | 1 + 2 files changed, 7 insertions(+) diff --git a/include/ItemObject.php b/include/ItemObject.php index 1b7b2ce78..4bc280e73 100644 --- a/include/ItemObject.php +++ b/include/ItemObject.php @@ -681,6 +681,11 @@ class Item extends BaseObject { $qc = ((local_channel()) ? get_pconfig(local_channel(),'system','qcomment') : null); $qcomment = (($qc) ? explode("\n",$qc) : null); + $arr = array('comment_buttons' => ''); + call_hooks('comment_buttons',$arr); + $comment_buttons = $arr['comment_buttons']; + + $comment_box = replace_macros($template,array( '$return_path' => '', '$threaded' => $this->is_threaded(), @@ -689,6 +694,7 @@ class Item extends BaseObject { '$id' => $this->get_id(), '$parent' => $this->get_id(), '$qcomment' => $qcomment, + '$comment_buttons' => $comment_buttons, '$profile_uid' => $conv->get_profile_owner(), '$mylink' => $observer['xchan_url'], '$mytitle' => t('This is you'), diff --git a/view/tpl/comment_item.tpl b/view/tpl/comment_item.tpl index 49c6af764..0c0cb984c 100755 --- a/view/tpl/comment_item.tpl +++ b/view/tpl/comment_item.tpl @@ -57,6 +57,7 @@ {{/if}} + {{$comment_buttons}}
    {{if $preview}} -- cgit v1.2.3 From 425089524373137e11d3691e7efdce0fb89281c8 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 4 Feb 2016 20:38:22 -0800 Subject: make strict transport security header optional --- boot.php | 2 +- doc/hidden_configs.bb | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/boot.php b/boot.php index 238935da3..cb595e0ef 100755 --- a/boot.php +++ b/boot.php @@ -2164,7 +2164,7 @@ function construct_page(&$a) { // security headers - see https://securityheaders.io - if($a->get_scheme() === 'https') + if($a->get_scheme() === 'https' && $a->config['system']['transport_security_header']) header("Strict-Transport-Security: max-age=31536000"); header("Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"); diff --git a/doc/hidden_configs.bb b/doc/hidden_configs.bb index 4418e45ea..af938b0a6 100644 --- a/doc/hidden_configs.bb +++ b/doc/hidden_configs.bb @@ -100,6 +100,8 @@ This document assumes you're an administrator. [b]system.paranoia[/b] As the pconfig, but on a site-wide basis. Can be overwritten by member settings. + [b]system.transport_security_header[/b] + if non-zero and SSL is being used, include a strict-transport-security header on webpages [b]system.poke_basic[/b] Reduce the number of poke verbs to exactly 1 ("poke"). Disable other verbs. [b]system.openssl_conf_file[/b] -- cgit v1.2.3