From f90b3b60cb04b63386c9d16eb8dcb6530df979a0 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 26 Jan 2014 02:58:03 -0800 Subject: don't prompt guests for a password if they're accessing an embedded public file. --- include/security.php | 2 +- mod/cloud.php | 24 ++++++++++++++++++++++-- version.inc | 2 +- 3 files changed, 24 insertions(+), 4 deletions(-) diff --git a/include/security.php b/include/security.php index 4a15e52af..5e86cf790 100644 --- a/include/security.php +++ b/include/security.php @@ -61,7 +61,7 @@ function change_channel($change_channel) { intval(PAGE_REMOVED) ); - if($r) { + if($r) { $hash = $r[0]['channel_hash']; $_SESSION['uid'] = intval($r[0]['channel_id']); get_app()->set_channel($r[0]); diff --git a/mod/cloud.php b/mod/cloud.php index de42249fe..f6ea059ce 100644 --- a/mod/cloud.php +++ b/mod/cloud.php @@ -74,7 +74,6 @@ function cloud_init(&$a) { $_SERVER['REQUEST_URI'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['REQUEST_URI']); $_SERVER['REQUEST_URI'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']); - $rootDirectory = new RedDirectory('/',$auth); $server = new DAV\Server($rootDirectory); $lockBackend = new DAV\Locks\Backend\File('store/[data]/locks'); @@ -82,8 +81,29 @@ function cloud_init(&$a) { $server->addPlugin($lockPlugin); + // The next section of code allows us to bypass prompting for http-auth if a FILE is being accessed anonymously and permissions + // allow this. This way one can create hotlinks to public media files in their cloud and anonymous viewers won't get asked to login. + // If a DIRECTORY is accessed or there are permission issues accessing the file and we aren't previously authenticated via zot, + // prompt for HTTP-auth. This will be the default case for mounting a DAV directory. + + // FIXME - we may require one more hack here; to allow an unauthenticated guest to view your file collection (e.g. a DIRECTORY) from + // the web browser interface without prompting for password, but still requiring one for unauthenticated folks using DAV. We may be + // able to do this with a special $_GET request var and a cookie. + + $isapublic_file = false; + + if((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) { + try { + $x = RedFileData('/' . $a->cmd,$auth); + if($x instanceof RedFile) + $isapublic_file = true; + } + catch ( Exception $e ) { + $isapublic_file = false; + } + } - if(! $auth->observer) { + if((! $auth->observer) && (! $isapublic_file)) { try { $auth->Authenticate($server, t('Red Matrix - Guests: Username: {your email address}, Password: +++')); } diff --git a/version.inc b/version.inc index f55fb683d..d85ee0ed2 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2014-01-25.568 +2014-01-26.569 -- cgit v1.2.3 From 0948c3c3ca5aa3621247c7a77a05ac5acd085459 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 26 Jan 2014 03:27:36 -0800 Subject: allow site defaults for enabled features --- include/features.php | 2 ++ mod/settings.php | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/include/features.php b/include/features.php index 1f83eb319..cc8d457bc 100644 --- a/include/features.php +++ b/include/features.php @@ -7,6 +7,8 @@ function feature_enabled($uid,$feature) { $x = get_pconfig($uid,'feature',$feature); + if($x === false) + $x = get_config('feature',$feature); $arr = array('uid' => $uid, 'feature' => $feature, 'enabled' => $x); call_hooks('feature_enabled',$arr); return($arr['enabled']); diff --git a/mod/settings.php b/mod/settings.php index 5aa018cc2..ee6ef45de 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -635,7 +635,7 @@ function settings_content(&$a) { $arr[$fname] = array(); $arr[$fname][0] = $fdata[0]; foreach(array_slice($fdata,1) as $f) { - $arr[$fname][1][] = array('feature_' .$f[0],$f[1],((intval(get_pconfig(local_user(),'feature',$f[0]))) ? "1" : ''),$f[2],array(t('Off'),t('On'))); + $arr[$fname][1][] = array('feature_' .$f[0],$f[1],((intval(feature_enabled(local_user(),$f[0]))) ? "1" : ''),$f[2],array(t('Off'),t('On'))); } } -- cgit v1.2.3