Merge remote branch 'gitorious/1.0.x' into 1.0.x
This commit is contained in:
commit
563b4f968a
@ -183,7 +183,7 @@ class GravatarPlugin extends Plugin
|
|||||||
|
|
||||||
function gravatar_url($email, $size)
|
function gravatar_url($email, $size)
|
||||||
{
|
{
|
||||||
$url = "http://www.gravatar.com/avatar.php?gravatar_id=".
|
$url = "https://secure.gravatar.com/avatar.php?gravatar_id=".
|
||||||
md5(strtolower($email)).
|
md5(strtolower($email)).
|
||||||
"&default=".urlencode(Avatar::defaultImage($size)).
|
"&default=".urlencode(Avatar::defaultImage($size)).
|
||||||
"&size=".$size;
|
"&size=".$size;
|
||||||
|
@ -125,7 +125,7 @@ class MapstractionPlugin extends Plugin
|
|||||||
urlencode($this->apikey)));
|
urlencode($this->apikey)));
|
||||||
break;
|
break;
|
||||||
case 'microsoft':
|
case 'microsoft':
|
||||||
$action->script('http://dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6');
|
$action->script((StatusNet::isHTTPS()?'https':'http') + '://dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6');
|
||||||
break;
|
break;
|
||||||
case 'openlayers':
|
case 'openlayers':
|
||||||
// XXX: is this not nice...?
|
// XXX: is this not nice...?
|
||||||
|
@ -51,15 +51,6 @@ class RecaptchaPlugin extends Plugin
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function checkssl()
|
|
||||||
{
|
|
||||||
if(common_config('site', 'ssl') === 'sometimes' || common_config('site', 'ssl') === 'always') {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
function onEndRegistrationFormData($action)
|
function onEndRegistrationFormData($action)
|
||||||
{
|
{
|
||||||
$action->elementStart('li');
|
$action->elementStart('li');
|
||||||
@ -79,7 +70,7 @@ class RecaptchaPlugin extends Plugin
|
|||||||
{
|
{
|
||||||
if (isset($action->recaptchaPluginNeedsOutput) && $action->recaptchaPluginNeedsOutput) {
|
if (isset($action->recaptchaPluginNeedsOutput) && $action->recaptchaPluginNeedsOutput) {
|
||||||
// Load the AJAX API
|
// Load the AJAX API
|
||||||
if ($this->checkssl()) {
|
if (StatusNet::isHTTPS()) {
|
||||||
$url = "https://api-secure.recaptcha.net/js/recaptcha_ajax.js";
|
$url = "https://api-secure.recaptcha.net/js/recaptcha_ajax.js";
|
||||||
} else {
|
} else {
|
||||||
$url = "http://api.recaptcha.net/js/recaptcha_ajax.js";
|
$url = "http://api.recaptcha.net/js/recaptcha_ajax.js";
|
||||||
|
21
plugins/StrictTransportSecurity/README
Normal file
21
plugins/StrictTransportSecurity/README
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
The Strict Transport Security plugin implements the Strict Transport Security header, improving the security of HTTPS only sites.
|
||||||
|
See http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html for the specification.
|
||||||
|
|
||||||
|
Installation
|
||||||
|
============
|
||||||
|
add "addPlugin('strictTransportSecurity');"
|
||||||
|
to the bottom of your config.php
|
||||||
|
|
||||||
|
The plugin will not do anything unless:
|
||||||
|
$config['site']['ssl'] is set to 'always'
|
||||||
|
$config['site']['path'] is either not set, empty, or '/'
|
||||||
|
|
||||||
|
Settings
|
||||||
|
========
|
||||||
|
max_age (15552000): sets how long to remember the forced HTTPS (seconds) (15552000 seconds is 180 days)
|
||||||
|
includeSubDomains (false): if set, then STS will apply to all the sub-domains too.
|
||||||
|
|
||||||
|
Example
|
||||||
|
=======
|
||||||
|
addPlugin('strictTransportSecurity');
|
||||||
|
|
@ -0,0 +1,62 @@
|
|||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* StatusNet, the distributed open-source microblogging tool
|
||||||
|
*
|
||||||
|
* Plugin to enable Single Sign On via CAS (Central Authentication Service)
|
||||||
|
*
|
||||||
|
* PHP version 5
|
||||||
|
*
|
||||||
|
* LICENCE: This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
* @category Plugin
|
||||||
|
* @package StatusNet
|
||||||
|
* @author Craig Andrews <candrews@integralblue.com>
|
||||||
|
* @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
|
||||||
|
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
||||||
|
* @link http://status.net/
|
||||||
|
*/
|
||||||
|
|
||||||
|
if (!defined('STATUSNET') && !defined('LACONICA')) {
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
class StrictTransportSecurityPlugin extends Plugin
|
||||||
|
{
|
||||||
|
public $max_age = 15552000;
|
||||||
|
public $includeSubDomains = false;
|
||||||
|
|
||||||
|
function __construct()
|
||||||
|
{
|
||||||
|
parent::__construct();
|
||||||
|
}
|
||||||
|
|
||||||
|
function onArgsInitialize($args)
|
||||||
|
{
|
||||||
|
$path = common_config('site', 'path');
|
||||||
|
if(common_config('site', 'ssl') == 'always' && ($path == '/' || ! $path )) {
|
||||||
|
header('Strict-Transport-Security: max-age=' . $this->max_age . + ($this->includeSubDomains?'; includeSubDomains':''));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function onPluginVersion(&$versions)
|
||||||
|
{
|
||||||
|
$versions[] = array('name' => 'StrictTransportSecurity',
|
||||||
|
'version' => STATUSNET_VERSION,
|
||||||
|
'author' => 'Craig Andrews',
|
||||||
|
'homepage' => 'http://status.net/wiki/Plugin:StrictTransportSecurity',
|
||||||
|
'rawdescription' =>
|
||||||
|
_m('The Strict Transport Security plugin implements the Strict Transport Security header, improving the security of HTTPS only sites.'));
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user