Either use or don't use HTTPS

The risk of injection attacks using HTTP is too great to allow a site that allows both HTTP and HTTPS...
2016-02-10 00:57:39 +01:00
parent dcf29c2a07
commit ec257d940a
11 changed files with 9 additions and 118 deletions
--- a/plugins/TwitterBridge/TwitterBridgePlugin.php
+++ b/plugins/TwitterBridge/TwitterBridgePlugin.php
@@ -323,31 +323,6 @@ class TwitterBridgePlugin extends Plugin
        return (bool)$this->adminImportControl;
    }

-    /**
-     * When the site is set to ssl=sometimes mode, we should make sure our
-     * various auth-related pages are on SSL to keep things looking happy.
-     * Although we're not submitting passwords directly, we do link out to
-     * an authentication source and it's a lot happier if we've got some
-     * protection against MitM.
-     *
-     * @param string $action name
-     * @param boolean $ssl outval to force SSL
-     * @return mixed hook return value
-     */
-    function onSensitiveAction($action, &$ssl)
-    {
-        $sensitive = array('twitteradminpanel',
-                           'twittersettings',
-                           'twitterauthorization',
-                           'twitterlogin');
-        if (in_array($action, $sensitive)) {
-            $ssl = true;
-            return false;
-        } else {
-            return true;
-        }
-    }
-
    /**
     * Database schema setup
     *