Either use or don't use HTTPS

The risk of injection attacks using HTTP is too great to allow a
site that allows both HTTP and HTTPS...
This commit is contained in:
Mikael Nordfeldth 2016-02-10 00:57:39 +01:00
parent dcf29c2a07
commit ec257d940a
11 changed files with 9 additions and 118 deletions

View File

@ -418,8 +418,6 @@ class PathsAdminPanelForm extends AdminForm
// TRANS: Drop down option in Paths admin panel (option for "When to use SSL").
$ssl = array('never' => _('Never'),
// TRANS: Drop down option in Paths admin panel (option for "When to use SSL").
'sometimes' => _('Sometimes'),
// TRANS: Drop down option in Paths admin panel (option for "When to use SSL").
'always' => _('Always'));
$this->out->dropdown('site-ssl',

View File

@ -187,16 +187,7 @@ class Avatar extends Managed_DataObject
$server = common_config('site', 'server');
}
$ssl = common_config('avatar', 'ssl');
if (is_null($ssl)) { // null -> guess
if (common_config('site', 'ssl') == 'always' &&
!common_config('avatar', 'server')) {
$ssl = true;
} else {
$ssl = false;
}
}
$ssl = (common_config('avatar', 'ssl') || GNUsocial::useHTTPS());
$protocol = ($ssl) ? 'https' : 'http';

View File

@ -350,7 +350,7 @@ STR;
$fail = true;
}
if (!in_array($this->ssl, array('never', 'sometimes', 'always'))) {
if (!in_array($this->ssl, array('never', 'always'))) {
$this->updateStatus("Bad value for server SSL enabling.");
$fail = true;
}

View File

@ -405,7 +405,7 @@ abstract class Installer
'sitename' => $this->sitename,
'server' => $this->server,
'path' => $this->path,
'ssl' => in_array($this->ssl, array('never', 'sometimes', 'always'))
'ssl' => in_array($this->ssl, array('never', 'always'))
? $this->ssl
: 'never',
'db_database' => $this->db['database'],

View File

@ -354,7 +354,7 @@ function common_set_cookie($key, $value, $expiration=0)
$expiration,
$cookiepath,
$server,
common_config('site', 'ssl')=='always');
GNUsocial::useHTTPS());
}
define('REMEMBERME', 'rememberme');
@ -1345,9 +1345,7 @@ function common_local_url($action, $args=null, $params=null, $fragment=null, $ad
$r = Router::get();
$path = $r->build($action, $args, $params, $fragment);
$ssl = common_config('site', 'ssl') === 'always'
|| GNUsocial::isHTTPS()
|| common_is_sensitive($action);
$ssl = GNUsocial::useHTTPS();
if (common_config('site','fancy')) {
$url = common_path($path, $ssl, $addSession);
@ -1363,35 +1361,11 @@ function common_local_url($action, $args=null, $params=null, $fragment=null, $ad
return $url;
}
function common_is_sensitive($action)
{
static $sensitive = array(
'login',
'register',
'passwordsettings',
'api',
'ApiOAuthRequestToken',
'ApiOAuthAccessToken',
'ApiOAuthAuthorize',
'ApiOAuthPin',
'showapplication'
);
$ssl = null;
if (Event::handle('SensitiveAction', array($action, &$ssl))) {
$ssl = in_array($action, $sensitive);
}
return $ssl;
}
function common_path($relative, $ssl=false, $addSession=true)
{
$pathpart = (common_config('site', 'path')) ? common_config('site', 'path')."/" : '';
if (($ssl && (common_config('site', 'ssl') === 'sometimes'))
|| GNUsocial::isHTTPS()
|| common_config('site', 'ssl') === 'always') {
if ($ssl && GNUsocial::useHTTPS()) {
$proto = 'https';
if (is_string(common_config('site', 'sslserver')) &&
mb_strlen(common_config('site', 'sslserver')) > 0) {

View File

@ -472,30 +472,6 @@ ENDOFSCRIPT;
return true;
}
/*
* Use SSL for Facebook stuff
*
* @param string $action name
* @param boolean $ssl outval to force SSL
* @return mixed hook return value
*/
function onSensitiveAction($action, &$ssl)
{
$sensitive = array(
'facebookadminpanel',
'facebooksettings',
'facebooklogin',
'facebookfinishlogin'
);
if (in_array($action, $sensitive)) {
$ssl = true;
return false;
} else {
return true;
}
}
/**
* If a notice gets deleted, remove the Notice_to_item mapping and
* delete the item on Facebook

View File

@ -329,29 +329,6 @@ class OpenIDPlugin extends Plugin
return parent::onAutoload($cls);
}
/**
* Sensitive actions
*
* These actions should use https when SSL support is 'sometimes'
*
* @param Action $action Action to form an URL for
* @param boolean &$ssl Whether to mark it for SSL
*
* @return boolean hook return
*/
function onSensitiveAction($action, &$ssl)
{
switch ($action)
{
case 'finishopenidlogin':
case 'finishaddopenid':
$ssl = true;
return false;
default:
return true;
}
}
/**
* Login actions
*

View File

@ -7,7 +7,7 @@ add "addPlugin('strictTransportSecurity');"
to the bottom of your config.php
The plugin will not do anything unless:
$config['site']['ssl'] is set to 'always'
$config['site']['ssl'] is set to something other than 'never'
$config['site']['path'] is either not set, empty, or '/'
Settings

View File

@ -43,7 +43,7 @@ class StrictTransportSecurityPlugin extends Plugin
function onArgsInitialize($args)
{
$path = common_config('site', 'path');
if(common_config('site', 'ssl') == 'always' && ($path == '/' || ! $path )) {
if (GNUsocial::useHTTPS() && ($path == '/' || mb_strlen($path)==0 )) {
header('Strict-Transport-Security: max-age=' . $this->max_age
. ($this->includeSubDomains ? '; includeSubDomains' : '')
. ($this->preloadToken ? '; preload' : ''));

View File

@ -323,31 +323,6 @@ class TwitterBridgePlugin extends Plugin
return (bool)$this->adminImportControl;
}
/**
* When the site is set to ssl=sometimes mode, we should make sure our
* various auth-related pages are on SSL to keep things looking happy.
* Although we're not submitting passwords directly, we do link out to
* an authentication source and it's a lot happier if we've got some
* protection against MitM.
*
* @param string $action name
* @param boolean $ssl outval to force SSL
* @return mixed hook return value
*/
function onSensitiveAction($action, &$ssl)
{
$sensitive = array('twitteradminpanel',
'twittersettings',
'twitterauthorization',
'twitterlogin');
if (in_array($action, $sensitive)) {
$ssl = true;
return false;
} else {
return true;
}
}
/**
* Database schema setup
*

View File

@ -161,7 +161,7 @@ install_cli.php - StatusNet command-line installer
--sitename User-friendly site name (required)
--fancy Whether to use fancy URLs (default no)
--ssl Server SSL enabled (default never),
[never | sometimes | always]
[never | always]
--dbtype 'mysql' (default) or 'pgsql'
--host Database hostname (required)