forked from GNUsocial/gnu-social
Merge remote branch 'gitorious/1.0.x' into 1.0.x
This commit is contained in:
commit
563b4f968a
@ -183,7 +183,7 @@ class GravatarPlugin extends Plugin
|
||||
|
||||
function gravatar_url($email, $size)
|
||||
{
|
||||
$url = "http://www.gravatar.com/avatar.php?gravatar_id=".
|
||||
$url = "https://secure.gravatar.com/avatar.php?gravatar_id=".
|
||||
md5(strtolower($email)).
|
||||
"&default=".urlencode(Avatar::defaultImage($size)).
|
||||
"&size=".$size;
|
||||
|
@ -125,7 +125,7 @@ class MapstractionPlugin extends Plugin
|
||||
urlencode($this->apikey)));
|
||||
break;
|
||||
case 'microsoft':
|
||||
$action->script('http://dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6');
|
||||
$action->script((StatusNet::isHTTPS()?'https':'http') + '://dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6');
|
||||
break;
|
||||
case 'openlayers':
|
||||
// XXX: is this not nice...?
|
||||
|
@ -51,15 +51,6 @@ class RecaptchaPlugin extends Plugin
|
||||
}
|
||||
}
|
||||
|
||||
function checkssl()
|
||||
{
|
||||
if(common_config('site', 'ssl') === 'sometimes' || common_config('site', 'ssl') === 'always') {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
function onEndRegistrationFormData($action)
|
||||
{
|
||||
$action->elementStart('li');
|
||||
@ -79,7 +70,7 @@ class RecaptchaPlugin extends Plugin
|
||||
{
|
||||
if (isset($action->recaptchaPluginNeedsOutput) && $action->recaptchaPluginNeedsOutput) {
|
||||
// Load the AJAX API
|
||||
if ($this->checkssl()) {
|
||||
if (StatusNet::isHTTPS()) {
|
||||
$url = "https://api-secure.recaptcha.net/js/recaptcha_ajax.js";
|
||||
} else {
|
||||
$url = "http://api.recaptcha.net/js/recaptcha_ajax.js";
|
||||
|
21
plugins/StrictTransportSecurity/README
Normal file
21
plugins/StrictTransportSecurity/README
Normal file
@ -0,0 +1,21 @@
|
||||
The Strict Transport Security plugin implements the Strict Transport Security header, improving the security of HTTPS only sites.
|
||||
See http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html for the specification.
|
||||
|
||||
Installation
|
||||
============
|
||||
add "addPlugin('strictTransportSecurity');"
|
||||
to the bottom of your config.php
|
||||
|
||||
The plugin will not do anything unless:
|
||||
$config['site']['ssl'] is set to 'always'
|
||||
$config['site']['path'] is either not set, empty, or '/'
|
||||
|
||||
Settings
|
||||
========
|
||||
max_age (15552000): sets how long to remember the forced HTTPS (seconds) (15552000 seconds is 180 days)
|
||||
includeSubDomains (false): if set, then STS will apply to all the sub-domains too.
|
||||
|
||||
Example
|
||||
=======
|
||||
addPlugin('strictTransportSecurity');
|
||||
|
@ -0,0 +1,62 @@
|
||||
<?php
|
||||
/**
|
||||
* StatusNet, the distributed open-source microblogging tool
|
||||
*
|
||||
* Plugin to enable Single Sign On via CAS (Central Authentication Service)
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* LICENCE: This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
* @category Plugin
|
||||
* @package StatusNet
|
||||
* @author Craig Andrews <candrews@integralblue.com>
|
||||
* @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
|
||||
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
||||
* @link http://status.net/
|
||||
*/
|
||||
|
||||
if (!defined('STATUSNET') && !defined('LACONICA')) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
class StrictTransportSecurityPlugin extends Plugin
|
||||
{
|
||||
public $max_age = 15552000;
|
||||
public $includeSubDomains = false;
|
||||
|
||||
function __construct()
|
||||
{
|
||||
parent::__construct();
|
||||
}
|
||||
|
||||
function onArgsInitialize($args)
|
||||
{
|
||||
$path = common_config('site', 'path');
|
||||
if(common_config('site', 'ssl') == 'always' && ($path == '/' || ! $path )) {
|
||||
header('Strict-Transport-Security: max-age=' . $this->max_age . + ($this->includeSubDomains?'; includeSubDomains':''));
|
||||
}
|
||||
}
|
||||
|
||||
function onPluginVersion(&$versions)
|
||||
{
|
||||
$versions[] = array('name' => 'StrictTransportSecurity',
|
||||
'version' => STATUSNET_VERSION,
|
||||
'author' => 'Craig Andrews',
|
||||
'homepage' => 'http://status.net/wiki/Plugin:StrictTransportSecurity',
|
||||
'rawdescription' =>
|
||||
_m('The Strict Transport Security plugin implements the Strict Transport Security header, improving the security of HTTPS only sites.'));
|
||||
return true;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user