Merge remote-tracking branch 'upstream/develop' into new-dba
This commit is contained in:
commit
cf90e3571f
4 changed files with 40 additions and 6 deletions
|
@ -44,6 +44,7 @@ Example: To set the directory value please add this line to your .htconfig.php:
|
|||
* **dlogfile - location of the developer log file
|
||||
* **event_input_format** - Default value is "ymd".
|
||||
* **frontend_worker_timeout** - Value in minutes after we think that a frontend task was killed by the webserver. Default value is 10.
|
||||
* **hsts** (Boolean) - Enables the sending of HTTP Strict Transport Security headers
|
||||
* **ignore_cache** (Boolean) - For development only. Disables the item cache.
|
||||
* **like_no_comment** (Boolean) - Don't update the "commented" value of an item when it is liked.
|
||||
* **local_block** (Boolean) - Used in conjunction with "block_public".
|
||||
|
|
|
@ -2233,7 +2233,7 @@ $called_api = null;
|
|||
|
||||
//don't send title to regular StatusNET requests to avoid confusing these apps
|
||||
if (x($_GET, 'getText')) {
|
||||
$ret['title'] = $item['title'] ;
|
||||
$ret['title'] = $item['title'];
|
||||
if ($_GET['getText'] == 'html') {
|
||||
$ret['text'] = bbcode($item['body'], false, false);
|
||||
} elseif ($_GET['getText'] == 'plain') {
|
||||
|
@ -2276,18 +2276,32 @@ $called_api = null;
|
|||
|
||||
$statushtml = trim(bbcode($body, false, false));
|
||||
|
||||
// Workaround for clients with limited HTML parser functionality
|
||||
$search = array("<br>", "<blockquote>", "</blockquote>",
|
||||
"<h1>", "</h1>", "<h2>", "</h2>",
|
||||
"<h3>", "</h3>", "<h4>", "</h4>",
|
||||
"<h5>", "</h5>", "<h6>", "</h6>");
|
||||
$replace = array("<br>\n", "\n<blockquote>", "</blockquote>\n",
|
||||
"\n<h1>", "</h1>\n", "\n<h2>", "</h2>\n",
|
||||
"\n<h3>", "</h3>\n", "\n<h4>", "</h4>\n",
|
||||
"\n<h5>", "</h5>\n", "\n<h6>", "</h6>\n");
|
||||
$replace = array("<br>", "<br><blockquote>", "</blockquote><br>",
|
||||
"<br><h1>", "</h1><br>", "<br><h2>", "</h2><br>",
|
||||
"<br><h3>", "</h3><br>", "<br><h4>", "</h4><br>",
|
||||
"<br><h5>", "</h5><br>", "<br><h6>", "</h6><br>");
|
||||
$statushtml = str_replace($search, $replace, $statushtml);
|
||||
|
||||
if ($item['title'] != "") {
|
||||
$statushtml = "<h4>" . bbcode($item['title']) . "</h4>\n" . $statushtml;
|
||||
$statushtml = "<br><h4>" . bbcode($item['title']) . "</h4><br>" . $statushtml;
|
||||
}
|
||||
|
||||
do {
|
||||
$oldtext = $statushtml;
|
||||
$statushtml = str_replace("<br><br>", "<br>", $statushtml);
|
||||
} while ($oldtext != $statushtml);
|
||||
|
||||
if (substr($statushtml, 0, 4) == '<br>') {
|
||||
$statushtml = substr($statushtml, 4);
|
||||
}
|
||||
|
||||
if (substr($statushtml, 0, -4) == '<br>') {
|
||||
$statushtml = substr($statushtml, -4);
|
||||
}
|
||||
|
||||
// feeds without body should contain the link
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
// Session management functions. These provide database storage of PHP
|
||||
// session info.
|
||||
|
||||
use Friendica\Core\Config;
|
||||
|
||||
require_once('include/cache.php');
|
||||
|
||||
$session_exists = 0;
|
||||
|
@ -114,6 +116,10 @@ ini_set('session.gc_probability', $gc_probability);
|
|||
ini_set('session.use_only_cookies', 1);
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
|
||||
if (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL) {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
}
|
||||
|
||||
if (!get_config('system', 'disable_database_session')) {
|
||||
session_set_save_handler('ref_session_open', 'ref_session_close',
|
||||
'ref_session_read', 'ref_session_write',
|
||||
|
|
13
index.php
13
index.php
|
@ -489,6 +489,19 @@ $profile = $a->profile;
|
|||
header("X-Friendica-Version: " . FRIENDICA_VERSION);
|
||||
header("Content-type: text/html; charset=utf-8");
|
||||
|
||||
if (Config::get('system', 'hsts') && (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL)) {
|
||||
header("Strict-Transport-Security: max-age=31536000");
|
||||
}
|
||||
|
||||
// Some security stuff
|
||||
header('X-Content-Type-Options: nosniff');
|
||||
header('X-XSS-Protection: 1; mode=block');
|
||||
header('X-Permitted-Cross-Domain-Policies: none');
|
||||
header('X-Frame-Options: sameorigin');
|
||||
|
||||
// Things like embedded OSM maps don't work, when this is enabled
|
||||
// header("Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' https: data:; media-src 'self' https:; child-src 'self' https:; object-src 'none'");
|
||||
|
||||
/*
|
||||
* We use $_GET["mode"] for special page templates. So we will check if we have
|
||||
* to load another page template than the default one.
|
||||
|
|
Loading…
Reference in a new issue