Home Explore Help
Register Sign In
Omnimaga
/
SMF2.1
mirror of [email protected]:Omnimaga/SMF2.1.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

! There are several places that HTTP only is expected but HTTPS is quite feasible.

Signed-off-by: Peter Spicer <[email protected]>
Peter Spicer 10 years ago
parent
dae23d8ae5
commit
b3d25d972c
10 changed files with 24 additions and 22 deletions
Split View Show Diff Stats
  1. 2 0
      Sources/Class-Package.php
  2. 3 3
      Sources/Load.php
  3. 3 3
      Sources/MessageIndex.php
  4. 1 1
      Sources/PackageGet.php
  5. 7 7
      Sources/Profile-Modify.php
  6. 1 1
      Sources/ScheduledTasks.php
  7. 3 3
      Sources/Subs-BoardIndex.php
  8. 1 1
      Sources/Subs-Graphics.php
  9. 2 2
      Sources/Subs-Package.php
  10. 1 1
      Sources/Subs.php

+ 2 - 0
Sources/Class-Package.php
View File 

@@ -784,6 +784,8 @@ class ftp_connection
 
 			$ftp_server = 'ssl://' . substr($ftp_server, 7);
 
 		if (strpos($ftp_server, 'http://') === 0)
 
 			$ftp_server = substr($ftp_server, 7);
 
+		elseif (strpos($ftp_server, 'https://') === 0)
 
+			$ftp_server = substr($ftp_server, 8);
 
 		$ftp_server = strtr($ftp_server, array('/' => '', ':' => '', '@' => ''));
 
 
 		// Connect to the FTP server.

+ 3 - 3
Sources/Load.php
View File 

@@ -1208,9 +1208,9 @@ function loadMemberContext($user, $display_custom_fields = false)
 
 			'posts' => $profile['posts'] > 500000 ? $txt['geek'] : comma_format($profile['posts']),
 
 			'avatar' => array(
 
 				'name' => $profile['avatar'],
 
-				'image' => $profile['avatar'] == '' ? ($profile['id_attach'] > 0 ? '<img class="avatar" src="' . (empty($profile['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $profile['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $profile['filename']) . '" alt="" />' : '') : (stristr($profile['avatar'], 'http://') ? '<img class="avatar" src="' . $profile['avatar'] . '"' . $avatar_width . $avatar_height . ' alt="" />' : '<img class="avatar" src="' . $modSettings['avatar_url'] . '/' . $smcFunc['htmlspecialchars']($profile['avatar']) . '" alt="" />'),
 
-				'href' => $profile['avatar'] == '' ? ($profile['id_attach'] > 0 ? (empty($profile['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $profile['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $profile['filename']) : '') : (stristr($profile['avatar'], 'http://') ? $profile['avatar'] : $modSettings['avatar_url'] . '/' . $profile['avatar']),
 
-				'url' => $profile['avatar'] == '' ? '' : (stristr($profile['avatar'], 'http://') ? $profile['avatar'] : $modSettings['avatar_url'] . '/' . $profile['avatar'])
 
+				'image' => $profile['avatar'] == '' ? ($profile['id_attach'] > 0 ? '<img class="avatar" src="' . (empty($profile['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $profile['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $profile['filename']) . '" alt="" />' : '') : (stristr($profile['avatar'], 'http://') || stristr($profile['avatar'], 'https://') ? '<img class="avatar" src="' . $profile['avatar'] . '"' . $avatar_width . $avatar_height . ' alt="" />' : '<img class="avatar" src="' . $modSettings['avatar_url'] . '/' . $smcFunc['htmlspecialchars']($profile['avatar']) . '" alt="" />'),
 
+				'href' => $profile['avatar'] == '' ? ($profile['id_attach'] > 0 ? (empty($profile['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $profile['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $profile['filename']) : '') : (stristr($profile['avatar'], 'http://') || stristr($profile['avatar'], 'https://') ? $profile['avatar'] : $modSettings['avatar_url'] . '/' . $profile['avatar']),
 
+				'url' => $profile['avatar'] == '' ? '' : (stristr($profile['avatar'], 'http://') || stristr($profile['avatar'], 'https://') ? $profile['avatar'] : $modSettings['avatar_url'] . '/' . $profile['avatar'])
 
 			),
 
 			'last_login' => empty($profile['last_login']) ? $txt['never'] : timeformat($profile['last_login']),
 
 			'last_login_timestamp' => empty($profile['last_login']) ? 0 : forum_time(0, $profile['last_login']),

+ 3 - 3
Sources/MessageIndex.php
View File 

@@ -578,9 +578,9 @@ function MessageIndex()
 
 			if (!empty($settings['avatars_on_indexes']))
 
 				$context['topics'][$row['id_topic']]['last_post']['member']['avatar'] = array(
 
 					'name' => $row['avatar'],
 
-					'image' => $row['avatar'] == '' ? ($row['id_attach'] > 0 ? '<img class="avatar" src="' . (empty($row['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename']) . '" alt="" />' : '') : (stristr($row['avatar'], 'http://') ? '<img class="avatar" src="' . $row['avatar'] . '"' . $avatar_width . $avatar_height . ' alt="" />' : '<img class="avatar" src="' . $modSettings['avatar_url'] . '/' . $smcFunc['htmlspecialchars']($row['avatar']) . '" alt="" />'),
 
-					'href' => $row['avatar'] == '' ? ($row['id_attach'] > 0 ? (empty($row['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename']) : '') : (stristr($row['avatar'], 'http://') ? $row['avatar'] : $modSettings['avatar_url'] . '/' . $row['avatar']),
 
-					'url' => $row['avatar'] == '' ? '' : (stristr($row['avatar'], 'http://') ? $row['avatar'] : $modSettings['avatar_url'] . '/' . $row['avatar'])
 
+					'image' => $row['avatar'] == '' ? ($row['id_attach'] > 0 ? '<img class="avatar" src="' . (empty($row['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename']) . '" alt="" />' : '') : (stristr($row['avatar'], 'http://') || stristr($row['avatar'], 'https://') ? '<img class="avatar" src="' . $row['avatar'] . '"' . $avatar_width . $avatar_height . ' alt="" />' : '<img class="avatar" src="' . $modSettings['avatar_url'] . '/' . $smcFunc['htmlspecialchars']($row['avatar']) . '" alt="" />'),
 
+					'href' => $row['avatar'] == '' ? ($row['id_attach'] > 0 ? (empty($row['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename']) : '') : (stristr($row['avatar'], 'http://') || stristr($row['avatar'], 'https://') ? $row['avatar'] : $modSettings['avatar_url'] . '/' . $row['avatar']),
 
+					'url' => $row['avatar'] == '' ? '' : (stristr($row['avatar'], 'http://') || stristr($row['avatar'], 'https://') ? $row['avatar'] : $modSettings['avatar_url'] . '/' . $row['avatar'])
 
 				);
 
 
 			determineTopicClass($context['topics'][$row['id_topic']]);

+ 1 - 1
Sources/PackageGet.php
View File 

@@ -330,7 +330,7 @@ function PackageGBrowse()
 
 			{
 
 				$remote_type = $thisPackage->exists('@type') ? $thisPackage->fetch('@type') : 'relative';
 
 
-				if ($remote_type == 'relative' && substr($thisPackage->fetch('@href'), 0, 7) != 'http://')
 
+				if ($remote_type == 'relative' && substr($thisPackage->fetch('@href'), 0, 7) != 'http://' && substr($this->Package->fetch('@href'), 0, 8) != 'https://')
 
 				{
 
 					if (isset($_GET['absolute']))
 
 						$current_url = $_GET['absolute'] . '/';

+ 7 - 7
Sources/Profile-Modify.php
View File 

@@ -2706,8 +2706,8 @@ function profileLoadAvatarData()
 
 
 	// Default context.
 
 	$context['member']['avatar'] += array(
 
-		'custom' => stristr($cur_profile['avatar'], 'http://') ? $cur_profile['avatar'] : 'http://',
 
-		'selection' => $cur_profile['avatar'] == '' || stristr($cur_profile['avatar'], 'http://') ? '' : $cur_profile['avatar'],
 
+		'custom' => stristr($cur_profile['avatar'], 'http://') || stristr($cur_profile['avatar'], 'https://') ? $cur_profile['avatar'] : 'http://',
 
+		'selection' => $cur_profile['avatar'] == '' || (stristr($cur_profile['avatar'], 'http://') || stristr($cur_profile['avatar'], 'https://')) ? '' : $cur_profile['avatar'],
 
 		'id_attach' => $cur_profile['id_attach'],
 
 		'filename' => $cur_profile['filename'],
 
 		'allow_server_stored' => allowedTo('profile_server_avatar') || (!$context['user']['is_owner'] && allowedTo('profile_extra_any')),
 
@@ -2724,7 +2724,7 @@ function profileLoadAvatarData()
 
 		);
 
 		$context['member']['avatar']['href'] = empty($cur_profile['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $cur_profile['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $cur_profile['filename'];
 
 	}
 
-	elseif (stristr($cur_profile['avatar'], 'http://') && $context['member']['avatar']['allow_external'])
 
+	elseif ((stristr($cur_profile['avatar'], 'http://') || stristr($cur_profile['avatar'], 'https://')) && $context['member']['avatar']['allow_external'])
 
 		$context['member']['avatar'] += array(
 
 			'choice' => 'external',
 
 			'server_pic' => 'blank.png',
 
@@ -2897,7 +2897,7 @@ function profileSaveAvatarData(&$value)
 
 	}
 
 
 	$downloadedExternalAvatar = false;
 
-	if ($value == 'external' && allowedTo('profile_remote_avatar') && stripos($_POST['userpicpersonal'], 'http://') === 0 && strlen($_POST['userpicpersonal']) > 7 && !empty($modSettings['avatar_download_external']))
 
+	if ($value == 'external' && allowedTo('profile_remote_avatar') && (stripos($_POST['userpicpersonal'], 'http://') === 0 || stripos($_POST['userpicpersonal'], 'https://') === 0) && strlen($_POST['userpicpersonal']) > 7 && !empty($modSettings['avatar_download_external']))
 
 	{
 
 		if (!is_writable($uploadDir))
 
 			fatal_lang_error('attachments_no_write', 'critical');
 
@@ -2905,7 +2905,7 @@ function profileSaveAvatarData(&$value)
 
 		require_once($sourcedir . '/Subs-Package.php');
 
 
 		$url = parse_url($_POST['userpicpersonal']);
 
-		$contents = fetch_web_data('http://' . $url['host'] . (empty($url['port']) ? '' : ':' . $url['port']) . str_replace(' ', '%20', trim($url['path'])));
 
+		$contents = fetch_web_data($url['scheme'] . '://' . $url['host'] . (empty($url['port']) ? '' : ':' . $url['port']) . str_replace(' ', '%20', trim($url['path'])));
 
 
 		$new_filename = $uploadDir . '/' . getAttachmentFilename('avatar_tmp_' . $memID, false, null, true);
 
 		if ($contents != false && $tmpAvatar = fopen($new_filename, 'wb'))
 
@@ -2942,7 +2942,7 @@ function profileSaveAvatarData(&$value)
 
 		// Get rid of their old avatar. (if uploaded.)
 
 		removeAttachments(array('id_member' => $memID));
 
 	}
 
-	elseif ($value == 'external' && allowedTo('profile_remote_avatar') && stripos($_POST['userpicpersonal'], 'http://') === 0 && empty($modSettings['avatar_download_external']))
 
+	elseif ($value == 'external' && allowedTo('profile_remote_avatar') && (stripos($_POST['userpicpersonal'], 'http://') === 0 || stripos($_POST['userpicpersonal'], 'https://') === 0) && empty($modSettings['avatar_download_external']))
 
 	{
 
 		// We need these clean...
 
 		$cur_profile['id_attach'] = 0;
 
@@ -2958,7 +2958,7 @@ function profileSaveAvatarData(&$value)
 
 		if ($profile_vars['avatar'] == 'http://' || $profile_vars['avatar'] == 'http:///')
 
 			$profile_vars['avatar'] = '';
 
 		// Trying to make us do something we'll regret?
 
-		elseif (substr($profile_vars['avatar'], 0, 7) != 'http://')
 
+		elseif (substr($profile_vars['avatar'], 0, 7) != 'http://' && substr($profile_vars['avatar'], 0, 8) != 'https://')
 
 			return 'bad_avatar';
 
 		// Should we check dimensions?
 
 		elseif (!empty($modSettings['avatar_max_height_external']) || !empty($modSettings['avatar_max_width_external']))

+ 1 - 1
Sources/ScheduledTasks.php
View File 

@@ -1282,7 +1282,7 @@ function scheduled_fetchSMfiles()
 
 	foreach ($js_files as $ID_FILE => $file)
 
 	{
 
 		// Create the url
 
-		$server = empty($file['path']) || substr($file['path'], 0, 7) != 'http://' ? 'http://www.simplemachines.org' : '';
 
+		$server = empty($file['path']) || (substr($file['path'], 0, 7) != 'http://' && substr($file['path'], 0, 8) != 'https://') ? 'http://www.simplemachines.org' : '';
 
 		$url = $server . (!empty($file['path']) ? $file['path'] : $file['path']) . $file['filename'] . (!empty($file['parameters']) ? '?' . $file['parameters'] : '');
 
 
 		// Get the file

+ 3 - 3
Sources/Subs-BoardIndex.php
View File 

@@ -319,9 +319,9 @@ function getBoardIndex($boardIndexOptions)
 
 		if (!empty($settings['avatars_on_indexes']))
 
 			$this_last_post['member']['avatar'] = array(
 
 				'name' => $row_board['avatar'],
 
-				'image' => $row_board['avatar'] == '' ? ($row_board['id_attach'] > 0 ? '<img class="avatar" src="' . (empty($row_board['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row_board['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row_board['filename']) . '" alt="" />' : '') : (stristr($row_board['avatar'], 'http://') ? '<img class="avatar" src="' . $row_board['avatar'] . '"' . $avatar_width . $avatar_height . ' alt="" />' : '<img class="avatar" src="' . $modSettings['avatar_url'] . '/' . $smcFunc['htmlspecialchars']($row_board['avatar']) . '" alt="" />'),
 
-				'href' => $row_board['avatar'] == '' ? ($row_board['id_attach'] > 0 ? (empty($row_board['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row_board['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row_board['filename']) : '') : (stristr($row_board['avatar'], 'http://') ? $row_board['avatar'] : $modSettings['avatar_url'] . '/' . $row_board['avatar']),
 
-				'url' => $row_board['avatar'] == '' ? '' : (stristr($row_board['avatar'], 'http://') ? $row_board['avatar'] : $modSettings['avatar_url'] . '/' . $row_board['avatar'])
 
+				'image' => $row_board['avatar'] == '' ? ($row_board['id_attach'] > 0 ? '<img class="avatar" src="' . (empty($row_board['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row_board['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row_board['filename']) . '" alt="" />' : '') : (stristr($row_board['avatar'], 'http://') || stristr($row_board['avatar'], 'https://') ? '<img class="avatar" src="' . $row_board['avatar'] . '"' . $avatar_width . $avatar_height . ' alt="" />' : '<img class="avatar" src="' . $modSettings['avatar_url'] . '/' . $smcFunc['htmlspecialchars']($row_board['avatar']) . '" alt="" />'),
 
+				'href' => $row_board['avatar'] == '' ? ($row_board['id_attach'] > 0 ? (empty($row_board['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row_board['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row_board['filename']) : '') : (stristr($row_board['avatar'], 'http://') || stristr($row_board['avatar'], 'https://') ? $row_board['avatar'] : $modSettings['avatar_url'] . '/' . $row_board['avatar']),
 
+				'url' => $row_board['avatar'] == '' ? '' : (stristr($row_board['avatar'], 'http://') || stristr($row_board['avatar'], 'https://') ? $row_board['avatar'] : $modSettings['avatar_url'] . '/' . $row_board['avatar'])
 
 			);
 
 
 		// Provide the href and link.

+ 1 - 1
Sources/Subs-Graphics.php
View File 

@@ -343,7 +343,7 @@ function resizeImageFile($source, $destination, $max_width, $max_height, $prefer
 
 
 	// Get the image file, we have to work with something after all
 
 	$fp_destination = fopen($destination, 'wb');
 
-	if ($fp_destination && substr($source, 0, 7) == 'http://')
 
+	if ($fp_destination && (substr($source, 0, 7) == 'http://' || substr($source, 0, 8) == 'https://'))
 
 	{
 
 		$fileContents = fetch_web_data($source);

+ 2 - 2
Sources/Subs-Package.php
View File 

@@ -31,7 +31,7 @@ if (!defined('SMF'))
 
  */
 
 function read_tgz_file($gzfilename, $destination, $single_file = false, $overwrite = false, $files_to_extract = null)
 
 {
 
-	if (substr($gzfilename, 0, 7) == 'http://')
 
+	if (substr($gzfilename, 0, 7) == 'http://' || substr($gzfilename, 0, 8) == 'https://')
 
 	{
 
 		$data = fetch_web_data($gzfilename);
 
 
@@ -434,7 +434,7 @@ function getPackageInfo($gzfilename)
 
 	global $boarddir, $sourcedir, $packagesdir, $smcFunc;
 
 
 	// Extract package-info.xml from downloaded file. (*/ is used because it could be in any directory.)
 
-	if (strpos($gzfilename, 'http://') !== false)
 
+	if (strpos($gzfilename, 'http://') !== false || strpos($gzfilename, 'https://') !== false)
 
 		$packageInfo = read_tgz_data(fetch_web_data($gzfilename, '', true), '*/package-info.xml', true);
 
 	else
 
 	{

+ 1 - 1
Sources/Subs.php
View File 

@@ -2893,7 +2893,7 @@ function setupThemeContext($forceload = false)
 
 		if ($user_info['avatar']['url'] == '' && !empty($user_info['avatar']['id_attach']))
 
 			$context['user']['avatar']['href'] = $user_info['avatar']['custom_dir'] ? $modSettings['custom_avatar_url'] . '/' . $user_info['avatar']['filename'] : $scripturl . '?action=dlattach;attach=' . $user_info['avatar']['id_attach'] . ';type=avatar';
 
 		// Full URL?
 
-		elseif (substr($user_info['avatar']['url'], 0, 7) == 'http://')
 
+		elseif (strpos($user_info['avatar']['url'], 'http://') === 0 || strpos($user_info['avatar']['url'], 'https://') === 0)
 
 		{
 
 			$context['user']['avatar']['href'] = $user_info['avatar']['url'];