From 0eb5dd6d21f380fdfe6679aa3ff4bb172819c5f8 Mon Sep 17 00:00:00 2001 From: Wave72 Date: Thu, 7 Jan 2016 11:08:19 +0100 Subject: [PATCH 1/6] In Hubzilla messages.po is hmessages.po --- doc/Translations.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/Translations.md b/doc/Translations.md index d0fe489f3..6f938148d 100644 --- a/doc/Translations.md +++ b/doc/Translations.md @@ -32,23 +32,23 @@ The location of the translated files in the source tree is /view/LNG-CODE/ where LNG-CODE is the language code used, e.g. de for German or fr for French. For the email templates (the *.tpl files) just place them into the directory -and you are done. The translated strings come as a "messages.po" file from +and you are done. The translated strings come as a "hmessages.po" file from transifex which needs to be translated into the PHP file Red uses. To do so, place the file in the directory mentioned above and use the "po2php" utility from the util directory of your Red installation. Assuming you want to convert the German localization which is placed in -view/de/messages.po you would do the following. +view/de/hmessages.po you would do the following. 1. Navigate at the command prompt to the base directory of your Red installation 2. Execute the po2php script, which will place the translation - in the strings.php file that is used by Red. + in the hstrings.php file that is used by Red. - $> php util/po2php.php view/de/messages.po + $> php util/po2php.php view/de/hmessages.po - The output of the script will be placed at view/de/strings.php where + The output of the script will be placed at view/de/hstrings.php where froemdoca os expecting it, so you can test your translation mmediately. 3. Visit your Red page to check if it still works in the language you @@ -59,7 +59,7 @@ view/de/messages.po you would do the following. not give any output if the file is ok but might give a hint for searching the bug in the file. - $> php view/de/strings.php + $> php view/de/hstrings.php 4. commit the two files with a meaningful commit message to your git repository, push it to your fork of the Red repository at github and From 242da95eed745d274d03887d50793f7bfa593409 Mon Sep 17 00:00:00 2001 From: Wave72 Date: Thu, 7 Jan 2016 11:24:31 +0100 Subject: [PATCH 2/6] Wrong branding in Translations doc --- doc/Translations.md | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/doc/Translations.md b/doc/Translations.md index 6f938148d..226fa2e1a 100644 --- a/doc/Translations.md +++ b/doc/Translations.md @@ -4,13 +4,13 @@ Translating the $Projectname Translation Process ------------------- -The strings used in the UI of Red is translated at [Transifex][1] and then +The strings used in the UI of Hubzilla is translated at [Transifex][1] and then included in the git repository at github. If you want to help with translation -for any language, be it correcting terms or translating Red to a +for any language, be it correcting terms or translating Hubzilla to a currently not supported language, please register an account at transifex.com -and contact the Red translation team there. +and contact the Redmatrix translation team there. -Translating Red is simple. Just use the online tool at transifex. If you +Translating Hubzilla is simple. Just use the online tool at transifex. If you don't want to deal with git & co. that is fine, we check the status of the translations regularly and import them into the source tree at github so that others can use them. @@ -26,32 +26,32 @@ tree. If you want to get your work into the source tree yourself, feel free to do so and contact us with and question that arises. The process is simple and -Red ships with all the tools necessary. +Hubzilla ships with all the tools necessary. The location of the translated files in the source tree is /view/LNG-CODE/ where LNG-CODE is the language code used, e.g. de for German or fr for French. For the email templates (the *.tpl files) just place them into the directory and you are done. The translated strings come as a "hmessages.po" file from -transifex which needs to be translated into the PHP file Red uses. To do +transifex which needs to be translated into the PHP file Hubzilla uses. To do so, place the file in the directory mentioned above and use the "po2php" -utility from the util directory of your Red installation. +utility from the util directory of your Hubzilla installation. Assuming you want to convert the German localization which is placed in view/de/hmessages.po you would do the following. 1. Navigate at the command prompt to the base directory of your - Red installation + Hubzilla installation 2. Execute the po2php script, which will place the translation - in the hstrings.php file that is used by Red. + in the hstrings.php file that is used by Hubzilla. $> php util/po2php.php view/de/hmessages.po The output of the script will be placed at view/de/hstrings.php where froemdoca os expecting it, so you can test your translation mmediately. -3. Visit your Red page to check if it still works in the language you +3. Visit your Hubzilla page to check if it still works in the language you just translated. If not try to find the error, most likely PHP will give you a hint in the log/warnings.about the error. @@ -62,16 +62,16 @@ view/de/hmessages.po you would do the following. $> php view/de/hstrings.php 4. commit the two files with a meaningful commit message to your git - repository, push it to your fork of the Red repository at github and + repository, push it to your fork of the Hubzilla repository at github and issue a pull request for that commit. Utilities --------- Additional to the po2php script there are some more utilities for translation -in the "util" directory of the Red source tree. If you only want to -translate Red into another language you wont need any of these tools most -likely but it gives you an idea how the translation process of Red +in the "util" directory of the Hubzilla source tree. If you only want to +translate Hubzilla into another language you wont need any of these tools most +likely but it gives you an idea how the translation process of Hubzilla works. For further information see the utils/README file. @@ -79,7 +79,7 @@ For further information see the utils/README file. Known Problems -------------- -* Red uses the language setting of the visitors browser to determain the +* Hubzilla uses the language setting of the visitors browser to determain the language for the UI. Most of the time this works, but there are some known quirks. * the early translations are based on the friendica translations, if you From 100412267ad5d193d2131e3fa89090846267b72d Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 7 Jan 2016 12:47:46 -0800 Subject: [PATCH 3/6] extra security headers, revert or fix if functionality is blocked --- boot.php | 15 +++++++++++++++ version.inc | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/boot.php b/boot.php index 4c2cff09b..152fb426b 100755 --- a/boot.php +++ b/boot.php @@ -874,6 +874,11 @@ class App { } } + function get_scheme() { + return $this->scheme; + } + + function get_hostname() { return $this->hostname; } @@ -2121,6 +2126,16 @@ function construct_page(&$a) { $profile = $a->profile; header("Content-type: text/html; charset=utf-8"); + if($a->get_scheme() === 'https') + header("Strict-Transport-Security: max-age=31536000"); + + header("Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"); + + if($a->config['system']['x_security_headers']) { + header("X-Frame-Options: SAMEORIGIN"); + header("X-Xss-Protection: 1; mode=block;"); + header("X-Content-Type-Options: nosniff"); + } require_once(theme_include( ((x($a->page, 'template')) ? $a->page['template'] : 'default' ) . '.php' ) diff --git a/version.inc b/version.inc index be2d3de4a..9846c0954 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2016-01-06.1270H +2016-01-07.1271H From 3c8818417798aaa5791f8581059883ad6431a0eb Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 7 Jan 2016 14:06:51 -0800 Subject: [PATCH 4/6] optional support for public key pinning --- boot.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/boot.php b/boot.php index 152fb426b..f58709384 100755 --- a/boot.php +++ b/boot.php @@ -2126,6 +2126,9 @@ function construct_page(&$a) { $profile = $a->profile; header("Content-type: text/html; charset=utf-8"); + + // security headers - see https://securityheaders.io + if($a->get_scheme() === 'https') header("Strict-Transport-Security: max-age=31536000"); @@ -2137,6 +2140,10 @@ function construct_page(&$a) { header("X-Content-Type-Options: nosniff"); } + if($a->config['system']['public_key_pins']) { + header("Public-Key-Pins: " . $a->config['system']['public_key_pins']); + } + require_once(theme_include( ((x($a->page, 'template')) ? $a->page['template'] : 'default' ) . '.php' ) ); From bf99906386a7503de83d9683dd58cd7821456a18 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 7 Jan 2016 14:27:06 -0800 Subject: [PATCH 5/6] provide admin toggle to disable delivery reports --- doc/hidden_configs.bb | 2 ++ include/ItemObject.php | 2 +- include/notifier.php | 2 +- include/zot.php | 3 +++ 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/doc/hidden_configs.bb b/doc/hidden_configs.bb index 8376187d1..b3ad91aa9 100644 --- a/doc/hidden_configs.bb +++ b/doc/hidden_configs.bb @@ -60,6 +60,8 @@ This document assumes you're an administrator. Allow the @mention tagging of anyone whether you are connected or not. [b]system > directorytags[/b] Set the number of keyword tags displayed on the directory page. + [b]system > disable_dreport[/b] + If '1', don't store or link to delivery reports [b]system > startpage[/b] Set the default page to be taken to after a login for all channels at this website. Can be overwritten by user settings. diff --git a/include/ItemObject.php b/include/ItemObject.php index 8be99d91e..1b7b2ce78 100644 --- a/include/ItemObject.php +++ b/include/ItemObject.php @@ -264,7 +264,7 @@ class Item extends BaseObject { if($keep_reports === 0) $keep_reports = 30; - if(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC',"now - $keep_reports days")) > 0) + if((! get_config('system','disable_dreport')) && strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC',"now - $keep_reports days")) > 0) $dreport = t('Delivery Report'); if(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0) diff --git a/include/notifier.php b/include/notifier.php index 32d702cb5..5260e629f 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -578,7 +578,7 @@ function notifier_run($argv, $argc){ )); // only create delivery reports for normal undeleted items - if(is_array($target_item) && array_key_exists('postopts',$target_item) && (! $target_item['item_deleted'])) { + if(is_array($target_item) && array_key_exists('postopts',$target_item) && (! $target_item['item_deleted']) && (! get_config('system','disable_dreport'))) { q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_result, dreport_time, dreport_xchan, dreport_queue ) values ( '%s','%s','%s','%s','%s','%s','%s' ) ", dbesc($target_item['mid']), dbesc($hub['hubloc_host']), diff --git a/include/zot.php b/include/zot.php index a644bbd06..beaa54126 100644 --- a/include/zot.php +++ b/include/zot.php @@ -3924,6 +3924,9 @@ function check_zotinfo($channel,$locations,&$ret) { function delivery_report_is_storable($dr) { + if(get_config('system','disable_dreport')) + return false; + call_hooks('dreport_is_storable',$dr); // let plugins accept or reject - if neither, continue on From 1c982315dd2d1886432eaece7c7ccb8d385640ae Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 7 Jan 2016 20:04:13 -0800 Subject: [PATCH 6/6] issue #251 --- mod/item.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/mod/item.php b/mod/item.php index eecc3a9ac..b6d00e030 100644 --- a/mod/item.php +++ b/mod/item.php @@ -720,8 +720,7 @@ function item_post(&$a) { $datarray = array(); - $item_thead_top = ((! $parent) ? 1 : 0); - + $item_thread_top = ((! $parent) ? 1 : 0); if ((! $plink) && ($item_thread_top)) { $plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid;