- Security updates

- Add p.all on some paragraphs to prevent cropping on mobile
11 years ago · 8df2aff3c3
7 changed files with 26 additions and 11 deletions
--- a/app/widgets/About/about.tpl
+++ b/app/widgets/About/about.tpl
@ -10,7 +10,7 @@
        <li class="condensed">
            <span class="icon bubble color red"><i class="md md-developer-mode"></i></span>
            <span>{$c->__('title.developers')}</span>
-            <p>
+            <p class="all">
                <a href="http://edhelas.movim.eu/">Jaussoin Timothée aka edhelas</a><br/>
                <a href="https://launchpad.net/~nodpounod">Ho Christine aka nodpounod</a><br/>
                <a href="https://etenil.net/">Pasquet Guillaume aka Etenil</a>
@ -42,7 +42,7 @@
        <li class="condensed">
            <span class="icon bubble color brown"><i class="md md-insert-emoticon"></i></span>
            <span>{$c->__('title.resources')}</span>
-            <p>
+            <p class="all">
                Material Design Iconic Font <a href="http://zavoloklom.github.io/material-design-iconic-font/icons.html">by Google and Sergey Kupletsky</a> under SIL OFL 1.1<br/>
                Twemoji <a href="http://twitter.github.io/twemoji/">by Twitter</a> under MIT and CC-BY<br/>
            </p>
@ -50,7 +50,7 @@
        <li class="condensed">
            <span class="icon bubble color indigo"><i class="md md-import-export"></i></span>
            <span>{$c->__('title.api')}</span>
-            <p>
+            <p class="all">
                OpenStreetMap - Nominatim <a href="http://nominatim.openstreetmap.org/">nominatim.openstreetmap.org</a><br/>
                Last.fm API - <a href="http://www.last.fm/api">www.last.fm/api</a><br/>
                Youtube API - <a href="http://developers.google.com/youtube">developers.google.com/youtube</a><br/>
--- a/app/widgets/Blog/blog.tpl
+++ b/app/widgets/Blog/blog.tpl
@ -120,7 +120,7 @@
                            <span>
                                {$value->getContact()->getTrueName()}
                            </span>
-                            <p>
+                            <p class="all">
                                {$value->content}
                            </p>
                        </li>
--- a/app/widgets/Chat/Chat.php
+++ b/app/widgets/Chat/Chat.php
@ -502,6 +502,7 @@ class Chat extends WidgetBase
        $view = $this->tpl();

        $cd = new \Modl\ContactDAO;
+        $view->assign('presencestxt', getPresencesTxt());
        $view->assign('top', $cd->getTop(10));
        return $view->draw('_chat_empty', true);
    }
--- a/app/widgets/Chat/_chat_empty.tpl
+++ b/app/widgets/Chat/_chat_empty.tpl
@ -2,7 +2,7 @@
    <h1>{$c->__('chat.empty_title')}</h1>
    <h4>{$c->__('chat.empty_text')}</h4>
 </div>
-<br />
+
 <ul class="flex middle active">
    <li class="subheader block large">{$c->__('chat.frequent')}</li>
    {loop="$top"}
@ -29,3 +29,5 @@
        </li>
    {/loop}
 </ul>
+<br />
+<br />
--- a/app/widgets/Post/_post_comments.tpl
+++ b/app/widgets/Post/_post_comments.tpl
@ -23,7 +23,7 @@
                    {$value->getContact()->getTrueName()}
                </a>
            </span>
-            <p>
+            <p class="all">
                {$value->content}
            </p>
        </li>
--- a/bootstrap.php
+++ b/bootstrap.php
@ -99,9 +99,12 @@ class Bootstrap {
        define('APP_TITLE',     'Movim');
        define('APP_NAME',      'movim');
        define('APP_VERSION',   $this->getVersion());
+        define('APP_SECURED',   $this->isServerSecured());
+
        if(isset($_SERVER['HTTP_HOST'])) {
            define('BASE_HOST',     $_SERVER['HTTP_HOST']);
        }
+        define('BASE_DOMAIN',   $_SERVER["SERVER_NAME"]);
        define('BASE_URI',      $this->getBaseUri());
        define('CACHE_URI',     $this->getBaseUri() . 'cache/');
        
@ -127,6 +130,16 @@ class Bootstrap {
        }
    }

+    private function isServerSecured() {
+        if((
+            isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != "") 
+        || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == "https")) {
+            return true;
+        }
+
+        return false;
+    }
+
    private function getVersion() {
        $file = "VERSION";
        if($f = fopen(DOCUMENT_ROOT.'/'.$file, 'r')) {
@ -137,11 +150,10 @@ class Bootstrap {
    private function getBaseUri() {
        $dirname = dirname($_SERVER['PHP_SELF']);
        $path = (($dirname == DIRECTORY_SEPARATOR) ? '' : $dirname).'/';
+
        // Determining the protocol to use.
        $uri = "http://";
-        if((
-            isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != "") 
-        || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == "https")) {
+        if($this->isServerSecured()) {
            $uri = 'https://';
        }

--- a/system/Sessionx.php
+++ b/system/Sessionx.php
@ -51,7 +51,7 @@ class Sessionx {
            self::$_sessionid = SESSION_ID;
        } else {
            $key = generateKey(32); 
-            setcookie("MOVIM_SESSION_ID", $key, time()+$this->_max_age, '/');
+            setcookie("MOVIM_SESSION_ID", $key, time()+$this->_max_age, '/', BASE_DOMAIN, APP_SECURED);
            self::$_sessionid = $key;
        }
    }
@ -59,7 +59,7 @@ class Sessionx {
    public function refreshCookie()
    {
        if(isset($_COOKIE['MOVIM_SESSION_ID'])) {
-            setcookie("MOVIM_SESSION_ID", $_COOKIE['MOVIM_SESSION_ID'], time()+$this->_max_age, '/');
+            setcookie("MOVIM_SESSION_ID", $_COOKIE['MOVIM_SESSION_ID'], time()+$this->_max_age, '/', BASE_DOMAIN, APP_SECURED);
        }
    }