Merge remote-tracking branch 'upstream/2020.09-rc' into send-relais

This commit is contained in:
Michael 2020-09-16 10:27:14 +00:00
commit 522bd5d774
8 changed files with 6123 additions and 6068 deletions

View file

@ -55,6 +55,7 @@ Chris Case
Christian González Christian González
Christian M. Grube Christian M. Grube
Christian Vogeley Christian Vogeley
Christian Wiwie
Cohan Robinson Cohan Robinson
Copiis Praeesse Copiis Praeesse
CrystalStiletto CrystalStiletto
@ -114,7 +115,6 @@ Hypolite Petovan
Ilmari Ilmari
ImgBotApp ImgBotApp
irhen irhen
Jak
Jakob Jakob
Jens Tautenhahn Jens Tautenhahn
jensp jensp
@ -122,6 +122,7 @@ Jeroen De Meerleer
jeroenpraat jeroenpraat
Joan Bar Joan Bar
JOduMonT JOduMonT
joe slam
Johannes Schwab Johannes Schwab
John Brazil John Brazil
Jonatan Nyberg Jonatan Nyberg
@ -143,7 +144,6 @@ Leberwurscht
Leonard Lausen Leonard Lausen
Lionel Triay Lionel Triay
loma-one loma-one
loma1
Lorem Ipsum Lorem Ipsum
Ludovic Grossard Ludovic Grossard
Lynn Stephenson Lynn Stephenson
@ -173,6 +173,7 @@ Michal Šupler
Michalina Michalina
Mike Macgirvin Mike Macgirvin
miqrogroove miqrogroove
mpanhans
mytbk mytbk
nathilia-peirce nathilia-peirce
Nicola Spanti Nicola Spanti
@ -269,7 +270,6 @@ U-SOUND\mike
ufic ufic
Ulf Rompe Ulf Rompe
Unknown Unknown
Valvin
Valvin A Valvin A
Vasudev Kamath Vasudev Kamath
Vasya Novikov Vasya Novikov

View file

@ -698,7 +698,7 @@ class Site extends BaseAdmin
'$worker_frontend' => ['worker_frontend', DI::l10n()->t('Enable frontend worker'), DI::config()->get('system', 'frontend_worker'), DI::l10n()->t('When enabled the Worker process is triggered when backend access is performed (e.g. messages being delivered). On smaller sites you might want to call %s/worker on a regular basis via an external cron job. You should only enable this option if you cannot utilize cron/scheduled jobs on your server.', DI::baseUrl()->get())], '$worker_frontend' => ['worker_frontend', DI::l10n()->t('Enable frontend worker'), DI::config()->get('system', 'frontend_worker'), DI::l10n()->t('When enabled the Worker process is triggered when backend access is performed (e.g. messages being delivered). On smaller sites you might want to call %s/worker on a regular basis via an external cron job. You should only enable this option if you cannot utilize cron/scheduled jobs on your server.', DI::baseUrl()->get())],
'$relay_subscribe' => ['relay_subscribe', DI::l10n()->t('Subscribe to relay'), DI::config()->get('system', 'relay_subscribe'), DI::l10n()->t('Enables the receiving of public posts from the relay. They will be included in the search, subscribed tags and on the global community page.')], '$relay_subscribe' => ['relay_subscribe', DI::l10n()->t('Subscribe to relay'), DI::config()->get('system', 'relay_subscribe'), DI::l10n()->t('Enables the receiving of public posts from the relay. They will be included in the search, subscribed tags and on the global community page.')],
'$relay_server' => ['relay_server', DI::l10n()->t('Relay server'), DI::config()->get('system', 'relay_server', 'https://relay.diasp.org'), DI::l10n()->t('Address of the relay server where public posts should be send to. For example https://relay.diasp.org')], '$relay_server' => ['relay_server', DI::l10n()->t('Relay server'), DI::config()->get('system', 'relay_server'), DI::l10n()->t('Address of the relay server where public posts should be send to. For example %s', 'https://social-relay.isurf.ca')],
'$relay_directly' => ['relay_directly', DI::l10n()->t('Direct relay transfer'), DI::config()->get('system', 'relay_directly'), DI::l10n()->t('Enables the direct transfer to other servers without using the relay servers')], '$relay_directly' => ['relay_directly', DI::l10n()->t('Direct relay transfer'), DI::config()->get('system', 'relay_directly'), DI::l10n()->t('Enables the direct transfer to other servers without using the relay servers')],
'$relay_scope' => ['relay_scope', DI::l10n()->t('Relay scope'), DI::config()->get('system', 'relay_scope'), DI::l10n()->t('Can be "all" or "tags". "all" means that every public post should be received. "tags" means that only posts with selected tags should be received.'), ['' => DI::l10n()->t('Disabled'), 'all' => DI::l10n()->t('all'), 'tags' => DI::l10n()->t('tags')]], '$relay_scope' => ['relay_scope', DI::l10n()->t('Relay scope'), DI::config()->get('system', 'relay_scope'), DI::l10n()->t('Can be "all" or "tags". "all" means that every public post should be received. "tags" means that only posts with selected tags should be received.'), ['' => DI::l10n()->t('Disabled'), 'all' => DI::l10n()->t('all'), 'tags' => DI::l10n()->t('tags')]],
'$relay_server_tags' => ['relay_server_tags', DI::l10n()->t('Server tags'), DI::config()->get('system', 'relay_server_tags'), DI::l10n()->t('Comma separated list of tags for the "tags" subscription.')], '$relay_server_tags' => ['relay_server_tags', DI::l10n()->t('Server tags'), DI::config()->get('system', 'relay_server_tags'), DI::l10n()->t('Comma separated list of tags for the "tags" subscription.')],

View file

@ -64,7 +64,7 @@ abstract class BaseAdmin extends BaseModule
} }
if (!empty($_SESSION['submanage'])) { if (!empty($_SESSION['submanage'])) {
throw new HTTPException\ForbiddenException(DI::l10n()->t('Submanaged account can\'t access the administation pages. Please log back in as the main account.')); throw new HTTPException\ForbiddenException(DI::l10n()->t('Submanaged account can\'t access the administration pages. Please log back in as the main account.'));
} }
} }

View file

@ -192,7 +192,7 @@ class HTTPRequest implements IHTTPRequest
$curlResponse = new CurlResult($url, $s, $curl_info, curl_errno($ch), curl_error($ch)); $curlResponse = new CurlResult($url, $s, $curl_info, curl_errno($ch), curl_error($ch));
if ($curlResponse->isRedirectUrl()) { if (!Network::isRedirectBlocked($url) && $curlResponse->isRedirectUrl()) {
$redirects++; $redirects++;
$this->logger->notice('Curl redirect.', ['url' => $url, 'to' => $curlResponse->getRedirectUrl()]); $this->logger->notice('Curl redirect.', ['url' => $url, 'to' => $curlResponse->getRedirectUrl()]);
@curl_close($ch); @curl_close($ch);
@ -280,7 +280,7 @@ class HTTPRequest implements IHTTPRequest
$curlResponse = new CurlResult($url, $s, $curl_info, curl_errno($ch), curl_error($ch)); $curlResponse = new CurlResult($url, $s, $curl_info, curl_errno($ch), curl_error($ch));
if ($curlResponse->isRedirectUrl()) { if (!Network::isRedirectBlocked($url) && $curlResponse->isRedirectUrl()) {
$redirects++; $redirects++;
$this->logger->info('Post redirect.', ['url' => $url, 'to' => $curlResponse->getRedirectUrl()]); $this->logger->info('Post redirect.', ['url' => $url, 'to' => $curlResponse->getRedirectUrl()]);
curl_close($ch); curl_close($ch);
@ -321,6 +321,11 @@ class HTTPRequest implements IHTTPRequest
return $url; return $url;
} }
if (Network::isRedirectBlocked($url)) {
$this->logger->info('Domain should not be redirected.', ['url' => $url]);
return $url;
}
$url = Network::stripTrackingQueryParams($url); $url = Network::stripTrackingQueryParams($url);
if ($depth > 10) { if ($depth > 10) {

View file

@ -177,6 +177,35 @@ class Network
return false; return false;
} }
/**
* Checks if the provided url is on the list of domains where redirects are blocked.
* Returns true if it is or malformed URL, false if not.
*
* @param string $url The url to check the domain from
*
* @return boolean
*/
public static function isRedirectBlocked(string $url)
{
$host = @parse_url($url, PHP_URL_HOST);
if (!$host) {
return false;
}
$no_redirect_list = DI::config()->get('system', 'no_redirect_list', []);
if (!$no_redirect_list) {
return false;
}
foreach ($no_redirect_list as $no_redirect) {
if (fnmatch(strtolower($no_redirect), strtolower($host))) {
return true;
}
}
return false;
}
/** /**
* Check if email address is allowed to register here. * Check if email address is allowed to register here.
* *

View file

@ -362,6 +362,10 @@ return [
// Don't use OEmbed to fetch more information about a link. // Don't use OEmbed to fetch more information about a link.
'no_oembed' => false, 'no_oembed' => false,
// no_redirect_list (Array)
// List of domains where HTTP redirects should be ignored.
'no_redirect_list' => [],
// no_smilies (Boolean) // no_smilies (Boolean)
// Don't show smilies. // Don't show smilies.
'no_smilies' => false, 'no_smilies' => false,

View file

@ -122,6 +122,10 @@ return [
// Maximum system load before delivery and poll processes are deferred. // Maximum system load before delivery and poll processes are deferred.
'maxloadavg' => 20, 'maxloadavg' => 20,
// relay_server (String)
// Address of the relay server where public posts should be send to.
'relay_server' => 'https://social-relay.isurf.ca',
// rino_encrypt (Integer) // rino_encrypt (Integer)
// Server-to-server private message encryption (RINO). // Server-to-server private message encryption (RINO).
// Encryption will only be provided if this setting is set to a non zero value on both servers. // Encryption will only be provided if this setting is set to a non zero value on both servers.

File diff suppressed because it is too large Load diff