From ea7df2637e72a1e54ce3929d4921d066dee37e20 Mon Sep 17 00:00:00 2001 From: Christian Beer Date: Mon, 30 Nov 2015 09:36:29 +0100 Subject: [PATCH] Web: use https urls everywhere Modern Browser complain if there are non-https elements in https websites. This makes sure that if the user visits via https all elements of the page are also retrieved using SSL. Furthermore it uses https urls in emails that are send to the user, if SECURE_URL_BASE is set in project/project.inc. The only remaining places where URL_BASE is used is when it is used as master_url where it is important that it is in sync with what the scheduler uses. --- html/inc/email.inc | 6 +++--- html/inc/forum.inc | 2 +- html/inc/forum_email.inc | 12 +++++------ html/inc/forum_rss.inc | 8 ++++---- html/inc/friend.inc | 12 +++++------ html/inc/news.inc | 4 ++-- html/inc/notify.inc | 2 +- html/inc/pm.inc | 8 ++++---- html/inc/profile.inc | 6 +++--- html/inc/uotd.inc | 2 +- html/inc/user.inc | 22 ++++++++++----------- html/inc/util_ops.inc | 2 +- html/ops/badge_admin.php | 2 +- html/ops/error_summary.php | 2 +- html/ops/failure_result_summary_by_host.php | 2 +- html/ops/index.php | 4 ++-- html/ops/mass_email.php | 2 +- html/ops/notify.php | 4 ++-- html/ops/update_profile_pages.php | 8 ++++---- html/user/create_account_action.php | 4 ++-- html/user/donate.php | 2 +- html/user/forum_moderate_post_action.php | 4 ++-- html/user/forum_search_action.php | 2 +- html/user/login_action.php | 4 ++-- html/user/mail_passwd.php | 2 +- html/user/notices.php | 2 +- html/user/notify_rss.php | 8 ++++---- html/user/openid_login.php | 4 ++-- html/user/opt_out.php | 2 +- html/user/profile_menu.php | 6 +++--- html/user/sample_index.php | 2 +- html/user/team_founder_transfer_action.php | 6 +++--- html/user/uotd_gadget.php | 2 +- 33 files changed, 80 insertions(+), 80 deletions(-) diff --git a/html/inc/email.inc b/html/inc/email.inc index 65a22c0c61..64c20cb64d 100644 --- a/html/inc/email.inc +++ b/html/inc/email.inc @@ -73,14 +73,14 @@ function send_auth_email($user) { $body = "This email was sent in response to a request on the ".PROJECT." web site. To log in to your ".PROJECT." account, visit: -".URL_BASE."login_action.php?id=$user->id&t=$now&h=$x +".secure_url_base()."login_action.php?id=$user->id&t=$now&h=$x (This link is valid for 1 day). After logging in, you can change your account's password or email address. "; $body .= " For further information and assistance with ".PROJECT.", visit -".URL_BASE." +".secure_url_base()." "; return send_email($user, $subject, $body); @@ -109,6 +109,6 @@ function salted_key($key) { } function opt_out_url($user) { - return URL_BASE."opt_out.php?code=".salted_key($user->authenticator)."&userid=$user->id"; + return secure_url_base()."opt_out.php?code=".salted_key($user->authenticator)."&userid=$user->id"; } ?> diff --git a/html/inc/forum.inc b/html/inc/forum.inc index 27718e961e..0ca9976d8b 100644 --- a/html/inc/forum.inc +++ b/html/inc/forum.inc @@ -1300,7 +1300,7 @@ function subscribe_rss($notify, &$title, &$msg, &$url) { $thread = BoincThread::lookup_id($notify->opaque); $title = tra("New posts in subscribed thread"); $msg = tra("There are new posts in the thread '%1'",$thread->title); - $url = URL_BASE."forum_thread.php?id=$thread->id"; + $url = secure_url_base()."forum_thread.php?id=$thread->id"; } function show_mark_as_read_button($user) { diff --git a/html/inc/forum_email.inc b/html/inc/forum_email.inc index 2b5d31c8c0..4dcbf7efdb 100644 --- a/html/inc/forum_email.inc +++ b/html/inc/forum_email.inc @@ -68,7 +68,7 @@ function send_moderation_email($forum, $post, $thread, $explanation, $action) { $subject = PROJECT." moderation notice"; $body = "Your post [ID $post->id] in thread '$thread->title' -".URL_BASE."forum_thread.php?id=$thread->id#$post->id +".secure_url_base()."forum_thread.php?id=$thread->id#$post->id has been $action by moderator $moderator->name (ID $moderator->id). $explanation @@ -82,7 +82,7 @@ For assistance with ".PROJECT." go to ".$master_url; $body = "Because of moderation by $moderator->name (ID $moderator->id), The following email was sent to $user->name (ID $user->id) -".URL_BASE."forum_user_posts.php?userid=$user->id +".secure_url_base()."forum_user_posts.php?userid=$user->id ------------------------------ Subject: $subject @@ -105,7 +105,7 @@ function send_thread_moderation_email( $subject = PROJECT." forum moderation notice"; $body = "Your thread '$thread->title' -".URL_BASE."forum_thread.php?id=$thread->id +".secure_url_base()."forum_thread.php?id=$thread->id has been $action_name by moderator $moderator->name (ID $moderator->id). $explanation @@ -123,14 +123,14 @@ For assistance with ".PROJECT." go to ".$master_url; // function send_reply_notification_email($thread, $user){ $title = PROJECT . ": A user has posted to '". $thread->title ."'"; - $link = URL_BASE . "forum_thread.php?id=" . $thread->id; + $link = secure_url_base() . "forum_thread.php?id=" . $thread->id; $body = "Another " . PROJECT . " user has posted to the thread \"" . $thread->title . "\".\n" ."To view the updated thread, visit:\n$link -------------------------- To change email preferences, visit: -".URL_BASE."edit_forum_preferences_form.php +".secure_url_base()."edit_forum_preferences_form.php Do not reply to this message. "; return send_email($user, $title, $body); @@ -150,7 +150,7 @@ A post in the ".PROJECT." forums was reported as offensive. Thread: $thread->title Post: $post->id by $owner->id ($owner->name) Reporting User: $user->id ($user->name) - Link: ".URL_BASE."forum_thread.php?id=$thread->id#$post->id + Link: ".secure_url_base()."forum_thread.php?id=$thread->id#$post->id Comments from reporting user: $message diff --git a/html/inc/forum_rss.inc b/html/inc/forum_rss.inc index a3f1144c48..7a6458d656 100644 --- a/html/inc/forum_rss.inc +++ b/html/inc/forum_rss.inc @@ -30,7 +30,7 @@ function contains_image_or_video($x) { } function show_forum_rss_item($thread, $userid, $threads_only, $no_images) { - $unique_url=URL_BASE."forum_thread.php?id=".$thread->id; + $unique_url=secure_url_base()."forum_thread.php?id=".$thread->id; $clause2 = " and hidden=0 "; if ($userid) $clause2 .= "and user=$userid"; @@ -102,20 +102,20 @@ function forum_rss($forumid, $userid, $threads_only, $ndays) { if ($userid) { $description .= " (posts by $user->name)"; } - $channel_image = URL_BASE . "rss_image.gif"; + $channel_image = secure_url_base() . "rss_image.gif"; $language = "en-us"; echo " ".$description." - ".URL_BASE." + ".secure_url_base()." ".COPYRIGHT_HOLDER." ".$create_date." ".$language." ".$channel_image." ".PROJECT." - ".URL_BASE." + ".secure_url_base()." "; diff --git a/html/inc/friend.inc b/html/inc/friend.inc index b0a83e8f94..a5e36fba28 100644 --- a/html/inc/friend.inc +++ b/html/inc/friend.inc @@ -61,11 +61,11 @@ $src_user->name says: $msg $message .= " Please accept or decline by visiting -".URL_BASE."home.php +".secure_url_base()."home.php -------------------------- To change email preferences, visit: -".URL_BASE."edit_forum_preferences_form.php +".secure_url_base()."edit_forum_preferences_form.php Do not reply to this message. " ; send_email($dest_user, "[".PROJECT."] friend request", $message); @@ -83,11 +83,11 @@ $dest_user->name says: $msg $message .= " Visit your Account page at -".URL_BASE."home.php +".secure_url_base()."home.php -------------------------- To change email preferences, visit: -".URL_BASE."edit_forum_preferences_form.php +".secure_url_base()."edit_forum_preferences_form.php Do not reply to this message. " ; send_email($src_user, "[".PROJECT."] friend confirmed", $message); @@ -101,7 +101,7 @@ function friend_req_rss($notify, &$title, &$msg, &$url) { } $title = "Friend request"; $msg = "$src_user->name has requested friendship with you. Please accept or decline."; - $url = URL_BASE."friend.php?action=query&target_userid=$notify->userid&userid=$notify->opaque"; + $url = secure_url_base()."friend.php?action=query&target_userid=$notify->userid&userid=$notify->opaque"; } function friend_accept_rss($notify, &$title, &$msg, &$url) { @@ -112,7 +112,7 @@ function friend_accept_rss($notify, &$title, &$msg, &$url) { } $title = "Friendship confirmation"; $msg = "$src_user->name has confirmed you as a friend"; - $url = URL_BASE."home.php"; + $url = secure_url_base()."home.php"; } ?> diff --git a/html/inc/news.inc b/html/inc/news.inc index f18ca5611f..dcee5ad1fa 100644 --- a/html/inc/news.inc +++ b/html/inc/news.inc @@ -37,7 +37,7 @@ function news_item($date, $title, $post) { "; if ($forum_link && !DISABLE_FORUMS) { echo " - · thread> ".tra("Comment")." + · thread> ".tra("Comment")." "; } echo " @@ -103,7 +103,7 @@ function show_news($start, $count) { } if ($count) { - echo "... more"; + echo "... more"; } echo "

diff --git a/html/inc/notify.inc b/html/inc/notify.inc index da1c14aad2..dd64c30882 100644 --- a/html/inc/notify.inc +++ b/html/inc/notify.inc @@ -23,7 +23,7 @@ function notify_rss_auth($user) { } function notify_rss_url($user) { - return URL_BASE."notify_rss.php?userid=$user->id&auth=".notify_rss_auth($user); + return secure_url_base()."notify_rss.php?userid=$user->id&auth=".notify_rss_auth($user); } function show_notify_rss_item($notify) { diff --git a/html/inc/pm.inc b/html/inc/pm.inc index 62ec0b2006..4f47aeccbf 100644 --- a/html/inc/pm.inc +++ b/html/inc/pm.inc @@ -106,10 +106,10 @@ $content -------------------------- To delete or respond to this message, visit: -".URL_BASE."pm.php +".secure_url_base()."pm.php To change email preferences, visit: -".URL_BASE."edit_forum_preferences_form.php +".secure_url_base()."edit_forum_preferences_form.php Do not reply to this message. " ; send_email($to_user, "[".PROJECT."] - private message", $message); @@ -202,8 +202,8 @@ function pm_rss($notify, &$title, &$msg, &$url) { return; } $title = tra("Private message"); - $msg = "You have received a private message."; - $url = URL_BASE."pm.php"; + $msg = "You have received a private message."; + $url = secure_url_base()."pm.php"; } function pm_delete_user($user) { diff --git a/html/inc/profile.inc b/html/inc/profile.inc index 9f924e0b6c..ee81a29ffa 100644 --- a/html/inc/profile.inc +++ b/html/inc/profile.inc @@ -61,11 +61,11 @@ function profile_thumb_path($userid) { } function profile_image_url($userid) { - return URL_BASE.IMAGE_URL.$userid.'.jpg'; + return url_base().IMAGE_URL.$userid.'.jpg'; } function profile_thumb_url($userid) { - return URL_BASE.IMAGE_URL.$userid.'_sm.jpg'; + return url_base().IMAGE_URL.$userid.'_sm.jpg'; } function profile_user_thumb_url($user) { @@ -182,7 +182,7 @@ function get_profile_summary($profile) { } - $summary = "userid."\">".$user->name." ".$description; + $summary = "userid."\">".$user->name." ".$description; return $summary; } diff --git a/html/inc/uotd.inc b/html/inc/uotd.inc index 93ad0046f6..bf0d83bb44 100644 --- a/html/inc/uotd.inc +++ b/html/inc/uotd.inc @@ -27,7 +27,7 @@ if (!defined('UOTD_THRESHOLD')) { function uotd_thumbnail($profile, $user) { if ($profile->has_picture) { - return "id\">id)."\" alt=\"".tra("User profile")."\">"; + return "id\">id)."\" alt=\"".tra("User profile")."\">"; } else { return ""; } diff --git a/html/inc/user.inc b/html/inc/user.inc index 45ecd5de19..877b3b0c4d 100644 --- a/html/inc/user.inc +++ b/html/inc/user.inc @@ -136,7 +136,7 @@ function show_user_stats_private($user) { } $x .= ' · '.tra("Cross-project").''; row2(tra("Certificate"), $x); - row2(tra("Stats on your cell phone"), URL_BASE."userw.php?id=$user->id"); + row2(tra("Stats on your cell phone"), url_base()."userw.php?id=$user->id"); } function notify_description($notify) { @@ -228,13 +228,13 @@ function friend_links($user) { if ($profile && $profile->has_picture) { $img_url = profile_thumb_url($user->id); } else { - $img_url = URL_BASE."img/head_20.png"; + $img_url = url_base()."img/head_20.png"; } $title = tra("View the profile of %1", $user->name); $alt = tra("Profile"); - $x .= ' '.$alt.'
'; + $x .= ' '.$alt.'
'; } - $x .= " id."\">".$user->name.""; + $x .= " id."\">".$user->name.""; if ($user->donated == 1) { require_once("../project/donations.inc"); $x .= DONATION_LINK; @@ -253,10 +253,10 @@ function user_links($user, $badge_height=0) { } $x = ""; if ($user->has_profile) { - $img_url = URL_BASE."img/head_20.png"; - $x .= ' Profile'; + $img_url = url_base()."img/head_20.png"; + $x .= ' Profile'; } - $x .= " id."\">".$user->name.""; + $x .= " id."\">".$user->name.""; if ($user->donated == 1) { require_once("../project/donations.inc"); $x .= DONATION_LINK; @@ -285,7 +285,7 @@ function show_community_private($user) { if (!DISABLE_FORUMS) { $tot = total_posts($user); if ($tot) { - row2(tra("Message boards"), "id\">".tra("%1 posts", $tot).""); + row2(tra("Message boards"), "id\">".tra("%1 posts", $tot).""); } } @@ -370,7 +370,7 @@ function show_user_summary_public($user) { show_credit($user); if ($user->show_hosts) { - row2(tra("Computers"), "id\">".tra("View").""); + row2(tra("Computers"), "id\">".tra("View").""); } else { row2(tra("Computers"), tra("hidden")); } @@ -410,14 +410,14 @@ function community_links($clo, $logged_in_user){ if (!DISABLE_TEAMS) { if ($user->teamid && $team) { - row2(tra("Team"), "id\">$team->name"); + row2(tra("Team"), "id\">$team->name"); } else { row2(tra("Team"), tra("None")); } } if (!DISABLE_FORUMS) { if ($tot) { - row2(tra("Message boards"), "id\">".tra("%1 posts", $tot).""); + row2(tra("Message boards"), "id\">".tra("%1 posts", $tot).""); } } if ($logged_in_user && $logged_in_user->id != $user->id) { diff --git a/html/inc/util_ops.inc b/html/inc/util_ops.inc index 4227d61b2b..93280a8ef6 100644 --- a/html/inc/util_ops.inc +++ b/html/inc/util_ops.inc @@ -76,7 +76,7 @@ function c_row2($color, $x, $y) { function show_profile_link_ops($user) { if ($user->has_profile) { row2("Profile", - "id\">View" + "id\">View" ); } } diff --git a/html/ops/badge_admin.php b/html/ops/badge_admin.php index 6bdb13305e..6bf7b79099 100644 --- a/html/ops/badge_admin.php +++ b/html/ops/badge_admin.php @@ -52,7 +52,7 @@ function show_form() { if (strstr($badge->image_url, "http") == $badge->image_url) { $y = $badge->image_url; } else { - $y = URL_BASE.$badge->image_url; + $y = url_base().$badge->image_url; } $x = " "; } diff --git a/html/ops/error_summary.php b/html/ops/error_summary.php index fefe0ce3f8..3c1d9d582c 100644 --- a/html/ops/error_summary.php +++ b/html/ops/error_summary.php @@ -60,7 +60,7 @@ foreach ($error_codes as $code => $x) { $j = 0; foreach ($results as $r) { if ($j++ >= $nresults_per_code) break; - echo " id>$r->id
\n"; + echo " id>$r->id
\n"; } } page_tail(); diff --git a/html/ops/failure_result_summary_by_host.php b/html/ops/failure_result_summary_by_host.php index 04cb982260..079ba8663f 100644 --- a/html/ops/failure_result_summary_by_host.php +++ b/html/ops/failure_result_summary_by_host.php @@ -72,7 +72,7 @@ table_header( while ($res = _mysql_fetch_object($result)) { table_row( app_version_desc($res->app_version_id), - "Host_ID>$res->Host_ID", + "Host_ID>$res->Host_ID", $res->OS_Version, $res->Results_Today, "Host_ID&app_version_id=$res->app_version_id&server_state=5&outcome=3>$res->error_count" ); diff --git a/html/ops/index.php b/html/ops/index.php index aa9c6e0dec..1ca186a2de 100644 --- a/html/ops/index.php +++ b/html/ops/index.php @@ -129,11 +129,11 @@ echo " User management