Files
@ 8d55669e05c2
Branch filter:
Location: SlatePermutate/inc/config.inc.example
8d55669e05c2
6.0 KiB
text/plain
Add some hacks to support pure HTTPS for WebAdvisor XSS automatic registration hack.
Instead of using a JSONP callback and PHP sessions to store the
TOKENIDX, the XSS script now just updates the URL parameter for the
WebAdvisor login page so that the TOKENIDX will be transferred to
webadvisor.php by a GET variable right when it is needed instead of
asynchronously.
A separate hack to help support HTTPS is that automatic uploading of
assets to Amazon S3 (which has HTTPS access) allows the XSS script to
be served over HTTPS. This eliminates the browser warnings about
accessing mixed secure/insecure content and, thus, hopefully supports
browsers which automatically block insecure content on secure pages.
Instead of using a JSONP callback and PHP sessions to store the
TOKENIDX, the XSS script now just updates the URL parameter for the
WebAdvisor login page so that the TOKENIDX will be transferred to
webadvisor.php by a GET variable right when it is needed instead of
asynchronously.
A separate hack to help support HTTPS is that automatic uploading of
assets to Amazon S3 (which has HTTPS access) allows the XSS script to
be served over HTTPS. This eliminates the browser warnings about
accessing mixed secure/insecure content and, thus, hopefully supports
browsers which automatically block insecure content on secure pages.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 | <?php /* -*- mode: php; -*- */
/*
* Copyright 2010 Nathan Phillip Brink <ohnobinki@ohnopublishing.net>
*
* This file is a part of slate_permutate.
*
* slate_permutate is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* slate_permutate is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with slate_permutate. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file
* \brief
* A file documenting available configuration options and their
* defaults.
*
* Copy this file to config.inc after installing
* slate_permutate. Uncomment any options whose defaults you want to
* change. The commented-out example options display, in most cases,
* the default values for the variables which will be used if they're
* not specified.
*/
/**
* \brief
* Use clean URLs for saved schedules. Default: FALSE.
*
* Before setting this to TRUE, make sure that you have read and
* understood ../.htaccess.example and copied it to ../.htaccess .
*/
/* $clean_urls = FALSE; */
/**
* \brief
* Specify the base URI if Slate Permutate's auto-detection doesn't work.
*/
/* $base_uri = 'http://example.com/slate_permutate/'; */
/**
* \brief
* Custom clean URLs for schedule sharing. $clean_urls must be enabled.
*
* This string should be set to a valid base URL that is rewritten
* to a valid slate_permutate installation. This feature will be
* extended in the future to support URL shorteners.
*/
/* $short_url_base = 'http://example.com/sp/'; */
/**
* \brief
* List of Google Analytics trackers to enable. Default: empty list.
*
* Set this to an array of Google Analytics tracker IDs if you want to
* analyze access to your slate_permutate installation.
*/
/* $ga_trackers = array(); */
/* $ga_trackers = array('UA-XXXXXXXX-X'); */
/**
* \brief
* An array of Google AdWords conversion ID and label value pairs.
*
* Set this so that the key of the array is the google_conversion_id
* and the value is the google_conversion_label. The conversion code
* is placed on the process.php page (the page that users visit when
* viewing their schedules).
*/
/* $ga_conversions = array('ddddddddd' => 'XXXXXXXXXXXX-XXXXXX', 'ddddddddd' => 'XXXXXXXXXXXX-XXXXXX'); */
/**
* \brief
* List of email addresses to send feedback form submissions to.
*
* Set this to a PHP array of email addresses to which feedback
* submissions should be mailed. Each separate array entry will cause
* a new email to be sent, so if you want everybody to recieve the
* same email and tobe listed on the To: header together, then place
* all of the emails in one array item but formatted as the value of a
* To: header with multiple addresses.
*/
/* $feedback_emails = array('ethanzonca@gmail.com, ngelderloos7@gmail.com, ohnobinki@ohnopublishing.net'); */
/* $feedback_emails = array('user@example.org'); */
/**
* \brief
* Whether or not to use SecureImage phpcaptcha.
*
* Set to TRUE to use SecureImage captcha, FALSE to not use
* it. Requires PHP library available from http://phpcaptcha.org/
* which may be placed in slate_permutate's lib/ directory or into the
* system PHP include path. If you are using the lib/ directory,
* ensure that securimage is accessible at
* lib/securimage/securimage.php .
*/
/* $use_captcha = FALSE; */
/**
* \brief
* Password to be used for administration page (admin.php)
*
*/
/* $admin_pass = ''; */
/**
* \brief
* Setting this variable true enables the administration page
*
*/
/* $admin_enable = FALSE; */
/**
* \brief
* Enable purging saved schedules through the admin/rehash.php
* script or web interface.
*
* Set to TRUE to enable this functionality. It is disabled by default
* because it causes irreparable information loss.
*/
/* $admin_enable_purge = FALSE; */
/**
* \brief
* Specify whether or not to always display qTips to users.
*
* Set to TRUE to display the qTips unconditionally. Set to FALSE to
* only show qTips to the user the first time he visits
* slate_permutate.
*
* The qTip is the little black box which tells a user to enter a
* course number into the input page. For casual users, it directs the
* attention to where the user should start. For advanced users, the
* whole concept may appear silly ;-).
*/
/* $qtips_always = FALSE; */
/**
* \brief
* Specify whether or not to log feedback to disk
*
* Set to TRUE to log to file in addition to email logging (if available).
* $feedback_disk_log_file must be set to a fully-qualified filepath.
*
*/
/* $feedback_disk_log = TRUE; */
/* $feedback_disk_log_file = "/var/log/sp-feedback.log"; */
/**
* \brief
* A banner to display to users on input.php for temporary warnings.
*
* Used to inform users about known data problems, etc.
*
* Set to a string to display a banner. Otherwise, set to FALSE to
* hide the banner. Must be a valid XHTML fragment which may be placed
* into a <div /> verbatim.
*/
/* $input_warning_banner = FALSE; */
/* $input_warning_banner = '<p>Warning: BIOL-111\'s autocomplete data does not include all sections. Please use <a href="http://csx.calvin.edu/sp/input.php?s=7578">schedule 7578</a> to get a correct BIOL-111 entry.</p>'; */
/**
* \brief
* Amazon S3 credentials for best-effort SSL hack.
*
* Setting S3 credentials will enable slate_permutate to serve certain
* content over an HTTPS connection for the (old) WebAdvisor XSS for
* automatic registration. You must specify a bucket name which is
* either nonexistent (available) or already owned by your S3 account.
*
* You must have installed the amazon-s3-php-class PHP library to take
* advantage of this feature.
*/
/* $s3_accesskey = ''; */
/* $s3_secretkey = ''; */
/* $s3_bucket = 'myslatepermutate'; */
|