From 04cf742eaa4cedeadca9e46cc747e34899ed263c Mon Sep 17 00:00:00 2001 From: cash Date: Mon, 18 Feb 2013 10:27:43 -0500 Subject: Fixes #5057 sets width for IE7 --- views/default/css/ie7.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'views/default/css') diff --git a/views/default/css/ie7.php b/views/default/css/ie7.php index db0125b4b..5ef90a90b 100644 --- a/views/default/css/ie7.php +++ b/views/default/css/ie7.php @@ -62,4 +62,8 @@ .elgg-module-walledgarden > .elgg-head, .elgg-module-walledgarden > .elgg-foot { width: 530px; -} \ No newline at end of file +} + +input, textarea { + width: 98%; +} -- cgit v1.2.3 From 2cc3a9e7d7721b0051bf261ca922972075b72d3c Mon Sep 17 00:00:00 2001 From: cash Date: Mon, 18 Feb 2013 10:34:31 -0500 Subject: Fixes #5056 fixes tag wrapping on IE7 --- views/default/css/ie7.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'views/default/css') diff --git a/views/default/css/ie7.php b/views/default/css/ie7.php index 5ef90a90b..229df8431 100644 --- a/views/default/css/ie7.php +++ b/views/default/css/ie7.php @@ -67,3 +67,8 @@ input, textarea { width: 98%; } + +.elgg-tag a { + /* IE7 had a weird wrapping issue for tags */ + word-wrap: normal; +} -- cgit v1.2.3 From 3736c93fb6e3910a592b037d961367180edd542e Mon Sep 17 00:00:00 2001 From: cash Date: Fri, 8 Mar 2013 13:04:07 -0500 Subject: Fixes #4464 adds hover for selecting with arrow keys --- views/default/css/admin.php | 4 ++++ views/default/css/elements/forms.php | 4 ++++ 2 files changed, 8 insertions(+) (limited to 'views/default/css') diff --git a/views/default/css/admin.php b/views/default/css/admin.php index 059e51dd6..ceeac71a2 100644 --- a/views/default/css/admin.php +++ b/views/default/css/admin.php @@ -624,6 +624,10 @@ a.elgg-button { text-decoration: none; color: #4690D6; } +.ui-autocomplete a.ui-state-hover { + background-color: #eee; + display: block; +} /* *************************************** USER PICKER diff --git a/views/default/css/elements/forms.php b/views/default/css/elements/forms.php index 2fc156447..f55e57fb4 100644 --- a/views/default/css/elements/forms.php +++ b/views/default/css/elements/forms.php @@ -267,6 +267,10 @@ input[type="radio"] { text-decoration: none; color: #4690D6; } +.ui-autocomplete a.ui-state-hover { + background-color: #eee; + display: block; +} /* *************************************** USER PICKER -- cgit v1.2.3 From 64b411dbb879000649967b22508ff925033de718 Mon Sep 17 00:00:00 2001 From: Tom Date: Fri, 22 Mar 2013 09:49:00 +0100 Subject: Update navigation.php --- views/default/css/elements/navigation.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'views/default/css') diff --git a/views/default/css/elements/navigation.php b/views/default/css/elements/navigation.php index 62f370069..43da99dff 100644 --- a/views/default/css/elements/navigation.php +++ b/views/default/css/elements/navigation.php @@ -16,7 +16,8 @@ text-align: center; } .elgg-pagination li { - display: inline; + display: inline-block; + height: 16px; margin: 0 6px 0 0; text-align: center; } -- cgit v1.2.3 From fb6740130460560c88ab0f61a14fededb73a5950 Mon Sep 17 00:00:00 2001 From: Tom Date: Fri, 22 Mar 2013 09:49:48 +0100 Subject: Update ie7.php --- views/default/css/ie7.php | 1 + 1 file changed, 1 insertion(+) (limited to 'views/default/css') diff --git a/views/default/css/ie7.php b/views/default/css/ie7.php index 229df8431..90274797d 100644 --- a/views/default/css/ie7.php +++ b/views/default/css/ie7.php @@ -24,6 +24,7 @@ .elgg-menu-footer > li > a, .elgg-menu-footer li, .elgg-menu-general > li > a, +.elgg-pagination li, .elgg-menu-general li { display: inline; } -- cgit v1.2.3 From 5a8e0b7d91c20b842d7414036bd6a1e04f4f2fcc Mon Sep 17 00:00:00 2001 From: Steve Clay Date: Sun, 24 Mar 2013 19:07:27 -0400 Subject: Prevent pagination LIs from overlapping when wrapping --- views/default/css/elements/navigation.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'views/default/css') diff --git a/views/default/css/elements/navigation.php b/views/default/css/elements/navigation.php index 43da99dff..49e36e494 100644 --- a/views/default/css/elements/navigation.php +++ b/views/default/css/elements/navigation.php @@ -17,7 +17,6 @@ } .elgg-pagination li { display: inline-block; - height: 16px; margin: 0 6px 0 0; text-align: center; } @@ -25,7 +24,8 @@ -webkit-border-radius: 4px; -moz-border-radius: 4px; border-radius: 4px; - + + display: block; padding: 2px 6px; color: #4690d6; border: 1px solid #4690d6; -- cgit v1.2.3 From 095f1ca873a6569b37cfac7998109cbaf83d3af2 Mon Sep 17 00:00:00 2001 From: Jeff Tilson Date: Thu, 4 Apr 2013 12:44:32 -0400 Subject: Fix CSS typo preventing elgg-menu-annotation style from applying to annotation menus --- views/default/css/admin.php | 2 +- views/default/css/elements/navigation.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'views/default/css') diff --git a/views/default/css/admin.php b/views/default/css/admin.php index ceeac71a2..8197f29de 100644 --- a/views/default/css/admin.php +++ b/views/default/css/admin.php @@ -1003,7 +1003,7 @@ a.elgg-button { ENTITY MENU *************************************** */ -.elgg-menu-entity, elgg-menu-annotation { +.elgg-menu-entity, .elgg-menu-annotation { float: right; margin-left: 15px; font-size: 90%; diff --git a/views/default/css/elements/navigation.php b/views/default/css/elements/navigation.php index 49e36e494..6b29e4c19 100644 --- a/views/default/css/elements/navigation.php +++ b/views/default/css/elements/navigation.php @@ -450,7 +450,7 @@ ENTITY AND ANNOTATION *************************************** */ -.elgg-menu-entity, elgg-menu-annotation { +.elgg-menu-entity, .elgg-menu-annotation { float: right; margin-left: 15px; font-size: 90%; -- cgit v1.2.3 From 947b5d167698a256a6f7ecbc6b109872ac2bbd91 Mon Sep 17 00:00:00 2001 From: cash Date: Sat, 20 Apr 2013 12:58:38 -0400 Subject: Fixes #5383 setting width on textarea from input/longtext --- views/default/css/admin.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'views/default/css') diff --git a/views/default/css/admin.php b/views/default/css/admin.php index 8197f29de..3896ded5d 100644 --- a/views/default/css/admin.php +++ b/views/default/css/admin.php @@ -446,7 +446,8 @@ input { .elgg-input-text, .elgg-input-tags, .elgg-input-url, -.elgg-input-plaintext { +.elgg-input-plaintext, +.elgg-input-longtext { width: 98%; } textarea { -- cgit v1.2.3 From f766c76ba915af714bf6a8f1c71abfc9f7b5f097 Mon Sep 17 00:00:00 2001 From: cash Date: Tue, 28 May 2013 18:20:50 -0400 Subject: Fixes #5430 adds work around for IE8 for jumping avatars --- views/default/css/ie.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'views/default/css') diff --git a/views/default/css/ie.php b/views/default/css/ie.php index 4bddd4d55..34ececa89 100644 --- a/views/default/css/ie.php +++ b/views/default/css/ie.php @@ -6,3 +6,11 @@ .elgg-avatar { display: block; } + +/* ie8 adds space to the top of .elgg-gallery which causes jumpiness if this is display: block; */ +.elgg-gallery .elgg-avatar > a > img { + display: inline-block; +} +.elgg-gallery .elgg-avatar > .elgg-icon-hover-menu { + bottom: 4px; +} -- cgit v1.2.3 From e98f933857548be9cd078416a93011ea9c2f3e3a Mon Sep 17 00:00:00 2001 From: Steve Clay Date: Mon, 10 Jun 2013 23:16:45 -0400 Subject: Allow regenerating site secret --- actions/admin/site/regenerate_secret.php | 11 ++ engine/classes/ElggCrypto.php | 134 +++++++++++++++++++++ engine/lib/actions.php | 27 ++++- engine/lib/admin.php | 2 + ...3060900-1.8.15-site_secret-404fc165cf9e0ac9.php | 13 ++ languages/en.php | 18 ++- .../admin/settings/advanced/site_secret.php | 11 ++ views/default/css/admin.php | 20 +++ .../default/forms/admin/site/regenerate_secret.php | 24 ++++ 9 files changed, 257 insertions(+), 3 deletions(-) create mode 100644 actions/admin/site/regenerate_secret.php create mode 100644 engine/classes/ElggCrypto.php create mode 100644 engine/lib/upgrades/2013060900-1.8.15-site_secret-404fc165cf9e0ac9.php create mode 100644 views/default/admin/settings/advanced/site_secret.php create mode 100644 views/default/forms/admin/site/regenerate_secret.php (limited to 'views/default/css') diff --git a/actions/admin/site/regenerate_secret.php b/actions/admin/site/regenerate_secret.php new file mode 100644 index 000000000..3112fb5f3 --- /dev/null +++ b/actions/admin/site/regenerate_secret.php @@ -0,0 +1,11 @@ +='); + } + // /dev/urandom is available on many *nix systems and is considered the + // best commonly available pseudo-random source. + if ($fh = @fopen('/dev/urandom', 'rb')) { + // PHP only performs buffered reads, so in reality it will always read + // at least 4096 bytes. Thus, it costs nothing extra to read and store + // that much so as to speed any additional invocations. + $bytes .= fread($fh, max(4096, $count)); + fclose($fh); + } elseif ($php_compatible && function_exists('openssl_random_pseudo_bytes')) { + // openssl_random_pseudo_bytes() will find entropy in a system-dependent + // way. + $bytes .= openssl_random_pseudo_bytes($count - strlen($bytes)); + } + // If /dev/urandom is not available or returns no bytes, this loop will + // generate a good set of pseudo-random bytes on any system. + // Note that it may be important that our $random_state is passed + // through hash() prior to being rolled into $output, that the two hash() + // invocations are different, and that the extra input into the first one - + // the microtime() - is prepended rather than appended. This is to avoid + // directly leaking $random_state via the $output stream, which could + // allow for trivial prediction of further "random" numbers. + while (strlen($bytes) < $count) { + $random_state = hash('sha256', microtime() . mt_rand() . $random_state); + $bytes .= hash('sha256', mt_rand() . $random_state, true); + } + } + $output = substr($bytes, 0, $count); + $bytes = substr($bytes, $count); + return $output; + } + + /** + * Generate a random string of specified length. + * + * Uses supplied character list for generating the new string. + * If no character list provided - uses Base64 URL character set. + * + * @param int $length Desired length of the string + * @param string|null $chars Characters to be chosen from randomly. If not given, the Base64 URL + * charset will be used. + * + * @return string The random string + * + * @throws InvalidArgumentException + * + * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com) + * @license http://framework.zend.com/license/new-bsd New BSD License + * + * @see https://github.com/zendframework/zf2/blob/master/library/Zend/Math/Rand.php#L179 + */ + public static function getRandomString($length, $chars = null) + { + if ($length < 1) { + throw new InvalidArgumentException('Length should be >= 1'); + } + + if (empty($chars)) { + $numBytes = ceil($length * 0.75); + $bytes = self::getRandomBytes($numBytes); + $string = substr(rtrim(base64_encode($bytes), '='), 0, $length); + + // Base64 URL + return strtr($string, '+/', '-_'); + } + + $listLen = strlen($chars); + + if ($listLen == 1) { + return str_repeat($chars, $length); + } + + $bytes = self::getRandomBytes($length); + $pos = 0; + $result = ''; + for ($i = 0; $i < $length; $i++) { + $pos = ($pos + ord($bytes[$i])) % $listLen; + $result .= $chars[$pos]; + } + + return $result; + } +} diff --git a/engine/lib/actions.php b/engine/lib/actions.php index 56936f582..8047914ac 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -364,16 +364,19 @@ function generate_action_token($timestamp) { } /** - * Initialise the site secret hash. + * Initialise the site secret (32 bytes: "z" to indicate format + 186-bit key in Base64 URL). * * Used during installation and saves as a datalist. * + * Note: Old secrets were hex encoded. + * * @return mixed The site secret hash or false * @access private * @todo Move to better file. */ function init_site_secret() { - $secret = md5(rand() . microtime()); + $secret = 'z' . ElggCrypto::getRandomString(31); + if (datalist_set('__site_secret__', $secret)) { return $secret; } @@ -399,6 +402,26 @@ function get_site_secret() { return $secret; } +/** + * Get the strength of the site secret + * + * @return string "strong", "moderate", or "weak" + * @access private + */ +function _elgg_get_site_secret_strength() { + $secret = get_site_secret(); + if ($secret[0] !== 'z') { + $rand_max = getrandmax(); + if ($rand_max < pow(2, 16)) { + return 'weak'; + } + if ($rand_max < pow(2, 32)) { + return 'moderate'; + } + } + return 'strong'; +} + /** * Check if an action is registered and its script exists. * diff --git a/engine/lib/admin.php b/engine/lib/admin.php index 7f82108c0..f36f29668 100644 --- a/engine/lib/admin.php +++ b/engine/lib/admin.php @@ -236,6 +236,7 @@ function admin_init() { elgg_register_action('admin/site/update_advanced', '', 'admin'); elgg_register_action('admin/site/flush_cache', '', 'admin'); elgg_register_action('admin/site/unlock_upgrade', '', 'admin'); + elgg_register_action('admin/site/regenerate_secret', '', 'admin'); elgg_register_action('admin/menu/save', '', 'admin'); @@ -291,6 +292,7 @@ function admin_init() { elgg_register_admin_menu_item('configure', 'settings', null, 100); elgg_register_admin_menu_item('configure', 'basic', 'settings', 10); elgg_register_admin_menu_item('configure', 'advanced', 'settings', 20); + elgg_register_admin_menu_item('configure', 'advanced/site_secret', 'settings', 25); elgg_register_admin_menu_item('configure', 'menu_items', 'appearance', 30); elgg_register_admin_menu_item('configure', 'profile_fields', 'appearance', 40); // default widgets is added via an event handler elgg_default_widgets_init() in widgets.php diff --git a/engine/lib/upgrades/2013060900-1.8.15-site_secret-404fc165cf9e0ac9.php b/engine/lib/upgrades/2013060900-1.8.15-site_secret-404fc165cf9e0ac9.php new file mode 100644 index 000000000..b5b614762 --- /dev/null +++ b/engine/lib/upgrades/2013060900-1.8.15-site_secret-404fc165cf9e0ac9.php @@ -0,0 +1,13 @@ + 'Settings', 'admin:settings:basic' => 'Basic Settings', 'admin:settings:advanced' => 'Advanced Settings', + 'admin:settings:advanced/site_secret' => 'Site Secret', 'admin:site:description' => "This admin panel allows you to control global settings for your site. Choose an option below to get started.", + 'admin:settings:advanced:site_secret' => 'Site Secret', 'admin:site:opt:linktext' => "Configure site...", 'admin:site:access:warning' => "Changing the access setting only affects the permissions on content created in the future.", + 'admin:site:secret:intro' => 'Elgg uses a key to create security tokens for various purposes.', + 'admin:site:secret_regenerated' => "Your site secret has been regenerated.", + 'admin:site:secret:regenerate' => "Regenerate site secret", + 'admin:site:secret:regenerate:help' => "Note: This may inconvenience some users by invalidating tokens used in \"remember me\" cookies, e-mail validation requests, invitation codes, etc.", + 'site_secret:current_strength' => 'Key Strength', + 'site_secret:strength:weak' => "Weak", + 'site_secret:strength_msg:weak' => "We strongly recommend that you regenerate your site secret.", + 'site_secret:strength:moderate' => "Moderate", + 'site_secret:strength_msg:moderate' => "We recommend you regenerate your site secret for the best site security.", + 'site_secret:strength:strong' => "Strong", + 'site_secret:strength_msg:strong' => "✓ Your site secret is sufficiently strong.", + 'admin:dashboard' => 'Dashboard', 'admin:widget:online_users' => 'Online users', 'admin:widget:online_users:help' => 'Lists the users currently on the site', @@ -1064,7 +1078,7 @@ Once you have logged in, we highly recommend that you change your password. 'upgrade:unlock' => 'Unlock upgrade', 'upgrade:unlock:confirm' => "The database is locked for another upgrade. Running concurrent upgrades is dangerous. You should only continue if you know there is not another upgrade running. Unlock?", 'upgrade:locked' => "Cannot upgrade. Another upgrade is running. To clear the upgrade lock, visit the Admin section.", - 'upgrade:unlock:success' => "Upgrade unlocked suscessfully.", + 'upgrade:unlock:success' => "Upgrade unlocked successfully.", 'upgrade:unable_to_upgrade' => 'Unable to upgrade.', 'upgrade:unable_to_upgrade_info' => 'This installation cannot be upgraded because legacy views @@ -1079,6 +1093,8 @@ Once you have logged in, we highly recommend that you change your password. 'update:twitter_api:deactivated' => 'Twitter API (previously Twitter Service) was deactivated during the upgrade. Please activate it manually if required.', 'update:oauth_api:deactivated' => 'OAuth API (previously OAuth Lib) was deactivated during the upgrade. Please activate it manually if required.', + 'upgrade:site_secret_warning:moderate' => "You are encouraged to regenerate your site key to improve system security. See Configure > Site Secret", + 'upgrade:site_secret_warning:weak' => "You are strongly encouraged to regenerate your site key to improve system security. See Configure > Site Secret", 'deprecated:function' => '%s() was deprecated by %s()', diff --git a/views/default/admin/settings/advanced/site_secret.php b/views/default/admin/settings/advanced/site_secret.php new file mode 100644 index 000000000..e70ac7ab6 --- /dev/null +++ b/views/default/admin/settings/advanced/site_secret.php @@ -0,0 +1,11 @@ + _elgg_get_site_secret_strength(), +)); diff --git a/views/default/css/admin.php b/views/default/css/admin.php index 3896ded5d..c435621b2 100644 --- a/views/default/css/admin.php +++ b/views/default/css/admin.php @@ -1543,6 +1543,26 @@ table.mceLayout { margin: 0 0 1em 2em; } +/* *************************************** + SITE SECRET +*************************************** */ +.elgg-form-admin-site-regenerate-secret table { + width: 60%; + margin: 1em auto; +} +td.elgg-strength-strong, +td.elgg-strength-strong h4 { + background: #DFF0D8; color: #468847; +} +td.elgg-strength-moderate, +td.elgg-strength-moderate h4 { + background: #FCF8E3; color: #C09853; +} +td.elgg-strength-weak, +td.elgg-strength-weak h4 { + background: #F2DEDE; color: #B94A48; +} + /* *************************************** HELPERS *************************************** */ diff --git a/views/default/forms/admin/site/regenerate_secret.php b/views/default/forms/admin/site/regenerate_secret.php new file mode 100644 index 000000000..af269b801 --- /dev/null +++ b/views/default/forms/admin/site/regenerate_secret.php @@ -0,0 +1,24 @@ + +

+ + + + + + +
+

+
+
+ +
+ elgg_echo('admin:site:secret:regenerate'), + 'class' => 'elgg-requires-confirmation elgg-button elgg-button-submit', + )); ?> +

+
-- cgit v1.2.3 From 55c39ae0980bced8a03739fc25c6d876979d3572 Mon Sep 17 00:00:00 2001 From: Steve Clay Date: Sat, 23 Nov 2013 18:35:11 -0500 Subject: Removes border-radius from radios/checkboxes --- views/default/css/elements/forms.php | 1 + 1 file changed, 1 insertion(+) (limited to 'views/default/css') diff --git a/views/default/css/elements/forms.php b/views/default/css/elements/forms.php index f55e57fb4..068cc8fd6 100644 --- a/views/default/css/elements/forms.php +++ b/views/default/css/elements/forms.php @@ -69,6 +69,7 @@ input[type="radio"] { margin:0 3px 0 0; padding:0; border:none; + border-radius:0; width:auto; } .elgg-input-checkboxes.elgg-horizontal li, -- cgit v1.2.3