From d10aaf8ffd9b5a4bae7c8c4ea5eac6b87638fabb Mon Sep 17 00:00:00 2001 From: Garvin Hicking Date: Tue, 3 Apr 2018 11:16:41 +0200 Subject: [PATCH 1/3] Add new "legal" properties for affected plugins. Disable subtome by default. --- docs/NEWS | 6 ++++ .../serendipity_event_entryproperties.php | 15 +++++++++ .../serendipity_event_spamblock.php | 30 +++++++++++++++++ .../serendipity_event_spartacus.php | 33 +++++++++++++++++++ .../serendipity_event_templatechooser.php | 18 ++++++++++ .../serendipity_plugin_remoterss.php | 22 +++++++++++++ .../serendipity_plugin_syndication.php | 28 +++++++++++++++- 7 files changed, 151 insertions(+), 1 deletion(-) diff --git a/docs/NEWS b/docs/NEWS index 6ca58762..40f44e9d 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -33,6 +33,12 @@ Version 2.1.3 () * Fix SQL compatibility for creating of table "serendipity_groupconfig" + * Added new "legal" plugin property bag attribute to indicate + impact for the GDPR / DSGVO, used in conjunction with the + serendipity_event_gdpr_dsgvo plugin + + * Disabled subToMe service by default to prevent issues with GDPR + Version 2.1.2 (March 25, 2018)) ------------------------------------------------------------------------ diff --git a/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php b/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php index ab43b5eb..fcb664e9 100644 --- a/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php +++ b/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php @@ -47,6 +47,21 @@ class serendipity_event_entryproperties extends serendipity_event )); $propbag->add('groups', array('BACKEND_EDITOR')); $propbag->add('configuration', array('cache', 'sequence', 'use_groups', 'use_users', 'use_ext_joins', 'default_read', 'customfields')); + + $propbag->add('legal', array( + 'services' => array(), + 'frontend' => array( + 'If password protected entries are used, the password can be sent by the visitor and if access is granted, this is stored in a session variable.', + ), + 'cookies' => array( + 'Uses PHP session cookie for potential session storage whether access to a password-protected entry is granted' + ), + 'stores_user_input' => false, + 'stores_ip' => false, + 'uses_ip' => false, + 'transmits_user_input' => true + )); + } function introspect_config_item($name, &$propbag) diff --git a/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php b/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php index 9879106f..a12c968f 100644 --- a/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php +++ b/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php @@ -97,6 +97,36 @@ class serendipity_event_spamblock extends serendipity_event 'urls' => '8gold\.com;911easymoney\.com;canadianlabels\.net;condodream\.com;crepesuzette\.com;debt-help-bill-consolidation-elimination\.com;fidelityfunding\.net;flafeber\.com;gb\.com;houseofsevengables\.com;instant-quick-money-cash-advance-personal-loans-until-pay-day\.com;mediavisor\.com;newtruths\.com;oiline\.com;onlinegamingassociation\.com;online\-+poker\.com;popwow\.com;royalmailhotel\.com;spoodles\.com;sportsparent\.com;stmaryonline\.org;thatwhichis\.com;tmsathai\.org;uaeecommerce\.com;learnhowtoplay\.com', 'words' => 'very good site!;Real good stuff!' ); + + $propbag->add('legal', array( + 'services' => array( + 'akismet' => array( + 'url' => 'https://www.akismet.com', + 'desc' => 'Transmits comment data (and metadata) to check whether it is spam: User-Agent, HTTP Referer, IP [can be anonymized], Author name [can be anonymized], Author mail [can be anonymized], Author URL [can be anonymized], comment body' + ), + 'tpas' => array( + 'url' => 'http://api.antispam.typepad.com/', + 'desc' => 'Transmits comment data (and metadata) to check whether it is spam: User-Agent, HTTP Referer, IP [can be anonymized], Author name [can be anonymized], Author mail [can be anonymized], Author URL [can be anonymized], comment body' + ) + ), + 'frontend' => array( + 'To check a comment for spam, the Akismet/Typepad service can be enabled and receives comment data of the user and its metadata: User-Agent, HTTP Referer, IP [can be anonymized], Author name [can be anonymized], Author mail [can be anonymized], Author URL [can be anonymized], comment body.', + 'Submitted and also rejected comments can be saved to a logfile.', + 'When Captchas are enabled, the displayed graphic key is stored in the session data and uses a PHP session cookie.' + ), + 'backend' => array( + 'To report a comment for spam, the Akismet/Typepad service can be enabled and receives comment data of the user and its metadata: User-Agent, HTTP Referer, IP [can be anonymized], Author name [can be anonymized], Author mail [can be anonymized], Author URL [can be anonymized], comment body.', + ), + 'cookies' => array( + 'When Captchas are enabled, the displayed graphic key is stored in the session data and uses a PHP session cookie.' + ), + 'stores_user_input' => true, + 'stores_ip' => true, + 'uses_ip' => true, + 'transmits_user_input' => true + )); + + } function introspect_config_item($name, &$propbag) diff --git a/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php b/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php index fdb8bf93..91fcc089 100644 --- a/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php +++ b/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php @@ -48,6 +48,39 @@ class serendipity_event_spartacus extends serendipity_event $propbag->add('groups', array('BACKEND_FEATURES')); $propbag->add('configuration', array('enable_plugins', 'enable_themes', 'enable_remote', 'remote_url', 'cronjob', 'mirror_xml', 'mirror_files', 'custommirror', 'chown', 'chmod_files', 'chmod_dir', 'use_ftp', 'ftp_server', 'ftp_username', 'ftp_password', 'ftp_basedir')); + $propbag->add('legal', array( + 'services' => array( + 'spartacus' => array( + 'url' => 'http://spartacus.s9y.org', + 'desc' => 'Package server for plugin downloads' + ), + 'github.com' => array( + 'url' => 'https://www.github.com', + 'desc' => 'Package server for plugin downloads' + ), + 's9y.org' => array( + 'url' => 'http://www.s9y.org', + 'desc' => 'Package server for plugin downloads' + ), + 'sourceforge.net' => array( + 'url' => 'http://www.sourceforget.net', + 'desc' => 'Package server for plugin downloads' + ) + ), + 'frontend' => array( + ), + 'backend' => array( + 'Allows to download plugins from configured remote sources from the webserver, may also connect via FTP to a configured server.' + ), + 'cookies' => array( + ), + 'stores_user_input' => false, + 'stores_ip' => false, + 'uses_ip' => false, + 'transmits_user_input' => false + )); + + } function generate_content(&$title) diff --git a/plugins/serendipity_event_templatechooser/serendipity_event_templatechooser.php b/plugins/serendipity_event_templatechooser/serendipity_event_templatechooser.php index 7de2cc24..74ac7ba7 100644 --- a/plugins/serendipity_event_templatechooser/serendipity_event_templatechooser.php +++ b/plugins/serendipity_event_templatechooser/serendipity_event_templatechooser.php @@ -27,6 +27,24 @@ class serendipity_event_templatechooser extends serendipity_event $propbag->add('groups', array('BACKEND_TEMPLATES')); $propbag->add('event_hooks', array('frontend_configure' => true)); + $propbag->add('legal', array( + 'services' => array( + ), + 'frontend' => array( + 'To allow the visitor to pick a custom theme, the selected theme name is stored in a cookie', + ), + 'backend' => array( + ), + 'cookies' => array( + 'To allow the visitor to pick a custom theme, the selected theme name is stored in a cookie', + ), + 'stores_user_input' => false, + 'stores_ip' => false, + 'uses_ip' => false, + 'transmits_user_input' => false + )); + + // Register (multiple) dependencies. KEY is the name of the depending plugin. VALUE is a mode of either 'remove' or 'keep'. // If the mode 'remove' is set, removing the plugin results in a removal of the depending plugin. 'Keep' meens to // not touch the depending plugin. diff --git a/plugins/serendipity_plugin_remoterss/serendipity_plugin_remoterss.php b/plugins/serendipity_plugin_remoterss/serendipity_plugin_remoterss.php index 35cff8a5..d6886b20 100644 --- a/plugins/serendipity_plugin_remoterss/serendipity_plugin_remoterss.php +++ b/plugins/serendipity_plugin_remoterss/serendipity_plugin_remoterss.php @@ -286,6 +286,28 @@ class serendipity_plugin_remoterss extends serendipity_plugin )); $propbag->add('configuration', array('sidebartitle', 'feedtype', 'template', 'rssuri', 'show_rss_element', 'smarty', 'number', 'use_rss_link', 'escape_rss', 'displaydate', 'dateformat', 'charset', 'target', 'cachetime', 'bulletimg', 'markup')); $propbag->add('groups', array('FRONTEND_EXTERNAL_SERVICES')); + + $propbag->add('legal', array( + 'services' => array( + 'any' => array( + 'url' => '#', + 'desc' => 'Any configured URL will be called to fetch RSS/OPML data from' + ), + ), + 'frontend' => array( + 'To display RSS/OPML feeds, the server can connect to any other server. No specific user data is transmitted.', + ), + 'backend' => array( + ), + 'cookies' => array( + ), + 'stores_user_input' => false, + 'stores_ip' => false, + 'uses_ip' => false, + 'transmits_user_input' => false + )); + + } function introspect_config_item($name, &$propbag) diff --git a/plugins/serendipity_plugin_syndication/serendipity_plugin_syndication.php b/plugins/serendipity_plugin_syndication/serendipity_plugin_syndication.php index a60e9786..e9e26817 100644 --- a/plugins/serendipity_plugin_syndication/serendipity_plugin_syndication.php +++ b/plugins/serendipity_plugin_syndication/serendipity_plugin_syndication.php @@ -30,6 +30,32 @@ class serendipity_plugin_syndication extends serendipity_plugin { ) ); $propbag->add('groups', array('FRONTEND_VIEWS')); + + $propbag->add('legal', array( + 'services' => array( + 'subtome' => array( + 'url' => 'https://www.subtome.com', + 'desc' => 'Enables visitors to easily subscribe to RSS feeds. The visitor loads a JavaScript from their servers, thus the IP address will be known to the service.' + ), + 'feedburner.com' => array( + 'url' => 'https://www.feedburner.com', + 'desc' => 'Feedburner can be used to track your feed subscription statistics. If used, a tracking pixel is loaded from FeedBurner.com servers and the IP address of the visitor will be known to the service.' + ), + ), + 'frontend' => array( + 'To allow easy subscription to feeds and optional tracking statistics, the subtome or feedburner services can be used.', + ), + 'backend' => array( + ), + 'cookies' => array( + ), + 'stores_user_input' => false, + 'stores_ip' => false, + 'uses_ip' => true, + 'transmits_user_input' => true + )); + + } function introspect_config_item($name, &$propbag) @@ -107,7 +133,7 @@ class serendipity_plugin_syndication extends serendipity_plugin { $propbag->add('type', 'boolean'); $propbag->add('name', SYNDICATION_PLUGIN_SUBTOME); $propbag->add('description', SYNDICATION_PLUGIN_SUBTOME_DESC); - $propbag->add('default', true); + $propbag->add('default', false); break; case 'custom_url': From c40aafcd1aaefc3ba6026b832b36f8f434ac2903 Mon Sep 17 00:00:00 2001 From: Garvin Hicking Date: Tue, 3 Apr 2018 11:19:25 +0200 Subject: [PATCH 2/3] Backport --- .../serendipity_event_gravatar.php | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/plugins/serendipity_event_gravatar/serendipity_event_gravatar.php b/plugins/serendipity_event_gravatar/serendipity_event_gravatar.php index 46c98627..e3e8fc27 100755 --- a/plugins/serendipity_event_gravatar/serendipity_event_gravatar.php +++ b/plugins/serendipity_event_gravatar/serendipity_event_gravatar.php @@ -49,6 +49,57 @@ class serendipity_event_gravatar extends serendipity_event 'external_plugin' => true, 'css' => true, )); + + $propbag->add('legal', array( + 'services' => array( + 'gravatar' => array( + 'url' => 'https://developers.google.com/recaptcha/', + 'desc' => 'Transmits comment data to retrieve unique avatar for a user.' + ), + 'favatar' => array( + 'url' => 'http://www.peej.co.uk/projects/favatars.html', + 'desc' => 'Transmits comment data to retrieve unique avatar for a user.' + ), + 'pavatar' => array( + 'url' => 'http://www.pavatar.com', + 'desc' => 'Transmits comment data to retrieve unique avatar for a user.' + ), + 'twitter' => array( + 'url' => 'http://www.twitter.com', + 'desc' => 'Transmits comment data to retrieve unique avatar for a user.' + ), + 'identica' => array( + 'url' => 'http://identi.ca', + 'desc' => 'Transmits comment data to retrieve unique avatar for a user.' + ), + 'monsterid' => array( + 'url' => 'http://www.splitbrain.org/go/monsterid', + 'desc' => 'Transmits comment data to retrieve unique avatar for a user.' + ), + 'identicon' => array( + 'url' => 'http://scott.sherrillmix.com/blog/blogger/wp_identicon/', + 'desc' => 'Transmits comment data to retrieve unique avatar for a user.' + ), + 'wavatars' => array( + 'url' => 'http://www.shamusyoung.com/twentysidedtale/?p=1462', + 'desc' => 'Transmits comment data to retrieve unique avatar for a user.' + ), + + ), + 'frontend' => array( + 'To display unique avatar images for blog comments, data specific to the correspondig service is transmitted to retrieve the proper avatar.', + ), + 'backend' => array( + ), + 'cookies' => array( + ), + 'stores_user_input' => true, + 'stores_ip' => false, + 'uses_ip' => true, + 'transmits_user_input' => true + )); + + $configuration = array('longdescription', 'separator'); $config_methods = array(); for ($idx=1; $idx<=PLUGIN_EVENT_GRAVATAR_METHOD_MAX; $idx++) { From 5f5d809b1089ee7e5c04f45d01dc7f292c5e16f4 Mon Sep 17 00:00:00 2001 From: Garvin Hicking Date: Tue, 3 Apr 2018 11:21:25 +0200 Subject: [PATCH 3/3] upport --- plugins/serendipity_event_gravatar/ChangeLog | 4 ++++ .../serendipity_event_gravatar/serendipity_event_gravatar.php | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/plugins/serendipity_event_gravatar/ChangeLog b/plugins/serendipity_event_gravatar/ChangeLog index 0978ca59..b781e018 100644 --- a/plugins/serendipity_event_gravatar/ChangeLog +++ b/plugins/serendipity_event_gravatar/ChangeLog @@ -1,3 +1,7 @@ +Version 1.62.2: +------------------------------------------------------------------------ + * Add legal information to be used by serendipity_event_dsgvo_gpdr + Version 1.62.1: ------------------------------------------------------------------------ * Remove defunct mybloglog diff --git a/plugins/serendipity_event_gravatar/serendipity_event_gravatar.php b/plugins/serendipity_event_gravatar/serendipity_event_gravatar.php index e3e8fc27..b63c5115 100755 --- a/plugins/serendipity_event_gravatar/serendipity_event_gravatar.php +++ b/plugins/serendipity_event_gravatar/serendipity_event_gravatar.php @@ -8,7 +8,7 @@ if (IN_serendipity !== true) { @serendipity_plugin_api::load_language(dirname(__FILE__)); // Actual version of this plugin -@define('PLUGIN_EVENT_GRAVATAR_VERSION', '1.62.1'); // NOTE: This plugin is also in the central repository. Commit changes to the core, too :) +@define('PLUGIN_EVENT_GRAVATAR_VERSION', '1.62.2'); // NOTE: This plugin is also in the central repository. Commit changes to the core, too :) // Defines the maximum available method slots in the configuration. @define('PLUGIN_EVENT_GRAVATAR_METHOD_MAX', 6);