From d10aaf8ffd9b5a4bae7c8c4ea5eac6b87638fabb Mon Sep 17 00:00:00 2001
From: Garvin Hicking <gh@faktor-e.de>
Date: Tue, 3 Apr 2018 11:16:41 +0200
Subject: [PATCH] Add new "legal" properties for affected plugins. Disable
subtome by default.
---
docs/NEWS | 6 ++++
.../serendipity_event_entryproperties.php | 15 +++++++++
.../serendipity_event_spamblock.php | 30 +++++++++++++++++
.../serendipity_event_spartacus.php | 33 +++++++++++++++++++
.../serendipity_event_templatechooser.php | 18 ++++++++++
.../serendipity_plugin_remoterss.php | 22 +++++++++++++
.../serendipity_plugin_syndication.php | 28 +++++++++++++++-
7 files changed, 151 insertions(+), 1 deletion(-)
diff --git a/docs/NEWS b/docs/NEWS
index 6ca58762..40f44e9d 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -33,6 +33,12 @@ Version 2.1.3 ()
* Fix SQL compatibility for creating of table "serendipity_groupconfig"
+ * Added new "legal" plugin property bag attribute to indicate
+ impact for the GDPR / DSGVO, used in conjunction with the
+ serendipity_event_gdpr_dsgvo plugin
+
+ * Disabled subToMe service by default to prevent issues with GDPR
+
Version 2.1.2 (March 25, 2018))
------------------------------------------------------------------------
diff --git a/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php b/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php
index ab43b5eb..fcb664e9 100644
--- a/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php
+++ b/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php
@@ -47,6 +47,21 @@ class serendipity_event_entryproperties extends serendipity_event
));
$propbag->add('groups', array('BACKEND_EDITOR'));
$propbag->add('configuration', array('cache', 'sequence', 'use_groups', 'use_users', 'use_ext_joins', 'default_read', 'customfields'));
+
+ $propbag->add('legal', array(
+ 'services' => array(),
+ 'frontend' => array(
+ 'If password protected entries are used, the password can be sent by the visitor and if access is granted, this is stored in a session variable.',
+ ),
+ 'cookies' => array(
+ 'Uses PHP session cookie for potential session storage whether access to a password-protected entry is granted'
+ ),
+ 'stores_user_input' => false,
+ 'stores_ip' => false,
+ 'uses_ip' => false,
+ 'transmits_user_input' => true
+ ));
+
}
function introspect_config_item($name, &$propbag)
diff --git a/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php b/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php
index 9879106f..a12c968f 100644
--- a/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php
+++ b/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php
@@ -97,6 +97,36 @@ class serendipity_event_spamblock extends serendipity_event
'urls' => '8gold\.com;911easymoney\.com;canadianlabels\.net;condodream\.com;crepesuzette\.com;debt-help-bill-consolidation-elimination\.com;fidelityfunding\.net;flafeber\.com;gb\.com;houseofsevengables\.com;instant-quick-money-cash-advance-personal-loans-until-pay-day\.com;mediavisor\.com;newtruths\.com;oiline\.com;onlinegamingassociation\.com;online\-+poker\.com;popwow\.com;royalmailhotel\.com;spoodles\.com;sportsparent\.com;stmaryonline\.org;thatwhichis\.com;tmsathai\.org;uaeecommerce\.com;learnhowtoplay\.com',
'words' => 'very good site!;Real good stuff!'
);
+
+ $propbag->add('legal', array(
+ 'services' => array(
+ 'akismet' => array(
+ 'url' => 'https://www.akismet.com',
+ 'desc' => 'Transmits comment data (and metadata) to check whether it is spam: User-Agent, HTTP Referer, IP [can be anonymized], Author name [can be anonymized], Author mail [can be anonymized], Author URL [can be anonymized], comment body'
+ ),
+ 'tpas' => array(
+ 'url' => 'http://api.antispam.typepad.com/',
+ 'desc' => 'Transmits comment data (and metadata) to check whether it is spam: User-Agent, HTTP Referer, IP [can be anonymized], Author name [can be anonymized], Author mail [can be anonymized], Author URL [can be anonymized], comment body'
+ )
+ ),
+ 'frontend' => array(
+ 'To check a comment for spam, the Akismet/Typepad service can be enabled and receives comment data of the user and its metadata: User-Agent, HTTP Referer, IP [can be anonymized], Author name [can be anonymized], Author mail [can be anonymized], Author URL [can be anonymized], comment body.',
+ 'Submitted and also rejected comments can be saved to a logfile.',
+ 'When Captchas are enabled, the displayed graphic key is stored in the session data and uses a PHP session cookie.'
+ ),
+ 'backend' => array(
+ 'To report a comment for spam, the Akismet/Typepad service can be enabled and receives comment data of the user and its metadata: User-Agent, HTTP Referer, IP [can be anonymized], Author name [can be anonymized], Author mail [can be anonymized], Author URL [can be anonymized], comment body.',
+ ),
+ 'cookies' => array(
+ 'When Captchas are enabled, the displayed graphic key is stored in the session data and uses a PHP session cookie.'
+ ),
+ 'stores_user_input' => true,
+ 'stores_ip' => true,
+ 'uses_ip' => true,
+ 'transmits_user_input' => true
+ ));
+
+
}
function introspect_config_item($name, &$propbag)
diff --git a/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php b/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php
index fdb8bf93..91fcc089 100644
--- a/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php
+++ b/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php
@@ -48,6 +48,39 @@ class serendipity_event_spartacus extends serendipity_event
$propbag->add('groups', array('BACKEND_FEATURES'));
$propbag->add('configuration', array('enable_plugins', 'enable_themes', 'enable_remote', 'remote_url', 'cronjob', 'mirror_xml', 'mirror_files', 'custommirror', 'chown', 'chmod_files', 'chmod_dir', 'use_ftp', 'ftp_server', 'ftp_username', 'ftp_password', 'ftp_basedir'));
+ $propbag->add('legal', array(
+ 'services' => array(
+ 'spartacus' => array(
+ 'url' => 'http://spartacus.s9y.org',
+ 'desc' => 'Package server for plugin downloads'
+ ),
+ 'github.com' => array(
+ 'url' => 'https://www.github.com',
+ 'desc' => 'Package server for plugin downloads'
+ ),
+ 's9y.org' => array(
+ 'url' => 'http://www.s9y.org',
+ 'desc' => 'Package server for plugin downloads'
+ ),
+ 'sourceforge.net' => array(
+ 'url' => 'http://www.sourceforget.net',
+ 'desc' => 'Package server for plugin downloads'
+ )
+ ),
+ 'frontend' => array(
+ ),
+ 'backend' => array(
+ 'Allows to download plugins from configured remote sources from the webserver, may also connect via FTP to a configured server.'
+ ),
+ 'cookies' => array(
+ ),
+ 'stores_user_input' => false,
+ 'stores_ip' => false,
+ 'uses_ip' => false,
+ 'transmits_user_input' => false
+ ));
+
+
}
function generate_content(&$title)
diff --git a/plugins/serendipity_event_templatechooser/serendipity_event_templatechooser.php b/plugins/serendipity_event_templatechooser/serendipity_event_templatechooser.php
index 7de2cc24..74ac7ba7 100644
--- a/plugins/serendipity_event_templatechooser/serendipity_event_templatechooser.php
+++ b/plugins/serendipity_event_templatechooser/serendipity_event_templatechooser.php
@@ -27,6 +27,24 @@ class serendipity_event_templatechooser extends serendipity_event
$propbag->add('groups', array('BACKEND_TEMPLATES'));
$propbag->add('event_hooks', array('frontend_configure' => true));
+ $propbag->add('legal', array(
+ 'services' => array(
+ ),
+ 'frontend' => array(
+ 'To allow the visitor to pick a custom theme, the selected theme name is stored in a cookie',
+ ),
+ 'backend' => array(
+ ),
+ 'cookies' => array(
+ 'To allow the visitor to pick a custom theme, the selected theme name is stored in a cookie',
+ ),
+ 'stores_user_input' => false,
+ 'stores_ip' => false,
+ 'uses_ip' => false,
+ 'transmits_user_input' => false
+ ));
+
+
// Register (multiple) dependencies. KEY is the name of the depending plugin. VALUE is a mode of either 'remove' or 'keep'.
// If the mode 'remove' is set, removing the plugin results in a removal of the depending plugin. 'Keep' meens to
// not touch the depending plugin.
diff --git a/plugins/serendipity_plugin_remoterss/serendipity_plugin_remoterss.php b/plugins/serendipity_plugin_remoterss/serendipity_plugin_remoterss.php
index 35cff8a5..d6886b20 100644
--- a/plugins/serendipity_plugin_remoterss/serendipity_plugin_remoterss.php
+++ b/plugins/serendipity_plugin_remoterss/serendipity_plugin_remoterss.php
@@ -286,6 +286,28 @@ class serendipity_plugin_remoterss extends serendipity_plugin
));
$propbag->add('configuration', array('sidebartitle', 'feedtype', 'template', 'rssuri', 'show_rss_element', 'smarty', 'number', 'use_rss_link', 'escape_rss', 'displaydate', 'dateformat', 'charset', 'target', 'cachetime', 'bulletimg', 'markup'));
$propbag->add('groups', array('FRONTEND_EXTERNAL_SERVICES'));
+
+ $propbag->add('legal', array(
+ 'services' => array(
+ 'any' => array(
+ 'url' => '#',
+ 'desc' => 'Any configured URL will be called to fetch RSS/OPML data from'
+ ),
+ ),
+ 'frontend' => array(
+ 'To display RSS/OPML feeds, the server can connect to any other server. No specific user data is transmitted.',
+ ),
+ 'backend' => array(
+ ),
+ 'cookies' => array(
+ ),
+ 'stores_user_input' => false,
+ 'stores_ip' => false,
+ 'uses_ip' => false,
+ 'transmits_user_input' => false
+ ));
+
+
}
function introspect_config_item($name, &$propbag)
diff --git a/plugins/serendipity_plugin_syndication/serendipity_plugin_syndication.php b/plugins/serendipity_plugin_syndication/serendipity_plugin_syndication.php
index a60e9786..e9e26817 100644
--- a/plugins/serendipity_plugin_syndication/serendipity_plugin_syndication.php
+++ b/plugins/serendipity_plugin_syndication/serendipity_plugin_syndication.php
@@ -30,6 +30,32 @@ class serendipity_plugin_syndication extends serendipity_plugin {
)
);
$propbag->add('groups', array('FRONTEND_VIEWS'));
+
+ $propbag->add('legal', array(
+ 'services' => array(
+ 'subtome' => array(
+ 'url' => 'https://www.subtome.com',
+ 'desc' => 'Enables visitors to easily subscribe to RSS feeds. The visitor loads a JavaScript from their servers, thus the IP address will be known to the service.'
+ ),
+ 'feedburner.com' => array(
+ 'url' => 'https://www.feedburner.com',
+ 'desc' => 'Feedburner can be used to track your feed subscription statistics. If used, a tracking pixel is loaded from FeedBurner.com servers and the IP address of the visitor will be known to the service.'
+ ),
+ ),
+ 'frontend' => array(
+ 'To allow easy subscription to feeds and optional tracking statistics, the subtome or feedburner services can be used.',
+ ),
+ 'backend' => array(
+ ),
+ 'cookies' => array(
+ ),
+ 'stores_user_input' => false,
+ 'stores_ip' => false,
+ 'uses_ip' => true,
+ 'transmits_user_input' => true
+ ));
+
+
}
function introspect_config_item($name, &$propbag)
@@ -107,7 +133,7 @@ class serendipity_plugin_syndication extends serendipity_plugin {
$propbag->add('type', 'boolean');
$propbag->add('name', SYNDICATION_PLUGIN_SUBTOME);
$propbag->add('description', SYNDICATION_PLUGIN_SUBTOME_DESC);
- $propbag->add('default', true);
+ $propbag->add('default', false);
break;
case 'custom_url':