# # en/00default.rb: English resources of 00default.rb. # # Copyright (C) 2001-2005, TADA Tadashi # You can redistribute it and/or modify it under GPL2. # # # header # def title_tag r = "#{CGI::escapeHTML( @html_title )}" case @mode when 'day', 'comment' r << "(#{@date.strftime( '%Y-%m-%d' )})" if @date when 'month' r << "(#{@date.strftime( '%Y-%m' )})" if @date when 'form' r << '(Append)' when 'edit' r << '(Edit)' when 'preview' r << '(Preview)' when 'showcomment' r << '(TSUKKOMI Status Change Completed)' when 'conf' r << '(Preferences)' when 'saveconf' r << '(Preferences Changed)' when 'nyear' years = @diaries.keys.map {|ymd| ymd.sub(/^\d{4}/, "")} r << "(#{years[0].sub( /^(\d\d)/, '\1-')}[#{nyear_diary_label @date, years}])" if @date end r << '' end # # labels # def no_diary; "No diary on #{@date.strftime( @conf.date_format )}"; end def comment_today; "Today's TSUKKOMI"; end def comment_total( total ); "(Total: #{total})"; end def comment_new; 'Add a TSUKKOMI'; end def comment_description; 'Add a TSUKKOMI or Comment please. E-mail address will be shown to only me.'; end def comment_description_short; 'TSUKKOMI!!'; end def comment_name_label; 'Name'; end def comment_name_label_short; 'Name'; end def comment_mail_label; 'E-mail'; end def comment_mail_label_short; 'Mail'; end def comment_body_label; 'Comment'; end def comment_body_label_short; 'Comment'; end def comment_submit_label; 'Submit'; end def comment_submit_label_short; 'Submit'; end def comment_date( time ); time.strftime( "(#{@date_format} %H:%M)" ); end def referer_today; "Today's Link"; end def trackback_today; "Today's TrackBacks"; end def trackback_total( total ); "(Total: #{total})"; end def navi_index; 'Top'; end def navi_latest; 'Latest'; end def navi_oldest; 'Oldest'; end def navi_update; "Append"; end def navi_edit; "Edit"; end def navi_preference; "Preference"; end def navi_prev_diary(date); "Prev(#{date.strftime(@date_format)})"; end def navi_next_diary(date); "Next(#{date.strftime(@date_format)})"; end def navi_prev_nyear(date); "Prev(#{date.strftime('%m-%d')})"; end def navi_next_nyear(date); "Next(#{date.strftime('%m-%d')})"; end def submit_label if @mode == 'form' or @cgi.valid?( 'appendpreview' ) then 'Append' else 'Replace' end end def preview_label; 'Preview'; end def label_no_referer; "Today's Link Excluding List"; end def label_referer_table; "Today's Link Conversion Rule"; end def nyear_diary_label(date, years); "my old days"; end def nyear_diary_title(date, years); "same days in past"; end # # labels (for mobile) # def mobile_navi_latest; 'Latest'; end def mobile_navi_update; 'Update'; end def mobile_navi_preference; 'Prefs'; end def mobile_navi_prev_diary; 'Prev'; end def mobile_navi_next_diary; 'Next'; end def mobile_label_hidden_diary; 'This day is HIDDEN.'; end # # category # def category_anchor(c); "[#{c}]"; end # # preferences # # basic (default) add_conf_proc( 'default', 'Basic' ) do saveconf_default <<-HTML

Author

#{"

Specify your name. This value is into HTML header.

" unless @conf.mobile_agent?}

E-mail address

#{"

Specify your E-mail address. This value is into HTML header.

" unless @conf.mobile_agent?}

URL of index page

#{"

The URL of index of your website if you have.

" unless @conf.mobile_agent?}

Time difference adjustment

#{"

When updating diary, you can adjust date which is automatically inserted into the form. The unit is hour. For example, if you want to handle the time until 2 a.m. as the previous day, you set this to -2. tDiary inserts the date which is older by 2 hours than the actual time.

" unless @conf.mobile_agent?}

HTML end # header/footer (header) add_conf_proc( 'header', 'Header/Footer' ) do saveconf_header <<-HTML

Title

#{"

The title of your diary. This value is used in HTML <title> element and in mobile mode. Do not use HTML tags.

" unless @conf.mobile_agent?}

Header

#{"

This text is inserted into top of each pages. You can use HTML tags. Do not remove \"<%=navi%>\", because it mean Navigation bar inclued \"Update\" button. And \"<%=calendar%>\" mean calendar. So you can specify other plugins also.

" unless @conf.mobile_agent?}

Footer

#{"

This text is inserted into bottom of each pages. You can specify as same as Header.

" unless @conf.mobile_agent?}

HTML end # diaplay add_conf_proc( 'display', 'Display' ) do saveconf_display <<-HTML

Section anchor

#{"

\"Anchor\" guide to link from other website. Section anchors are insertd into begining of each section. So if you specify \"<span class=\"sanchor\">_</span>\", image anchor will be shown Image anchor by themes.

" unless @conf.mobile_agent?}

TSUKKOMI anchor

#{"

TSUKKOMI anchor is inserted into begining of each TSUKKOMIs. So You can specify \"<span class=\"canchor\">_</span>\" for Image anchor.

" unless @conf.mobile_agent?}

Date format

#{"

Format of date. If you specify a charactor after %, it mean special about date formatting: \"%Y\"(Year), \"%m\"(Month)กข\"%b\"(Short name of month), \"%B\"(Long name of month), \"%d\"(Day), \"%a\"(Short name of day of week), \"%A\"(Long name of day of week).

" unless @conf.mobile_agent?}

Max dates of Latest diaplay

#{"

In the Latest mode, you can specify the number of days in the page.

" unless @conf.mobile_agent?}

days in a page.

My old days

#{"

Show the link of \"My old days\"

" unless @conf.mobile_agent?}

HTML end # themes @theme_location_comment = "

You can get many themes from Theme Gallery(Japanese).

" add_conf_proc( 'theme', 'Themes' ) do saveconf_theme r = <<-HTML

Theme

#{"

Specify the design of your diary using Theme or CSS. When you select \"CSS specify\", input URL of CSS into the field right side.

" unless @conf.mobile_agent?}

#{@theme_location_comment unless @conf.mobile_agent?} HTML end # comments add_conf_proc( 'comment', 'TSUKKOMI' ) do saveconf_comment <<-HTML

Show TSUKKOMI

#{"

Select show or hide TSUKKOMI from readers

" unless @conf.mobile_agent?}

Number of TSUKKOMI

#{"

In Latest or Month mode, you can specify number of visible TSUKKOMIs. So in Dayly mode, all of TSUKKOMIs are shown.

" unless @conf.mobile_agent?}

TSUKKOMIs

HTML end # referer add_conf_proc( 'referer', "Today's Link" ) do saveconf_referer <<-HTML

Show links

#{"

Select show or hide about Today's Link

" unless @conf.mobile_agent?}

Number of Links

#{"

In Latest or Month mode, you can specify number of visible Link list. So in Dayly mode, all of Link are shown.

" unless @conf.mobile_agent?}

sites

Control Links saving

#{"

Specify which saving only day mode. It means reducing 'referer noise' by access from 'Link page'.

" unless @conf.mobile_agent?}

Excluding list

#{"

List of excluding URL that is not recorded to Today's Link. Specify it in regular expression, and a URL into a line.

" unless @conf.mobile_agent?}

See Default configuration is here.

Rule of conversion URL to words.

#{"

A table to convert URL to words in Today's Link. Specify it in regular expression, and a URL into a line.

" unless @conf.mobile_agent?}

See Default configurations.

HTML end # comment mail def comment_mail_mime( str ) [str.dup] end def comment_mail_conf_label; 'TSUKKOMI Mail'; end def comment_mail_basic_html @conf['comment_mail.header'] = '' unless @conf['comment_mail.header'] @conf['comment_mail.receivers'] = '' unless @conf['comment_mail.receivers'] <<-HTML

Notify TSUKKOMI by E-mail

#{"

Select notify or not when your diary gets a new TSUKKOMI. So TSUKKOMI mail need SMTP server settings in tdiary.conf.

" unless @conf.mobile_agent?}

Receivers

#{"

Sepecify receivers of TSUKKOMI mail, 1 address per 1 line. If you dose not specify, TSUKKOMI mails will be sent to your address.

" unless @conf.mobile_agent?}

Mail header

#{"

Specify a string insert to beginning of mail subject. The subject have a style of \"your_specified_string:DATE-SERIAL NAME\". \"date\" is formatted as same as diary's date you specified. But when you specify another date style in this string, subject style is changed to \"your_specified_string-SERIAL NAME\" (ex: \"hoge:%Y-%m-%d\")

" unless @conf.mobile_agent?}

HTML end # # link to HOWTO write diary # def style_howto %Q|/How to write| end add_conf_proc( 'csrf_protection', 'CSRF Protection' ) do err = saveconf_csrf_protection errstr = '' case err when :param errstr = '

Invalid options specified. Configuration not saved.

' when :key errstr = '

No key specified. Configuration not saved.

' end csrf_protection_method = @conf.options['csrf_protection_method'] || 1 csrf_protection_key = @conf.options['csrf_protection_key'] || '' <<-HTML #{errstr}

This page configures a protection scheme to prevent "cross-site request forgery" (CSRF) attacks.

To make CSRF attack, a malicious person prepares a trap link in some web page and lets you visit that page. When the trap link is invoked (either by Javascript or your mouse click), your web browser sends a forged request to tDiary. Thus, neither encryption nor usual password protection can serve as a protection mechanism. TDiary provies two methods -- "checking referer" and "checking CSRF key" -- to prevent such attacks.

Checking Referer

Checks for Referer values

#{if [0,1,2,3].include?(csrf_protection_method) then ' ' else '' end}Enabled (default)

#{"

Configures Referer-based CSRF protection. TDiary checks the Referer value sent from your web browser. If the post request comes from some outer page, the request will be rejected. This setting can't be disabled through web-based configuration, for safety reasons.

" unless @conf.mobile_agent?}

Handling of Referer-disabled browsers

Reject (default) Accept

#{"

Configures handling for requests without any Referer: value. By default tDiary rejects such request for safety reasons. If your browser is configured not to send Referer values, alter that setting to allow sending Referer, at least for originating sites. If it is impossible, configure the key-based CSRF protection below, and change this setting to \"Accept\".

" unless @conf.mobile_agent?}

Checking CSRF key

Checks for CSRF protection key

Enabled Disabled (default)

#{"

TDiary can add a secret key for every post form to prevent CSRF. As long as attackers do not know the secret key, forged requests will not be granted. To enable this feature, you must specify the secret key below. To allow Referer-disabled browsers, you must enable this setting.

" unless @conf.mobile_agent?}

CSRF protection key

#{"

A secret key used for key-based CSRF protection. Specify a secret string which is not easy to guess. If this key is leaked, CSRF attacks can be exploited. Do not use any passwords used in other places. You need not to remember this phrase to type in.

" unless @conf.mobile_agent?} #{"

Caution: Your browser seems not to be sending any Referers, although Referer-based protection is enabled. Please open this page again via this link. If you see this message again, you must either change your browser setting (temporarily to change these settings, at least), or edit \"tdiary.conf\" directly.

" if [1,3].include?(csrf_protection_method) && ! @cgi.referer && !@cgi.valid?('referer_exists')}
HTML end