From 86d3b2ba811aa8168eb01a5a345d3b717889ab8a Mon Sep 17 00:00:00 2001 From: Adrian Lang Date: Thu, 1 Sep 2011 23:24:51 +0200 Subject: [PATCH 1/6] Fix directory traversal See https://ada.adrianlang.de/etherpad-lite-directory-traversal --- node/server.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/node/server.js b/node/server.js index 944e73703..3014423bd 100644 --- a/node/server.js +++ b/node/server.js @@ -99,7 +99,8 @@ async.waterfall([ app.get('/static/*', function(req, res) { res.header("Server", serverName); - var filePath = path.normalize(__dirname + "/.." + req.url.split("?")[0]); + var filePath = path.normalize(__dirname + "/.." + + req.url.replace(/\./g, '').split("?")[0]); res.sendfile(filePath, { maxAge: exports.maxAge }); }); From 7557af3db7db392fc12bdab19e4bc27d0bf92d56 Mon Sep 17 00:00:00 2001 From: Adrian Lang Date: Thu, 1 Sep 2011 23:24:51 +0200 Subject: [PATCH 2/6] Fix directory traversal fixing RegExp --- node/server.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/node/server.js b/node/server.js index 3014423bd..2bebe6a24 100644 --- a/node/server.js +++ b/node/server.js @@ -100,7 +100,7 @@ async.waterfall([ { res.header("Server", serverName); var filePath = path.normalize(__dirname + "/.." + - req.url.replace(/\./g, '').split("?")[0]); + req.url.replace(/\.\./g, '').split("?")[0]); res.sendfile(filePath, { maxAge: exports.maxAge }); }); From a107f080a8eb32338f48b93a831147d9bc1f8b09 Mon Sep 17 00:00:00 2001 From: Jacob Chapel Date: Fri, 2 Sep 2011 12:51:51 -0700 Subject: [PATCH 3/6] fix username being set in querystrings --- static/js/pad2.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/static/js/pad2.js b/static/js/pad2.js index b79ff8b97..b649ae1d4 100644 --- a/static/js/pad2.js +++ b/static/js/pad2.js @@ -80,7 +80,7 @@ function getParams() { var showControls = getUrlVars()["showControls"]; var showChat = getUrlVars()["showChat"]; - var userName = getUrlVars()["userName"]; + var userName = unescape(getUrlVars()["userName"]); var showLineNumbers = getUrlVars()["showLineNumbers"]; var useMonospaceFont = getUrlVars()["useMonospaceFont"]; if(showControls) @@ -245,6 +245,7 @@ function handshake() if (globalUserName !== false) { pad.notifyChangeName(globalUserName); // Notifies the server + pad.myUserInfo.name = globalUserName; $('#myusernameedit').attr({"value":globalUserName}); // Updates the current users UI } } From 1bfd0e470760e7e29bcfbe60c9578915c102576a Mon Sep 17 00:00:00 2001 From: John McLear Date: Sun, 4 Sep 2011 13:48:53 +0100 Subject: [PATCH 4/6] Allow authorship background colors to be disabled with a parameter --- static/js/pad2.js | 17 +++++++++++++++++ static/js/pad_editor.js | 5 +++++ 2 files changed, 22 insertions(+) diff --git a/static/js/pad2.js b/static/js/pad2.js index b649ae1d4..9df57ae8f 100644 --- a/static/js/pad2.js +++ b/static/js/pad2.js @@ -18,6 +18,7 @@ var socket; var LineNumbersDisabled = false; +var noColors = false; var useMonospaceFontGlobal = false; var globalUserName = false; @@ -83,6 +84,15 @@ function getParams() var userName = unescape(getUrlVars()["userName"]); var showLineNumbers = getUrlVars()["showLineNumbers"]; var useMonospaceFont = getUrlVars()["useMonospaceFont"]; + var IsnoColors = getUrlVars()["noColors"]; + + if(IsnoColors) + { + if(IsnoColors == "true") + { + noColors = true; + } + } if(showControls) { if(showControls == "false") @@ -236,6 +246,13 @@ function handshake() { pad.changeViewOption('showLineNumbers', false); } + + // If the noColors value is set to true then we need to hide the backround colors on the ace spans + if (noColors == true) + { + pad.changeViewOption('noColors', true); + } + // If the Monospacefont value is set to true then change it to monospace. if (useMonospaceFontGlobal == true) { diff --git a/static/js/pad_editor.js b/static/js/pad_editor.js index 93ef36295..e98252cff 100644 --- a/static/js/pad_editor.js +++ b/static/js/pad_editor.js @@ -61,6 +61,8 @@ var padeditor = (function() { pad.changeViewOption('useMonospaceFont', $("#viewfontmenu").val() == 'monospace'); }); + + noColors = !noColors; // Inversed so we can pass it to showauthorcolors }, setViewOptions: function(newOptions) { @@ -84,6 +86,9 @@ var padeditor = (function() v = getOption('useMonospaceFont', false); self.ace.setProperty("textface", (v ? "monospace" : "Arial, sans-serif")); $("#viewfontmenu").val(v ? "monospace" : "normal"); + + self.ace.setProperty("showsauthorcolors", noColors); + }, initViewZoom: function() { From 46d85a12470c109a93f146bf1bee6f1a1057738f Mon Sep 17 00:00:00 2001 From: dsmedia Date: Fri, 23 Sep 2011 13:20:05 -0500 Subject: [PATCH 5/6] added "build-essential" to list of Ubuntu package dependencies for installing. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e075d8212..785a0835e 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,7 @@ Here is the **[FAQ](https://github.com/Pita/etherpad-lite/wiki/FAQ)** **As root:**
    -
  1. Install the dependencies. We need the gzip, git, curl, libssl develop libraries and python
    apt-get install gzip git-core curl python libssl-dev

    2. +
  2. Install the dependencies. We need the gzip, git, curl, libssl develop libraries and python
    apt-get install gzip git-core curl python libssl-dev build-essential

  3. Install node.js
    1. Download the latest 0.4.x node.js release from http://nodejs.org/#download
      2. From 2d3272e3b6d4b4678c00447d7d8b22b3f4510387 Mon Sep 17 00:00:00 2001 From: Rob Speer Date: Fri, 30 Sep 2011 00:41:46 -0400 Subject: [PATCH 6/6] make globalPads into an ad-hoc Object that can store values with arbitrary names. Fixes issue #160. --- node/db/PadManager.js | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/node/db/PadManager.js b/node/db/PadManager.js index 8af299ccc..4e16c7c45 100644 --- a/node/db/PadManager.js +++ b/node/db/PadManager.js @@ -21,10 +21,20 @@ require("../db/Pad"); var db = require("./DB").db; -/** - * A Array with all known Pads +/** + * An Object containing all known Pads. Provides "get" and "set" functions, + * which should be used instead of indexing with brackets. These prepend a + * colon to the key, to avoid conflicting with built-in Object methods or with + * these functions themselves. + * + * If this is needed in other places, it would be wise to make this a prototype + * that's defined somewhere more sensible. */ -globalPads = []; +globalPads = { + get: function (name) { return this[':'+name]; }, + set: function (name, value) { this[':'+name] = value; }, + remove: function (name) { delete this[':'+name]; } +}; /** * Returns a Pad Object with the callback @@ -65,7 +75,7 @@ exports.getPad = function(id, text, callback) } } - var pad = globalPads[id]; + var pad = globalPads.get(id); //return pad if its already loaded if(pad != null) @@ -86,7 +96,7 @@ exports.getPad = function(id, text, callback) } else { - globalPads[id] = pad; + globalPads.set(id, pad); callback(null, pad); } }); @@ -110,6 +120,6 @@ exports.isValidPadId = function(padId) //removes a pad from the array exports.unloadPad = function(padId) { - if(globalPads[padId]) - delete globalPads[padId]; + if(globalPads.get(padId)) + globalPads.remove(padId); }