mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-24 09:26:14 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25
6922 commits 214 branches 107 tags 73 MiB
Commit graph

1556 commits

Author SHA1 Message Date
Richard Hansen
ba5d8369bf Minify: Consistently use path.join() to build pathnames 
This defends against extraneous or missing slashes, and it might
improve the experience on Windows.
 2021-02-25 10:14:48 +00:00
Richard Hansen
2d3469e3ee Minify: Improve pathname sanitization 
For context, see:
https://nvd.nist.gov/vuln/detail/CVE-2015-3297
9d4e5f6e35
https://github.com/ether/etherpad-lite/issues/2614
 2021-02-25 10:14:48 +00:00
Richard Hansen
0cce4ae536 Minify: Also serve jquery.js from old path for compatibility 2021-02-25 10:14:48 +00:00
Richard Hansen
dabff9be77 run_cmd: Fix PATH debug log message 2021-02-23 21:41:32 -05:00
John McLear
0f16e518ff
api: drop JSONP (#4835) 
* api: drop JSONP

* docs: drop JSONP

* tests: drop JSONP

* api: remove isValidJSONPName require
 2021-02-22 09:10:02 +00:00
John McLear
ce83181ac3
Lgtm bugfixes (#4838) 
* code tidy up: always evaluates

* tidy up: is always true

* tidy up: remove unused code

* always true/false variables

* unused variable

* tidy up: remove unused code in caretPosition.js

* for squash: Revert "tidy up: remove unused code in caretPosition.js"

The `if` condition was previously always true, so the body should be
preserved. If the body is preserved, other logic can be deleted. I
opened PR #4845 to clean it all up.

This reverts commit 75b03e5a7d.

* for squash: simplify

* for squash: Explain that the getter is used for its side effects

It's very weird to call a getter without using its return value. Add a
comment explaining why this is done so that the reader doesn't get
confused.

* for squash: Revert "tidy up: remove unused code"

The exception test was the purpose of the code.

This reverts commit 85153b1676.

* for squash: Log the tsort results

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-02-22 08:26:35 +00:00
John McLear
40d7480d5b lint: padaccess.js 2021-02-21 21:09:02 -05:00
John McLear
029729a386 lint: Settings.js 2021-02-21 21:09:02 -05:00
John McLear
435562299f lint: NodeVersion.js 2021-02-21 21:09:02 -05:00
John McLear
7352dc7571 lint: ImportEtherpad.js 2021-02-21 21:09:02 -05:00
John McLear
613c7d8545 lint: ExportTxt.js 2021-02-21 21:09:02 -05:00
John McLear
d2359be08b lint: ExportHtml.js 2021-02-21 21:09:02 -05:00
John McLear
5718c8b360 lint: AbsolutePaths.js 2021-02-21 21:09:02 -05:00
John McLear
b1614f0592 lint: i18n.js 
Partial, still 3 more to do that are slightly higher hanging that can get done.
 2021-02-21 21:09:02 -05:00
John McLear
586af5e16e lint: padurlsanitize.js 2021-02-21 21:06:38 -05:00
John McLear
86c938cae2 lint: openapi.js 2021-02-21 21:06:38 -05:00
John McLear
25d4faddd9 lint: SocketIORouter.js 2021-02-21 21:06:38 -05:00
John McLear
5201cb717f lint: PadMessageHandler.js 2021-02-21 21:06:38 -05:00
John McLear
d67f170c46 lint: eejs/index.js 2021-02-21 21:06:38 -05:00
John McLear
3ed4ac649c lint: PadManager.js 2021-02-21 21:02:59 -05:00
John McLear
1b8cd0747d
Move vendor libraries to /vendors folder and exclude from LGTM 2021-02-21 15:07:39 +00:00
webzwo0i
0bb3e65020 fix for caching plugin-definitions 2021-02-21 14:31:15 +00:00
John McLear
bb14775820 drop apiRoot object from build 2021-02-21 11:08:07 +00:00
John McLear
ee2b32281c
pluginfw: Warn plugins on missing plugin (#4826) 
* pluginfw: Warn plugins on missing plugin

Add functionality to console.warn when a plugin is missing.  This will help admins know when people are trying to use plugins that are missing.  Resolves https://github.com/ether/etherpad-lite/issues/4730

* pluginfw: importing .etherpad can notify admins of missing plugins

Extending .etherpad imports to notify admins if a missing plugin is present

* Update ImportEtherpad.js
 2021-02-21 11:07:13 +00:00
Richard Hansen
b3b5af3c3c plugins: Use npm CLI to install/uninstall plugins 
Using npm as a module has long been discouraged and will stop working
with npm v7.
 2021-02-18 19:18:59 +00:00
Richard Hansen
1cfbf88f7c run_cmd: Enhance with ability to return stdout as string 2021-02-18 19:18:59 +00:00
Richard Hansen
d8bb5aa009 plugins: Eliminate unnecessary run_npm.js 
I had anticipated more shared logic than we actually need (the
abstraction in `run_npm.js` is YAGNI).
 2021-02-18 19:18:59 +00:00
Richard Hansen
426c025127 run_cmd: Log to Etherpad logs by default 2021-02-18 19:18:59 +00:00
Richard Hansen
dcf7891316 plugins: Improve logging of plugin events 
This will make it easier to troubleshoot plugin and npm issues.
 2021-02-18 19:18:59 +00:00
Richard Hansen
a45e85a730 Use settings.root to anchor pathnames 2021-02-18 19:18:59 +00:00
Richard Hansen
f868788417 Remove unnecessary path.normalize() calls 
`path.join()` already normalizes.
 2021-02-18 19:18:59 +00:00
Richard Hansen
84c1d74f8b server: Fix Gate constructor 
The ECMAScript spec for `.then()` requires Promise subclass
constructors to take an executor.
 2021-02-18 19:18:34 +00:00
Richard Hansen
4c6cb53d18 server: Improve log messages when exiting 2021-02-18 19:18:34 +00:00
Richard Hansen
fb745374c3 import: Improve error logging 2021-02-18 03:42:41 -05:00
Richard Hansen
00d45e3229 Defer rate limiter creation to a hook call 
This makes it possible to change the rate limiter settings via
`/admin/settings` or by modifying the appropriate settings object and
reinvoking the hook.
 2021-02-16 21:13:35 -05:00
Richard Hansen
d7ed71eba0 plugins: Fix "Error: spawn npm ENOENT" error on Windows 
On Windows, npm should be invoked as `npm.cmd`, not `npm`. Use a
drop-in replacement for `child_process.spawn()` that does the right
thing on Windows.
 2021-02-16 22:00:20 +00:00
John McLear
b7e88cb904 security: New setting for Socket.IO maxHttpBufferSize 2021-02-15 12:45:31 -05:00
Richard Hansen
ed93ef5636 /admin/settings: Reload plugins, call loadSettings hook on restart 
This should match the normal startup procedure a bit more closely.
 2021-02-15 08:43:14 +00:00
Egil
9c7dcb1d0a eejs: Upgrade ejs to the latest version 
The type of ejs's `__output` variable is now string instead of array
of strings, so the handling of `__output` had to change.
 2021-02-14 23:36:53 -05:00
John McLear
615e47114b Revert "socketio: increase socketio limit to 1MiB" 
This reverts commit 55c96e5577.
 2021-02-14 16:53:48 +00:00
Richard Hansen
b711ff6acf import: Ajaxify pad import 
This eliminates an inline script (good for Content Security Policy)
and improves the user experience.
 2021-02-14 08:35:38 +00:00
Richard Hansen
fba55fa6cf ImportHandler: Refactor doImport() for readability 2021-02-14 08:35:38 +00:00
Richard Hansen
28b28866a2 ImportHandler: Move the logger up 
Also change the name to something shorter.
 2021-02-14 08:35:38 +00:00
Richard Hansen
26b5a69ccc ImportHandler: Use JSON.stringify() to properly escape characters 2021-02-14 08:35:38 +00:00
Richard Hansen
ed80883709 ImportHandler: Lint the response script sent to the browser 2021-02-14 08:35:38 +00:00
Richard Hansen
0ff131bbbb ImportHandler: Throw Errors, not strings 2021-02-14 08:35:38 +00:00
Richard Hansen
908635a1de ImportHandler: Use return reject(...) to avoid double settle 2021-02-14 08:35:38 +00:00
Richard Hansen
e01059dce5 ImportHandler: Switch to fs/promises API 2021-02-14 08:35:38 +00:00
Richard Hansen
5b1b030906 ImportHandler: Use asynchronous rename instead of fs.renameSync() 2021-02-14 08:35:38 +00:00
Richard Hansen
c7b1abebe4 ImportHandler: Avoid deprecated fs.exists() function 2021-02-14 08:35:38 +00:00