From cc69e762007030300ba6bfaff781566be3689ffa Mon Sep 17 00:00:00 2001 From: noerw Date: Fri, 6 Jan 2017 18:18:55 +0100 Subject: [PATCH 01/29] redirect /admin properly (fix #3114) --- src/node/hooks/express/admin.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/node/hooks/express/admin.js b/src/node/hooks/express/admin.js index 70539f0c4..0884cde56 100644 --- a/src/node/hooks/express/admin.js +++ b/src/node/hooks/express/admin.js @@ -2,7 +2,7 @@ var eejs = require('ep_etherpad-lite/node/eejs'); exports.expressCreateServer = function (hook_name, args, cb) { args.app.get('/admin', function(req, res) { - if('/' != req.path[req.path.length-1]) return res.redirect('/admin/'); + if('/' != req.path[req.path.length-1]) return res.redirect('./admin/'); res.send( eejs.require("ep_etherpad-lite/templates/admin/index.html", {}) ); }); } From f5810957b4204d06563485953e3efeb1392304c2 Mon Sep 17 00:00:00 2001 From: Pablo Saavedra Date: Thu, 2 Feb 2017 10:45:59 +0100 Subject: [PATCH 02/29] This WA is not longer required in the newest Chrome see comments in the issue: ether#2078 The hack is still necessary in Firefox 51 --- src/static/css/iframe_editor.css | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/static/css/iframe_editor.css b/src/static/css/iframe_editor.css index 9aa003aaf..033eeb66a 100644 --- a/src/static/css/iframe_editor.css +++ b/src/static/css/iframe_editor.css @@ -58,9 +58,11 @@ body.doesWrap { white-space: normal; } -body.doesWrap:not(.noprewrap) > div{ - /* Related to #1766 */ - white-space: pre-wrap; +@-moz-document url-prefix() { + body.doesWrap:not(.noprewrap) > div{ + /* Related to #1766 */ + white-space: pre-wrap; + } } #innerdocbody { From 35702a0589fd23f29fe6ceca3e70b1f533edea23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20Biel?= Date: Mon, 10 Jul 2017 20:54:32 +0200 Subject: [PATCH 03/29] [feat] New server-side hook: onAccessCheck --- doc/api/hooks_server-side.md | 12 ++++++++++++ src/node/db/SecurityManager.js | 9 +++++++++ 2 files changed, 21 insertions(+) diff --git a/doc/api/hooks_server-side.md b/doc/api/hooks_server-side.md index d4e836404..bb1b53890 100644 --- a/doc/api/hooks_server-side.md +++ b/doc/api/hooks_server-side.md @@ -108,6 +108,18 @@ Usage examples: * https://github.com/tiblu/ep_authorship_toggle +## onAccessCheck +Called from: src/node/db/SecurityManager.js + +Things in context: + +1. padID - the pad the user wants to access +2. password - the password the user has given to access the pad +3. token - the token of the author +3. sessionCookie - the session the use has + +This hook gets called when the access to the concrete pad is being checked. Return `false` to deny access. + ## padCreate Called from: src/node/db/Pad.js diff --git a/src/node/db/SecurityManager.js b/src/node/db/SecurityManager.js index 6fae57ffb..9430e75dd 100644 --- a/src/node/db/SecurityManager.js +++ b/src/node/db/SecurityManager.js @@ -22,6 +22,7 @@ var ERR = require("async-stacktrace"); var async = require("async"); var authorManager = require("./AuthorManager"); +var hooks = require("ep_etherpad-lite/static/js/pluginfw/hooks.js"); var padManager = require("./PadManager"); var sessionManager = require("./SessionManager"); var settings = require("../utils/Settings"); @@ -45,6 +46,14 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback) return; } + // allow plugins to deny access + var deniedByHook = hooks.callAll("onAccessCheck", {'padID': padID, 'password': password, 'token': token, 'sessionCookie': sessionCookie}).indexOf(false) > -1; + if(deniedByHook) + { + callback(null, {accessStatus: "deny"}); + return; + } + // a valid session is required (api-only mode) if(settings.requireSession) { From 5c8a15c3d7fe350cc86abef06f3f0c11a18ea464 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20Biel?= Date: Wed, 12 Jul 2017 00:28:51 +0200 Subject: [PATCH 04/29] fix `sessionCookie` number in onAccessCheck --- doc/api/hooks_server-side.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/hooks_server-side.md b/doc/api/hooks_server-side.md index bb1b53890..62e0e994e 100644 --- a/doc/api/hooks_server-side.md +++ b/doc/api/hooks_server-side.md @@ -116,7 +116,7 @@ Things in context: 1. padID - the pad the user wants to access 2. password - the password the user has given to access the pad 3. token - the token of the author -3. sessionCookie - the session the use has +4. sessionCookie - the session the use has This hook gets called when the access to the concrete pad is being checked. Return `false` to deny access. From 4cce3bcbed04882b2abd962fdda002f1d340fefa Mon Sep 17 00:00:00 2001 From: Michael Braun Date: Mon, 31 Jul 2017 14:43:04 +0200 Subject: [PATCH 05/29] Make APIKEY und SESSIONKEY file customizable Running multiple instances sometimes requires different api- and session-keys for security reasons. --- src/node/handler/APIHandler.js | 6 ++++-- src/node/utils/Cli.js | 10 ++++++++++ src/node/utils/Settings.js | 5 +++-- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/src/node/handler/APIHandler.js b/src/node/handler/APIHandler.js index 179c2b404..05e147058 100644 --- a/src/node/handler/APIHandler.js +++ b/src/node/handler/APIHandler.js @@ -24,17 +24,19 @@ var fs = require("fs"); var api = require("../db/API"); var padManager = require("../db/PadManager"); var randomString = require("../utils/randomstring"); +var argv = require('../utils/Cli').argv; //ensure we have an apikey var apikey = null; +var apikeyFilename = argv.apikey || "./APIKEY.txt"; try { - apikey = fs.readFileSync("./APIKEY.txt","utf8"); + apikey = fs.readFileSync(apikeyFilename,"utf8"); } catch(e) { apikey = randomString(32); - fs.writeFileSync("./APIKEY.txt",apikey,"utf8"); + fs.writeFileSync(apikeyFilename,apikey,"utf8"); } //a list of all functions diff --git a/src/node/utils/Cli.js b/src/node/utils/Cli.js index 9419ed26b..154590dc7 100644 --- a/src/node/utils/Cli.js +++ b/src/node/utils/Cli.js @@ -39,5 +39,15 @@ for ( var i = 0; i < argv.length; i++ ) { exports.argv.credentials = arg; } + // Override location of settings.json file + if ( prevArg == '--sessionkey' || prevArg == '-k' ) { + exports.argv.sessionkey = arg; + } + + // Override location of settings.json file + if ( prevArg == '--apikey' || prevArg == '-k' ) { + exports.argv.apikey = arg; + } + prevArg = arg; } diff --git a/src/node/utils/Settings.js b/src/node/utils/Settings.js index 660b7afb3..3516ca8b9 100644 --- a/src/node/utils/Settings.js +++ b/src/node/utils/Settings.js @@ -449,11 +449,12 @@ exports.reloadSettings = function reloadSettings() { } if (!exports.sessionKey) { + var sessionkeyFilename = argv.sessionkey || "./SESSIONKEY.txt"; try { - exports.sessionKey = fs.readFileSync("./SESSIONKEY.txt","utf8"); + exports.sessionKey = fs.readFileSync(sessionkeyFilename,"utf8"); } catch(e) { exports.sessionKey = randomString(32); - fs.writeFileSync("./SESSIONKEY.txt",exports.sessionKey,"utf8"); + fs.writeFileSync(sessionkeyFilename,exports.sessionKey,"utf8"); } } else { console.warn("Declaring the sessionKey in the settings.json is deprecated. This value is auto-generated now. Please remove the setting from the file."); From b4ddd0276dbeb7fced5df2e255c06e82bd337e00 Mon Sep 17 00:00:00 2001 From: Jainendra Mandavi Date: Fri, 4 Aug 2017 03:23:12 +0530 Subject: [PATCH 06/29] Use abiword to process .rft files --- src/node/handler/ImportHandler.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/node/handler/ImportHandler.js b/src/node/handler/ImportHandler.js index 6aa94e649..3e3dc195e 100644 --- a/src/node/handler/ImportHandler.js +++ b/src/node/handler/ImportHandler.js @@ -90,7 +90,7 @@ exports.doImport = function(req, res, padId) //this allows us to accept source code files like .c or .java function(callback) { var fileEnding = path.extname(srcFile).toLowerCase() - , knownFileEndings = [".txt", ".doc", ".docx", ".pdf", ".odt", ".html", ".htm", ".etherpad"] + , knownFileEndings = [".txt", ".doc", ".docx", ".pdf", ".odt", ".html", ".htm", ".etherpad", ".rtf"] , fileEndingKnown = (knownFileEndings.indexOf(fileEnding) > -1); //if the file ending is known, continue as normal From 193afacb6f2c3affbabea4ca2cd5172550ea0c84 Mon Sep 17 00:00:00 2001 From: bm jade Date: Mon, 7 Aug 2017 16:36:44 +0200 Subject: [PATCH 07/29] FIX fix provide by skupfer from github, It fix the installOnWindows problem --- bin/installOnWindows.bat | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/bin/installOnWindows.bat b/bin/installOnWindows.bat index 89fa335d8..d95bf4c44 100644 --- a/bin/installOnWindows.bat +++ b/bin/installOnWindows.bat @@ -1,21 +1,29 @@ @echo off :: change directory to etherpad-lite root -cd /D "%~dp0\.." +cd /D "%~dp0.." :: Is node installed? cmd /C node -e "" || ( echo "Please install node.js ( http://nodejs.org )" && exit /B 1 ) echo _ -echo Ensure that all dependencies are up to date... If this is the first time you have run Etherpad please be patient. -cmd /C npm install src/ --loglevel warn || exit /B 1 +echo Ensure that all dependencies are up to date... If this is the first time you have run Etherpad please be patient. + +mkdir node_modules +cd /D node_modules +mklink /D "ep_etherpad-lite" "..\src" + +cd /D "ep_etherpad-lite" +cmd /C npm install --loglevel warn || exit /B 1 + +cd /D "%~dp0.." echo _ echo Copying custom templates... set custom_dir=node_modules\ep_etherpad-lite\static\custom FOR %%f IN (index pad timeslider) DO ( - if NOT EXIST "%custom_dir%\%%f.js" copy "%custom_dir%\js.template" "%custom_dir%\%%f.js" - if NOT EXIST "%custom_dir%\%%f.css" copy "%custom_dir%\css.template" "%custom_dir%\%%f.css" + if NOT EXIST "%custom_dir%%%f.js" copy "%custom_dir%\js.template" "%custom_dir%%%f.js" + if NOT EXIST "%custom_dir%%%f.css" copy "%custom_dir%\css.template" "%custom_dir%%%f.css" ) echo _ @@ -25,10 +33,10 @@ del /S var\minified* echo _ echo Setting up settings.json... IF NOT EXIST settings.json ( - echo Can't find settings.json. - echo Copying settings.json.template... - cmd /C copy settings.json.template settings.json || exit /B 1 + echo Can't find settings.json. + echo Copying settings.json.template... + cmd /C copy settings.json.template settings.json || exit /B 1 ) echo _ -echo Installed Etherpad! To run Etherpad type start.bat +echo Installed Etherpad! To run Etherpad type start.bat \ No newline at end of file From 64aee56940c08c2774c44c92e589037d8803c629 Mon Sep 17 00:00:00 2001 From: bm jade Date: Mon, 7 Aug 2017 17:15:02 +0200 Subject: [PATCH 08/29] FIX missing backslashes --- bin/installOnWindows.bat | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/bin/installOnWindows.bat b/bin/installOnWindows.bat index d95bf4c44..6abf66ab0 100644 --- a/bin/installOnWindows.bat +++ b/bin/installOnWindows.bat @@ -1,13 +1,13 @@ @echo off :: change directory to etherpad-lite root -cd /D "%~dp0.." +cd /D "%~dp0\.." :: Is node installed? cmd /C node -e "" || ( echo "Please install node.js ( http://nodejs.org )" && exit /B 1 ) echo _ -echo Ensure that all dependencies are up to date... If this is the first time you have run Etherpad please be patient. +echo Ensure that all dependencies are up to date... If this is the first time you have run Etherpad please be patient. mkdir node_modules cd /D node_modules @@ -16,14 +16,14 @@ mklink /D "ep_etherpad-lite" "..\src" cd /D "ep_etherpad-lite" cmd /C npm install --loglevel warn || exit /B 1 -cd /D "%~dp0.." +cd /D "%~dp0\.." echo _ echo Copying custom templates... set custom_dir=node_modules\ep_etherpad-lite\static\custom FOR %%f IN (index pad timeslider) DO ( - if NOT EXIST "%custom_dir%%%f.js" copy "%custom_dir%\js.template" "%custom_dir%%%f.js" - if NOT EXIST "%custom_dir%%%f.css" copy "%custom_dir%\css.template" "%custom_dir%%%f.css" + if NOT EXIST "%custom_dir%\%%f.js" copy "%custom_dir%\js.template" "%custom_dir%\%%f.js" + if NOT EXIST "%custom_dir%\%%f.css" copy "%custom_dir%\css.template" "%custom_dir%\%%f.css" ) echo _ @@ -33,10 +33,10 @@ del /S var\minified* echo _ echo Setting up settings.json... IF NOT EXIST settings.json ( - echo Can't find settings.json. - echo Copying settings.json.template... - cmd /C copy settings.json.template settings.json || exit /B 1 + echo Can't find settings.json. + echo Copying settings.json.template... + cmd /C copy settings.json.template settings.json || exit /B 1 ) echo _ -echo Installed Etherpad! To run Etherpad type start.bat \ No newline at end of file +echo Installed Etherpad! To run Etherpad type start.bat \ No newline at end of file From 54e834194b97987d68953c67a758a7f94763cb14 Mon Sep 17 00:00:00 2001 From: Loick Magniez Date: Wed, 22 Nov 2017 16:04:17 +0100 Subject: [PATCH 09/29] Changed the color palette and changed the pad's font size to 16px --- src/node/db/AuthorManager.js | 52 ++++++++++++++++---------------- src/static/css/iframe_editor.css | 2 +- 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/src/node/db/AuthorManager.js b/src/node/db/AuthorManager.js index 3e3b691a6..1f2a736be 100644 --- a/src/node/db/AuthorManager.js +++ b/src/node/db/AuthorManager.js @@ -25,7 +25,7 @@ var customError = require("../utils/customError"); var randomString = require('ep_etherpad-lite/static/js/pad_utils').randomString; exports.getColorPalette = function(){ - return ["#ffc7c7", "#fff1c7", "#e3ffc7", "#c7ffd5", "#c7ffff", "#c7d5ff", "#e3c7ff", "#ffc7f1", "#ff8f8f", "#ffe38f", "#c7ff8f", "#8fffab", "#8fffff", "#8fabff", "#c78fff", "#ff8fe3", "#d97979", "#d9c179", "#a9d979", "#79d991", "#79d9d9", "#7991d9", "#a979d9", "#d979c1", "#d9a9a9", "#d9cda9", "#c1d9a9", "#a9d9b5", "#a9d9d9", "#a9b5d9", "#c1a9d9", "#d9a9cd", "#4c9c82", "#12d1ad", "#2d8e80", "#7485c3", "#a091c7", "#3185ab", "#6818b4", "#e6e76d", "#a42c64", "#f386e5", "#4ecc0c", "#c0c236", "#693224", "#b5de6a", "#9b88fd", "#358f9b", "#496d2f", "#e267fe", "#d23056", "#1a1a64", "#5aa335", "#d722bb", "#86dc6c", "#b5a714", "#955b6a", "#9f2985", "#4b81c8", "#3d6a5b", "#434e16", "#d16084", "#af6a0e", "#8c8bd8"]; + return ["#ffc7c7", "#fff1c7", "#e3ffc7", "#c7ffd5", "#c7ffff", "#c7d5ff", "#e3c7ff", "#ffc7f1", "#ffa8a8", "#ffe699", "#cfff9e", "#99ffb3", "#a3ffff", "#99b3ff", "#cc99ff", "#ff99e5", "#e7b1b1", "#e9dcAf", "#cde9af", "#bfedcc", "#b1e7e7", "#c3cdee", "#d2b8ea", "#eec3e6", "#e9cece", "#e7e0ca", "#d3e5c7", "#bce1c5", "#c1e2e2", "#c1c9e2", "#cfc1e2", "#e0bdd9", "#baded3", "#a0f8eb", "#b1e7e0", "#c3c8e4", "#cec5e2", "#b1d5e7", "#cda8f0", "#f0f0a8", "#f2f2a6", "#f5a8eb", "#c5f9a9", "#ececbb", "#e7c4bc", "#daf0b2", "#b0a0fd", "#bce2e7", "#cce2bb", "#ec9afe", "#edabbd", "#aeaeea", "#c4e7b1", "#d722bb", "#f3a5e7", "#ffa8a8", "#d8c0c5", "#eaaedd", "#adc6eb", "#bedad1", "#dee9af", "#e9afc2", "#f8d2a0", "#b3b3e6"]; }; /** @@ -42,9 +42,9 @@ exports.doesAuthorExists = function (authorID, callback) } /** - * Returns the AuthorID for a token. - * @param {String} token The token - * @param {Function} callback callback (err, author) + * Returns the AuthorID for a token. + * @param {String} token The token + * @param {Function} callback callback (err, author) */ exports.getAuthor4Token = function (token, callback) { @@ -57,21 +57,21 @@ exports.getAuthor4Token = function (token, callback) } /** - * Returns the AuthorID for a mapper. + * Returns the AuthorID for a mapper. * @param {String} token The mapper * @param {String} name The name of the author (optional) - * @param {Function} callback callback (err, author) + * @param {Function} callback callback (err, author) */ exports.createAuthorIfNotExistsFor = function (authorMapper, name, callback) { mapAuthorWithDBKey("mapper2author", authorMapper, function(err, author) { if(ERR(err, callback)) return; - + //set the name of this author if(name) exports.setAuthorName(author.authorID, name); - + //return the authorID callback(null, author); }); @@ -80,27 +80,27 @@ exports.createAuthorIfNotExistsFor = function (authorMapper, name, callback) /** * Returns the AuthorID for a mapper. We can map using a mapperkey, * so far this is token2author and mapper2author - * @param {String} mapperkey The database key name for this mapper + * @param {String} mapperkey The database key name for this mapper * @param {String} mapper The mapper - * @param {Function} callback callback (err, author) + * @param {Function} callback callback (err, author) */ function mapAuthorWithDBKey (mapperkey, mapper, callback) -{ +{ //try to map to an author db.get(mapperkey + ":" + mapper, function (err, author) { if(ERR(err, callback)) return; - + //there is no author with this mapper, so create one if(author == null) { exports.createAuthor(null, function(err, author) { if(ERR(err, callback)) return; - + //create the token2author relation db.set(mapperkey + ":" + mapper, author.authorID); - + //return the author callback(null, author); }); @@ -110,7 +110,7 @@ function mapAuthorWithDBKey (mapperkey, mapper, callback) { //update the timestamp of this author db.setSub("globalAuthor:" + author, ["timestamp"], new Date().getTime()); - + //return the author callback(null, {authorID: author}); } @@ -118,20 +118,20 @@ function mapAuthorWithDBKey (mapperkey, mapper, callback) } /** - * Internal function that creates the database entry for an author - * @param {String} name The name of the author + * Internal function that creates the database entry for an author + * @param {String} name The name of the author */ exports.createAuthor = function(name, callback) { //create the new author name var author = "a." + randomString(16); - + //create the globalAuthors db entry var authorObj = {"colorId" : Math.floor(Math.random()*(exports.getColorPalette().length)), "name": name, "timestamp": new Date().getTime()}; - + //set the global author db entry db.set("globalAuthor:" + author, authorObj); - + callback(null, {authorID: author}); } @@ -212,7 +212,7 @@ exports.listPadsOfAuthor = function (authorID, callback) } //everything is fine, return the pad IDs else - { + { var pads = []; if(author.padIDs != null) { @@ -238,16 +238,16 @@ exports.addPad = function (authorID, padID) { if(ERR(err)) return; if(author == null) return; - + //the entry doesn't exist so far, let's create it if(author.padIDs == null) { author.padIDs = {}; } - + //add the entry for this pad author.padIDs[padID] = 1;// anything, because value is not used - + //save the new element back db.set("globalAuthor:" + authorID, author); }); @@ -264,11 +264,11 @@ exports.removePad = function (authorID, padID) { if(ERR(err)) return; if(author == null) return; - + if(author.padIDs != null) { //remove pad from author - delete author.padIDs[padID]; + delete author.padIDs[padID]; db.set("globalAuthor:" + authorID, author); } }); diff --git a/src/static/css/iframe_editor.css b/src/static/css/iframe_editor.css index 9aa003aaf..d559efc84 100644 --- a/src/static/css/iframe_editor.css +++ b/src/static/css/iframe_editor.css @@ -31,7 +31,7 @@ body { body.grayedout { background-color: #eee !important } #innerdocbody { - font-size: 12px; /* overridden by body.style */ + font-size: 16px; /* overridden by body.style */ font-family:Arial, sans-serif; /* overridden by body.style */ line-height: 16px; /* overridden by body.style */ background-color: white; From 38cbff11a1ca0381d1a6f89364aa2c822b757b37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFck=20Magniez?= Date: Thu, 23 Nov 2017 16:24:08 +0100 Subject: [PATCH 10/29] Adapted the padding due to the font-size modification --- src/static/css/iframe_editor.css | 4 ++++ src/static/css/pad.css | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/static/css/iframe_editor.css b/src/static/css/iframe_editor.css index d559efc84..34ab404a9 100644 --- a/src/static/css/iframe_editor.css +++ b/src/static/css/iframe_editor.css @@ -38,6 +38,10 @@ body.grayedout { background-color: #eee !important } color: black; } +.innerdocbody>div{ + padding: 1px; +} + body.doesWrap { /* white-space: pre-wrap; */ diff --git a/src/static/css/pad.css b/src/static/css/pad.css index cabde7ef2..eb62a6f9b 100644 --- a/src/static/css/pad.css +++ b/src/static/css/pad.css @@ -3,8 +3,9 @@ html, body, p { margin: 0; - padding: 0; + padding: 0px; } + .clear { clear: both } From e0582797f220a906293a0e8cbba2930df91dcb38 Mon Sep 17 00:00:00 2001 From: Avery Pennarun Date: Sun, 31 Dec 2017 12:32:50 +0000 Subject: [PATCH 11/29] Call authentication hooks before default basic authentication. This allows authenticators to do any extra session setup for a given user, even if their username/password happens to match settings.json. --- src/node/hooks/express/webaccess.js | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js index 190021a3e..e0b35831c 100644 --- a/src/node/hooks/express/webaccess.js +++ b/src/node/hooks/express/webaccess.js @@ -36,13 +36,16 @@ exports.basicAuth = function (req, res, next) { var userpass = new Buffer(req.headers.authorization.split(' ')[1], 'base64').toString().split(":") var username = userpass.shift(); var password = userpass.join(':'); - - if (settings.users[username] != undefined && settings.users[username].password == password) { - settings.users[username].username = username; - req.session.user = settings.users[username]; - return cb(true); - } - return hooks.aCallFirst("authenticate", {req: req, res:res, next:next, username: username, password: password}, hookResultMangle(cb)); + var fallback = function(success) { + if (success) return cb(true); + if (settings.users[username] != undefined && settings.users[username].password == password) { + settings.users[username].username = username; + req.session.user = settings.users[username]; + return cb(true); + } + return cb(false); + }; + return hooks.aCallFirst("authenticate", {req: req, res:res, next:next, username: username, password: password}, hookResultMangle(fallback)); } hooks.aCallFirst("authenticate", {req: req, res:res, next:next}, hookResultMangle(cb)); } From 0139965864ab88cdd6bdbd27fa6f933d2dc1ccf2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Severin=20Gl=C3=B6ckner?= Date: Sun, 25 Feb 2018 16:20:58 +0100 Subject: [PATCH 12/29] specify python version --- bin/dirty-db-cleaner.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/dirty-db-cleaner.py b/bin/dirty-db-cleaner.py index 8ed9c5065..d3e49a0d2 100755 --- a/bin/dirty-db-cleaner.py +++ b/bin/dirty-db-cleaner.py @@ -1,4 +1,4 @@ -#!/usr/bin/python -u +#!/usr/bin/env PYTHONUNBUFFERED=1 python2 # # Created by Bjarni R. Einarsson, placed in the public domain. Go wild! # From 5c864ec47d32593a156855c989b0a39a73f5c315 Mon Sep 17 00:00:00 2001 From: Claas Augner Date: Fri, 9 Mar 2018 13:45:24 +0100 Subject: [PATCH 13/29] Add checkPad variant to check all pads/revisions --- bin/checkAllPads.js | 138 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 bin/checkAllPads.js diff --git a/bin/checkAllPads.js b/bin/checkAllPads.js new file mode 100644 index 000000000..1657ba794 --- /dev/null +++ b/bin/checkAllPads.js @@ -0,0 +1,138 @@ +/* + This is a debug tool. It checks all revisions of all pads for data corruption +*/ + +if(process.argv.length != 2) +{ + console.error("Use: node bin/checkAllPads.js"); + process.exit(1); +} + +//initalize the variables +var db, settings, padManager; +var npm = require("../src/node_modules/npm"); +var async = require("../src/node_modules/async"); + +var Changeset = require("../src/static/js/Changeset"); + +async.series([ + //load npm + function(callback) { + npm.load({}, callback); + }, + //load modules + function(callback) { + settings = require('../src/node/utils/Settings'); + db = require('../src/node/db/DB'); + + //initalize the database + db.init(callback); + }, + //load pads + function (callback) + { + padManager = require('../src/node/db/PadManager'); + + padManager.listAllPads(function(err, res) + { + var padIds = res.padIDs; + pads = []; + async.forEach(padIds, function(padId, callback) { + padManager.getPad(padId, function(err, pad) { + pads.push(pad); + callback(err); + }) + }, callback); + }); + }, + function (callback) + { + async.forEach(pads, function(pad, callback) + { + //create an array with key kevisions + //key revisions always save the full pad atext + var head = pad.getHeadRevisionNumber(); + var keyRevisions = []; + for(var i=0;i Date: Fri, 9 Mar 2018 14:02:22 +0100 Subject: [PATCH 14/29] checkAllPads: Increase performance/resilience Performance: Don't preload pads. Check for pool only once per pad. Resilience: Handle missing revision. --- bin/checkAllPads.js | 151 +++++++++++++++++++++++--------------------- 1 file changed, 79 insertions(+), 72 deletions(-) diff --git a/bin/checkAllPads.js b/bin/checkAllPads.js index 1657ba794..90cb15276 100644 --- a/bin/checkAllPads.js +++ b/bin/checkAllPads.js @@ -1,5 +1,5 @@ /* - This is a debug tool. It checks all revisions of all pads for data corruption + This is a debug tool. It checks all revisions for data corruption */ if(process.argv.length != 2) @@ -35,96 +35,103 @@ async.series([ padManager.listAllPads(function(err, res) { - var padIds = res.padIDs; - pads = []; - async.forEach(padIds, function(padId, callback) { - padManager.getPad(padId, function(err, pad) { - pads.push(pad); - callback(err); - }) - }, callback); + padIds = res.padIDs; + callback(err); }); }, function (callback) { - async.forEach(pads, function(pad, callback) + async.forEach(padIds, function(padId, callback) { - //create an array with key kevisions - //key revisions always save the full pad atext - var head = pad.getHeadRevisionNumber(); - var keyRevisions = []; - for(var i=0;i Date: Sun, 25 Mar 2018 19:24:52 +0200 Subject: [PATCH 15/29] Fix numbering line when plugin add padding-top (like ep_page_view) --- src/static/js/ace2_inner.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/static/js/ace2_inner.js b/src/static/js/ace2_inner.js index df9c96425..90cefa506 100644 --- a/src/static/js/ace2_inner.js +++ b/src/static/js/ace2_inner.js @@ -5404,8 +5404,8 @@ function Ace2Inner(){ // height is taken to be the top offset of the next line. If we // didn't do this special case, we would miss out on any top margin // included on the first line. The default stylesheet doesn't add - // extra margins, but plugins might. - h = b.nextSibling.offsetTop; + // extra margins/padding, but plugins might. + h = b.nextSibling.offsetTop - window.getComputedStyle(doc.body).getPropertyValue("padding-top"); } else { h = b.nextSibling.offsetTop - b.offsetTop; } From 4a18f0d97d9654a6a3749b67b0f24f0c7d5c94ff Mon Sep 17 00:00:00 2001 From: Bryce York Date: Wed, 28 Mar 2018 22:38:30 +1100 Subject: [PATCH 16/29] Fix bug with cleanRun.sh Now works if the output of `pwd` has a space in it. --- bin/cleanRun.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/cleanRun.sh b/bin/cleanRun.sh index ef802815d..57325dd23 100755 --- a/bin/cleanRun.sh +++ b/bin/cleanRun.sh @@ -38,4 +38,4 @@ bin/installDeps.sh $* || exit 1 echo "Started Etherpad..." SCRIPTPATH=`pwd -P` -node $SCRIPTPATH/node_modules/ep_etherpad-lite/node/server.js $* +node "${$SCRIPTPATH}/node_modules/ep_etherpad-lite/node/server.js" $* From 6047c0de09cf11c2d23eaa0af3527644afcca7f9 Mon Sep 17 00:00:00 2001 From: John McLear Date: Tue, 3 Apr 2018 12:52:34 +0100 Subject: [PATCH 17/29] Make README not suck. --- README.md | 99 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 52 insertions(+), 47 deletions(-) diff --git a/README.md b/README.md index d0d224334..ad7cc6c5b 100644 --- a/README.md +++ b/README.md @@ -1,28 +1,38 @@ +### This project is looking for a new project lead. If you wish to help steer Etherpad forward please email contact@etherpad.org + # A really-real time collaborative word processor for the web -![alt text](https://i.imgur.com/zYrGkg3.gif "Etherpad in action on PrimaryPad") +![Demo Etherpad Animated Jif](https://i.imgur.com/zYrGkg3.gif "Etherpad in action on PrimaryPad") # About -Etherpad is a really-real time collaborative editor maintained by the Etherpad Community. - -Etherpad is written in JavaScript (99.9%) on both the server and client so it's easy for developers to maintain and add new features. Because of this Etherpad has tons of customizations that you can leverage. - -Etherpad is designed to be easily embeddable and provides a [HTTP API](https://github.com/ether/etherpad-lite/wiki/HTTP-API) -that allows your web application to manage pads, users and groups. It is recommended to use the [available client implementations](https://github.com/ether/etherpad-lite/wiki/HTTP-API-client-libraries) in order to interact with this API. - -There is also a [jQuery plugin](https://github.com/ether/etherpad-lite-jquery-plugin) that helps you to embed Pads into your website. - -There's also a full-featured plugin framework, allowing you to easily add your own features. By default your Etherpad is rather sparse and because Etherpad takes a lot of its inspiration from WordPress, plugins are really easy to install and update. Once you have Etherpad installed you should visit the plugin page and take control. - -Finally, Etherpad comes with translations into most languages! Users are automatically delivered the correct language for their local settings. - - -**Visit [beta.etherpad.org](http://beta.etherpad.org) to test it live.** - -Also, check out the **[FAQ](https://github.com/ether/etherpad-lite/wiki/FAQ)**, really! +Etherpad is a really-real time collaborative editor scalable to thousands of simultanious real time users. Unlike all other collaborative tools Etherpad provides full fidelity data export and portability making it fully GDPR compliant. **Visit [beta.etherpad.org](http://beta.etherpad.org) to try it out.** # Installation -Etherpad works with node v0.10+ (except 6.0 and 6.1). +## Uber-Quick Ubuntu +``` +curl -sL https://deb.nodesource.com/setup_9.x | sudo -E bash - +sudo apt-get install -y nodejs +git clone git://github.com/ether/etherpad-lite.git && cd etherpad-lite && bin/run.sh +``` + +## GNU/Linux and other UNIX-like systems +You'll need gzip, git, curl, libssl develop libraries, python and gcc. +- *For Debian/Ubuntu*: `apt install gzip git curl python libssl-dev pkg-config build-essential` +- *For Fedora/CentOS*: `yum install gzip git curl python openssl-devel && yum groupinstall "Development Tools"` +- *For FreeBSD*: `portinstall node, npm, curl, git (optional)` + +Additionally, you'll need [node.js](https://nodejs.org) installed, Ideally the latest stable version, we recommend installing/compiling nodejs from source (avoiding apt). + +**As any user (we recommend creating a separate user called etherpad):** + +1. Move to a folder where you want to install Etherpad. Clone the git repository `git clone git://github.com/ether/etherpad-lite.git` +2. Change into the new directory containing the cloned source code `cd etherpad-lite` + +Now, run `bin/run.sh` and open in your browser. + +Update to the latest version with `git pull origin`. The next start with bin/run.sh will update the dependencies. + +[Next steps](#next-steps). ## Windows @@ -52,27 +62,6 @@ If cloning to a subdirectory within another project, you may need to do the foll 2. Edit the db `filename` in `settings.json` to the relative directory with the file (e.g. `application/lib/etherpad-lite/var/dirty.db`) 3. Add auto-generated files to the main project `.gitignore` -[Next steps](#next-steps). - -## GNU/Linux and other UNIX-like systems -You'll need gzip, git, curl, libssl develop libraries, python and gcc. -- *For Debian/Ubuntu*: `apt install gzip git curl python libssl-dev pkg-config build-essential` -- *For Fedora/CentOS*: `yum install gzip git curl python openssl-devel && yum groupinstall "Development Tools"` -- *For FreeBSD*: `portinstall node, npm, curl, git (optional)` - -Additionally, you'll need [node.js](https://nodejs.org) installed, Ideally the latest stable version, we recommend installing/compiling nodejs from source (avoiding apt). - -**As any user (we recommend creating a separate user called etherpad):** - -1. Move to a folder where you want to install Etherpad. Clone the git repository `git clone git://github.com/ether/etherpad-lite.git` -2. Change into the new directory containing the cloned source code `cd etherpad-lite` - -Now, run `bin/run.sh` and open in your browser. - -Update to the latest version with `git pull origin`. The next start with bin/run.sh will update the dependencies. - -You like it? [Next steps](#next-steps). - # Next Steps ## Tweak the settings @@ -85,7 +74,7 @@ You should use a dedicated database such as "mysql", if you are planning on usin Etherpad is very customizable through plugins. Instructions for installing themes and plugins can be found in [the plugin wiki article](https://github.com/ether/etherpad-lite/wiki/Available-Plugins). ## Helpful resources -The [wiki](https://github.com/ether/etherpad-lite/wiki) is your one-stop resource for Tutorials and How-to's, really check it out! Also, feel free to improve these wiki pages. +The [wiki](https://github.com/ether/etherpad-lite/wiki) is your one-stop resource for Tutorials and How-to's. Documentation can be found in `doc/`. @@ -100,7 +89,7 @@ You can debug Etherpad using `bin/debugRun.sh`. If you want to find out how Etherpad's `Easysync` works (the library that makes it really realtime), start with this [PDF](https://github.com/ether/etherpad-lite/raw/master/doc/easysync/easysync-full-description.pdf) (complex, but worth reading). -## Getting started +## Contributing You know all this and just want to know how you can help? Look at the [TODO list](https://github.com/ether/etherpad-lite/wiki/TODO) and our [Issue tracker](https://github.com/ether/etherpad-lite/issues). (Please consider using [jshint](http://www.jshint.com/about/), if you plan to contribute code.) @@ -108,18 +97,34 @@ Look at the [TODO list](https://github.com/ether/etherpad-lite/wiki/TODO) and ou Also, and most importantly, read our [**Developer Guidelines**](https://github.com/ether/etherpad-lite/blob/master/CONTRIBUTING.md), really! # Get in touch -Join the [mailinglist](https://groups.google.com/group/etherpad-lite-dev) and make some noise on our busy freenode irc channel [#etherpad-lite-dev](https://webchat.freenode.net?channels=#etherpad-lite-dev)! +[mailinglist](https://groups.google.com/group/etherpad-lite-dev) +[#etherpad-lite-dev freenode IRC](https://webchat.freenode.net?channels=#etherpad-lite-dev)! -# Modules created for this project +# Languages +Etherpad is written in JavaScript on both the server and client so it's easy for developers to maintain and add new features. -* [ueberDB](https://github.com/Pita/ueberDB) "transforms every database into a object key value store" - manages all database access -* [channels](https://github.com/Pita/channels) "Event channels in node.js" - ensures that ueberDB operations are atomic and in series for each key -* [async-stacktrace](https://github.com/Pita/async-stacktrace) "Improves node.js stacktraces and makes it easier to handle errors" +# HTTP API +Etherpad is designed to be easily embeddable and provides a [HTTP API](https://github.com/ether/etherpad-lite/wiki/HTTP-API) +that allows your web application to manage pads, users and groups. It is recommended to use the [available client implementations](https://github.com/ether/etherpad-lite/wiki/HTTP-API-client-libraries) in order to interact with this API. + +# jQuery plugin +There is also a [jQuery plugin](https://github.com/ether/etherpad-lite-jquery-plugin) that helps you to embed Pads into your website. + +# Plugin Framework +Etherpad offers a plugin framework, allowing you to easily add your own features. By default your Etherpad is extremely light-weight and it's up to you to customize your experience. Once you have Etherpad installed you should visit the plugin page and take control. + +# Translations / Localizations (i18n / l10n) +Etherpad comes with translations into all languages thanks to the team at TranslateWiki. + +# FAQ +Visit the **[FAQ](https://github.com/ether/etherpad-lite/wiki/FAQ)**. # Donate! * [Flattr](https://flattr.com/thing/71378/Etherpad-Foundation) * Paypal - Press the donate button on [etherpad.org](http://etherpad.org) * [Bitcoin](https://coinbase.com/checkouts/1e572bf8a82e4663499f7f1f66c2d15a) +All donations go to the Etherpad foundation which is part of Software Freedom Conservency + # License [Apache License v2](http://www.apache.org/licenses/LICENSE-2.0.html) From 09c2c034c4733a512b972b0f1877e68c63b64288 Mon Sep 17 00:00:00 2001 From: John McLear Date: Tue, 3 Apr 2018 12:57:14 +0100 Subject: [PATCH 18/29] Continue to make README suck even less.. REALLY! --- README.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index ad7cc6c5b..b01fa4ab6 100644 --- a/README.md +++ b/README.md @@ -90,11 +90,7 @@ You can debug Etherpad using `bin/debugRun.sh`. If you want to find out how Etherpad's `Easysync` works (the library that makes it really realtime), start with this [PDF](https://github.com/ether/etherpad-lite/raw/master/doc/easysync/easysync-full-description.pdf) (complex, but worth reading). ## Contributing -You know all this and just want to know how you can help? - -Look at the [TODO list](https://github.com/ether/etherpad-lite/wiki/TODO) and our [Issue tracker](https://github.com/ether/etherpad-lite/issues). (Please consider using [jshint](http://www.jshint.com/about/), if you plan to contribute code.) - -Also, and most importantly, read our [**Developer Guidelines**](https://github.com/ether/etherpad-lite/blob/master/CONTRIBUTING.md), really! +Read our [**Developer Guidelines**](https://github.com/ether/etherpad-lite/blob/master/CONTRIBUTING.md) # Get in touch [mailinglist](https://groups.google.com/group/etherpad-lite-dev) @@ -108,7 +104,7 @@ Etherpad is designed to be easily embeddable and provides a [HTTP API](https://g that allows your web application to manage pads, users and groups. It is recommended to use the [available client implementations](https://github.com/ether/etherpad-lite/wiki/HTTP-API-client-libraries) in order to interact with this API. # jQuery plugin -There is also a [jQuery plugin](https://github.com/ether/etherpad-lite-jquery-plugin) that helps you to embed Pads into your website. +There is a [jQuery plugin](https://github.com/ether/etherpad-lite-jquery-plugin) that helps you to embed Pads into your website. # Plugin Framework Etherpad offers a plugin framework, allowing you to easily add your own features. By default your Etherpad is extremely light-weight and it's up to you to customize your experience. Once you have Etherpad installed you should visit the plugin page and take control. From 8edd8e1291ececb4d6b873df13f72b5b36b7f380 Mon Sep 17 00:00:00 2001 From: John McLear Date: Tue, 3 Apr 2018 15:47:02 +0100 Subject: [PATCH 19/29] Update package.json --- src/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/package.json b/src/package.json index a88b5c6c9..039bfc7bb 100644 --- a/src/package.json +++ b/src/package.json @@ -28,7 +28,7 @@ "log4js" : "0.6.35", "cheerio" : "0.20.0", "async-stacktrace" : "0.0.2", - "npm" : "4.0.2", + "npm" : ">=4.0.2", "ejs" : "2.5.7", "graceful-fs" : "4.1.3", "slide" : "1.1.6", From ba732a6b9eebbf88887fdb052ab36d449c72cb30 Mon Sep 17 00:00:00 2001 From: John McLear Date: Tue, 3 Apr 2018 18:05:26 +0100 Subject: [PATCH 20/29] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index b01fa4ab6..f464a91db 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,8 @@ ### This project is looking for a new project lead. If you wish to help steer Etherpad forward please email contact@etherpad.org +[![Deps](https://david-dm.org/ether/etherpad-lite.svg?branch=develop)](https://david-dm.org/ether/etherpad-lite) +[![NSP Status](https://nodesecurity.io/orgs/etherpad/projects/635f6185-35c6-4ed7-931a-0bc62758ece7/badge)](https://nodesecurity.io/orgs/etherpad/projects/635f6185-35c6-4ed7-931a-0bc62758ece7) + # A really-real time collaborative word processor for the web ![Demo Etherpad Animated Jif](https://i.imgur.com/zYrGkg3.gif "Etherpad in action on PrimaryPad") From f5aed706b79cab1d50c94bccd9e36d69dd70b24f Mon Sep 17 00:00:00 2001 From: John McLear Date: Tue, 3 Apr 2018 19:55:55 +0100 Subject: [PATCH 21/29] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f464a91db..3ab7e3584 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,9 @@ ![Demo Etherpad Animated Jif](https://i.imgur.com/zYrGkg3.gif "Etherpad in action on PrimaryPad") # About -Etherpad is a really-real time collaborative editor scalable to thousands of simultanious real time users. Unlike all other collaborative tools Etherpad provides full fidelity data export and portability making it fully GDPR compliant. **Visit [beta.etherpad.org](http://beta.etherpad.org) to try it out.** +Etherpad is a really-real time collaborative editor scalable to thousands of simultanious real time users. Unlike all other collaborative tools Etherpad provides full fidelity data export and portability making it fully GDPR compliant. + +**[Try it out](http://beta.etherpad.org)** # Installation From 5a0afab02e7d27b0c6aeeb5d2f8b17b63550e6df Mon Sep 17 00:00:00 2001 From: John McLear Date: Wed, 4 Apr 2018 13:33:46 +0100 Subject: [PATCH 22/29] remove license thing from exports --- src/templates/export_html.html | 1 - 1 file changed, 1 deletion(-) diff --git a/src/templates/export_html.html b/src/templates/export_html.html index b29941c9f..b8893b717 100644 --- a/src/templates/export_html.html +++ b/src/templates/export_html.html @@ -139,6 +139,5 @@ ol > ol > ol > ol > ol > ol > ol > ol > ol > ol > ol > ol > ol > ol > ol > ol { <%- body %> - From 735052e1a22828337507f5168420f2daa242d864 Mon Sep 17 00:00:00 2001 From: John McLear Date: Wed, 4 Apr 2018 20:13:28 +0100 Subject: [PATCH 23/29] Update package.json --- src/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/package.json b/src/package.json index 039bfc7bb..189d8a7b7 100644 --- a/src/package.json +++ b/src/package.json @@ -17,7 +17,7 @@ "etherpad-require-kernel" : "1.0.9", "resolve" : "1.1.7", "socket.io" : "1.7.3", - "ueberdb2" : "0.3.6", + "ueberdb2" : "0.3.8", "express" : "4.13.4", "express-session" : "1.13.0", "cookie-parser" : "1.3.4", From 68d81e839c5883df0a6e8ca2c2e663ae5b6fb112 Mon Sep 17 00:00:00 2001 From: John McLear Date: Fri, 6 Apr 2018 10:38:14 +0100 Subject: [PATCH 24/29] Update CONTRIBUTING.md --- CONTRIBUTING.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 09ddc286d..54ff0680b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -35,7 +35,7 @@ The logfile location is defined in startup script or the log is directly shown i To make sure everybody is going in the same direction: * easy to install for admins and easy to use for people * easy to integrate into other apps, but also usable as standalone -* using less resources on server side +* lightweight and scalable * extensible, as much functionality should be extendable with plugins so changes don't have to be done in core. Also, keep it maintainable. We don't wanna end up as the monster Etherpad was! @@ -92,3 +92,18 @@ You can build the docs e.g. produce html, using `make docs`. At some point in th ## Testing Front-end tests are found in the `tests/frontend/` folder in the repository. Run them by pointing your browser to `/tests/frontend`. + +## Things you can help with +Etherpad is much more than software. So if you aren't a developer then worry not, there is still a LOT you can do! A big part of what we do is community engagement. You can help in the following ways + * Triage bugs (applying labels) and confirming their existance + * Testing fixes (simply applying them and seeing if it fixes your issue or not) - Some git experience required + * Notifying large site admins of new releases + * Writing Changelogs for releases + * Creating Windows packages + * Creating releases + * Bumping dependencies periodically and checking they don't break anything + * Write proposals for grants + * Co-Author and Publish CVEs + * Work with SFC to maintain legal side of project + * Maintain TODO page - https://github.com/ether/etherpad-lite/wiki/TODO#IMPORTANT_TODOS + From 0225acfa06952363701571366441fd466b32f6f9 Mon Sep 17 00:00:00 2001 From: John McLear Date: Fri, 6 Apr 2018 10:40:36 +0100 Subject: [PATCH 25/29] Update CONTRIBUTING.md --- CONTRIBUTING.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 54ff0680b..669460801 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,4 +1,4 @@ -# Developer Guidelines +# Contributor Guidelines (Please talk to people on the mailing list before you change this page, see our section on [how to get in touch](https://github.com/ether/etherpad-lite#get-in-touch)) ## How to write a bug report @@ -106,4 +106,5 @@ Etherpad is much more than software. So if you aren't a developer then worry no * Co-Author and Publish CVEs * Work with SFC to maintain legal side of project * Maintain TODO page - https://github.com/ether/etherpad-lite/wiki/TODO#IMPORTANT_TODOS - + * Replying to messages on IRC / The Mailing list / Emails + From 98a03b08675dc821c5a44ce7f7e3555067ef1517 Mon Sep 17 00:00:00 2001 From: John McLear Date: Fri, 6 Apr 2018 13:51:08 +0100 Subject: [PATCH 26/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3ab7e3584..d8d7b621e 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Etherpad is a really-real time collaborative editor scalable to thousands of sim ``` curl -sL https://deb.nodesource.com/setup_9.x | sudo -E bash - sudo apt-get install -y nodejs -git clone git://github.com/ether/etherpad-lite.git && cd etherpad-lite && bin/run.sh +git clone https://github.com/ether/etherpad-lite.git && cd etherpad-lite && bin/run.sh ``` ## GNU/Linux and other UNIX-like systems From 86ec963775a9361856e52d6f734cdfad8cce07dc Mon Sep 17 00:00:00 2001 From: John McLear Date: Fri, 6 Apr 2018 13:52:04 +0100 Subject: [PATCH 27/29] Fixes #3137 #3137 --- src/static/css/pad.css | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/static/css/pad.css b/src/static/css/pad.css index eb62a6f9b..484e6f2ab 100644 --- a/src/static/css/pad.css +++ b/src/static/css/pad.css @@ -1072,9 +1072,9 @@ input[type=checkbox] { overflow: auto; } #mycolorpicker { - left: -73px; - top:auto !important; - bottom:33px !important; + left: 0px; + top:37px !important; + position:fixed; /* #mycolorpicker: width -#users: width */; } #editorcontainer { From c34350f3075de5bd8a9055c174b4182c167f64b2 Mon Sep 17 00:00:00 2001 From: John McLear Date: Sat, 7 Apr 2018 09:22:13 +0100 Subject: [PATCH 28/29] Beginning to make release --- CHANGELOG.md | 26 ++++++++++++++++++++------ src/package.json | 2 +- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 74d06f453..bd79182c9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,17 @@ +# 1.6.4 + * SECURITY: exploitable /admin access + * SECURITY: DoS with pad exports + * SECURITY: Remote Code Execution + * SECURITY: Pad data leak + * Fix: Admin redirect URL + * Fix: Various script Fixes + * Fix: Various CSS/Style/Layout fixes + * NEW: Improved Pad contents readability + * NEW: Hook: onAccessCheck + * NEW: SESSIONKEY and APIKey customizable path + * NEW: checkPads script + * NEW: Support "cluster mode" + # 1.6.3 * SECURITY: Update ejs * SECURITY: xss vulnerability when reading window.location.href @@ -56,7 +70,7 @@ * NEW: Allow LibreOffice to be used when exporting a pad * NEW: Create hook exportHtmlAdditionalTagsWithData * NEW: Improve DB migration performance - * NEW: allow settings to be applied from the filesystem + * NEW: allow settings to be applied from the filesystem * NEW: remove applySettings hook and allow credentials.json to be part of core * NEW: Use exec to switch to node process * NEW: Validate incoming color codes @@ -85,7 +99,7 @@ * Fix: switchToPad method * Fix: Dead keys * Fix: Preserve new lines in copy-pasted text - * Fix: Compatibility mode on IE + * Fix: Compatibility mode on IE * Fix: Content Collector to get the class of the DOM-node * Fix: Timeslider export links * Fix: Double prompt on file upload @@ -212,7 +226,7 @@ * Fix: Session Deletion error * Fix: Allow browser tabs to be cycled when focus is in editor * Fix: Various Editor issues with Easysync potentially entering forever loop on bad changeset - + # 1.4 * NEW: Disable toolbar items through settings.json * NEW: Internal stats/metrics engine @@ -244,7 +258,7 @@ # 1.3 * NEW: We now follow the semantic versioning scheme! * NEW: Option to disable IP logging - * NEW: Localisation updates from http://translatewiki.net. + * NEW: Localisation updates from http://translatewiki.net. * Fix: Fix readOnly group pads * Fix: don't fetch padList on every request @@ -337,7 +351,7 @@ * NEW: Add authorId to chat and userlist as a data attribute * NEW: Refactor and fix our frontend tests * NEW: Localisation updates - + # 1.2.81 * Fix: CtrlZ-Y for Undo Redo @@ -377,7 +391,7 @@ * Other: Change loading message asking user to please wait on first build * Other: Allow etherpad to use global npm installation (Safe since node 6.3) * Other: Better documentation for log rotation and log message handling - + # 1.2.7 diff --git a/src/package.json b/src/package.json index 189d8a7b7..5b3d6d43b 100644 --- a/src/package.json +++ b/src/package.json @@ -56,6 +56,6 @@ "repository" : { "type" : "git", "url" : "http://github.com/ether/etherpad-lite.git" }, - "version" : "1.6.3", + "version" : "1.6.4", "license" : "Apache-2.0" } From 0132f4d1da983638bcf8f13cc1a1fef6decc387b Mon Sep 17 00:00:00 2001 From: John McLear Date: Sat, 7 Apr 2018 10:13:09 +0100 Subject: [PATCH 29/29] Include CVE # --- CHANGELOG.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bd79182c9..02accf8cb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,8 @@ # 1.6.4 - * SECURITY: exploitable /admin access - * SECURITY: DoS with pad exports - * SECURITY: Remote Code Execution - * SECURITY: Pad data leak + * SECURITY: exploitable /admin access - CVE-2018-9845 + * SECURITY: DoS with pad exports - CVE-2018-9327 + * SECURITY: Remote Code Execution - CVE-2018-9326 + * SECURITY: Pad data leak - CVE-2018-9325 * Fix: Admin redirect URL * Fix: Various script Fixes * Fix: Various CSS/Style/Layout fixes @@ -10,7 +10,7 @@ * NEW: Hook: onAccessCheck * NEW: SESSIONKEY and APIKey customizable path * NEW: checkPads script - * NEW: Support "cluster mode" + * NEW: Support "cluster mode" # 1.6.3 * SECURITY: Update ejs