This commit implements the following behaviour:
1. adds a function clientPluginNames() to hooks.js (mimicking what is done in
static.js), which returns an array containing the list of currently installed
client side plugins. The array is eventually empty.
2. calls that function in pad.html at rendering time (thus server-side) to
populate a class attribute.
Example results:
- with no client-side plugins installed:
<div id="editorcontainerbox" class="">
- with some client-side plugins installed:
<div id="editorcontainerbox" class="ep_author_neat ep_adminpads">
Looking at the existing code (src/node/hooks/express/static.js#L39-L57), a
client-side plugin is defined as a plugin that implements at least a client side
hook.
NOTE: there is currently no support for notifying plugin removal/installation
to the connected clients: for now, in order to get an updated class list,
the clients will have to refresh the page.
Fixes#3488
Since the original comparison compared for truthy and not for "===", and it's
3 AM now, I blindly negated it, in order to show how fragile it was in the first
instance.
No functional changes.
This is the final commit of this refactoring series.
Get rid of an else branch to simplify code layout. No functional changes at all.
==============
This series is an attempt to reduce the control structure depth of the code
base, maintaining at the same time its exact same behaviour, bugs included. It
is, in a sense, an initial attempt at a refactoring in the spirit of its
original definition [0].
The idea beyond this refactoring is that reducing the code depth and, sometimes,
inverting some conditions, bugs and logic errors may become easier to spot, and
the code easier to read.
When looked at ignoring whitespace changes, all of these diffs should appear
trivial.
[0] https://refactoring.com/
It's just synctactic sugar, but it is always better than executing string
concatenations in one's mind.
Do not do this with files in src/static, because we want to keep IE 11
compatibility.
The old "static/custom" directory is replaced by "static/skins/<skinName>",
where <skinName> is taken from settings.json.
When no value is found, a default of "no-skin" is assumed, so that backward
compatibility is maintained.
The most evident security concerns have been addressed.
Closes#3471.
skinName must be a single string (no directory separators in it) pointing to an
existing directory under /src/static/skins.
In case these conditions are not met, its value is rewritten to "no-skin".
Also, the value of skinName if sent to the client via clientVars for allowing
its use it in the browser.
Currently, an Etherpad skin requires the existence of 6 files:
- index.{css,js}
- pad.{css,js}
- timeslider.{css,js}
In the default empty skin (in static/custom), there were 2 small placeholders
({js,css}.template) to be copied in place by the startup script in case no skin
was in use.
Now that we are moving to multiple directories (see #3471) we can simply commit
the example files and remove the copying code from the startup script.
Not performing encoding/decoding when traversing logical domains is a security
risk.
String concatenation is not great, too, but this change is just focused on
allowing the implementation of skin support.
If you edit `src/templates/export_html.html` to remove the
`<meta name="changedby" content="Etherpad">` tag[1], PDF export with
soffice has a bug: the first word of the pad is deleted and a blank page
is inserted as first page (the pad's text begins on the second page).
The `--writer` soffice option avoids that bug.
[1] you may want to delete that tag since it is inserted as a comment in
.doc or .odt soffice export.
This file uses it for robots.txt and favicon.ico.
This makes use of the new stable settings.root introduced with #3466, and will
be modified when introducing support for custom skins.
This should look to consistent locations when looking for relative paths,
without depending on current working directory.
For absolute paths, nothing changes.
This is just a function (with an ugly side effect for caching purposes) that
heuristically tries to compute the Etherpad installation path when running under
Unix and win32 (they have different file system layouts).
This path can be used by Etherpad as a base for all the relative paths, in order
to be deterministic and not depending on cwd.
This is the location that is choosen by default when Etherpad starts with no
settings.json file.
It was different than the one contained into setting.json.template.
Version 2.x is not backwards compatible with 1.x.
However, according to [0], [1] and [2], it seems that the biggest concern is
when mixing different server and client versions, and this is not Etherpad's
case.
Smoke tested (successfully) on Firefox 61, Chromium 68.
npm audit before this change:
found 12 vulnerabilities (9 low, 3 high) in 8205 scanned packages
11 vulnerabilities require semver-major dependency updates.
1 vulnerability requires manual review. See the full report for details.
npm audit after this change:
found 1 low severity vulnerability in 8196 scanned packages
1 vulnerability requires manual review. See the full report for details.
Fixes#3462
[0] https://socket.io/blog/socket-io-2-0-0/
[1] https://github.com/socketio/socket.io/issues/3007#issuecomment-336791836
[2] a0d7a794de
Written the changelog and updated package.json.
From now on, releases will be cut from develop, and merged directly into master.
Each release will be a tag on the master branch (e.g. 1.7.0).
A "release/1.7.0" branch will eventually be created only if/when a hotfix will
be needed.
Minimum supported Node version is 6.9.0, but Object.values() was introduced in
Node < 7. Let's use a polyfill if needed.
This will be removed when minimum supported Node version is raised to 8.9.0.
Fixes#3459
When installing dependencies, npm informed us that measured had been deprecated,
and renamed to measured-core. Let's follow the advice, and get rid of the
warning.
npm WARN deprecated measured@1.1.0: This package has been renamed to
measured-core, all versions of measured have been re-released under
measured-core, please update your package and consider updating to the newest
version. See https://github.com/yaorg/node-measured for latest updates.
This package is used to expose a single endpoint ("/stats"), whose output does
not change after this commit.
Fixes#3458
The hostname:port of URIs used in Minify are currently bogus and refer
to localhost only for historical reasons; there's no reason to retain
them and omitting them avoids generating an invalid URI when "port" is
not an integer.
Context: settings.port is passed to express's listen; if not numeric, it
is used a filename for a Unix domain socket.
This allows e.g. starting a server to be reverse-proxied on a multi-user
system, using the filesystem to handle access control and avoiding need
to allocate port numbers.
Before this change, etherpad-lite starts without error when configured
to listen on a Unix domain socket in this manner. However, `pad.js` and
`ace2_common.js` are generated incorrecting, causing an error
"Uncaught Error: The module at "ep_etherpad-lite/static/js/rjquery" does not exist."
when loading the editor:
When settings.port is a non-numeric string, e.g. `etherpad.sock`, a URI
of the form `http://localhost:etherpad.sock/static/js/rjquery.js` is
generated and parsed to find the file needed. In this case, the file
searched for is `:etherpad.sock/static/js/rjquery.js`, rather than the
expected `static/js/rjquery.js`. No such file exists, and the required
code is silently omitted from the bundle.
As a workaround, hard-code a (meaningless) hostname which can be parsed
correctly, since the current code makes no use of it anyway.
