libre-service.eu/pad.libre-service.eu-etherpad
libre-service.eu/pad.libre-service.eu-etherpad
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-01-21 06:52:46 +01:00
Code Issues Projects Releases Wiki Activity
1834 commits 207 branches 105 tags 123 MiB
Commit graph

207 commits

Author SHA1 Message Date
Richard Braakman
85b44119ae USERINFO_UPDATE: construct a new message for broadcast 
The server was reusing the client's message when broadcasting userinfo
updates. This would allow a malicious client to insert arbitrary fields
into a message that the other clients would trust as coming from the
server. For example, adding "disconnect" or renaming other authors.

This commit fixes it by having the server construct a new message with
known fields before broadcasting.
 2012-10-02 23:27:30 +03:00
Marcel Klehr
7656001cb5 Don't shut down the whole server, if error handling middleware is called. 
The errors passed to error handling middleware aren't that severe, so it's fine to just stay alive...
 2012-10-02 20:11:18 +02:00
Richard Braakman
2e72a1e489 Prevent server crash in handleClientReady 
The client might have disconnected between callbacks so don't try to
write to the session before checking this. The main callback of this
function now has a single check at its top.

Removed a redundant check halfway through the callback.

Also normalized use of client.id for the session index instead of a mix of
client.id and sessionId.

Added some explanatory comments.
 2012-09-28 23:23:00 +03:00
Richard Braakman
413ddb393e Add some explanatory comments to handleUserChanges() 2012-09-28 22:49:20 +03:00
Richard Braakman
7aaef01346 Prettify session handling in handleUserChanges 
Also add a comment to explain what's going on with thisSession.
No changes in behavior.
 2012-09-27 23:07:00 +03:00
Richard Braakman
f1b4206cad Fix crash when client submits changeset based on too-old revision 
We had a problem with the server running out of stack space if a client
submitted a changeset based on a revision more than about 1000 revs old.
(944 was our cutoff but yours may vary). This happened in the wild with
about 30 people editing via flaky wifi. A disconnected client would try
to submit a fairly old changeset when reconnecting, and a few minutes
was enough for 30 people to generate that many revs.

The stack kept growing because pad.getRevisionChangeset was being answered
from the cache, so no I/O interrupted the callback chain. (This was seen with
mysql, I don't know about other backends.)

This patch forces a nextTick every 200 revisions to solve this problem.
 2012-09-26 03:01:59 +03:00
Richard Braakman
e16008b371 Fix sessioninfos race that can cause crash during USER_CHANGES handling 
When stress testing etherpad-lite we occasionally got this error:

TypeError: Cannot read property 'author' of undefined
    at /home/etherpad/etherpad-lite/src/node/handler/PadMessageHandler.js:556:47

handleUserChanges was accessing sessioninfos[client.id].author in a callback,
after spending some time in the loop that updates the changeset to the
latest revision. It's possible for a disconnect request to be processed
during that loop so the session might no longer be there.

This patch fixes it by looking up the author at the start of the function.
 2012-09-26 03:01:59 +03:00
Marcel Klehr
a72ade4494 Fix async.forEach in MultiSession code 2012-09-19 17:48:26 +02:00
Marcel Klehr
b9da0e187e Revert "Fixed foreach loop on session IDs, was breaking EP on single session in cookie." 
This reverts commit 443a71bc9c.

	modified:   src/node/db/SecurityManager.js
 2012-09-19 17:42:36 +02:00
John McLear
0883043eb9 Merge pull request #1014 from marcelklehr/feature/list-all-groups 
Add listAllGroups API endpoint
 2012-09-18 15:36:19 -07:00
johnyma22
443a71bc9c Fixed foreach loop on session IDs, was breaking EP on single session in cookie. 2012-09-18 16:30:26 +01:00
Marcel Klehr
f8f002adc0 Add listAllGroups API endpoint 
Adds a database key that lists all groups
 2012-09-17 23:03:56 +02:00
Marcel Klehr
bbc8848af3 Still support API endpoints of v1 in v1.1 2012-09-17 16:29:39 +02:00
Marcel Klehr
ad16c0d0d4 Bump API version to v1.1 2012-09-13 16:13:54 +02:00
John McLear
d44c7f0bb5 Merge pull request #994 from cweider/parent-plugins 
Parent plugins
 2012-09-12 04:52:38 -07:00
John McLear
389e0d09b0 Merge pull request #740 from cweider/plugin-cleanup 
Plugin cleanup
 2012-09-12 04:52:23 -07:00
Chad Weider
feeab5c1b2 Fix cache headers for missing files. 2012-09-11 22:27:14 -07:00
Chad Weider
b691606c4e Replace ParentRequire hack. 
Instead of hacking with the internals of require, make client_plugins aware
and capable of sharing behavior.
 2012-09-11 21:16:47 -07:00
Chad Weider
1258ed3a0d Split client and server plugin functionality. 
There is virtually no shared code for the client, extract it into its own
module and do away with the switches.
 2012-09-11 21:16:47 -07:00
Marcel Klehr
d05d587f21 Don't break if there is no session cookie. 2012-09-11 20:59:19 +02:00
John McLear
a4bd92c184 Merge pull request #983 from Pita/feature/multiple-api-versions 
Add support for multiple api versions
 2012-09-11 11:29:24 -07:00
Chad Weider
03bcd07741 Use packaged version of Tinycon. 2012-09-09 18:18:59 -07:00
Chad Weider
1541237654 Use packaged version of UNorm. 2012-09-09 18:18:59 -07:00
Chad Weider
0da4acfdb5 Use packaged edition of async. 2012-09-09 18:18:59 -07:00
Chad Weider
8e735b0841 Use packaged edition of underscore. 2012-09-09 18:18:59 -07:00
Chad Weider
b47f6ae905 Use packaged edition of security module. 2012-09-09 18:18:59 -07:00
Chad Weider
c4fa2ecddb Don't prefix libraries that are prefixed by '$'. #hack 2012-09-09 18:18:58 -07:00
Chad Weider
3b40850195 Add index paths in tar processing. 2012-09-09 18:18:58 -07:00
Chad Weider
a5653c7192 Clean up tar file processing. 2012-09-09 18:18:58 -07:00
Chad Weider
b8faf1f78b Serve libraries from node_modules. 2012-09-09 18:18:58 -07:00
Chad Weider
766c301a44 Only files should be treated as being existant. 2012-09-09 18:13:37 -07:00
John McLear
32b4729305 Merge pull request #987 from cweider/loopback-avoidance 
Windows server fixes
 2012-09-09 15:50:42 -07:00
Chad Weider
a97b83babc Another workaround for Windows paths. 2012-09-09 14:42:32 -07:00
Marcel Klehr
ea0f7cb2e9 Add support for multiple api versions 2012-09-09 18:20:16 +02:00
John McLear
3cbd59c769 Update src/node/db/AuthorManager.js 2012-09-04 22:47:56 +02:00
John McLear
7e79bf3462 Update src/node/handler/APIHandler.js 2012-09-04 17:26:08 +02:00
John McLear
21dcce2296 Update src/node/db/AuthorManager.js 2012-09-04 17:25:19 +02:00
John McLear
40a7b43799 Update src/node/db/API.js 2012-09-04 17:23:33 +02:00
John McLear
c5be2eb418 Merge pull request #977 from cweider/loopback-avoidance 
Loopback avoidance
 2012-09-03 14:56:55 -07:00
Chad Weider
02c22d7b89 Remove loopback from Minify. 2012-09-03 14:38:28 -07:00
Chad Weider
024a26f272 Minify publishes its own mock request thing. 2012-09-03 14:37:26 -07:00
Chad Weider
4413d498d8 Minify is a named function. 2012-09-03 14:35:36 -07:00
John McLear
de7934d9fb Merge pull request #958 from Wikinaut/fix-ie8-native-xmlhttp-support-disabled-issues 
Fix ie8 native xmlhttp support disabled issues
 2012-09-03 06:35:52 -07:00
Marcel Klehr
dad83d9b77 Document multi-session cookie feature 2012-09-02 19:51:40 +02:00
Wikinaut
e82588c332 use socket.io with jsonp-polling. several browsers tested. fixes IE8 issues 2012-08-18 00:47:13 +02:00
Mark Holmquist
f9469ef256 Add in padUsers HTTP API call 
I needed the list of users this time, so I got it. There are docs
and everything.
 2012-08-17 13:39:16 -07:00
Wikinaut
85f5eb38e4 fix for all IE8 issues when IE8 setting NATIVE XMLHHTP SUPPORT is disabled 2012-08-16 01:00:36 +02:00
John McLear
71d6d520e8 Merge pull request #939 from marcelklehr/fix/group2sessions-bug 
Create group2sessions.sessionIDs if it doesn't exist yet.
 2012-08-12 09:10:29 -07:00
John McLear
14c874b80e Merge pull request #903 from marcelklehr/feature/hook-loadSettings2 
[API hook] loadSettings
 2012-08-12 08:54:31 -07:00
John McLear
ba6acd822e Merge pull request #929 from MarkTraceur/hook/http/send-clients-message 
Add in an HTTP API call to send a custom message type.
 2012-08-12 08:53:07 -07:00