Commit graph

3300 commits

Author SHA1 Message Date
aaron-costello
5879037ddc security: support for clean & safe error handling on IE 11
Added pad_utils sanitization for clean and safe error handling on browsers that
do not encode the path of the URL.

Edited by muxator based on https://github.com/ether/etherpad-lite/pull/3647,
to be able to apply the patch on develop (the PR was for master), and perform
minor cleanups (mainly spurious statements).

Closes #3647.
2019-10-18 21:00:11 +01:00
translatewiki.net
c65c5f17aa Localisation updates from https://translatewiki.net. 2019-10-14 17:20:29 +02:00
muxator
5eb60cef01 jQuery: update vendored version (1.9.1 -> 1.12.4)
The vendored jquery version was 1.9.1 from 2013-02-04. Let's replace it with the
most recent one from the 1.x branch (1.12.4 from 2016-05-20).

The modification in rjquery.js is needed because recent jQuery versions changed
their behaviour, and do not set themselves on the global window object.
See: https://github.com/parcel-bundler/parcel/issues/333#issuecomment-357882648

This will be the lastest jQuery 1.x version ever, because 1.x branch is
definitively EOLed (see https://github.com/jquery/jquery.com/issues/162).

This is a stopgap measure to get the latest security fixes. Going forward,
another strategy will be needed.

Closes #3640
2019-09-16 22:55:53 +02:00
translatewiki.net
b3d8f857b7 Localisation updates from https://translatewiki.net. 2019-09-16 18:48:33 +02:00
translatewiki.net
506f4775cc Localisation updates from https://translatewiki.net. 2019-09-12 15:55:45 +02:00
translatewiki.net
a98cfe33de Localisation updates from https://translatewiki.net. 2019-09-06 06:47:40 +02:00
Moritz Jordan
0a8e32563b Fix Unicode bug in HTML export 2019-08-12 00:41:17 +02:00
muxator
161a38efd2 dependencies: update wd, 1.11.1 -> 1.11.3
This is a dev dependency, so no real risks, but it's better not to scare users.

Previously reported vulnerabilities fixed by this change:

$ npm audit
                       === npm audit security report ===

# Run  npm install --save-dev wd@1.11.3  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ wd [dev]                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ wd > lodash                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/1065                      │
└───────────────┴──────────────────────────────────────────────────────────────┘


# Run  npm update lodash --depth 3  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ wd [dev]                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ wd > async > lodash                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/1065                      │
└───────────────┴──────────────────────────────────────────────────────────────┘
2019-08-08 22:29:58 +02:00
muxator
d555b052cb dependencies: update npm, 6.4.1 -> 6.10.3
This was an arbitrary file overwrite vulnerability in tar. A fix in the library
was available, but npm and npm-lifecycle took a while to issue updated versions.

Resolves #3598.

Previously reported vulnerabilities fixed by this change:

$ npm audit
                       === npm audit security report ===

# Run  npm install npm@6.10.3  to resolve 9 vulnerabilities
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ tar                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > libcipm > npm-lifecycle > node-gyp > tar               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/803                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ tar                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > npm-lifecycle > node-gyp > tar                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/803                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ tar                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > node-gyp > tar                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/803                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ fstream                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > libcipm > npm-lifecycle > node-gyp > fstream           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/886                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ fstream                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > npm-lifecycle > node-gyp > fstream                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/886                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ fstream                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > node-gyp > fstream                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/886                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ fstream                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > libcipm > npm-lifecycle > node-gyp > tar > fstream     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/886                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ fstream                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > npm-lifecycle > node-gyp > tar > fstream               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/886                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ fstream                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > node-gyp > tar > fstream                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/886                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
2019-08-08 22:17:53 +02:00
Richlv
2c9383b69e minor typo fix 2019-08-08 21:58:30 +02:00
translatewiki.net
df03257d9c Localisation updates from https://translatewiki.net. 2019-08-08 20:05:35 +02:00
translatewiki.net
ea0554d70f Localisation updates from https://translatewiki.net. 2019-08-05 12:02:28 +02:00
translatewiki.net
4e601dd03b Localisation updates from https://translatewiki.net. 2019-08-01 18:19:57 +02:00
translatewiki.net
1845e91909 Localisation updates from https://translatewiki.net. 2019-07-29 14:23:20 +02:00
translatewiki.net
832e63c691 Localisation updates from https://translatewiki.net. 2019-07-15 20:01:25 +02:00
translatewiki.net
09d89cd74a Localisation updates from https://translatewiki.net. 2019-07-11 17:21:48 +02:00
translatewiki.net
3d0778d9c9 Localisation updates from https://translatewiki.net. 2019-07-08 20:05:10 +02:00
translatewiki.net
9a5f42450c Localisation updates from https://translatewiki.net. 2019-07-05 07:05:14 +02:00
translatewiki.net
04a45fbe46 Localisation updates from https://translatewiki.net. 2019-06-13 20:05:10 +02:00
translatewiki.net
2a78dcfc38 Localisation updates from https://translatewiki.net. 2019-05-27 16:37:10 +02:00
translatewiki.net
033c6a8b7a Localisation updates from https://translatewiki.net. 2019-05-17 12:15:48 +02:00
cupcakearmy
d88726b58d colibris: the "ok" button was misaligned in Chrome
When visiting Etherpad's home page with Chrome the "ok" button was not on the
same line as the pad name text box. On Firefox & Safari there was no problem.
Tested on Chrome 74.

Fixes #3604.
2019-05-10 09:50:25 +02:00
translatewiki.net
f2b888e3ff Localisation updates from https://translatewiki.net. 2019-05-06 16:39:54 +02:00
muxator
fc7d639f84 dependencies: update express-session, 1.15.6 -> 1.16.1
This is a non breaking change.

From the changelog (https://github.com/expressjs/session/blob/v1.16.1/HISTORY.md#1161--2019-04-11):
# 1.16.1 / 2019-04-11
- Fix error passing data option to Cookie constructor
- Fix uncaught error from bad session data

# 1.16.0 / 2019-04-10
- Catch invalid cookie.maxAge value earlier
- Deprecate setting cookie.maxAge to a Date object
- Fix issue where resave: false may not save altered sessions
- Remove utils-merge dependency
- Use safe-buffer for improved Buffer API
- Use Set-Cookie as cookie header name for compatibility
- deps: depd@~2.0.0
  - Replace internal eval usage with Function constructor
  - Use instance methods on process to check for listeners
  - perf: remove argument reassignment
- deps: on-headers@~1.0.2
  - Fix res.writeHead patch missing return value
2019-05-04 17:15:36 +02:00
muxator
1435e203a8 dependencies: update graceful-fs, 4.1.11 -> 4.11.15
Minor change, but could not easily find a changelog on
https://github.com/isaacs/node-graceful-fs
2019-05-04 16:56:03 +02:00
muxator
47ad347fac dependencies: update cookie-parser, 1.4.3 -> 1.4.4
This is a non breaking change.

From the changelog (https://github.com/expressjs/cookie-parser/blob/1.4.4/HISTORY.md#144--2019-02-12):
  # 1.4.4 / 2019-02-12
  - perf: normalize secret argument only once
2019-05-04 16:49:33 +02:00
muxator
90b288b576 dependencies: update nyc, 12.0.1 -> 14.1.0
This is just a dev dependency, so no real risks, but it's better not to scare
users.

Reported vulnerability before this change:

$ npm audit
                       === npm audit security report ===

# Run  npm install --save-dev nyc@14.1.0  to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ handlebars                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nyc [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ nyc > istanbul-reports > handlebars                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/755                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
2019-05-03 23:27:35 +02:00
translatewiki.net
a7220558d2 Localisation updates from https://translatewiki.net. 2019-05-02 18:00:18 +02:00
translatewiki.net
c9664804f1 Localisation updates from https://translatewiki.net. 2019-04-29 17:28:56 +02:00
translatewiki.net
ba9b9c9931 Localisation updates from https://translatewiki.net. 2019-04-18 16:59:41 +02:00
Tristram Gräbener
357780d573 Display the version in the web interface
In the settings drop-down this adds an “About” section that also shows
the commit if "exposeVersion" is set to true.

Fixes #2968
2019-04-15 23:17:34 +00:00
Tristram Gräbener
28a6f505c5 Parameters: the version is exposed in http header only when configured
Currently the version is exposed in a 'Server' http headers.

This commit allows to parameterize it in the settings. By defaults it is
not exposed.

Fixes #3423
2019-04-15 23:17:34 +00:00
Tristram Gräbener
8453f07205 Chat bubble: by default hide in CSS
The current behaviour is to show the chat bubble and hide if chat is
disabled.

Because of this, the bubble appears wrongfully for a short time.

With this PR, by default it is hidden and displayed only if chat is
enabled.

Fixes: #3088
2019-04-15 23:14:47 +00:00
muxator
705cc6f5e4 Change everywhere the link to https://etherpad.org (it was plain http) 2019-04-16 00:54:54 +02:00
muxator
75a0f339e1 Settings.js, express.js: trivial reformatting
Future commits by Tristram Gräbener will modify them.
2019-04-16 00:17:56 +02:00
muxator
dc7e49f89d Remove trailing whitespaces
Hoping to minimize future diffs. Not touching vendorized libraries.
2019-04-16 00:34:29 +02:00
translatewiki.net
1cb9c3e1ce Localisation updates from https://translatewiki.net. 2019-04-15 17:36:10 +02:00
translatewiki.net
e3cc21e477 Localisation updates from https://translatewiki.net. 2019-04-08 16:43:29 +02:00
translatewiki.net
ae3ecf54d5 Localisation updates from https://translatewiki.net. 2019-04-04 19:59:52 +02:00
translatewiki.net
dc338c4e48 Localisation updates from https://translatewiki.net. 2019-04-01 20:26:39 +02:00
muxator
cbd393d56b handler/PadMessageHandler.js: handleMessage() got the wrong padId for read only pads
This was almost guaranteed to be broken.
Found by the Typescript compiler when doing an experimental conversion.
2019-03-27 18:29:12 +01:00
muxator
c2d8ca212b utils/Minify.js: always call statFile() with an explicit value for "dirStatLimit"
In this way the only external call to statFile() provides an explicit value for
"dirStatLimit", and thus the initial check on "undefined" at the start of the
function could be removed (just added a comment for now).
2019-03-27 18:29:12 +01:00
muxator
cdd4978973 utils/Minify.js: removed unused parameter "next" in minify()
Found by the Typescript compiler when doing an experimental conversion.
2019-03-27 18:29:12 +01:00
muxator
5d067406b1 utils/Minify.js: removed unused parameter "redirectCount" in requestURI()
Found by the Typescript compiler when doing an experimental conversion.
2019-03-27 18:29:12 +01:00
muxator
b2d00ae071 db/API.js: customeError -> customError
Found by the Typescript compiler when doing an experimental conversion.
2019-03-27 18:29:12 +01:00
muxator
aa5e302d99 db/API.js: missing "let"
Found by the Typescript compiler when doing an experimental conversion.
2019-03-27 18:29:12 +01:00
muxator
b9e537ca4f db/Pad.js: removed unreachable return statement
Found by the Typescript compiler when doing an experimental conversion.
2019-03-27 18:29:12 +01:00
muxator
4040813447 db/Pad.js: prototype.copy(), removed redundant callback argument
This would cause a crash when calling pad.remove().
Found by the Typescript compiler when doing an experimental conversion.
2019-03-27 18:29:12 +01:00
muxator
53b3328b5f express/padreadonly.js: missing "let"
Found by the Typescript compiler when doing an experimental conversion.
2019-03-27 18:29:12 +01:00
muxator
b8df6ca60c handler/PadMessageHandler.js: shuffle around some comments
No functional changes
2019-03-27 18:29:12 +01:00
translatewiki.net
7a5470c7bd Localisation updates from https://translatewiki.net. 2019-03-25 18:58:35 +01:00
muxator
2955740a6e Settings.js: support syntax for default values
+---------------------------+---------------+------------------+
| Configuration string in   | Value of      | Resulting confi- |
| settings.json             | ENV_VAR       | guration value   |
|---------------------------|---------------|------------------|
| "${ENV_VAR}"              | "some_string" | "some_string"    |
| "${ENV_VAR}"              | "9001"        | 9001             |
| "${ENV_VAR}"              | undefined     | null             |
| "${ENV_VAR:some_default}" | "some_string" | "some_string"    |
| "${ENV_VAR:some_default}" | undefined     | "some_default"   |
+---------------------------+---------------+------------------+

Mention this briefly in the main README.md, also.

Closes #3578.
2019-03-21 23:32:08 +01:00
muxator
c3bca6506e Settings.js: extracted into coerceValue() the logic for string -> number|bool conversion
This will be user in a later commit for implementing support for default values
2019-03-21 23:32:08 +01:00
muxator
59b1eed4a8 Settings.js: rephrased a log message 2019-03-21 23:32:08 +01:00
muxator
21ac37170e doc: rephrase settings.json.template and Settings.js
Better document current behaviour.
In this revision, ENV_VAR are supported, default values are not.
2019-03-21 23:32:08 +01:00
translatewiki.net
346d823279 Localisation updates from https://translatewiki.net. 2019-03-21 10:57:28 +01:00
translatewiki.net
e4db905f3c Localisation updates from https://translatewiki.net. 2019-03-18 08:46:50 +01:00
David Mehren
43c4fa9c2e Await padManager.getPad in getPadLines 2019-03-16 09:07:06 +01:00
muxator
6d400050a3 Settings.js: support configuration via environment variables.
All the configuration values can be read from environment variables using the
syntax "${ENV_VAR_NAME}".
This is useful, for example, when running in a Docker container.

EXAMPLE:
   "port":     "${PORT}"
   "minify":   "${MINIFY}"
   "skinName": "${SKIN_NAME}"

Would read the configuration values for those items from the environment
variables PORT, MINIFY and SKIN_NAME.

REMARKS:
Please note that a variable substitution always needs to be quoted.
   "port":   9001,          <-- Literal values. When not using substitution,
   "minify": false              only strings must be quoted: booleans and
   "skin":   "colibris"         numbers must not.

   "port":   ${PORT}        <-- ERROR: this is not valid json
   "minify": ${MINIFY}
   "skin":   ${SKIN_NAME}

   "port":   "${PORT}"      <-- CORRECT: if you want to use a variable
   "minify": "${MINIFY}"        substitution, put quotes around its name,
   "skin":   "${SKIN_NAME}"     even if the required value is a number or a
                                boolean.
                                Etherpad will take care of rewriting it to
                                the proper type if necessary.

Resolves #3543
2019-03-11 08:11:30 +01:00
muxator
f96e139b17 Settings.js: factored out parseSettings()
No functional changes.
2019-03-11 08:11:30 +01:00
muxator
6353768256 Settings.js: factored out storeSettings()
Grouped copied & pasted code into a single function.
2019-03-11 08:11:30 +01:00
muxator
ab57edef33 Settings.js: exit gracefully if an invalid credentials.json is passed.
Before this commit, when passed a malformed credentials.json the application
crashed with a stack dump. Now we catch the error and fail in a controlled way
(like already done for settings.json).

Example of exception we no longer throw:
  MALFORMEDJSON
  ^

  SyntaxError: Unexpected token M in JSON at position 0
      at JSON.parse (<anonymous>)
      at Object.reloadSettings (<BASEDIR>/src/node/utils/Settings.js:390:24)
      at Object.<anonymous> (<BASEDIR>/src/node/utils/Settings.js:543:9)
      at Module._compile (module.js:635:30)
      at Object.Module._extensions..js (module.js:646:10)
      at Module.load (module.js:554:32)
      at tryModuleLoad (module.js:497:12)
      at Function.Module._load (module.js:489:3)
      at Module.require (module.js:579:17)
      at require (internal/module.js:11:18)
2019-03-11 08:11:30 +01:00
muxator
8fa52659f5 Settings.js: trivial rewording of abiword and soffice (libreoffice) error messages 2019-03-11 08:11:30 +01:00
muxator
d526c5ccca Settings.js: trivial reformatting 2019-03-11 08:11:30 +01:00
translatewiki.net
e9be94e3cf Localisation updates from https://translatewiki.net. 2019-03-07 16:09:56 +01:00
Ray Bellis
ac7663c337 db/DB.js: prevent DB layer from returning undefined
ueberDB2 can return either undefined or null for a missing key, depending on
which DB driver is used. This patch changes the promise version of the API so
that it will always return null.
2019-03-05 10:46:57 +00:00
Ray Bellis
769933786c allow some operations to proceed in parallel
some code chunks previously used `async.parallel` but if you
use `await` that forces them to be run serially.  Instead,
you can initiate the operation (getting a Promise) and then
_later_ `await` the result of that Promise.
2019-02-01 09:57:50 +00:00
Ray Bellis
e7c2fad7b0 convert some async loops into parallel loops
If you use `await` inside a loop it makes the loop inherently serial.

If you omit the `await` however, the tasks will all start but the loop
will finish while the tasks are still being scheduled.

So, to make a set of tasks run in parallel but then have the
code block after the loop once all the tasks have been completed
you have to get an array of Promises (one for each iteration) and
then use `Promise.all()` to wait for those promises to be resolved.
Using `Array#map` is a convenient way to go from an array of inputs
to the require array of Promises.
2019-02-01 00:07:06 +00:00
Ray Bellis
07ae44ddf4 PadMessageHandler.js: cope better with session disconnects 2019-01-31 15:46:25 +00:00
Ray Bellis
b1c5024bcf remove thenify use - no longer required 2019-01-31 14:48:22 +00:00
Ray Bellis
ccb49dcdc1 padDiff.js: convert to Promises/async 2019-01-31 14:38:56 +00:00
Ray Bellis
4622309dc2 TidyHtml.js: convert to promises
test case uses "nodeify" to convert the calls to TidyHtml back
into nodeback because it integrates better with the test framework
2019-01-31 13:42:41 +00:00
Ray Bellis
6d1b6b2796 db/Pad.js: convert to promises/async
Also updated some small chunks of dependent code that couldn't be converted
until this one had been done.
2019-01-31 11:14:38 +00:00
Ray Bellis
ebb8a64e3c errorhandling.js: use promise db.doShutdown interface 2019-01-31 11:14:27 +00:00
Ray Bellis
b664eb488c ImportHandler.js: ensure import connection closing happens at the right point 2019-02-08 14:46:05 +00:00
Ray Bellis
62345ac8f7 import/export: conversion to Promises/async
NB1: needs additional review and testing - no abiword available on my test bed
NB2: in ImportHandler.js, directly delete the file, and handle the eventual
     error later: checking before for existence is prone to race conditions,
     and does not handle any errors anyway.
2019-01-31 08:55:36 +00:00
Ray Bellis
5192a0c498 db/ReadOnlyManager.js: completed conversion
Requires temporary hack within `Pad.remove()` to allow for the lack of
callback on the rewritten version.
2019-01-30 16:19:51 +00:00
Ray Bellis
bb80325d2c PadMessageHandler.js: completed conversion 2019-01-30 15:27:42 +00:00
Ray Bellis
9246a1de26 PadMessageHandler.js: further conversion 2019-01-30 13:55:49 +00:00
Ray Bellis
d543d5ae6a PadMessageHandler.js: convert handleUserChanges() to Promises
- the call site still expects a nodeback function, so also introduced the
  `nodeify` module to allow that function to work as expected.
2019-01-30 10:43:01 +00:00
Ray Bellis
58d0e6cea4 APIHandler.js: further cleanup
- removed possible issue with failing to sanitize `padName` if `padId` was also
  supplied
- removed unnecessary `try` block
- simplified API and function name matching tests
2019-01-30 10:41:10 +00:00
Ray Bellis
982d4f380a db/Pad.js: start use of promise DB methods 2019-01-30 10:25:46 +00:00
Ray Bellis
7f19033cc0 SocketIORouter: code formatting cleanups 2019-01-30 10:25:01 +00:00
Ray Bellis
bbe4a5f756 db/PadManager.js: more conversion to Promises/async 2019-01-28 16:20:30 +00:00
Ray Bellis
8108964472 db/AuthorManager.js: further conversion
also fixes a missing await calling `.createAuthor` in db/Pad.js
2019-01-28 15:36:36 +00:00
Ray Bellis
005c0afa97 db/SessionManager.js: completely converted to Promises/async 2019-01-28 14:44:36 +00:00
Ray Bellis
e58da69cfb db/SecurityManager.js: converted checkAccess() to pure Promises
Also converted the handler functions that depend on checkAccess() into async
functions too.

NB: this commit needs specific attention to it because it touches a lot of
security related code!
2019-01-28 13:13:24 +00:00
Ray Bellis
e7dc0766fd db/API.js: complete conversion to Promises
This patch also contains significant refactoring relating to error checking of
arguments supplied to the functions (e.g. rev) facilitated by use of `throw`
instead of nodeback errors.
2019-01-25 18:08:34 +00:00
Ray Bellis
1b6430ae9f db/PadMessageHandler.js: partial conversion to Promises
Converted those functions that API.js still depends on, and others that at this
point are never called via the nodeback mechanism.
2019-01-25 18:07:01 +00:00
Ray Bellis
8f53e4407e db/AuthorManager.js: partial conversion to Promises 2019-01-25 15:47:25 +00:00
Ray Bellis
eedae98e2f db/PadManager.js: convert sanitizePadId() to Promises
The function is now iterative rather than recursive.
2019-01-25 15:15:16 +00:00
Ray Bellis
bf9e3f92b5 db/PadManager.js: renamed doesPadExists() -> doesPadExist()
Removed the 's' for consistency with the other `doesFooExist()` manager calls.
Retained an alias for plugins that might be using it.
2019-01-25 15:05:12 +00:00
Ray Bellis
a875ca6c30 db/SessionManager.js: mostly converted to Promises 2019-01-25 14:53:24 +00:00
Ray Bellis
16c4c33f49 db/AuthorManager.js: renamed doesAuthorExists() -> doesAuthorExist()
Removed the 's' for consistency with the other `doesFooExist()` manager calls.
Retained an alias for plugins that might be using it.
2019-01-25 13:37:24 +00:00
Ray Bellis
70a045ad3c db/GroupManager.js: mostly converted to Promises / async 2019-01-25 12:56:57 +00:00
Ray Bellis
29e9f86cad db/DB.js: add Promise-only API methods
Promisified methods:
  - get()
  - set()
  - findKeys()
  - getSub()
  - setSub()
  - remove()
  - doShutdown()
2019-01-23 18:08:47 +00:00
Ray Bellis
583ea92aaf db/SessionStore.js: do not migrate to Promises. Make optional all(), clear() and length()
1. This module was not migrated to Promises, because it is only used via
   express-session, which can't actually use promises anyway.

2. all(), clear() and length() depend on the presence of the `db.forEach()`
   function, which in ueberdb2 doesn't even exist.

   Fortunately those three methods are optional, so I made their existence
   conditional on the presence of `db.forEach`.

3. in SessionStore.clear(), replaced a call to db.db.remove() with db.remove()
2019-01-23 16:58:43 +00:00
muxator
630af9af7d db/SessionStore.js: call nextTick() only if there is something to do
Changed two occurrences of:

  process.nextTick(function() {
     if (fn) fn();
  });

with

  if (fn) {
    process.nextTick(fn);
  }

i.e. such that no function even gets added to the `nextTick` queue unless
there's actually a function to be called.

Extracted from Ray's work.
2019-02-09 00:14:53 +01:00
Ray Bellis
96d875b4d1 padurlsanitize.js: rewritten to consume promises 2019-01-23 16:36:28 +00:00
muxator
b699621e5a padurlsanitize.js: invert a condition prior to refactoring
Extracted from Ray's work.
2019-02-09 00:05:21 +01:00
Ray Bellis
d5d28717c4 access controls: promisification
`getPadAccess()` (src/node/padaccess.js) is now "promise only", resolving to
`true` or `false` as appropriate, and throwing an exception if there's an
error.

The two call sites (padreadonly.js and importexport.js) updated to match.
2019-01-23 16:29:36 +00:00
Ray Bellis
34fdaa4e8c db/SecurityManager.js: convert checkAccess() to thenify 2019-01-23 16:25:29 +00:00
Ray Bellis
23a3a079a6 tests.js: remove use of async.js
Use real `async` instead of async.js where applicable.
The `getPluginTests()` function was never truly async anyway because it only
contains calls to synchronous `fs` modules.
2019-01-23 16:21:40 +00:00
Ray Bellis
0c2d662541 plugins download and search: converted to Promises
Also fixed a bug where the system would make a request to the central server for
the plugin list for every search even if the list was already cached.
2019-01-23 12:24:53 +00:00
Ray Bellis
5ef4a2d1d5 more thenify in node/utils/* 2019-01-22 17:30:33 +00:00
Ray Bellis
584e481430 PadMessageHandler.js: migrate to thenify 2019-01-22 15:48:29 +00:00
Ray Bellis
5d7162ac9a utils/ImportHtml.js: migrate to thenify 2019-01-22 14:58:25 +00:00
Ray Bellis
c4f1f83747 APIHandler.js: use promises 2019-01-22 13:30:28 +00:00
Ray Bellis
ec5baa2ab3 PadMessageHandler.js: convert two remaining API calls to thenify 2019-01-22 12:58:26 +00:00
Ray Bellis
17fe32ec0c start using "thenify" to support callback and promises
PadManager.sanitizePadId() can't use thenify: single arg callback
2019-01-21 16:28:05 +00:00
muxator
40c45077ef db/GroupManager.js: factored out a variable
Extracted from Ray's work.
2019-02-09 01:15:50 +01:00
Ray Bellis
4877ec319a server.js: rewritten to use Promises 2019-01-18 16:10:25 +00:00
Ray Bellis
a579dfc285 pluginfw/installer.js: use Promise version of hooks.aCallAll() in install(), uninstall()
We cannot use arrow functions in this file, because code in /src/static can end
up being loaded in browsers, and we still support IE11.
2019-01-18 16:10:48 +00:00
Ray Bellis
80b3019154 pluginfw/plugins.js: converted to Promise API 2019-01-18 13:52:37 +00:00
Ray Bellis
8d85ae582e pluginfw/hooks.js: allow returning a Promise in aCallFirst(), aCallAll()
Since this code can end up loaded in browsers when using client side plugins,
avoid use of ES6 syntax features such as arrow functions until MSIE support is
finally dropped.
2019-01-18 13:49:17 +00:00
Ray Bellis
3802073695 db/DB.js: allow a Promise return instead of callbacks in init() 2019-01-18 13:48:46 +00:00
muxator
b0846ded14 db/SessionManager.js: "authorMangager" -> "authorManager"
Extracted from Ray's work.
2019-02-09 02:19:14 +01:00
muxator
98993fe156 db/SessionManager.js: "groupMangager" -> "groupManager"
Extracted from Ray's work.
2019-02-09 02:18:36 +01:00
muxator
11453d544c prepare to async: stricter checks
This change is in preparation of the future async refactoring by Ray. It tries
to extract as many changes in boolean conditions as possible, in order to make
more evident identifying eventual logic bugs in the future work.

This proved already useful in at least one case.

BEWARE: this commit exposes an incoherency in the DB API, in which, depending
on the driver used, some functions can return null or undefined. This condition
will be externally fixed by the final commit in this series ("db/DB.js: prevent
DB layer from returning undefined"). Until that commit, the code base may have
some bugs.
2019-03-01 09:43:41 +01:00
muxator
e841798314 prepare to async: typos in error messages
This change extracts the grammar correction performed on the async branch,
anticipating them in a single commit. It cannot be folded with the previous
one, as it is not purely cosmetic.
2019-02-15 22:52:53 +01:00
muxator
9497ee734f prepare to async: trivial reformatting
This change is only cosmetic. Its aim is do make it easier to understand the
async changes that are going to be merged later on. It was extracted from the
original work from Ray Bellis.

To verify that nothing has changed, you can run the following command on each
file touched by this commit:
  npm install uglify-es
  diff --unified <(uglify-js --beautify bracketize <BEFORE.js>) <(uglify-js --beautify bracketize <AFTER.js>)



This is a complete script that does the same automatically (works from a
mercurial clone):

```bash
#!/usr/bin/env bash

set -eu

REVISION=<THIS_REVISION>

PARENT_REV=$(hg identify --rev "${REVISION}" --template '{p1rev}')
FILE_LIST=$(hg status --no-status --change ${REVISION})
UGLIFYJS="node_modules/uglify-es/bin/uglifyjs"

for FILE_NAME in ${FILE_LIST[@]}; do
  echo "Checking ${FILE_NAME}"
  diff --unified \
    <("${UGLIFYJS}" --beautify bracketize <(hg cat --rev "${PARENT_REV}" "${FILE_NAME}")) \
    <("${UGLIFYJS}" --beautify bracketize <(hg cat --rev "${REVISION}"   "${FILE_NAME}"))
done
```
2019-02-08 23:20:57 +01:00
muxator
cc23bd18a4 db/API.js: require() Changeset library at top of file
Introduced with d246a191c6 ("Added option to restore revisions #1791") on
2014-11-08.
2019-03-07 00:39:41 +01:00
muxator
06756e49ee db/API.js: reuse the already required padMessageHandler (2 of 2)
It was introduced on 2014-11-12 by commit 9d39c9591a ("update pad clients").
2019-03-07 00:14:49 +01:00
muxator
72260b86de db/API.js: reuse the already required padMessageHandler (1 of 2)
Commit 94cb743ca8 ("Fix API call appendChatMessage to send new message to all
connected clients") fixed a bug, but introduced a redundant require().
2019-03-07 00:04:08 +01:00
muxator
10172af199 db/API.js: no need to parseInt(time) here
We are already sure that time is an int
2019-03-07 00:02:24 +01:00
muxator
b34fc2de2b use Date.now() instead of new Date().getTime()
This is documented to be more performant.

The substitution was made on frontend code, too (i.e., the one in /static),
because Date.now() is supported since IE 9, and we are life supporting only
IE 11.

Commands:
  find . -name *.js | xargs sed --in-place "s/new Date().getTime()/Date.now()/g"
  find . -name *.js | xargs sed --in-place "s/(new Date()).getTime()/Date.now()/g"

Not done on jQuery.
2019-02-26 23:25:15 +01:00
muxator
90bfbeb38d PadMessageHandler.js: fixed logic error in a guard condition
The guard condition on count being non negative and < 100 used the wrong
boolean operator. In its form it was impossible.

This error was introduced in 2013, in 5592c4b0fe.
Fixes #3499
2019-02-27 00:56:41 +01:00
muxator
4b913172fe PadMessageHandler.js: renamed parameter in handleCustomMessage() to avoid name clash 2019-02-26 22:19:49 +01:00
muxator
791012bb9b PadMessageHandler.js: removed redundant return statement 2019-02-26 19:15:22 +01:00
muxator
46fdeb8dc4 ExportTxt.js: getPadTXT() does not need to be exported
This function is used only inside this module, and does not belong to its
external interface.
2019-02-22 23:32:10 +01:00
muxator
169a06793d db/API.js: almost removed optional argument handling
The HTTP API doesn't ever omit arguments, it always passes `undefined` for a
parameter that wasn't supplied in the request.

The functions that were simplified are:
  - getRevisionChangeset()
  - getText()
  - getHTML()
  - saveRevision()

The only function still supporting optional arguments is getPadSafe(), which is
only called from this module.
2019-02-19 00:15:54 +01:00
muxator
26f3f1bcd0 db/Pad.js: make "force" parameter non optional in Pad.prototype.copy()
This function was simulating two overloads:
  1. copy(destinationID, force, callback)
  2. copy(destinationID, callback), in this case "force" would be assumed false

But all the call sites always used the version with arity 3.
Thus, we can remove that optionality and always assume that the funcion will be
called with three parameters. This will simplify future work.
2019-02-13 14:01:24 +01:00
translatewiki.net
1900b00ec2 Localisation updates from https://translatewiki.net. 2019-02-25 10:41:33 +01:00
Sebastian Castro
9848a600e3 colibris: Fixes #3548 #3549 chat improvements 2019-02-22 19:48:46 +01:00
Sebastian Castro
378dbe8485 skins: Improve clientPluginNames class helper
Moving classes to html tag so it can be used to style other part of template depending on plugins like #users, #chat etc...
Rename plugin class with "plugin-" prefix, because there were conflicts with some plugins using the same .ep_font_color class to apply css rules
2019-02-22 19:48:46 +01:00
Sebastian Castro
401db8fce3 chat: Adds placeholder to input. Translate stick button 2019-02-22 19:48:08 +01:00
muxator
59a6f2e9b8 node8: get rid of node < 0.7 compatibility when deleting files.
- path.exists() is no longer part of nodejs
- fs.exists() is deprecated (as of nodejs >= 8)
- checking a file for existence before using it is open to raca condition. It is
  preferable to go ahead and use the file, and eventually handle the error
- we can afford two simple synchronous fs operations here
2019-02-19 22:01:12 +01:00
muxator
6d36bb2c53 node8: we can safely use os.tmpdir()
Since we are requiring node >= 8, we can safely use native functionalities.
2019-02-19 22:01:12 +01:00
muxator
09949c242a node8: we no longer need to use a shim for Object.values in stats.js 2019-02-19 22:01:12 +01:00
muxator
9d35d15ae3 node8: require nodejs >= 8.9.0, npm >= 6.4
Next version will be Etherpad 1.8. As planned in #3424, we are going to require
NodeJS >=8.9.0 and npm >= 6.4.

This commit implements that change and updates documentation and scripts.
Subsequent changes will get rid of old idioms, dating back to node < 0.7, that
still survive in the code.
Once migrated to NodeJS 8, we will be able to start working on migrating the
code base from callbacks to async/await, greatly simplifying legibility (see
#3540).

Closes #3557
2019-02-19 22:01:12 +01:00
muxator
9d9b7c9faf NodeVersion.js: do not use callbacks, simplify calling style in server.js 2019-02-19 00:46:37 +01:00
muxator
36addd2205 server.js: group together the loading of the stats system
No functional changes, this is intended to simplify subsequent patches.
2019-02-19 00:41:51 +01:00
translatewiki.net
b16b98f8ca Localisation updates from https://translatewiki.net. 2019-02-18 08:00:31 +01:00
muxator
d5d428c4ee windows: allow graceful shutdown on Windows, too
Until Etherpad 1.7.5, process.on('SIGTERM') and process.on('SIGINT') were not
hooked up under Windows, because old nodejs versions did not support them.
This excluded the possibility of doing a graceful shutdown of the database
connection under that platform.

According to nodejs 6.x documentation, it is now safe to do so. This allows to
gracefully close the DB connection when hitting CTRL+C under Windows, for
example.

Source: https://nodejs.org/docs/latest-v6.x/api/process.html#process_signal_events

  - SIGTERM is not supported on Windows, it can be listened on.
  - SIGINT from the terminal is supported on all platforms, and can usually be
    generated with <Ctrl>+C (though this may be configurable). It is not
    generated when terminal raw mode is enabled.
2019-02-16 00:14:39 +01:00
translatewiki.net
c333984cd8 Localisation updates from https://translatewiki.net. 2019-02-14 09:09:18 +01:00
muxator
631b23f7a2 utils/AbsolutePaths.js: do not break when running as a Windows manual install
A Windows manual install has the same directory layout of a normal Unix one
(e.g. the nice symlink node_modules/ep_etherpad-lite -> ../src).
Only when running from the pre-built Windows package the directory layout is
different (e.g. src is physically copied into node_modules/ep_etherpad-lite).
The previous version of the code wrongly assumed that all Windows installs would
be run from the pre-built pakage.

In this version the path search is the same on all platform. If it fails, and we
are on Windows, there is a fallback for the specific case of the pre-built
package.

Fixes #3550
2019-02-11 03:28:02 +01:00
muxator
78c057af31 NodeVersion.js: factor out require('semver') 2019-02-08 19:10:49 +01:00
translatewiki.net
2e4ee39cc3 Localisation updates from https://translatewiki.net. 2019-02-07 15:55:56 +01:00
muxator
4f0a2785da release: prepare for 1.7.5
Written the changelog and updated package.json.
2019-01-26 00:16:03 +01:00
muxator
d475cc3d08 package.json: "http://github.com" -> "https://github.com" 2019-01-26 00:12:16 +01:00
muxator
9f31456f84 package.json: list myself among the authors 2019-01-26 00:11:11 +01:00
Ray Bellis
c8e5d87268 api: simplify version table
This commit vastly shortens (and simplifies) the version table within
handler/APIHandler.js by building each version's entry incrementally based off
the previous version.

The resulting table has been validated by comparing the "before" and "after"
output of the following loop on both versions of the code (albeit with an
intermediate "sort" step to account for the different insertion order)

  for (let v in version) {
    let m = version[v];
    for (let [k, a] of Object.entries(m)) {
      console.log(v, k, a);
    }
  }

The patch also fixes a few typos, and removes a duplicate definition of
getChatHistory which in each applicable version was defined with two different
parameter lists, but where only the second would be used.
2019-01-22 22:51:22 +01:00
translatewiki.net
bd48497ce3 Localisation updates from https://translatewiki.net. 2019-01-17 10:50:43 +01:00
HairyFotr
fce55df2b7 Fix typos 2019-01-16 11:14:04 +01:00
translatewiki.net
02b3d42771 Localisation updates from https://translatewiki.net. 2018-12-27 10:48:05 +01:00
translatewiki.net
7275cdc915 Localisation updates from https://translatewiki.net. 2018-12-17 08:51:24 +01:00
translatewiki.net
db27582622 Localisation updates from https://translatewiki.net. 2018-12-10 08:08:01 +01:00
muxator
0ad8291ae7 hooks: restore Internet Explorer 11 compatibility.
Compatibility with IE11 regressed in 23eab79946 while working for #3488.
That commit made use of modern js syntax, not supported by IE11.

- Removed arrow functions, replaced with normal functions.
- Removed the spread operator (<...iterable>) and the "new Set()" construct,
  replaced with _.uniq()

At some point IE11 compatibility will be dropped.
Ditching it now, for such a small gain, is not wise.

Fixes #3500.
2018-11-28 20:03:39 +01:00
muxator
fe20ffa202 dependencies: update wd, 1.10.3 -> 1.11.1
This is just a dev dependency, so no real risks, but it's better not to scare
users.

Reported vulnerability before this change:

$ npm audit
                       === npm audit security report ===

# Run  npm update cryptiles --depth 4  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Insufficient Entropy                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ cryptiles                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ wd [dev]                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ wd > request > hawk > cryptiles                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/720                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
2018-11-28 18:49:12 +01:00
Sebastian Castro
fc629e49d9 skins:colibris fixes #3514 hide sidediv and "show line number" option on mobile 2018-11-28 15:01:12 +01:00
Sebastian Castro
2ce195747b skins: Fixes #3510 show/hide line numbers 2018-11-15 11:34:32 +01:00
Sebastian Castro
4c7ae65ac4 colibris: use a darker default font and do not use OpenDyslexic 2018-11-08 21:56:41 +01:00
Sebastian Castro
385ca8771b colibris: various improvements, including author_hover, cursortrace plugins 2018-11-08 21:56:40 +01:00
Sebastian Castro
39ad22f78f colibris: style timeslider page 2018-11-08 21:56:39 +01:00
Sebastian Castro
8343afde84 colibris: move ep_embedded_hyperlinks style to plugin itself 2018-11-08 21:56:38 +01:00
Sebastian Castro
948e9e4e10 colibris: responsive layout depending on plugins activated 2018-11-08 21:56:30 +01:00
Sebastian Castro
413f46b085 colibris: minor improvements 2018-11-08 21:56:29 +01:00
Sebastian Castro
e8c229cc65 colibris: add style for ep_embedded_hyperlink plugin 2018-11-08 21:56:29 +01:00
Sebastian Castro
9205b551df colibris: fix plugin ep_comments style 2018-11-08 21:56:28 +01:00
Sebastian Castro
af641c3b3d colibris: minor improvements 2018-11-08 21:56:27 +01:00
Sebastian Castro
8881a2a61f colibris: style plugin ep_tables2 2018-11-08 21:56:26 +01:00
Sebastian Castro
24b46984d4 colibris: Style ep_set_title_on_pad 2018-11-08 21:56:18 +01:00
Sebastian Castro
dad6c217ef colibris: improvements 2018-11-08 21:56:17 +01:00
Sebastian Castro
3f761121b2 colibris: improve colibris responsive 2018-11-08 21:56:15 +01:00
Sebastian Castro
6cc499bcce colibris: add new skin, initial commit
Needs further development: responsive, plugins, configuration...
2018-11-08 21:56:14 +01:00
drebs
39fbc37dd8 index.html: generate unique pad names
Etherpad-lite relies on the user's browser to generate a random pad
name, but the current solution is not safe against collisions. In order
to generate unique pad names, the following modifications are made:

* use a PRNG instead of Math.random() and ensure uniform distribution
  when selecting chars.

* choose the pad name length to achieve a specific number of bits of
  security.

Closes: #3516
2018-11-26 23:07:34 +01:00
translatewiki.net
7df26840cb Localisation updates from https://translatewiki.net. 2018-11-22 07:26:44 +01:00
translatewiki.net
c17f5e5f04 Localisation updates from https://translatewiki.net. 2018-11-19 08:38:11 +01:00
Sebastian Castro
d3d1fd21bb fonts: add pencil, link and table icon
Preparatory work for introducing colibris skin
2018-11-08 21:56:13 +01:00
Sebastian Castro
e80f9a6f59 pad.css: group togheter three very similar rules.
a) these rules:
  [class^="icon-"]:before
  [class*=" icon-"]:before

b) were the same as this one:
  [data-icon]:before

except the rules in b) had a "content: attr(data-icon)" rule, too.

This commit groups all of them together, and gets rid of the "attr(data-icon)".

The commit that introduced these rules in the first place, and that are now
partially reverted, was 9aea689438 (move tiny bit
of font awesome we actually use into pad.css) from 2014-11-19.

Preparatory work for introducing colibris skin
2018-11-08 21:56:11 +01:00
Sebastian Castro
63ec2d8cc2 font picker: improve the font picker (closes #3451)
Preparatory work for introducing colibris skin
2018-11-08 21:56:10 +01:00
Sebastian Castro
c5a07e6827 pad.html: add css purpose classes
Preparatory work for introducing colibris skin
2018-11-08 21:56:09 +01:00
Sebastian Castro
5c683da435 timeslider.html: import pad.css so the pad will look the same
Preparatory work for introducing colibris skin
2018-11-08 21:56:08 +01:00
Sebastian Castro
23eb1701ed ace2_inner: fix first line number position
Preparatory work for introducing colibris skin
2018-11-08 21:55:58 +01:00
Sebastian Castro
4115f792e4 ace.js: prioritize the skin style over the plugin style
Preparatory work for introducing colibris skin
2018-11-08 21:55:34 +01:00
Sebastian Castro
8a6eae26d7 ace.js: also add plugins names to #outerdocbody (refs #3488)
This commit is an integration to aa8204e5df
2018-11-08 21:55:07 +01:00
translatewiki.net
b0210c1b55 Localisation updates from https://translatewiki.net. 2018-11-12 08:37:52 +01:00
translatewiki.net
1aeff40be3 Localisation updates from https://translatewiki.net. 2018-11-08 09:56:07 +01:00
translatewiki.net
74b2bd1a4f Localisation updates from https://translatewiki.net. 2018-11-05 08:42:25 +01:00
translatewiki.net
0443de4dc9 Localisation updates from https://translatewiki.net. 2018-11-01 08:08:05 +01:00
muxator
5b88882e34 LibreOffice: add debugging log statements 2018-11-01 00:22:27 +01:00
muxator
4b8a0ff4ac LibreOffice: rename variables (conversion is generic and not PDF-specific) 2018-11-01 00:18:26 +01:00
muxator
73d09f1c6c LibreOffice: rephrase comments (conversion is generic and not PDF-specific) 2018-10-31 22:34:11 +01:00
muxator
df5618b274 ImportHandler: flattened code
Removed redundant else, no functional changes
2018-10-31 23:34:15 +01:00
muxator
fcd88de900 ImportHandler: flattened code
Removed redundant else, no functional changes
2018-10-31 23:31:23 +01:00
muxator
49a7572cee ImportHandler: early return by condition inversion
No functional changes
2018-10-31 23:28:52 +01:00
muxator
df15daac0e ImportHandler: early return by condition inversion
No functional changes
2018-10-31 23:27:22 +01:00
muxator
12bb97dc2d ImportHandler: early return by condition inversion
No functional changes
2018-10-31 23:24:56 +01:00
muxator
2b8e45e2bd ImportHandler: anticipated the error checking
No functional changes.
2018-10-31 23:22:50 +01:00
muxator
4c2ad68b69 ImportHandler: early return via DeMorgan's law
Inverted a boolean condition, no functional changes.
2018-10-31 23:20:55 +01:00
muxator
f652ba8c52 ImportHandler: flattened code
Removed redundant else, no functional changes
2018-10-31 23:16:20 +01:00
muxator
fb552b2dbb ImportHandler: early return via DeMorgan's law
Inverted a boolean condition, no functional changes.
2018-10-31 23:15:01 +01:00
muxator
9d104cc4b0 ImportHandler: early return via DeMorgan's law
Inverted a boolean condition, no functional changes.
2018-10-31 23:09:27 +01:00
muxator
395db73eb1 ImportHandler: early return by condition inversion
No functional changes
2018-10-31 23:00:45 +01:00
muxator
6727a77073 ImportHandler: flatten code
No functional changes
2018-10-31 22:55:58 +01:00
Luc Didry
e8558e3497 Allow to import files using soffice
Currently, you have to use Abiword to convert odt, pdf and doc files to be able to import those files.
This add soffice as convertor too.
2018-10-31 22:21:48 +01:00
muxator
f6cef9dfd2 skins: fix timeslider support
Found by Sebastian Castro <90scastro@gmail.com>
This was really meant to be part of 9c990ab08a
2018-10-29 21:46:19 +01:00
translatewiki.net
20be994d9b Localisation updates from https://translatewiki.net. 2018-10-18 08:18:00 +02:00
muxator
9774518525 dependencies: update graceful-fs, 4.1.3 -> 4.1.11 2018-10-17 00:37:35 +02:00
muxator
e68edcd23d dependencies: update cookie-parser, 1.3.4 -> 1.4.3 2018-10-17 00:34:28 +02:00
muxator
f67fc3ad38 dependencies: update ejs, 2.5.7 -> 2.6.1 2018-10-17 00:31:55 +02:00
muxator
a585487802 dependencies: update semver, 5.1.0 -> 5.6.0 2018-10-17 00:28:21 +02:00
muxator
50b245d260 dependencies: update request, 2.83.0 -> 2.88.0 2018-10-17 00:27:51 +02:00
muxator
c69c0053b6 dependencies: update npm, 6.4.0 -> 6.4.1 2018-10-17 00:27:25 +02:00
muxator
5734eea10b dependencies: update express, 4.16.3 -> 4.16.4 2018-10-17 00:26:51 +02:00
translatewiki.net
4f756d3953 Localisation updates from https://translatewiki.net. 2018-10-15 09:25:07 +02:00
translatewiki.net
4121add1b8 Localisation updates from https://translatewiki.net. 2018-10-03 22:03:52 +02:00
muxator
23eab79946 pad.html: for each client plugin, add a class to #editorcontainerbox
This commit implements the following behaviour:

1. adds a function clientPluginNames() to hooks.js (mimicking what is done in
   static.js), which returns an array containing the list of currently installed
   client side plugins. The array is eventually empty.

2. calls that function in pad.html at rendering time (thus server-side) to
   populate a class attribute.

Example results:
- with no client-side plugins installed:
  <div id="editorcontainerbox" class="">

- with some client-side plugins installed:
  <div id="editorcontainerbox" class="ep_author_neat ep_adminpads">

Looking at the existing code (src/node/hooks/express/static.js#L39-L57), a
client-side plugin is defined as a plugin that implements at least a client side
hook.

NOTE: there is currently no support for notifying plugin removal/installation
      to the connected clients: for now, in order to get an updated class list,
      the clients will have to refresh the page.

Fixes #3488
2018-10-02 21:22:13 +02:00
translatewiki.net
2a5e87cc7d Localisation updates from https://translatewiki.net. 2018-09-20 11:05:16 +02:00
translatewiki.net
051a8765e4 Localisation updates from https://translatewiki.net. 2018-09-13 10:54:15 +02:00
translatewiki.net
1fce593779 Localisation updates from https://translatewiki.net. 2018-09-06 21:23:58 +02:00
translatewiki.net
4a514706cb Localisation updates from https://translatewiki.net. 2018-09-03 08:10:53 +02:00
muxator
1a93ab4eb5 db/Pad: reversed truthy condition to make core logic evident
Since the original comparison compared for truthy and not for "===", and it's
3 AM now, I blindly negated it, in order to show how fragile it was in the first
instance.

No functional changes.

This is the final commit of this refactoring series.
2018-08-29 03:03:34 +02:00
muxator
69e1bf28aa db/Pad: reversed condition to make core logic evident. No functional changes
Here it was legal to replace a lax comparison with a strict one, since we are
using indexOf(), whose return value is known.
2018-08-29 02:52:26 +02:00
muxator
d931a700b4 db/Pad: reversed condition to make error handling evident. No functional changes
Here it was legal to replace a lax comparison with a strict one, since we are
using indexOf(), whose return value is known.
2018-08-29 02:49:40 +02:00
muxator
0e8789863c db/Pad: removed unuseful else clause, no functional changes 2018-08-29 02:46:08 +02:00
muxator
049f5f2859 db/Pad: removed unuseful else clause, no functional changes 2018-08-29 02:44:51 +02:00
muxator
e90487c3e2 db/GroupManager: early return, no functional changes 2018-08-29 02:42:29 +02:00
muxator
a1d21c0cd2 db/GroupManager: early return, no functional changes 2018-08-29 02:41:53 +02:00
muxator
9ed7608421 db/GroupManager: early return, no functional changes 2018-08-29 02:41:14 +02:00
muxator
da8faa1aa9 db/GroupManager: early return, no functional changes 2018-08-29 02:40:14 +02:00
muxator
f7254a47ea db/GroupManager: early return, no functional changes 2018-08-29 02:39:05 +02:00
muxator
604952bc97 db/GroupManager: fix indentation
This is to make easier on the eye the next change.
2018-08-29 02:38:09 +02:00
muxator
c85bcf0614 db/GroupManager: move inner function on top. No functional change
This is to make easier on the eye the next change.
2018-08-29 02:36:25 +02:00
muxator
6af419a88e SecurityManager.js: early return, no functional changes 2018-08-29 02:33:29 +02:00
muxator
61823e7689 db/AuthorManager: early return, no functional changes 2018-08-29 02:28:40 +02:00
muxator
2b8646a855 db/AuthorManager: early return, no functional changes 2018-08-29 02:28:35 +02:00
muxator
b59818676e db/API.js: early return to make error handling evident. No functional changes 2018-08-29 02:18:32 +02:00
muxator
67ce19eddb db/API.js: removed unuseful else clause, no functional changes 2018-08-29 02:16:24 +02:00
muxator
610a6db8c8 db/API.js: early return, no functional changes 2018-08-29 02:13:06 +02:00
muxator
fef57efd46 db/API.js: early return, no functional changes 2018-08-29 02:10:45 +02:00
muxator
42bc0a59e1 db/API.js: early return, no functional changes 2018-08-29 02:09:33 +02:00
muxator
05a33f1533 db/API.js, SessionManager: lot of copied & pasted code in integer parsing
Replaced with an early return, no functional changes.
2018-08-29 02:08:05 +02:00
muxator
1d45a63864 db/API.js: early return, no functional changes 2018-08-29 01:57:00 +02:00
muxator
30d814d8ed db/API.js: early return, no functional changes 2018-08-29 01:57:28 +02:00
muxator
4728736dd8 db/PadManager: early return, no functional changes 2018-08-29 01:47:38 +02:00
muxator
ecb0c41d29 db/PadManager: early return, no functional changes 2018-08-29 01:46:18 +02:00
muxator
12f224ae72 db/PadManager: early return, no functional changes 2018-08-29 01:44:13 +02:00
muxator
391bd79e03 padurlsanitize: early return, no functional changes 2018-08-29 01:38:55 +02:00
muxator
d19436d044 adminsettings: early return, no functional changes. 2018-08-29 01:34:45 +02:00
muxator
b60c0b122c PadMessageHandler: reversed condition to make core logic evident. No behavioural changes.
This one replaces a big "if (message)" negating its truthy condition.

Being lame, I erred on the safe side and wrote a super ugly statement that is
guaranteed to respect the original logic.

In the hope that eventual logic errors become more evident now.

See: https://stackoverflow.com/questions/36661748/what-is-the-exact-negation-of-ifvariable-in-javascript#36661843
2018-08-29 01:23:38 +02:00
muxator
324929ca2d PadMessageHandler: early return to reduce code depth.
Get rid of an else branch to simplify code layout. No functional changes at all.

==============

This series is an attempt to reduce the control structure depth of the code
base, maintaining at the same time its exact same behaviour, bugs included. It
is, in a sense, an initial attempt at a refactoring in the spirit of its
original definition [0].

The idea beyond this refactoring is that reducing the code depth and, sometimes,
inverting some conditions, bugs and logic errors may become easier to spot, and
the code easier to read.

When looked at ignoring whitespace changes, all of these diffs should appear
trivial.

[0] https://refactoring.com/
2018-08-29 00:57:28 +02:00
anoy
07bc163cb6 url encode pad name 2018-08-27 14:15:50 +02:00
muxator
fb1f8dd239 toolbar: missing var declaration
Without this, Etherpad would fail to start in strict mode:
  "ReferenceError: SelectButton is not defined"
2018-08-27 01:34:01 +02:00
muxator
27b3b0ecd2 logs: on the server, use template literals when possible
It's just synctactic sugar, but it is always better than executing string
concatenations in one's mind.

Do not do this with files in src/static, because we want to keep IE 11
compatibility.
2018-08-27 01:29:37 +02:00
muxator
0e972aaecf settings: reword some log messages 2018-08-27 01:56:33 +02:00
muxator
36f39a6e13 ace.js: remove template literals to keep IE 11 compatibility
Files in "src/static" are executed on the client: do not break browser
compatibility because of syntactic sugar.

Introduced in 9c990ab08a.
2018-08-27 02:18:34 +02:00
muxator
7f7efa22b7 javascript license: we cannot assert the license of a custom skin.
Even in the previous versions, it made no sense.
Removing.
2018-08-26 22:28:31 +02:00
muxator
9c990ab08a skins: finalize support for multiple skins
The old "static/custom" directory is replaced by "static/skins/<skinName>",
where <skinName> is taken from settings.json.
When no value is found, a default of "no-skin" is assumed, so that backward
compatibility is maintained.

The most evident security concerns have been addressed.

Closes #3471.
2018-08-26 21:17:04 +02:00
muxator
e34c74b24d skins: the settings class understands skinName. Send skinName value to the client
skinName must be a single string (no directory separators in it) pointing to an
existing directory under /src/static/skins.
In case these conditions are not met, its value is rewritten to "no-skin".

Also, the value of skinName if sent to the client via clientVars for allowing
its use it in the browser.
2018-08-26 21:17:04 +02:00
muxator
aba1c6f8bd skins: moved "static/custom" -> "static/skins/no-skin"
The old empty skin created by the startup scripts becomes the default: no-skin.
2018-08-26 21:17:04 +02:00
muxator
0c518cadf5 skins: replace {js,css}.template with actual files. Simplify startup scripts.
Currently, an Etherpad skin requires the existence of 6 files:
- index.{css,js}
- pad.{css,js}
- timeslider.{css,js}

In the default empty skin (in static/custom), there were 2 small placeholders
({js,css}.template) to be copied in place by the startup script in case no skin
was in use.

Now that we are moving to multiple directories (see #3471) we can simply commit
the example files and remove the copying code from the startup script.
2018-08-26 21:17:04 +02:00
muxator
6c56e7ca7a ace.js: use URL encoding when building an URL via string concatenation
Not performing encoding/decoding when traversing logical domains is a security
risk.
String concatenation is not great, too, but this change is just focused on
allowing the implementation of skin support.
2018-08-26 02:40:36 +02:00
Luc Didry
2cc32d7fe9 Add --writer option to soffice convert command
If you edit `src/templates/export_html.html` to remove the
`<meta name="changedby" content="Etherpad">` tag[1], PDF export with
soffice has a bug: the first word of the pad is deleted and a blank page
is inserted as first page (the pad's text begins on the second page).
The `--writer` soffice option avoids that bug.

[1] you may want to delete that tag since it is inserted as a comment in
.doc or .odt soffice export.
2018-08-24 18:26:51 +02:00
muxator
d1481041c2 specialpages: replace relative paths for sendfile() with absolute ones
This file uses it for robots.txt and favicon.ico.

This makes use of the new stable settings.root introduced with #3466, and will
be modified when introducing support for custom skins.
2018-08-23 23:39:38 +02:00
muxator
9db5fd7884 AbsolutePaths: introduced isSubdir()
It can be used to check whether a user input or a configuration settings tries
to traverse the directory hierarchy, going out of its allowed bounds.

source: https://stackoverflow.com/questions/37521893/determine-if-a-path-is-subdirectory-of-another-in-node-js#45242825
2018-08-23 07:20:17 +02:00
translatewiki.net
0728e66723 Localisation updates from https://translatewiki.net. 2018-08-23 08:15:56 +02:00
muxator
ce14a99606 settings, APIHandler: use makeAbsolute() for locating APIKEY and SESSIONKEY 2018-08-23 07:02:45 +02:00
muxator
8247d5eef3 settings: use makeAbsolute() for locating settings.json and credentials.json
This should look to consistent locations when looking for relative paths,
without depending on current working directory.
For absolute paths, nothing changes.
2018-08-23 07:02:45 +02:00
muxator
435b2a4edf settings: the dirtyDb file path is interpreted using makeAbsolute()
Otherwise its position depended on process.cwd
2018-08-23 07:02:45 +02:00
muxator
5406472d65 AbsolutePaths: makeAbsolute() computes an absolute path from a relative one
The base is assumed to be exports.findEtherpadRoot(), without depending on
process.cwd.
2018-08-23 07:02:45 +02:00
muxator
1b938a7a40 settings: compute exports.root via AbsolutePaths.findEtherpadRoot()
First steps for fixing #3466.
2018-08-23 07:02:45 +02:00
muxator
b1a0e14ee2 AbsolutePaths: written findEtherpadRoot()
This is just a function (with an ugly side effect for caching purposes) that
heuristically tries to compute the Etherpad installation path when running under
Unix and win32 (they have different file system layouts).

This path can be used by Etherpad as a base for all the relative paths, in order
to be deterministic and not depending on cwd.
2018-08-23 07:02:45 +02:00
muxator
cbce3c1b08 AbsolutePaths: written utility function popIfEndsWith()
It will be necessary in the next commit to evaluate the Etherpad base
install path.
2018-08-23 07:02:45 +02:00
muxator
dbf7eff1fc AbsolutePaths: module for deterministically computing relative Etherpad paths
Empty for now.
2018-08-23 07:02:45 +02:00
muxator
ec5573f88c settings, APIHandler: generate more informative logs 2018-08-21 00:05:15 +02:00
muxator
b635371d52 settings: the default dirty.db location should be var/dirty.db
This is the location that is choosen by default when Etherpad starts with no
settings.json file.
It was different than the one contained into setting.json.template.
2018-08-21 21:57:13 +02:00
muxator
cb07805022 NodeVersion: take responsibility for ugly code 2018-08-22 00:12:53 +02:00
muxator
93641a165d dependencies: update socket.io 1.7.3 -> 2.1.1
Version 2.x is not backwards compatible with 1.x.
However, according to [0], [1] and [2], it seems that the biggest concern is
when mixing different server and client versions, and this is not Etherpad's
case.

Smoke tested (successfully) on Firefox 61, Chromium 68.

npm audit before this change:
  found 12 vulnerabilities (9 low, 3 high) in 8205 scanned packages
    11 vulnerabilities require semver-major dependency updates.
    1 vulnerability requires manual review. See the full report for details.

npm audit after this change:
  found 1 low severity vulnerability in 8196 scanned packages
    1 vulnerability requires manual review. See the full report for details.

Fixes #3462

[0] https://socket.io/blog/socket-io-2-0-0/
[1] https://github.com/socketio/socket.io/issues/3007#issuecomment-336791836
[2] a0d7a794de
2018-08-18 19:42:42 +02:00
muxator
4408a1e505 release: prepare for 1.7.0
Written the changelog and updated package.json.

From now on, releases will be cut from develop, and merged directly into master.

Each release will be a tag on the master branch (e.g. 1.7.0).
A "release/1.7.0" branch will eventually be created only if/when a hotfix will
be needed.
2018-08-17 00:18:31 +02:00
muxator
36b629346d dependencies: updated npm to 6.4.0 2018-08-16 22:04:40 +02:00
muxator
fc14f60a4b runtime: polyfill Object.values()
Minimum supported Node version is 6.9.0, but Object.values() was introduced in
Node < 7. Let's use a polyfill if needed.

This will be removed when minimum supported Node version is raised to 8.9.0.

Fixes #3459
2018-08-15 22:34:05 +02:00
muxator
9d815c58b8 deprecations: get rid of DEP0005 about Buffer()
Similar code still lives in some dependent libraries.
It will be updated when upgrading the dependencies.

Fixes #3446
2018-08-14 19:45:03 +02:00
muxator
6d5a6cf795 caching_middleware: removed unnecessary escape in regex
Found by eslint with "no-useless-escape"
2018-08-14 19:33:10 +02:00
"muxator ext:(%22)
42a0772955 dependencies: updated measured 1.1.0 -> measured-core 1.11.2
When installing dependencies, npm informed us that measured had been deprecated,
and renamed to measured-core. Let's follow the advice, and get rid of the
warning.

  npm WARN deprecated measured@1.1.0: This package has been renamed to
  measured-core, all versions of measured have been re-released under
  measured-core, please update your package and consider updating to the newest
  version. See https://github.com/yaorg/node-measured for latest updates.

This package is used to expose a single endpoint ("/stats"), whose output does
not change after this commit.

Fixes #3458
2018-08-14 13:22:41 +02:00
Masaru Nagaku
392f39b623 fix bug for getPadPlainText 2018-08-11 11:02:20 -03:00
Muh Muhten
3cedf474e5 Fix misparse of port when binding Unix socket
The hostname:port of URIs used in Minify are currently bogus and refer
to localhost only for historical reasons; there's no reason to retain
them and omitting them avoids generating an invalid URI when "port" is
not an integer.

Context: settings.port is passed to express's listen; if not numeric, it
is used a filename for a Unix domain socket.
This allows e.g. starting a server to be reverse-proxied on a multi-user
system, using the filesystem to handle access control and avoiding need
to allocate port numbers.

Before this change, etherpad-lite starts without error when configured
to listen on a Unix domain socket in this manner. However, `pad.js` and
`ace2_common.js` are generated incorrecting, causing an error
"Uncaught Error: The module at "ep_etherpad-lite/static/js/rjquery" does not exist."
when loading the editor:

When settings.port is a non-numeric string, e.g. `etherpad.sock`, a URI
of the form `http://localhost:etherpad.sock/static/js/rjquery.js` is
generated and parsed to find the file needed. In this case, the file
searched for is `:etherpad.sock/static/js/rjquery.js`, rather than the
expected `static/js/rjquery.js`. No such file exists, and the required
code is silently omitted from the bundle.

As a workaround, hard-code a (meaningless) hostname which can be parsed
correctly, since the current code makes no use of it anyway.
2018-08-10 01:57:30 +02:00
Michael Braun
971853ca58 remove -k argument as it is currently for both sessionkey and apikey 2018-08-09 19:42:14 +02:00
muxator
65b9626669 dependencies: updated express & express-session
express: 4.13.4 -> 4.16.3
express-session: 1.13.0 -> 1.15.6

This, along with the previous commit, partially implements #3429.
2018-07-29 01:44:49 +02:00
muxator
1101c0279f dependencies: wd, 1.6.1 -> 1.10.3
It's a dev dependency, no breakages in backend and frontend tests.
2018-07-29 01:41:15 +02:00
muxator
a0d5eb18a0 tests: introduce istanbul.js to check code coverage
see: https://istanbul.js.org
2018-07-28 23:54:51 +02:00
muxator
f7000c786d tests: update mocha 5.0.5 -> 5.2.0
This does not break any backend tests
2018-07-28 23:54:51 +02:00
muxator
4e10f4d52a tests: sent Nyan Cat into eternal oblivion
Alive and kicking since 2014 (3ac833d455), but it is now time to go on
2018-07-28 23:54:51 +02:00
muxator
379690abbf tests: backend tests are now run with "npm test" instead of a custom bash script 2018-07-28 23:54:51 +02:00
muxator
1a4a26fc73 tests: move mocha among devDependencies in package.json 2018-07-28 23:54:51 +02:00
muxator
1f19b20796 tests: move supertest among devDependencies in package.json 2018-07-28 23:54:51 +02:00
muxator
a69f8a3db9 runtime: deprecate Node <= 7. From Etherpad 1.8.0 minimum Node version will be 8 2018-07-28 23:33:24 +02:00
muxator
7544585908 runtime: enforce minimal node version to 6.9.0
Etherpad 1.6.6 does not run on node <= 5 already.
Node 6.9 is the first LTS release in the 6 series, and comes with npm 3.10.8.

Declarations in package.json are advisory unless the user has set
`engine-strict` config flag.

Updated the docs accordingly.
2018-07-28 23:33:24 +02:00
translatewiki.net
7fa198d448 Localisation updates from https://translatewiki.net. 2018-07-26 10:04:02 +02:00
John McLear
a4c67f0d03
Update package.json 2018-07-20 17:54:48 +01:00
Dan Bornstein
2a876e5e9b Ensure that all lines in the pad are marked with class ace-line.
Without this change, lines that haven't ever been edited will have either
an empty class or, in the case of list start lines, a class that begins
with a space (because the `ace-line` before the space never got added).
2016-09-13 01:17:04 +02:00
translatewiki.net
7c971f24aa Localisation updates from https://translatewiki.net. 2018-07-16 16:51:53 +02:00
Dan Bornstein
b98ee116b9 Fix typos in ordinal names
* `eigth` -> `eighth`
* `twelth` -> `twelfth`
* `sixthteenth` -> `sixteenth`
* `fixteenth` -> `sixteenth`
2016-09-09 00:52:04 +02:00
nashe
937ca09d74 Correctly display plugin list in troubleshooting tab
Fixes #3402.
2018-07-15 23:47:44 +02:00
muxator
24b5817beb package.json: last reformatting
These are the remaining non-whitespace changes needed to normalize package.json
formatting, bringing it in line with the npm 6.1.0 default format.

Future edits to this file should follow this default format, in order to
minimize churn.
2018-07-14 14:58:38 +02:00
muxator
896230ad7c package.json: whitespace changes
Only cosmetic changes to make it easier to understand what changes in the other
commits.

This command:
  git diff this-commit-hash^! --ignore-all-space

should give an empty output on this commit.
2018-07-14 14:44:48 +02:00
muxator
7992316c23 package.json: sorted dependencies alphabetically
When npm saves packages.json, it sorts the dependencies alphabetically. This
change reorders them.

Its aim, togheter with the next ones, is to have a diff that is inspectable.
Moreover, the mutation of package.json by installDeps.sh will be disabled with
a future change.
2018-07-14 14:19:50 +02:00
Luiza Pagliari
58c3154769
[fix] Ignore default line attribs when detecting edges of changeset (#3420)
When comparing original content with the changes made by the user, we
need to ignore some line attribs that are added by content collector,
otherwise we would consider the change started on the first char of the
line -- the '*' that is added when line has line attribs.

In order to be able to handle both #3354 and #3118, we need to take into
account both the styles attribs (to fix #3354) and the line attribs
defined by any of the plugins (to fix #3118), but we can ignore those
extra line attribs that are added by Etherpad and do not add any
functionality (`'lmkr', 'insertorder', 'start'`).
2018-07-09 17:44:38 -03:00
translatewiki.net
380889b218 Localisation updates from https://translatewiki.net. 2018-07-02 07:56:19 +02:00
Mantary
2be873e3c7 Use keydown instead of keypress on Firefox. 2018-07-01 12:05:46 +02:00
Luc Didry
f35d3456cf Fix FR dateformat
FYI, the dateformat in translatewiki is correct.
2018-06-29 01:23:17 +02:00
translatewiki.net
599b1f4568 Localisation updates from https://translatewiki.net. 2018-06-28 07:21:00 +02:00
translatewiki.net
dfd45f0f57 Localisation updates from https://translatewiki.net. 2018-06-21 08:17:13 +02:00
translatewiki.net
3362c683bc Localisation updates from https://translatewiki.net. 2018-06-14 12:22:22 +02:00
translatewiki.net
d42393dc93 Localisation updates from https://translatewiki.net. 2018-05-31 08:22:54 +02:00
John McLear
fe08d2a1db
Merge pull request #3268 from citizenos/develop
getLineHTMLForExport - Fixes #2486 but breaks plugins
2018-05-21 15:56:58 +01:00
translatewiki.net
bacc37cf9b Localisation updates from https://translatewiki.net. 2018-05-21 16:02:15 +02:00
ilmar
a96aa88dad merge with ether/etherpad-lite develop branch 2018-05-21 16:18:40 +03:00
ilmar
4feccff530 merge with develop branch 2018-05-21 15:41:49 +03:00
ilmar
3c66425b60 List indent fix 2018-05-21 13:07:08 +03:00
ilmar
016497dbb4 prevLine/nextLine check fix 2018-05-14 22:57:15 +03:00
muxator
bfec44e346 Release version 1.6.6 2018-05-05 00:53:59 +02:00
ilmar
47e20a2f49 line parsing fix 2018-05-03 00:07:07 +03:00
ilmar
6684f9bfe8 hook callAll to aCallAll 2018-05-02 11:45:48 +03:00
ilmar
55ecf31786 html export fix 2018-05-02 11:12:58 +03:00
ilmar
c9863f81ad sync with ether/etherpad-lite 2018-05-02 11:08:57 +03:00
ilmar
8d27f3cf03 upgrade to 1.6.5 2018-04-24 13:31:40 +03:00
ilmar
7cc7bb1abc upgrade to 1.6.5 2018-04-24 12:25:56 +03:00
ilmar
d6fa065ef2 export html to original structure 2018-04-24 12:13:31 +03:00
translatewiki.net
ba322012d7 Localisation updates from https://translatewiki.net. 2018-04-23 08:52:57 +02:00
anugu-chegg
7b6a4aba30 Remove leftover code from earlier commits 2018-04-19 23:23:16 +02:00
anugu-chegg
b4068144c3 Refactor code 2018-04-19 23:23:16 +02:00
anugu-chegg
461ed413b7 Fix few mistakes 2018-04-19 23:23:16 +02:00
anugu-chegg
d41e184a3c Send commits missed during the reconnect 2018-04-19 23:23:16 +02:00
anugu-chegg
bf05e9ae89 Handle client reconnect properly 2018-04-19 23:23:16 +02:00
anugu-chegg
4265f4175e Handle socketio errors properly 2018-04-19 23:23:16 +02:00
anugu-chegg
fb20c26c5f Don't send COMMIT-MESSAGE when socketio connection is not active 2018-04-19 23:23:16 +02:00
Benjamin Schweizer
d26df86490 made url relative 2018-04-19 22:55:40 +02:00
translatewiki.net
4f2ff31a61 Localisation updates from https://translatewiki.net. 2018-04-19 09:20:05 +02:00
muxator
9daade0b95
fix: line numbers was not aligned with text
This change partially reverts 0a9d02562d, which got released in 1.6.4
due to #3280.

Text size and line alignment are now reverted back to their 1.6.3
appearance (thus stay non customizable, for now).

Fixes #3378
2018-04-13 18:32:39 +02:00
translatewiki.net
6dc8ead8c9 Localisation updates from https://translatewiki.net. 2018-04-12 15:16:27 +02:00
translatewiki.net
686ce054fa Localisation updates from https://translatewiki.net. 2018-04-12 09:12:18 +02:00
muxator
1d4e2b3b11 Release version 1.6.5 2018-04-10 00:47:40 +02:00
ilmar
517b249394 D 2018-04-10 00:08:42 +03:00
nashe
92eee85f36 Escape data when listing available plugins 2018-04-09 22:31:13 +02:00
Olivier Tétard
5b1e1f0c35 Fix typo in apicalls.js which prevents from importing isValidJSONPName. 2018-04-09 20:56:29 +02:00
ilmar
8502c04bee html lists export fix 2018-04-09 15:37:28 +03:00
translatewiki.net
1fdb01fd75 Localisation updates from https://translatewiki.net. 2018-04-09 08:17:36 +02:00
John McLear
b16e7ad25e
unbreak Safari iOS line wrapping
fixes f5810957b4 (diff-f639eb4efeaabf5624f3229daa1e88cd)
2018-04-07 18:11:24 +01:00
John McLear
fba2bf4df9
Update iframe_editor.css 2018-04-07 17:50:45 +01:00
John McLear
6a38826e9d
Merge pull request #3366 from ether/release/1.6.4
Release/1.6.4
2018-04-07 11:05:31 +01:00
John McLear
fa83de778c Password check fix 2018-04-07 10:31:47 +01:00
Peter 'Pita' Martischka
6d5dc93dbf merged 2018-04-07 10:23:49 +01:00
John McLear
c34350f307 Beginning to make release 2018-04-07 09:22:13 +01:00
thomas
ffe24c3dd9
Update webaccess.js 2018-04-06 22:21:33 +02:00
John McLear
86ec963775 Fixes #3137
#3137
2018-04-06 13:52:04 +01:00
ilmar
b4ad7cf452 Export lists fix + code linting and readability update 2018-04-05 23:27:02 +03:00
Peter 'Pita' Martischka
a08c4383b8 check pad exists before importing / exporting 2018-04-04 21:48:32 +01:00
John McLear
735052e1a2
Update package.json 2018-04-04 20:13:28 +01:00
John McLear
6388055f51
Merge pull request #12 from nashe/no_findkeys_export
No findkeys during export
2018-04-04 19:36:59 +01:00
Peter 'Pita' Martischka
806c9207e3 remove findkeys from pad export 2018-04-04 18:02:54 +01:00
John McLear
5a0afab02e
remove license thing from exports 2018-04-04 13:33:46 +01:00
Mikk Andresen
64a2e5b7a3 Upgrade Ueberdb2 to 0.3.7 to fix https://github.com/ether/etherpad-lite/issues/3348 2018-04-04 13:52:59 +03:00
Mikk Andresen
20428bb427 Merge remote-tracking branch 'upstream/develop' into develop 2018-04-04 13:52:27 +03:00
Mikk Andresen
a67aaa8f49 Merge remote-tracking branch 'upstream/master' into develop 2018-04-04 13:52:08 +03:00
Mikk Andresen
a4819b21f2 Upgrade Ueberdb2 to 0.3.7 to fix https://github.com/ether/etherpad-lite/issues/3348 2018-04-04 13:40:02 +03:00
John McLear
f15c7d7186
Merge pull request #3280 from lmagniez/ImprovedReadibility
Improved readibility
2018-04-03 17:22:08 +01:00
John McLear
8edd8e1291
Update package.json 2018-04-03 15:47:02 +01:00
John McLear
f4f032afc0
Merge pull request #3297 from apenwarr/auth-sequence
Call authentication hooks before default basic authentication.
2018-04-03 13:41:51 +01:00
John McLear
2765a95774
Merge pull request #3218 from klausweiss/develop
Feature: New server-side hook: onAccessCheck
2018-04-03 13:38:47 +01:00
John McLear
d393bf4dd8
Merge pull request #3232 from michael-dev/develop
Make APIKEY and SESSIONKEY file customizable
2018-04-03 13:34:49 +01:00
John McLear
bb83d39ff0
Merge pull request #3197 from User1m/patch-1
fixed plugin dependency issue
2018-04-03 13:13:11 +01:00
John McLear
18dd90139a
Merge pull request #3115 from noerw/redirect_fix
redirect /admin properly (fix #3114)
2018-04-03 13:10:36 +01:00
John McLear
83ce73b77b
Merge pull request #3134 from psaavedra/develop
WA added  in #1766 is not longer needed
2018-04-03 13:10:19 +01:00
John McLear
022783a774
Merge pull request #3239 from jainendra/jainendra-feature-support-for-rtf
Feature: Support for uploading .rtf files rich text format
2018-04-03 13:07:00 +01:00
John McLear
bb40aa00be
Update express.js 2018-04-03 10:59:10 +01:00
John McLear
50bbcb87bb
Merge pull request #4 from nashe/jsonp_fix
Added a jsonp var checker
2018-04-03 10:29:52 +01:00
Mikk Andresen
6f2466bebc Merge with upstream develop. 2018-04-02 13:47:16 +03:00
ilmar
cf82177b36 ueberDB2 update 2018-03-26 17:57:00 +03:00
Luc Didry
b0da9a579d Fix numbering line when plugin add padding-top (like ep_page_view) 2018-03-25 19:24:52 +02:00
John McLear
6c2135bf9a
Merge pull request #6 from nashe/bumpDeps2
Update Deps
2018-03-24 11:08:19 +00:00
John McLear
8767410a36
be more strict on password check 2018-03-23 19:21:52 +00:00
John McLear
e285db9e80
Update Deps
https://i.imgur.com/cxFXNeY.png
2018-03-23 13:21:59 +00:00
Peter 'Pita' Martischka
dd7894d3c9 Added a jsonp var checker 2018-03-23 11:17:39 +00:00
translatewiki.net
cb856ea624 Localisation updates from https://translatewiki.net. 2018-03-22 08:09:21 +01:00
translatewiki.net
d80d64a217 Localisation updates from https://translatewiki.net. 2018-03-19 20:58:02 +01:00
translatewiki.net
49bbb0b59f Localisation updates from https://translatewiki.net. 2018-03-12 08:57:37 +01:00
Luc Didry
82816acf4a Fix .doc export with LibreOffice (soffice) (#3338)
When using LibreOffice to convert pads to doc, we got `Error: no export filter for /tmp/xxxx.doc` (tested with LO 5 and 6). Maybe it's a regression from LO. Anyway, converting HTML to odt, then to doc works.

Thx to lpagliari for her review!
2018-03-08 10:44:11 -03:00
translatewiki.net
6aa19c56a8 Localisation updates from https://translatewiki.net. 2018-03-08 09:28:32 +01:00
translatewiki.net
6f979ca1ef Localisation updates from https://translatewiki.net. 2018-02-22 12:08:59 +01:00
Luiza Pagliari
187e51948d
[fix] Don't show "pad deleted" message when copying pad (#3320)
Fix #3183
2018-02-16 14:18:51 -02:00
translatewiki.net
0c806b7fc0 Localisation updates from https://translatewiki.net. 2018-02-15 09:49:08 +01:00
Luc Didry
0495dbdb16 Update ueberdb dep to 0.3.6 (#3326) 2018-02-14 15:07:50 -02:00
Man Yue Mo
a2992b3624 fix jsonp checking. 2018-02-07 08:43:07 +00:00
Stefan
1e25e7fc77 Release version 1.6.3 2018-02-03 12:57:22 +01:00
Stefan
b292e137ed Added missing require for is-var-name 2018-02-03 12:33:33 +01:00
John McLear
a03422b094
Merge pull request #3313 from rhelmer/sanitize-window-location
better sanitize window location in error messages
2018-01-31 08:25:59 +00:00
Robert Helmer
f56936c936 better sanitize jsonp 2018-01-30 12:52:19 -08:00
Robert Helmer
38b1e0a35e better sanitize window location in error messages 2018-01-30 12:51:53 -08:00
translatewiki.net
d7c93b0c0d Localisation updates from https://translatewiki.net. 2018-01-29 09:05:18 +01:00
translatewiki.net
832855cc21 Localisation updates from https://translatewiki.net. 2018-01-25 05:17:41 +01:00
translatewiki.net
281b211332 Localisation updates from https://translatewiki.net. 2018-01-22 15:03:53 +01:00
translatewiki.net
a16bc9cd3a Localisation updates from https://translatewiki.net. 2018-01-18 08:31:51 +01:00
Joas Souza
454f539561 Select formatting button on selection (#3301)
[feat] Select button when selection is on formatted text
2018-01-04 12:28:00 -02:00
Joas Souza
f1fcd16894 Add settings to scroll on edition out of viewport (#3282)
* Add scroll when it edits a line out of viewport

By default, when there is an edition of a line, which is out of the
viewport, Etherpad scrolls the minimum necessary to make this line
visible. This makes that the line stays either on the top or the bottom
of the viewport. With this commit, we add a setting to make possible to
scroll to a position x% pixels from the viewport. Besides of that, we
add a setting to make an animation of this scroll.
If nothing is changed on settings.json the Etherpad default behavior is
kept
2018-01-03 19:57:28 -02:00
translatewiki.net
291f700376 Localisation updates from https://translatewiki.net. 2018-01-01 15:26:09 +01:00
Avery Pennarun
e0582797f2 Call authentication hooks before default basic authentication.
This allows authenticators to do any extra session setup for a given user,
even if their username/password happens to match settings.json.
2017-12-31 12:32:50 +00:00
translatewiki.net
6ecc1c3895 Localisation updates from https://translatewiki.net. 2017-12-28 08:55:45 +01:00
translatewiki.net
d797344f56 Localisation updates from https://translatewiki.net. 2017-12-21 08:27:40 +01:00
translatewiki.net
924545525f Localisation updates from https://translatewiki.net. 2017-12-07 08:58:49 +01:00
John McLear
bb11d014ab
Update package.json 2017-12-04 20:06:58 +00:00
Loïck Magniez
38cbff11a1 Adapted the padding due to the font-size modification 2017-11-23 16:24:08 +01:00
translatewiki.net
781b643775 Localisation updates from https://translatewiki.net. 2017-11-23 07:34:14 +01:00
Loick Magniez
54e834194b Changed the color palette and changed the pad's font size to 16px 2017-11-22 16:04:17 +01:00
translatewiki.net
c0f74cac5d Localisation updates from https://translatewiki.net. 2017-11-20 09:07:26 +01:00
translatewiki.net
69f0560529 Localisation updates from https://translatewiki.net. 2017-11-16 10:54:04 +01:00
translatewiki.net
d519714914 Localisation updates from https://translatewiki.net. 2017-11-09 08:09:41 +01:00
translatewiki.net
407d95868b Localisation updates from https://translatewiki.net. 2017-11-06 09:00:43 +01:00
Rainer Rillke
f12debd5c7 Catch SIGTERM for graceful shutdown (#3266)
Shut down database connection and exit the node process
when SIGTERM is encountered. This is especially important
when nodejs is run as PID1, e.g. in a docker container.

Shutting down connections to clients (browsers) is beyond
this patche's scope.

Resolves #3265
2017-11-04 19:59:19 -02:00
Stefan (Gared)
baa372763c Release version 1.6.2 2017-11-04 17:24:29 +01:00
Stefan (Gared)
e7b72f2234 Fix #3111 updating request to 2.83.0 2017-11-04 17:17:58 +01:00
ilmar
30400509ba added tiblus ep_prefs_different_cookie_for_different_protocol 2017-11-03 10:47:54 +02:00
translatewiki.net
097c07adec Localisation updates from https://translatewiki.net. 2017-11-02 08:12:10 +01:00
ilmar
76f211b0bf ExportHtml.js update 2017-11-01 09:48:23 +02:00
ilmar
5469ce85cd exportHTML update 2017-10-31 22:46:24 +02:00
ilmar
724b1d734b updated html export, run hooks also with lists 2017-10-31 16:23:41 +02:00
translatewiki.net
266b4a6a51 Localisation updates from https://translatewiki.net. 2017-10-23 04:59:18 +02:00
ilmar
c36a3264fe fix to ether/etherpad-lite#2486 2017-10-21 01:04:53 +03:00
ilmar
69bf32cd46 fix to https://github.com/ether/etherpad-lite/issues/2486 2017-10-19 16:11:40 +03:00
translatewiki.net
8c85205a80 Localisation updates from https://translatewiki.net. 2017-10-19 09:01:31 +02:00
Stefan
c85ffd663e Merge pull request #3241 from djmaze/fix-socket-io-crash
Update socket.io to 1.7.3
2017-10-12 23:12:19 +02:00
translatewiki.net
bb80085c9a Localisation updates from https://translatewiki.net. 2017-10-12 08:36:19 +02:00
Luiza Pagliari
0e1414dcca Allow 'placeholder' to be a localizable attribute on HTML elements (#3257) 2017-09-21 17:49:33 -03:00
translatewiki.net
67439545a6 Localisation updates from https://translatewiki.net. 2017-09-21 09:21:11 +02:00
translatewiki.net
3f875a56e3 Localisation updates from https://translatewiki.net. 2017-09-11 07:16:33 +02:00
translatewiki.net
457fdaa360 Localisation updates from https://translatewiki.net. 2017-09-07 07:17:26 +02:00
translatewiki.net
a0aedd6793 Localisation updates from https://translatewiki.net. 2017-08-31 07:54:29 +02:00
translatewiki.net
c62f00477e Localisation updates from https://translatewiki.net. 2017-08-21 07:36:39 +02:00
translatewiki.net
392d649f4d Localisation updates from https://translatewiki.net. 2017-08-17 15:31:28 +02:00
Luiza Pagliari
ed5213c9a2 Revert "[feat] Update l10n lib (#3248)" (#3249)
This reverts commit 6bcaa00a4b.
2017-08-15 11:09:56 -03:00
Luiza Pagliari
6bcaa00a4b [feat] Update l10n lib (#3248)
Last update was from 2014.

Fix #3244.
2017-08-15 10:22:59 -03:00
translatewiki.net
9b9d604c09 Localisation updates from https://translatewiki.net. 2017-08-14 08:14:37 +02:00
translatewiki.net
e93d607165 Localisation updates from https://translatewiki.net. 2017-08-07 07:22:05 +02:00
Martin Honermeyer
f10e60713b Update socket.io to 1.7.3
That in turn upgrades engine.io to 1.8.2. This fixes a crash for me when
running behind a traefik reverse proxy.
https://github.com/socketio/engine.io/issues/465
2017-08-04 15:42:25 +02:00
Jainendra Mandavi
b4ddd0276d Use abiword to process .rft files 2017-08-04 03:23:12 +05:30
translatewiki.net
8abba28756 Localisation updates from https://translatewiki.net. 2017-08-03 10:39:40 +02:00
Michael Braun
4cce3bcbed Make APIKEY und SESSIONKEY file customizable
Running multiple instances sometimes requires different api- and session-keys for security reasons.
2017-07-31 15:31:45 +02:00
translatewiki.net
67c4e336e0 Localisation updates from https://translatewiki.net. 2017-07-31 14:58:13 +02:00
Stefan
f6456c0aa7 Merge pull request #3187 from tiblu/ep_prefs_different_cookie_for_different_protocol
#3179 - Using EP on same domain, but over different protocols causes "Warning: it appears that your browser does not have cookies enabled.
2017-07-30 11:49:29 +02:00
Stefan
5382b06ede Merge pull request #3231 from jainendra/fix-2864-import-pdf
FIX-2864: Add useAbiword flag
2017-07-30 11:42:39 +02:00