Commit Graph

5566 Commits (3872690715a4c3355f169295c11eebaf97f7efd6)

Author SHA1 Message Date
muxator 4728736dd8 db/PadManager: early return, no functional changes 2018-08-29 01:47:38 +02:00
muxator ecb0c41d29 db/PadManager: early return, no functional changes 2018-08-29 01:46:18 +02:00
muxator 12f224ae72 db/PadManager: early return, no functional changes 2018-08-29 01:44:13 +02:00
muxator 391bd79e03 padurlsanitize: early return, no functional changes 2018-08-29 01:38:55 +02:00
muxator d19436d044 adminsettings: early return, no functional changes. 2018-08-29 01:34:45 +02:00
muxator b60c0b122c PadMessageHandler: reversed condition to make core logic evident. No behavioural changes.
This one replaces a big "if (message)" negating its truthy condition.

Being lame, I erred on the safe side and wrote a super ugly statement that is
guaranteed to respect the original logic.

In the hope that eventual logic errors become more evident now.

See: https://stackoverflow.com/questions/36661748/what-is-the-exact-negation-of-ifvariable-in-javascript#36661843
2018-08-29 01:23:38 +02:00
muxator 324929ca2d PadMessageHandler: early return to reduce code depth.
Get rid of an else branch to simplify code layout. No functional changes at all.

==============

This series is an attempt to reduce the control structure depth of the code
base, maintaining at the same time its exact same behaviour, bugs included. It
is, in a sense, an initial attempt at a refactoring in the spirit of its
original definition [0].

The idea beyond this refactoring is that reducing the code depth and, sometimes,
inverting some conditions, bugs and logic errors may become easier to spot, and
the code easier to read.

When looked at ignoring whitespace changes, all of these diffs should appear
trivial.

[0] https://refactoring.com/
2018-08-29 00:57:28 +02:00
anoy 07bc163cb6 url encode pad name 2018-08-27 14:15:50 +02:00
anoy c0e257835c updated nodejs version for travisci 2018-08-27 10:52:22 +02:00
muxator fb1f8dd239 toolbar: missing var declaration
Without this, Etherpad would fail to start in strict mode:
  "ReferenceError: SelectButton is not defined"
2018-08-27 01:34:01 +02:00
muxator 27b3b0ecd2 logs: on the server, use template literals when possible
It's just synctactic sugar, but it is always better than executing string
concatenations in one's mind.

Do not do this with files in src/static, because we want to keep IE 11
compatibility.
2018-08-27 01:29:37 +02:00
muxator 0e972aaecf settings: reword some log messages 2018-08-27 01:56:33 +02:00
muxator 36f39a6e13 ace.js: remove template literals to keep IE 11 compatibility
Files in "src/static" are executed on the client: do not break browser
compatibility because of syntactic sugar.

Introduced in 9c990ab08a.
2018-08-27 02:18:34 +02:00
muxator 7f7efa22b7 javascript license: we cannot assert the license of a custom skin.
Even in the previous versions, it made no sense.
Removing.
2018-08-26 22:28:31 +02:00
muxator 6620014b77 skins: describe the skins in the documentation 2018-08-26 21:17:04 +02:00
muxator 9c990ab08a skins: finalize support for multiple skins
The old "static/custom" directory is replaced by "static/skins/<skinName>",
where <skinName> is taken from settings.json.
When no value is found, a default of "no-skin" is assumed, so that backward
compatibility is maintained.

The most evident security concerns have been addressed.

Closes #3471.
2018-08-26 21:17:04 +02:00
muxator e34c74b24d skins: the settings class understands skinName. Send skinName value to the client
skinName must be a single string (no directory separators in it) pointing to an
existing directory under /src/static/skins.
In case these conditions are not met, its value is rewritten to "no-skin".

Also, the value of skinName if sent to the client via clientVars for allowing
its use it in the browser.
2018-08-26 21:17:04 +02:00
muxator 7edc0fea16 skins: added new parameter "skinName" in setting.json.template
"colibris" does not exist yet, but let's mention it anyway.
2018-08-26 21:17:04 +02:00
muxator aba1c6f8bd skins: moved "static/custom" -> "static/skins/no-skin"
The old empty skin created by the startup scripts becomes the default: no-skin.
2018-08-26 21:17:04 +02:00
muxator 0c518cadf5 skins: replace {js,css}.template with actual files. Simplify startup scripts.
Currently, an Etherpad skin requires the existence of 6 files:
- index.{css,js}
- pad.{css,js}
- timeslider.{css,js}

In the default empty skin (in static/custom), there were 2 small placeholders
({js,css}.template) to be copied in place by the startup script in case no skin
was in use.

Now that we are moving to multiple directories (see #3471) we can simply commit
the example files and remove the copying code from the startup script.
2018-08-26 21:17:04 +02:00
muxator 6c56e7ca7a ace.js: use URL encoding when building an URL via string concatenation
Not performing encoding/decoding when traversing logical domains is a security
risk.
String concatenation is not great, too, but this change is just focused on
allowing the implementation of skin support.
2018-08-26 02:40:36 +02:00
Luc Didry 2cc32d7fe9 Add --writer option to soffice convert command
If you edit `src/templates/export_html.html` to remove the
`<meta name="changedby" content="Etherpad">` tag[1], PDF export with
soffice has a bug: the first word of the pad is deleted and a blank page
is inserted as first page (the pad's text begins on the second page).
The `--writer` soffice option avoids that bug.

[1] you may want to delete that tag since it is inserted as a comment in
.doc or .odt soffice export.
2018-08-24 18:26:51 +02:00
muxator 06476f7ad2 settings.json.template: reorganized dbSetting section to be more comment-friendly
It is better to keep the dirtyDB settings together, so they can be commented out
via a /* ... */.
Nested comments blocks would crash the application on start, because they are
syntactically incorrect.

Let's reduce this possibility, promoting an easier standard.
2018-08-24 01:26:05 +02:00
muxator d1481041c2 specialpages: replace relative paths for sendfile() with absolute ones
This file uses it for robots.txt and favicon.ico.

This makes use of the new stable settings.root introduced with #3466, and will
be modified when introducing support for custom skins.
2018-08-23 23:39:38 +02:00
muxator 9db5fd7884 AbsolutePaths: introduced isSubdir()
It can be used to check whether a user input or a configuration settings tries
to traverse the directory hierarchy, going out of its allowed bounds.

source: https://stackoverflow.com/questions/37521893/determine-if-a-path-is-subdirectory-of-another-in-node-js#45242825
2018-08-23 07:20:17 +02:00
translatewiki.net 0728e66723 Localisation updates from https://translatewiki.net. 2018-08-23 08:15:56 +02:00
muxator ce14a99606 settings, APIHandler: use makeAbsolute() for locating APIKEY and SESSIONKEY 2018-08-23 07:02:45 +02:00
muxator 8247d5eef3 settings: use makeAbsolute() for locating settings.json and credentials.json
This should look to consistent locations when looking for relative paths,
without depending on current working directory.
For absolute paths, nothing changes.
2018-08-23 07:02:45 +02:00
muxator 435b2a4edf settings: the dirtyDb file path is interpreted using makeAbsolute()
Otherwise its position depended on process.cwd
2018-08-23 07:02:45 +02:00
muxator 5406472d65 AbsolutePaths: makeAbsolute() computes an absolute path from a relative one
The base is assumed to be exports.findEtherpadRoot(), without depending on
process.cwd.
2018-08-23 07:02:45 +02:00
muxator 1b938a7a40 settings: compute exports.root via AbsolutePaths.findEtherpadRoot()
First steps for fixing #3466.
2018-08-23 07:02:45 +02:00
muxator b1a0e14ee2 AbsolutePaths: written findEtherpadRoot()
This is just a function (with an ugly side effect for caching purposes) that
heuristically tries to compute the Etherpad installation path when running under
Unix and win32 (they have different file system layouts).

This path can be used by Etherpad as a base for all the relative paths, in order
to be deterministic and not depending on cwd.
2018-08-23 07:02:45 +02:00
muxator cbce3c1b08 AbsolutePaths: written utility function popIfEndsWith()
It will be necessary in the next commit to evaluate the Etherpad base
install path.
2018-08-23 07:02:45 +02:00
muxator dbf7eff1fc AbsolutePaths: module for deterministically computing relative Etherpad paths
Empty for now.
2018-08-23 07:02:45 +02:00
muxator ec5573f88c settings, APIHandler: generate more informative logs 2018-08-21 00:05:15 +02:00
muxator b635371d52 settings: the default dirty.db location should be var/dirty.db
This is the location that is choosen by default when Etherpad starts with no
settings.json file.
It was different than the one contained into setting.json.template.
2018-08-21 21:57:13 +02:00
muxator cb07805022 NodeVersion: take responsibility for ugly code 2018-08-22 00:12:53 +02:00
muxator 93641a165d dependencies: update socket.io 1.7.3 -> 2.1.1
Version 2.x is not backwards compatible with 1.x.
However, according to [0], [1] and [2], it seems that the biggest concern is
when mixing different server and client versions, and this is not Etherpad's
case.

Smoke tested (successfully) on Firefox 61, Chromium 68.

npm audit before this change:
  found 12 vulnerabilities (9 low, 3 high) in 8205 scanned packages
    11 vulnerabilities require semver-major dependency updates.
    1 vulnerability requires manual review. See the full report for details.

npm audit after this change:
  found 1 low severity vulnerability in 8196 scanned packages
    1 vulnerability requires manual review. See the full report for details.

Fixes #3462

[0] https://socket.io/blog/socket-io-2-0-0/
[1] https://github.com/socketio/socket.io/issues/3007#issuecomment-336791836
[2] a0d7a794de
2018-08-18 19:42:42 +02:00
muxator 5f9de6948c cleanRun.sh: get rid of "Bad substitution" error
It was introduced in 4a18f0d97d (#3356).
2018-08-17 22:22:14 +02:00
muxator 4408a1e505 release: prepare for 1.7.0
Written the changelog and updated package.json.

From now on, releases will be cut from develop, and merged directly into master.

Each release will be a tag on the master branch (e.g. 1.7.0).
A "release/1.7.0" branch will eventually be created only if/when a hotfix will
be needed.
2018-08-17 00:18:31 +02:00
muxator d7696413da createRelease.sh: deprecate the script. It will be removed or modified.
Starting with Etherpad 1.7.0, the branching strategies for releases will be
simplified.
Leaving this script here, as it's useful for documenting other release-related
activities.
2018-08-17 00:09:25 +02:00
muxator 36b629346d dependencies: updated npm to 6.4.0 2018-08-16 22:04:40 +02:00
muxator 10eadba0d6
docs: mention that nodejs >= 8.9 is preferred 2018-08-15 23:43:11 +02:00
muxator fc14f60a4b runtime: polyfill Object.values()
Minimum supported Node version is 6.9.0, but Object.values() was introduced in
Node < 7. Let's use a polyfill if needed.

This will be removed when minimum supported Node version is raised to 8.9.0.

Fixes #3459
2018-08-15 22:34:05 +02:00
muxator 7a6d969537 docs: started writing down the requirements for pull requests
No more merge commits in the PR: we want to be able to bisect easily.
Probably the whole doc needs to be updated. Also, we need to have templates for
PRs and Bug Reports, and they have to be described in the document.

Fixes #3454
2018-08-15 02:19:05 +02:00
muxator 9d815c58b8 deprecations: get rid of DEP0005 about Buffer()
Similar code still lives in some dependent libraries.
It will be updated when upgrading the dependencies.

Fixes #3446
2018-08-14 19:45:03 +02:00
muxator 6d5a6cf795 caching_middleware: removed unnecessary escape in regex
Found by eslint with "no-useless-escape"
2018-08-14 19:33:10 +02:00
"muxator ext:(%22) d499e1b046 docs: direct link to measured.Collection from stats.md 2018-08-14 13:27:31 +02:00
"muxator ext:(%22) 42a0772955 dependencies: updated measured 1.1.0 -> measured-core 1.11.2
When installing dependencies, npm informed us that measured had been deprecated,
and renamed to measured-core. Let's follow the advice, and get rid of the
warning.

  npm WARN deprecated measured@1.1.0: This package has been renamed to
  measured-core, all versions of measured have been re-released under
  measured-core, please update your package and consider updating to the newest
  version. See https://github.com/yaorg/node-measured for latest updates.

This package is used to expose a single endpoint ("/stats"), whose output does
not change after this commit.

Fixes #3458
2018-08-14 13:22:41 +02:00
muxator d38f53181f settings.json: in the mysql example, mention the existence of port parameter
The port parameter is supported by the mysql driver, but to know this one has to
read through ueberDB's code.

At least for this simple case, it may make sense to be explicit.

Fixes #3453
2018-08-11 16:44:37 +02:00