diff options
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | SECURITY.md | 4 | ||||
-rw-r--r-- | app.js | 1 | ||||
-rw-r--r-- | app.json | 4 | ||||
-rw-r--r-- | docs/configuration.md | 1 | ||||
-rw-r--r-- | docs/dev/api.md | 1 | ||||
-rw-r--r-- | docs/dev/openapi.yml | 23 | ||||
-rw-r--r-- | docs/setup/docker-linuxserver.md | 2 | ||||
-rw-r--r-- | lib/config/default.js | 1 | ||||
-rw-r--r-- | lib/config/environment.js | 1 | ||||
-rw-r--r-- | lib/config/hackmdEnvironment.js | 3 | ||||
-rw-r--r-- | lib/config/index.js | 7 | ||||
-rw-r--r-- | lib/config/oldDefault.js | 3 | ||||
-rw-r--r-- | lib/web/note/actions.js | 33 | ||||
-rw-r--r-- | lib/web/note/controller.js | 8 | ||||
-rw-r--r-- | package.json | 1 | ||||
-rw-r--r-- | public/docs/features.md | 2 | ||||
-rw-r--r-- | public/js/index.js | 2 | ||||
-rw-r--r-- | public/js/lib/editor/ui-elements.js | 3 | ||||
-rw-r--r-- | public/views/hedgedoc/header.ejs | 8 | ||||
-rw-r--r-- | public/views/index/body.ejs | 2 |
21 files changed, 9 insertions, 103 deletions
@@ -87,7 +87,7 @@ Licensed under AGPLv3. For our list of contributors, see [AUTHORS](AUTHORS). The license does not include the HedgeDoc logo, whose terms of usage can be found in the [github repository](https://github.com/hedgedoc/hedgedoc-logo). [matrix.org-image]: https://img.shields.io/matrix/hedgedoc:matrix.org?logo=matrix&server_fqdn=matrix.org -[matrix.org-url]: https://matrix.to/#/#hedgedoc:matrix.org +[matrix.org-url]: https://chat.hedgedoc.org [github-version-badge]: https://img.shields.io/github/release/hedgedoc/hedgedoc.svg [github-release-page]: https://github.com/hedgedoc/hedgedoc/releases [github-release-feed]: https://github.com/hedgedoc/hedgedoc/releases.atom diff --git a/SECURITY.md b/SECURITY.md index d7e7390b..0e6660f8 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -16,7 +16,7 @@ which will take care of the encryption for you. We'll get back to you as soon as possible. You can expect an answer within 3 days, in rare cases within a month. If you don't get a reply within a month, -please reach out for other contact addresses in the [community chat](https://matrix.to/#/#hedgedoc:matrix.org). +please reach out for other contact addresses in the [community chat](https://chat.hedgedoc.org). When your findings are accepted as a security issue, we'll work an a fix or at least a workaround for the next release. With the release that contained @@ -29,4 +29,4 @@ a fix yourself and contribute it to HedgeDoc, as well as publish them as you like and allow people to make in informed decision about using HedgeDoc. If you have any further questions, feel free to reach out to the -[community chat](https://matrix.to/#/#hedgedoc:matrix.org) or the mentioned contacts above. +[community chat](https://chat.hedgedoc.org) or the mentioned contacts above. @@ -191,7 +191,6 @@ app.locals.serverURL = config.serverURL app.locals.sourceURL = config.sourceURL app.locals.allowAnonymous = config.allowAnonymous app.locals.allowAnonymousEdits = config.allowAnonymousEdits -app.locals.allowPDFExport = config.allowPDFExport app.locals.authProviders = { facebook: config.isFacebookEnable, twitter: config.isTwitterEnable, @@ -143,10 +143,6 @@ "CMD_IMGUR_CLIENTID": { "description": "Imgur API client id", "required": false - }, - "CMD_ALLOW_PDF_EXPORT": { - "description": "Enable or disable PDF exports", - "required": false } }, "addons": [ diff --git a/docs/configuration.md b/docs/configuration.md index 25df7366..f17f3c33 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -22,7 +22,6 @@ to `config.json` before filling in your own details. | config file | environment | **default** and example value | description | | ------------------- | ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `allowPDFExport` | `CMD_ALLOW_PDF_EXPORT` | **`true`** or `false` | Enable or disable PDF exports | | | `CMD_CONFIG_FILE` | **no default**, `/path/to/config.json` | optional override for the path to HedgeDoc's config file | | `db` | | **`undefined`**, `{ "dialect": "sqlite", "storage": "./db.hedgedoc.sqlite" }` | set the db configs, [see more here](http://sequelize.readthedocs.org/en/latest/api/sequelize/) | | `dbURL` | `CMD_DB_URL` | **`undefined`**, `mysql://localhost:3306/database` | Set the db in URL style. If set, then the relevant `db` config entries will be overridden. | diff --git a/docs/dev/api.md b/docs/dev/api.md index 5422533d..e89741d3 100644 --- a/docs/dev/api.md +++ b/docs/dev/api.md @@ -13,7 +13,6 @@ You have to replace *\<NOTE\>* with either the alias or id of a note you want to | `/new` | `POST` | **Imports some markdown data into a new note.**<br>A random id will be assigned and the content will equal to the body of the received HTTP-request. The `Content-Type: text/markdown` header should be set on this request. | | `/new/<ALIAS>` | `POST` | **Imports some markdown data into a new note with a given alias.**<br>This endpoint equals to the above one except that the alias from the url will be assigned to the note if [FreeURL-mode](../configuration-env-vars.md#users-and-privileges) is enabled. | | `/<NOTE>/download` or `/s/<SHORT-ID>/download` | `GET` | **Returns the raw markdown content of a note.** | -| `/<NOTE>/pdf` | `GET` | **Returns a generated pdf version of the note.**<br>If pdf-support is disabled, a HTTP 403 will be returned.<br>*Please note: Currently pdf export is disabled generally because of a security problem with it.* | | `/<NOTE>/publish` | `GET` | **Redirects to the published version of the note.** | | `/<NOTE>/slide` | `GET` | **Redirects to the slide-presentation of the note.**<br>This is only useful on notes which are designed to be slides. | | `/<NOTE>/info` | `GET` | **Returns metadata about the note.**<br>This includes the title and description of the note as well as the creation date and viewcount. The data is returned as a JSON object. | diff --git a/docs/dev/openapi.yml b/docs/dev/openapi.yml index aafaddc3..77d7e9de 100644 --- a/docs/dev/openapi.yml +++ b/docs/dev/openapi.yml @@ -89,29 +89,6 @@ paths: 'text/plain': example: my-note - /{note}/pdf: - get: - tags: - - note - summary: Returns a generated pdf version of the note. - description: 'If pdf-support is disabled, a HTTP 403 will be returned.<br>_Please note: Currently pdf export is disabled generally because of a security problem with it._' - responses: - 200: - description: The generated pdf version of the note - content: - 'application/pdf': - example: binary - 404: - description: Note does not exist - parameters: - - name: note - in: path - required: true - description: The note which should be exported as pdf - content: - 'text/plain': - example: my-note - /{note}/publish: get: tags: diff --git a/docs/setup/docker-linuxserver.md b/docs/setup/docker-linuxserver.md index 58d5c8da..daff4116 100644 --- a/docs/setup/docker-linuxserver.md +++ b/docs/setup/docker-linuxserver.md @@ -2,7 +2,7 @@ [![LinuxServer.io Discord](https://img.shields.io/discord/354974912613449730.svg?logo=discord&label=LSIO%20Discord&style=flat-square)](https://discord.gg/YWrKVTn)[![container version badge](https://images.microbadger.com/badges/version/linuxserver/codimd.svg)](https://microbadger.com/images/linuxserver/codimd "Get your own version badge on microbadger.com")[![container image size badge](https://images.microbadger.com/badges/image/linuxserver/codimd.svg)](https://microbadger.com/images/linuxserver/codimd "Get your own version badge on microbadger.com")![Docker Pulls](https://img.shields.io/docker/pulls/linuxserver/codimd.svg)![Docker Stars](https://img.shields.io/docker/stars/linuxserver/codimd.svg)[![Build Status](https://ci.linuxserver.io/buildStatus/icon?job=Docker-Pipeline-Builders/docker-codimd/master)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-codimd/job/master/)[![LinuxServer.io CI summary](https://lsio-ci.ams3.digitaloceanspaces.com/linuxserver/codimd/latest/badge.svg)](https://lsio-ci.ams3.digitaloceanspaces.com/linuxserver/codimd/latest/index.html) -[LinuxServer.io](https://linuxserver.io) have created an Ubuntu-based multi-arch container image for x86-64, arm64 and armhf which supports PDF export from all architectures using [PhantomJS](https://phantomjs.org/). +[LinuxServer.io](https://linuxserver.io) have created an Ubuntu-based multi-arch container image for x86-64, arm64 and armhf. - It supports all the environment variables detailed in the [configuration documentation](../configuration-env-vars.md) to modify it according to your needs. - It gets rebuilt on new releases from HedgeDoc and also weekly if necessary to update any other package changes in the underlying container, making it easy to keep your HedgeDoc instance up to date. diff --git a/lib/config/default.js b/lib/config/default.js index 00fa9eae..fe9b7059 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -160,7 +160,6 @@ module.exports = { email: true, allowEmailRegister: true, allowGravatar: true, - allowPDFExport: true, openID: false, // linkifyHeaderStyle - How is a header text converted into a link id. // Header Example: "3.1. Good Morning my Friend! - Do you have 5$?" diff --git a/lib/config/environment.js b/lib/config/environment.js index 494e669f..2a2c5fbb 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -140,7 +140,6 @@ module.exports = { email: toBooleanConfig(process.env.CMD_EMAIL), allowEmailRegister: toBooleanConfig(process.env.CMD_ALLOW_EMAIL_REGISTER), allowGravatar: toBooleanConfig(process.env.CMD_ALLOW_GRAVATAR), - allowPDFExport: toBooleanConfig(process.env.CMD_ALLOW_PDF_EXPORT), openID: toBooleanConfig(process.env.CMD_OPENID), linkifyHeaderStyle: process.env.CMD_LINKIFY_HEADER_STYLE } diff --git a/lib/config/hackmdEnvironment.js b/lib/config/hackmdEnvironment.js index d4ae77f0..76e41361 100644 --- a/lib/config/hackmdEnvironment.js +++ b/lib/config/hackmdEnvironment.js @@ -121,6 +121,5 @@ module.exports = { } }, email: toBooleanConfig(process.env.HMD_EMAIL), - allowEmailRegister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER), - allowPDFExport: toBooleanConfig(process.env.HMD_ALLOW_PDF_EXPORT) + allowEmailRegister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER) } diff --git a/lib/config/index.js b/lib/config/index.js index f78513a0..6aab2e28 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -125,7 +125,6 @@ config.isMattermostEnable = config.mattermost.clientID && config.mattermost.clie config.isLDAPEnable = config.ldap.url config.isSAMLEnable = config.saml.idpSsoUrl config.isOAuth2Enable = config.oauth2.clientID && config.oauth2.clientSecret -config.isPDFExportEnable = config.allowPDFExport // Check gitlab api version if (config.gitlab && config.gitlab.version !== 'v4' && config.gitlab.version !== 'v3') { @@ -194,12 +193,6 @@ switch (config.imageUploadType) { ] } -// Disable PDF export due to security issue -if (config.allowPDFExport) { - config.allowPDFExport = false - logger.warn('PDF export was disabled for this release to mitigate a critical security issue. This feature will hopefully become available again in future releases.') -} - // generate correct path config.sslCAPath.forEach(function (capath, i, array) { array[i] = path.resolve(appRootPath, capath) diff --git a/lib/config/oldDefault.js b/lib/config/oldDefault.js index 90942951..738ad9f7 100644 --- a/lib/config/oldDefault.js +++ b/lib/config/oldDefault.js @@ -37,6 +37,5 @@ module.exports = { // document documentmaxlength: undefined, imageuploadtype: undefined, - allowemailregister: undefined, - allowpdfexport: undefined + allowemailregister: undefined } diff --git a/lib/web/note/actions.js b/lib/web/note/actions.js index 9ff7fedb..d92d2443 100644 --- a/lib/web/note/actions.js +++ b/lib/web/note/actions.js @@ -2,9 +2,7 @@ const models = require('../../models') const logger = require('../../logger') const config = require('../../config') const errors = require('../../errors') -const fs = require('fs') const shortId = require('shortid') -const markdownpdf = require('markdown-pdf') const moment = require('moment') const querystring = require('querystring') @@ -33,37 +31,6 @@ exports.getInfo = function getInfo (req, res, note) { res.send(data) } -exports.createPDF = function createPDF (req, res, note) { - const url = config.serverURL || 'http://' + req.get('host') - const body = note.content - const extracted = models.Note.extractMeta(body) - let content = extracted.markdown - const title = models.Note.decodeTitle(note.title) - - if (!fs.existsSync(config.tmpPath)) { - fs.mkdirSync(config.tmpPath) - } - const path = config.tmpPath + '/' + Date.now() + '.pdf' - content = content.replace(/\]\(\//g, '](' + url + '/') - markdownpdf().from.string(content).to(path, function () { - if (!fs.existsSync(path)) { - logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path) - return errors.errorInternalError(res) - } - const stream = fs.createReadStream(path) - let filename = title - // Be careful of special characters - filename = encodeURIComponent(filename) - // Ideally this should strip them - res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"') - res.setHeader('Cache-Control', 'private') - res.setHeader('Content-Type', 'application/pdf; charset=UTF-8') - res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling - stream.pipe(res) - fs.unlinkSync(path) - }) -} - exports.createGist = function createGist (req, res, note) { const data = { client_id: config.github.clientID, diff --git a/lib/web/note/controller.js b/lib/web/note/controller.js index f79574df..45aea9e2 100644 --- a/lib/web/note/controller.js +++ b/lib/web/note/controller.js @@ -110,14 +110,6 @@ exports.doAction = function (req, res, next) { case 'info': noteActions.getInfo(req, res, note) break - case 'pdf': - if (config.allowPDFExport) { - noteActions.createPDF(req, res, note) - } else { - logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details') - errors.errorForbidden(res) - } - break case 'gist': noteActions.createGist(req, res, note) break diff --git a/package.json b/package.json index d4173f8a..603af0c7 100644 --- a/package.json +++ b/package.json @@ -80,7 +80,6 @@ "markdown-it-regexp": "^0.4.0", "markdown-it-sub": "^1.0.0", "markdown-it-sup": "^1.0.0", - "markdown-pdf": "^10.0.0", "mathjax": "^2.7.6", "mattermost": "^3.4.0", "mermaid": "^8.5.1", diff --git a/public/docs/features.md b/public/docs/features.md index 8c88d7ae..378b81dd 100644 --- a/public/docs/features.md +++ b/public/docs/features.md @@ -7,7 +7,7 @@ This means that you can write notes with other people on your **desktop**, **tab You can sign-in via multiple auth providers like **Facebook**, **Twitter**, **GitHub** and many more on the [*homepage*](/). If you experience any *issues*, feel free to report it on [**GitHub**](https://github.com/hedgedoc/hedgedoc/issues). -Or meet us on [**Matrix.org**](https://matrix.to/#/#hedgedoc:matrix.org) for dev-talk and interactive help. +Or meet us on [**Matrix**](https://chat.hedgedoc.org) for dev-talk and interactive help. **Thank you very much!** ## Workspace diff --git a/public/js/index.js b/public/js/index.js index 9946e6fd..92acd130 100644 --- a/public/js/index.js +++ b/public/js/index.js @@ -941,8 +941,6 @@ ui.toolbar.download.rawhtml.click(function (e) { e.stopPropagation() exportToRawHTML(ui.area.markdown) }) -// pdf -ui.toolbar.download.pdf.attr('download', '').attr('href', noteurl + '/pdf') // export to dropbox ui.toolbar.export.dropbox.click(function (event) { event.preventDefault() diff --git a/public/js/lib/editor/ui-elements.js b/public/js/lib/editor/ui-elements.js index ce19436b..b1e3b5cb 100644 --- a/public/js/lib/editor/ui-elements.js +++ b/public/js/lib/editor/ui-elements.js @@ -17,8 +17,7 @@ export const getUIElements = () => ({ download: { markdown: $('.ui-download-markdown'), html: $('.ui-download-html'), - rawhtml: $('.ui-download-raw-html'), - pdf: $('.ui-download-pdf-beta') + rawhtml: $('.ui-download-raw-html') }, export: { dropbox: $('.ui-save-dropbox'), diff --git a/public/views/hedgedoc/header.ejs b/public/views/hedgedoc/header.ejs index f700cd5b..ecf96e42 100644 --- a/public/views/hedgedoc/header.ejs +++ b/public/views/hedgedoc/header.ejs @@ -66,10 +66,6 @@ </li> <li role="presentation"><a role="menuitem" class="ui-download-raw-html" tabindex="-1" href="#" target="_self"><i class="fa fa-file-code-o fa-fw"></i> <%= __('Raw HTML') %></a> </li> - <% if(typeof allowPDFExport !== 'undefined' && allowPDFExport) {%> - <li role="presentation"><a role="menuitem" class="ui-download-pdf-beta" tabindex="-1" href="#" target="_self"><i class="fa fa-file-pdf-o fa-fw"></i> PDF (Beta)</a> - </li> - <% } %> <li class="divider"></li> <li role="presentation"><a role="menuitem" class="ui-help" href="#" data-toggle="modal" data-target=".help-modal"><i class="fa fa-question-circle fa-fw"></i> Help</a> </li> @@ -165,10 +161,6 @@ </li> <li role="presentation"><a role="menuitem" class="ui-download-raw-html" tabindex="-1" href="#" target="_self"><i class="fa fa-file-code-o fa-fw"></i> <%= __('Raw HTML') %></a> </li> - <% if(typeof allowPDFExport !== 'undefined' && allowPDFExport) {%> - <li role="presentation"><a role="menuitem" class="ui-download-pdf-beta" tabindex="-1" href="#" target="_self"><i class="fa fa-file-pdf-o fa-fw"></i> PDF (Beta)</a> - </li> - <% } %> </ul> </li> </ul> diff --git a/public/views/index/body.ejs b/public/views/index/body.ejs index 6176cb6e..d3552c75 100644 --- a/public/views/index/body.ejs +++ b/public/views/index/body.ejs @@ -162,7 +162,7 @@ <%- __('Powered by %s', '<a href="https://hedgedoc.org">HedgeDoc</a>') %> | <a href="<%- serverURL %>/s/release-notes" target="_blank" rel="noopener"><%= __('Releases') %></a> | <a href="<%- sourceURL %>" target="_blank" rel="noopener"><%= __('Source Code') %></a><% if(imprint) { %> | <a href="<%- serverURL %>/s/imprint" target="_blank" rel="noopener"><%= __('Imprint') %></a><% } %><% if(privacyStatement) { %> | <a href="<%- serverURL %>/s/privacy" target="_blank" rel="noopener"><%= __('Privacy') %></a><% } %><% if(termsOfUse) { %> | <a href="<%- serverURL %>/s/terms-of-use" target="_blank" rel="noopener"><%= __('Terms of Use') %></a><% } %> </p> <h6 class="social-foot"> - <%- __('Follow us on %s and %s.', '<a href="https://github.com/hedgedoc/hedgedoc" target="_blank" rel="noopener"><i class="fa fa-github"></i> GitHub</a>, <a href="https://community.hedgedoc.org" target="_blank" rel="noopener"><i class="fa fa-users" aria-hidden="true"></i> Discourse</a>, <a href="https://matrix.to/#/#hedgedoc:matrix.org" target="_blank" rel="noopener"><i class="fa fa-comments"></i> Matrix</a>, <a href="https://social.hedgedoc.org/mastodon" target="_blank" rel="noopener"><i class="fa fa-mastodon"></i> Mastodon</a>', '<a href="https://translate.hedgedoc.org" target="_blank" rel="noopener"><i class="fa fa-globe"></i> POEditor</a>') %> + <%- __('Follow us on %s and %s.', '<a href="https://github.com/hedgedoc/hedgedoc" target="_blank" rel="noopener"><i class="fa fa-github"></i> GitHub</a>, <a href="https://community.hedgedoc.org" target="_blank" rel="noopener"><i class="fa fa-users" aria-hidden="true"></i> Discourse</a>, <a href="https://chat.hedgedoc.org" target="_blank" rel="noopener"><i class="fa fa-comments"></i> Matrix</a>, <a href="https://social.hedgedoc.org/mastodon" target="_blank" rel="noopener"><i class="fa fa-mastodon"></i> Mastodon</a>', '<a href="https://translate.hedgedoc.org" target="_blank" rel="noopener"><i class="fa fa-globe"></i> POEditor</a>') %> </h6> </div> </div> |