summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/config/default.js1
-rw-r--r--lib/config/environment.js1
-rw-r--r--lib/config/hackmdEnvironment.js3
-rw-r--r--lib/config/index.js7
-rw-r--r--lib/config/oldDefault.js3
-rw-r--r--lib/web/note/actions.js33
-rw-r--r--lib/web/note/controller.js8
7 files changed, 2 insertions, 54 deletions
diff --git a/lib/config/default.js b/lib/config/default.js
index 00fa9eae..fe9b7059 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -160,7 +160,6 @@ module.exports = {
email: true,
allowEmailRegister: true,
allowGravatar: true,
- allowPDFExport: true,
openID: false,
// linkifyHeaderStyle - How is a header text converted into a link id.
// Header Example: "3.1. Good Morning my Friend! - Do you have 5$?"
diff --git a/lib/config/environment.js b/lib/config/environment.js
index cf9fb5a1..b123faca 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -137,7 +137,6 @@ module.exports = {
email: toBooleanConfig(process.env.CMD_EMAIL),
allowEmailRegister: toBooleanConfig(process.env.CMD_ALLOW_EMAIL_REGISTER),
allowGravatar: toBooleanConfig(process.env.CMD_ALLOW_GRAVATAR),
- allowPDFExport: toBooleanConfig(process.env.CMD_ALLOW_PDF_EXPORT),
openID: toBooleanConfig(process.env.CMD_OPENID),
linkifyHeaderStyle: process.env.CMD_LINKIFY_HEADER_STYLE
}
diff --git a/lib/config/hackmdEnvironment.js b/lib/config/hackmdEnvironment.js
index d4ae77f0..76e41361 100644
--- a/lib/config/hackmdEnvironment.js
+++ b/lib/config/hackmdEnvironment.js
@@ -121,6 +121,5 @@ module.exports = {
}
},
email: toBooleanConfig(process.env.HMD_EMAIL),
- allowEmailRegister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER),
- allowPDFExport: toBooleanConfig(process.env.HMD_ALLOW_PDF_EXPORT)
+ allowEmailRegister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER)
}
diff --git a/lib/config/index.js b/lib/config/index.js
index f78513a0..6aab2e28 100644
--- a/lib/config/index.js
+++ b/lib/config/index.js
@@ -125,7 +125,6 @@ config.isMattermostEnable = config.mattermost.clientID && config.mattermost.clie
config.isLDAPEnable = config.ldap.url
config.isSAMLEnable = config.saml.idpSsoUrl
config.isOAuth2Enable = config.oauth2.clientID && config.oauth2.clientSecret
-config.isPDFExportEnable = config.allowPDFExport
// Check gitlab api version
if (config.gitlab && config.gitlab.version !== 'v4' && config.gitlab.version !== 'v3') {
@@ -194,12 +193,6 @@ switch (config.imageUploadType) {
]
}
-// Disable PDF export due to security issue
-if (config.allowPDFExport) {
- config.allowPDFExport = false
- logger.warn('PDF export was disabled for this release to mitigate a critical security issue. This feature will hopefully become available again in future releases.')
-}
-
// generate correct path
config.sslCAPath.forEach(function (capath, i, array) {
array[i] = path.resolve(appRootPath, capath)
diff --git a/lib/config/oldDefault.js b/lib/config/oldDefault.js
index 90942951..738ad9f7 100644
--- a/lib/config/oldDefault.js
+++ b/lib/config/oldDefault.js
@@ -37,6 +37,5 @@ module.exports = {
// document
documentmaxlength: undefined,
imageuploadtype: undefined,
- allowemailregister: undefined,
- allowpdfexport: undefined
+ allowemailregister: undefined
}
diff --git a/lib/web/note/actions.js b/lib/web/note/actions.js
index 9ff7fedb..d92d2443 100644
--- a/lib/web/note/actions.js
+++ b/lib/web/note/actions.js
@@ -2,9 +2,7 @@ const models = require('../../models')
const logger = require('../../logger')
const config = require('../../config')
const errors = require('../../errors')
-const fs = require('fs')
const shortId = require('shortid')
-const markdownpdf = require('markdown-pdf')
const moment = require('moment')
const querystring = require('querystring')
@@ -33,37 +31,6 @@ exports.getInfo = function getInfo (req, res, note) {
res.send(data)
}
-exports.createPDF = function createPDF (req, res, note) {
- const url = config.serverURL || 'http://' + req.get('host')
- const body = note.content
- const extracted = models.Note.extractMeta(body)
- let content = extracted.markdown
- const title = models.Note.decodeTitle(note.title)
-
- if (!fs.existsSync(config.tmpPath)) {
- fs.mkdirSync(config.tmpPath)
- }
- const path = config.tmpPath + '/' + Date.now() + '.pdf'
- content = content.replace(/\]\(\//g, '](' + url + '/')
- markdownpdf().from.string(content).to(path, function () {
- if (!fs.existsSync(path)) {
- logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path)
- return errors.errorInternalError(res)
- }
- const stream = fs.createReadStream(path)
- let filename = title
- // Be careful of special characters
- filename = encodeURIComponent(filename)
- // Ideally this should strip them
- res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"')
- res.setHeader('Cache-Control', 'private')
- res.setHeader('Content-Type', 'application/pdf; charset=UTF-8')
- res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling
- stream.pipe(res)
- fs.unlinkSync(path)
- })
-}
-
exports.createGist = function createGist (req, res, note) {
const data = {
client_id: config.github.clientID,
diff --git a/lib/web/note/controller.js b/lib/web/note/controller.js
index f79574df..45aea9e2 100644
--- a/lib/web/note/controller.js
+++ b/lib/web/note/controller.js
@@ -110,14 +110,6 @@ exports.doAction = function (req, res, next) {
case 'info':
noteActions.getInfo(req, res, note)
break
- case 'pdf':
- if (config.allowPDFExport) {
- noteActions.createPDF(req, res, note)
- } else {
- logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details')
- errors.errorForbidden(res)
- }
- break
case 'gist':
noteActions.createGist(req, res, note)
break