diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/config/default.js | 1 | ||||
-rw-r--r-- | lib/config/environment.js | 1 | ||||
-rw-r--r-- | lib/config/hackmdEnvironment.js | 3 | ||||
-rw-r--r-- | lib/config/index.js | 7 | ||||
-rw-r--r-- | lib/config/oldDefault.js | 3 | ||||
-rw-r--r-- | lib/web/note/actions.js | 33 | ||||
-rw-r--r-- | lib/web/note/controller.js | 8 |
7 files changed, 2 insertions, 54 deletions
diff --git a/lib/config/default.js b/lib/config/default.js index 00fa9eae..fe9b7059 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -160,7 +160,6 @@ module.exports = { email: true, allowEmailRegister: true, allowGravatar: true, - allowPDFExport: true, openID: false, // linkifyHeaderStyle - How is a header text converted into a link id. // Header Example: "3.1. Good Morning my Friend! - Do you have 5$?" diff --git a/lib/config/environment.js b/lib/config/environment.js index cf9fb5a1..b123faca 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -137,7 +137,6 @@ module.exports = { email: toBooleanConfig(process.env.CMD_EMAIL), allowEmailRegister: toBooleanConfig(process.env.CMD_ALLOW_EMAIL_REGISTER), allowGravatar: toBooleanConfig(process.env.CMD_ALLOW_GRAVATAR), - allowPDFExport: toBooleanConfig(process.env.CMD_ALLOW_PDF_EXPORT), openID: toBooleanConfig(process.env.CMD_OPENID), linkifyHeaderStyle: process.env.CMD_LINKIFY_HEADER_STYLE } diff --git a/lib/config/hackmdEnvironment.js b/lib/config/hackmdEnvironment.js index d4ae77f0..76e41361 100644 --- a/lib/config/hackmdEnvironment.js +++ b/lib/config/hackmdEnvironment.js @@ -121,6 +121,5 @@ module.exports = { } }, email: toBooleanConfig(process.env.HMD_EMAIL), - allowEmailRegister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER), - allowPDFExport: toBooleanConfig(process.env.HMD_ALLOW_PDF_EXPORT) + allowEmailRegister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER) } diff --git a/lib/config/index.js b/lib/config/index.js index f78513a0..6aab2e28 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -125,7 +125,6 @@ config.isMattermostEnable = config.mattermost.clientID && config.mattermost.clie config.isLDAPEnable = config.ldap.url config.isSAMLEnable = config.saml.idpSsoUrl config.isOAuth2Enable = config.oauth2.clientID && config.oauth2.clientSecret -config.isPDFExportEnable = config.allowPDFExport // Check gitlab api version if (config.gitlab && config.gitlab.version !== 'v4' && config.gitlab.version !== 'v3') { @@ -194,12 +193,6 @@ switch (config.imageUploadType) { ] } -// Disable PDF export due to security issue -if (config.allowPDFExport) { - config.allowPDFExport = false - logger.warn('PDF export was disabled for this release to mitigate a critical security issue. This feature will hopefully become available again in future releases.') -} - // generate correct path config.sslCAPath.forEach(function (capath, i, array) { array[i] = path.resolve(appRootPath, capath) diff --git a/lib/config/oldDefault.js b/lib/config/oldDefault.js index 90942951..738ad9f7 100644 --- a/lib/config/oldDefault.js +++ b/lib/config/oldDefault.js @@ -37,6 +37,5 @@ module.exports = { // document documentmaxlength: undefined, imageuploadtype: undefined, - allowemailregister: undefined, - allowpdfexport: undefined + allowemailregister: undefined } diff --git a/lib/web/note/actions.js b/lib/web/note/actions.js index 9ff7fedb..d92d2443 100644 --- a/lib/web/note/actions.js +++ b/lib/web/note/actions.js @@ -2,9 +2,7 @@ const models = require('../../models') const logger = require('../../logger') const config = require('../../config') const errors = require('../../errors') -const fs = require('fs') const shortId = require('shortid') -const markdownpdf = require('markdown-pdf') const moment = require('moment') const querystring = require('querystring') @@ -33,37 +31,6 @@ exports.getInfo = function getInfo (req, res, note) { res.send(data) } -exports.createPDF = function createPDF (req, res, note) { - const url = config.serverURL || 'http://' + req.get('host') - const body = note.content - const extracted = models.Note.extractMeta(body) - let content = extracted.markdown - const title = models.Note.decodeTitle(note.title) - - if (!fs.existsSync(config.tmpPath)) { - fs.mkdirSync(config.tmpPath) - } - const path = config.tmpPath + '/' + Date.now() + '.pdf' - content = content.replace(/\]\(\//g, '](' + url + '/') - markdownpdf().from.string(content).to(path, function () { - if (!fs.existsSync(path)) { - logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path) - return errors.errorInternalError(res) - } - const stream = fs.createReadStream(path) - let filename = title - // Be careful of special characters - filename = encodeURIComponent(filename) - // Ideally this should strip them - res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"') - res.setHeader('Cache-Control', 'private') - res.setHeader('Content-Type', 'application/pdf; charset=UTF-8') - res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling - stream.pipe(res) - fs.unlinkSync(path) - }) -} - exports.createGist = function createGist (req, res, note) { const data = { client_id: config.github.clientID, diff --git a/lib/web/note/controller.js b/lib/web/note/controller.js index f79574df..45aea9e2 100644 --- a/lib/web/note/controller.js +++ b/lib/web/note/controller.js @@ -110,14 +110,6 @@ exports.doAction = function (req, res, next) { case 'info': noteActions.getInfo(req, res, note) break - case 'pdf': - if (config.allowPDFExport) { - noteActions.createPDF(req, res, note) - } else { - logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details') - errors.errorForbidden(res) - } - break case 'gist': noteActions.createGist(req, res, note) break |