summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #1153 from toshi0123/for_empty_serverurlChristoph (Sheogorath) Kern2019-03-051-1/+1
|\ | | | | Fix empty serverURL did not redirect properly
| * Fix empty serverURL did not redirect properlytoshi01232019-03-041-1/+1
| | | | | | | | Signed-off-by: toshi0123 <7948737+toshi0123@users.noreply.github.com>
* | Merge pull request #1155 from Turakar/masterChristoph (Sheogorath) Kern2019-03-041-0/+1
|\ \ | | | | | | Mention dependency on libssl-dev in README.md
| * | Mention dependency on libssl-dev in README.mdTurakar2019-03-041-0/+1
| |/ | | | | | | | | | | This dependency was introduced by upgrading to the new scrypt version in commit cee2aa92f9244d1dcfc65c5553f5d7f0bbfb3871. Signed-off-by: Tilman Hoffbauer <turakar23@gmail.com>
* | Fix wrong value type for HSTS environment variableSheogorath2019-03-042-2/+2
| | | | | | | | | | | | | | Seem like also environment variables are affected. This patch fixes that as well. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix wrong value type in example configSheogorath2019-03-041-1/+1
| | | | | | | | | | | | | | | | HSTS maxAge has to be an integer, not a string. Fixes https://github.com/hackmdio/codimd/issues/1159 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #1139 from Luclu7/patch-1Christoph (Sheogorath) Kern2019-03-041-2/+2
|\ \ | | | | | | Corrected a typo
| * | Corrected a typoLuclu72019-02-071-2/+2
| | | | | | | | | Signed-off-by: Luclu7 <me@luclu7.fr>
* | | Release version 1.3.0Sheogorath2019-03-042-1/+96
| | | | | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Fix names with spaces in letter-avatarsSheogorath2019-03-032-2/+42
| | | | | | | | | | | | | | | | | | | | | | | | Seems like there is a possible problem when a name containing a space is passed to this function. using urlencode on the name should fix possible problems here. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #1157 from hackmdio/fix-MathJax-XSS-issueChristoph (Sheogorath) Kern2019-03-033-0/+6
|\ \ \ | | | | | | | | Fix possible MathJax XSS issue [Security Issue]
| * | | Fix possible MathJax XSS issue [Security Issue]Max Wu2019-03-033-0/+6
|/ / / | | | | | | | | | | | | | | | see more at: http://docs.mathjax.org/en/latest/safe-mode.html Signed-off-by: Max Wu <jackymaxj@gmail.com>
* | | Force upgrade of some outdated dependenciesSheogorath2019-03-022-180/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I don't really like the way to go here, but I guess having those forcefully upgraded is better than staying around with vulnerable dependencies. This patch fixes some vulnerbilities in dependencies that were categories as high severity. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Update yarn.lockSheogorath2019-03-021-377/+360
| | | | | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Fix wrong domain in app.jsonSheogorath2019-03-021-1/+1
| |/ |/| | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #1150 from SISheogorath/fix/speakerdeckChristoph (Sheogorath) Kern2019-02-213-34/+9
|\ \ | | | | | | Remove broken speakerdeck embedding
| * | Fix CI errors for unused variablesSheogorath2019-02-211-3/+2
| | | | | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * | Remove broken speakerdeck embeddingSheogorath2019-02-212-31/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current speakerdeck implementation is broken. An alternative implementation using oembed doesn't work due to CORS, which could be solved by proxying the speakerdeck API, but we decided to not do this. This patch provides the link to the speakerdeck presentation instead, and this way doesn't break existing notes. This is right now the best solution we could come up with. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Update yarn.lockSheogorath2019-02-151-390/+379
| | |
* | | Update handlebar to version 4.0.13Sheogorath2019-02-151-1/+1
| | | | | | | | | | | | | | | | | | | | | Synk found an security vulnerbility in the version we provide, that in theory can provide an RCE. Details: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
* | | Merge pull request #1148 from felixonmars/patch-1Claudius Coenen2019-02-141-3/+3
|\ \ \ | |_|/ |/| | Fix several typos in auth/saml.md
| * | Fix several typos in auth/saml.mdFelix Yan2019-02-151-3/+3
|/ / | | | | | | Signed-off-by: Felix Yan <felixonmars@archlinux.org>
* / Update ja.json (POEditor.com)Christoph (Sheogorath) Kern2019-01-311-1/+3
|/
* Disable OpenID by defaultSheogorath2019-01-251-1/+1
| | | | | | | | | We talked about that during a community call. It turned out that not everyone likes to have OpenID on their instance. This patch disables OpenID by default. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1127 from SISheogorath/fix/unlinkFixChristoph (Sheogorath) Kern2019-01-251-1/+1
|\ | | | | Fix broken PDF export by wrong unlink call
| * Fix broken PDF export by wrong unlink callSheogorath2019-01-241-1/+1
|/ | | | | | | | | | | We used `fs.unlink()` to remove the pdf file after we send it out to the client. This breaks in Node 10, when no function as second parameter is supplied. This patches changes it to the `fs.unlinkSync` function that doesn't have this requirement and this way doesn't crash. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update yarn.lockSheogorath2019-01-241-135/+96
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1125 from hackmdio/dependency-node-6-fixClaudius Coenen2019-01-241-0/+3
|\ | | | | Fixing deep dependency problem with node 6.x
| * Fixing deep dependency problem with node 6.xClaudius Coenen2019-01-231-0/+3
|/ | | | | | | | this commit has been blatantly stolen from @samselikoff in ember-cli-addon-docs. It prevents an issue introduced via a deep dependency that no longer supports node 6 (which we still would like to support). see: https://github.com/ember-learn/ember-cli-addon-docs/commit/231275b5a4bed59bbac798ddaa1bde94319047cb see: https://github.com/salesforce/tough-cookie/pull/141 Signed-off-by: Claudius Coenen <opensource@amenthes.de>
* Merge pull request #1124 from phrix32/patch-1Christoph (Sheogorath) Kern2019-01-221-1/+1
|\ | | | | Fix reference to SAML guide in README
| * Fix reference to SAML guide in READMEJonathan2019-01-221-1/+1
|/ | | | Signed-off-by: Jonathan Klauck <jonathan.klauck@aoe.com>
* Merge pull request #1123 from SISheogorath/fix/lintingTestsChristoph (Sheogorath) Kern2019-01-212-8/+10
|\ | | | | Add linting for tests
| * Add linting for testsSheogorath2019-01-212-8/+10
| | | | | | | | | | | | | | | | | | | | The tests are currently not linted. This causes a different coding style than the rest of the sources. This patch adds the `./test` directory to the eslint testing and fixes linting for existing tests. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #1121 from SISheogorath/test/CSPChristoph (Sheogorath) Kern2019-01-212-0/+125
|\| | | | | Add tests for csp.js
| * Add tests for csp.jsSheogorath2019-01-192-0/+125
|/ | | | | | | | | | Since we lack of tests but got some great point to start, let's write more tests. This patch provides some basic tests for our CSP library. It's more an integration than a unit test, but gets the job done. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update yarn.lockSheogorath2019-01-181-504/+561
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1116 from dsprenkels/manage_usersChristoph (Sheogorath) Kern2019-01-121-1/+1
|\ | | | | Fix broken manage_users after Winston upgrade
| * Fix broken manage_users after Winston upgradeDaan Sprenkels2019-01-101-1/+1
| | | | | | | | | | | | | | | | Commit c3584770 upgrades Winston and with that version `logger.transports.console` becomes undefined. This commit updates the code to prevent the crash. Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
* | Merge pull request #1117 from SISheogorath/upgrade/bootstrapChristoph (Sheogorath) Kern2019-01-127-9/+9
|\ \ | |/ |/| Update bootstrap from 3.3.7 to 3.4.0
| * Update bootstrap from 3.3.7 to 3.4.0Sheogorath2019-01-117-9/+9
|/ | | | | | | | | | | | | Seems like finally there is a new bootstrap version for old version 3. This patch implements this new version with CodiMD and this way fixes some possible security issues in the frontend code. See: https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889 https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1114 from SISheogorath/fix/samlVersionChristoph (Sheogorath) Kern2019-01-091-1/+1
|\ | | | | Update SAML to version 1.0.0
| * Update SAML to version 1.0.0Sheogorath2019-01-091-1/+1
|/ | | | | | | | | | Seems like there was a security problem with the library. This patch updates to version 1.0.0 which fixed the details. Details: https://snyk.io/vuln/SNYK-JS-PASSPORTSAML-72411 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1110 from dsprenkels/issue_1106Christoph (Sheogorath) Kern2019-01-053-5/+20
|\ | | | | Remove blueimp-md5 dependency
| * Remove blueimp-md5 dependencyDaan Sprenkels2018-12-222-4/+7
| | | | | | | | Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
| * Add a test for gravatar urlsDaan Sprenkels2018-12-222-1/+13
| | | | | | | | Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
* | Merge pull request #1112 from hackmdio/fix-XSS-issuesChristoph (Sheogorath) Kern2018-12-292-2/+2
|\ \ | |/ |/| Fix some XSS issues
| * Fix to escape html comment tag [Security Issue]Max Wu2018-12-281-1/+1
| | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * Fix to sanitize disqus shortnames to remove slashes [Security Issue]Max Wu2018-12-281-1/+1
|/ | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Merge pull request #1105 from SISheogorath/fix/gistCSPChristoph (Sheogorath) Kern2018-12-211-1/+1
|\ | | | | Fix broken Gist embedding
| * Fix broken Gist embeddingSheogorath2018-12-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | Looks like GitHub changed their asset system and our CSP prevented them from getting loaded. This patch should fix the Gist embedding with enabled CSP by replacing the old URL `https://assets-cdn.github.com` with the new `https://github.githubassets.com`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>