| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
This makes sure no unintended files are permanently saved.
Co-authored-by: Yannick Bungers <git@innay.de>
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
|
|
| |
This commit adds a check if the MIME-type of the uploaded file (detected using the magic bytes) matches the file extension.
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch reworks the error messages for image uploads to make more
sense.
Instead of using the current `formidable error` for everything, all
custom error detection now provide the (hopefully) more useful `Image
Upload error` prefix for error messages.
Signed-off-by: Christoph Kern <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes the issue of unauthenticated users, being able to
upload files, even when anonymous edits are disabled.
It's implemented by blocking uploads when either `allowAnonymous` is set
to `false` for all unauthenticated users, unless `allowAnonymousEdits`
is set to true, to make sure anonymous editors still experience the full
feature set.
Signed-off-by: Christoph Kern <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a security issue with all existing CodiMD and HedgeDoc
installation which allows arbitary file uploads to instances that expose
the `/uploadimage` API endpoint. With the patch it implies the same
restrictions on the MIME-types as the frontend does. Means only images
are allowed unless configured differently.
This issue was reported by Thomas Lambertz.
To verify if you are vulnerable or not, create two files `test.html` and
`test.png` and try to upload them to your hedgedoc installation.
```
curl -X POST -F "image=@$(pwd)/test.html" http://localhost:3000/uploadimage
curl -X POST -F "image=@$(pwd)/test.png" http://localhost:3000/uploadimage
```
Note: Not all backends are affected. Imgur and lutim should prevent this
by their own upload API. But S3, minio, filesystem and azure, will be at
risk.
Addition Note: When using filesystem instead of an external uploads
providers, there is a higher risk of code injections as the default CSP
do not block JS from the main domain.
References:
https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-wcr3-xhv7-8gxc
Signed-off-by: Christoph Kern <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Fix crash when OAuth2 config parameters are missing
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the optional config options `config.oauth2.userProfileIdAttr` or `config.oauth2.rolesClaim` were not set, `String.split` was called on `undefined`, triggering a crash.
This commit adds handling of these cases and improves error logging in `checkAuthorization`.
Fixes #608
Signed-off-by: David Mehren <git@herrmehren.de>
|
| |
| |
| |
| | |
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
|
| |
| |
| |
| | |
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
|
| |
| |
| |
| | |
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
|
|/
|
|
| |
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: David Mehren <git@herrmehren.de>
|
|\ \
| | |
| | | |
Remove pdf export code
|
| |/
| |
| |
| | |
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
|
|/
|
|
| |
Signed-off-by: Joachim Mathes <joachim_mathes@web.de>
|
| |
|
|
|
|
| |
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in public/views
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in README
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in SECURITY.md
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in LICENSE
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in docs/configuration.md
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in bin/setup
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in docs/guides
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in docs/dev
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in docs/guides/auth
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in docs/setup
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update various links in code to the new GitHub org.
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: codiMDVersion.js is now hedgeDocVersion.js
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in docs/setup/yunohost
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rebrand to HedgeDoc: Add banner and logo
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in docs/guides/migrate-etherpad
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Remove note in docs/guides/auth/github
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Replace links in public/docs/features
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Add todo placeholder in docs/history
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Replace github link in public/views/index/body
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Replace github link in README
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Add logo to README
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Add note about the renaming to the front page
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Removed Travis from README.md and change CodiMD to HedgeDoc in some places
Signed-off-by: Yannick Bungers <git@innay.de>
Some more renaming to HedgeDoc
- Fixed capitalization of HedgeDoc
- Added renaming for etherpad migration doc
Signed-off-by: Yannick Bungers <git@innay.de>
Changed Repo name to hedgedoc
Signed-off-by: Yannick Bungers <git@innay.de>
|
|\
| |
| | |
Makes the mime also work with upper case extension
|
| |
| |
| |
| | |
Signed-off-by: pierreozoux <pierre@ozoux.net>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, when creating a note with content via the API, a title is only saved to the database after visiting the note with the browser. This commit makes sure that a title is saved at creation time.
Closes #306
Signed-off-by: David Mehren <git@herrmehren.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The OAuth2 specification RECOMMENDS setting the state to protect against
CSRF attacks. Some OAuth2 providers (e.g. ORY Hydra) refuse to
authenticate without the state set.
This is a cherry-pick of 852868419dc03d5dec79e75a3d7692ab670c927f.
Signed-off-by: haslersn <sebastian.hasler@gmx.net>
|
|\ \
| |/
|/| |
|
| |
| |
| |
| | |
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
| |
| |
| |
| |
| |
| | |
in 3d1fab05
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
| |
| |
| |
| | |
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
| |
| |
| |
| |
| |
| | |
Dropbox loads an external script that adds inline javascript. Therefore, this addition is needed when enabling dropbox support.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
|/
|
|
|
|
|
| |
The lack of a 'preventDefault' on the click event handler resulted in the dropbox link being unclickable.
Furthermore because of a missing CSP rule, the dropbox script couldn't be loaded. The dropbox origin is now added to the CSP script sources if dropbox integration is configured.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
|
|
|
|
| |
Signed-off-by: Simeon Keske <git@n0emis.eu>
Signed-off-by: Leo Maroni <git@em0lar.de>
|
|
|
|
|
| |
Signed-off-by: Simeon Keske <git@n0emis.eu>
Signed-off-by: Leo Maroni <git@em0lar.de>
|
|
|
|
| |
Signed-off-by: Simeon Keske <git@n0emis.eu>
|
|
|
|
| |
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
|
|
|
|
|
| |
CodiMD currently only uses the 'lang' attribute in YAML-metadata of a note for setting certain js-elements of the markdown-renderer. This commit adds the chosen lang into the published version of a note.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
|
|
|
|
|
|
| |
This is a backport of #278 with the default value of `scope` changed to
`undefined`. This is thus a fully backward-compatible change.
Signed-off-by: Victor Berger <victor.berger@m4x.org>
|
|
|
|
|
|
| |
Backport of #345 to 1.x
Signed-off-by: Sandro Jäckel <sandro.jaeckel@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes the currently broken redirect on login when people try
to access a site they have no access to, they are redirected to the main
page to log in. After a successful login they should be redirected to
the original note, but instead are redirect to the index page again.
This aptch fixes the typo that causes the behavior and brings people
back to the note they edited.
Thanks to @clvs7-gh on Github[1], who submitted the patch via email.
On their behalf I hereby submit the change.
[1]: https://github.com/clvs7-gh
Note: I had to ajust this patch to work properly.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
| |
This commit backport 856fc01fb9b30489b254f2ef9d29de80aa189118
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depending on how the system was setup, this bug lead to keep user's data
around even after a successful deletion of user'S account. This patch
will make sure the missing database constraints are implemented and
missed out deletions are executed.
This bug was introduced to insufficent testing after implementing the
feature initially. It was well tested, using the app process itself, but
the migrations where missed out. I'm currently not sure, if there was
also a change in how sequelize handles cassaded deletion, since I'm
unter the impression that before switching to sequelize 5, this feature
has worked. But I haven't verified this.
No matter what, the cleanup process is rather straight forward and will
be invoked on migration, but can also be done manually using the new
`bin/cleanup` script.
This change will result in a release 1.6.1.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As we noticed in our poll about CDN usage, that most people
intentionally turn it off, but very little intetionally turn it on or
leave it on. [1]
There is also strong indicators that CDNs don't really provide any
benefits in loading time and due to the small deployments of CodiMD,
there is no big savings due to CDNs either. [2]
Therefore this patch changes the CDN default settings to off in order to
reduce the exposed user data.
[1]: https://community.codimd.org/t/poll-on-cdn-usage/28
[2]: https://csswizardry.com/2019/05/self-host-your-static-assets/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
| |
Which is part of `passport-google-oauth2`.
It could be used as whitelist to a domain supported by google oauth.
Ref: https://github.com/jaredhanson/passport-google-oauth2/issues/3
Signed-off-by: ike <developer@ikewat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This update of revealJS helps us to get rid of the headjs depedency
integration using webpack. It updates reveal.js to 3.9.2 and updates the
csp hash accordingly for using the slide mode.
Background for this update is the critical security vulnerability
described by snyk in their disclosure:
https://snyk.io/vuln/SNYK-JS-REVEALJS-543841
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Linkify header style
|
| |
| |
| |
| | |
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
| |
| |
| |
| | |
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
| |
| |
| |
| |
| |
| | |
instead of doing it in the authentication source
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
| |
| |
| |
| | |
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
| |
| |
| |
| |
| |
| | |
Saving referer into session in SAML auth so passport can redirect correctly after SAML login.
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|