From c1789474020a6d668d616464cb2da5e90e123f65 Mon Sep 17 00:00:00 2001
From: Sheogorath
Date: Thu, 15 Aug 2019 23:05:02 +0200
Subject: Disable PDF export due to security issue

As a temporary fix, to keep you and your users save, this patch disables
the PDF export feature. Details of the attack along with a fix for
future versions of CodiMD will be released in future.

I hope you can live with this solution for this release because I'm
super short on time and the alternative would be to ship no fix at all.
This appears to be the better solution for this release.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
---
 lib/config/index.js | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'lib')

diff --git a/lib/config/index.js b/lib/config/index.js
index b6001aa0..ee4817b3 100644
--- a/lib/config/index.js
+++ b/lib/config/index.js
@@ -189,6 +189,12 @@ switch (config.imageUploadType) {
     ]
 }
 
+// Disable PDF export due to security issue
+if (config.allowPDFExport) {
+  config.allowPDFExport = false
+  logger.warn('PDF export was disabled for this release to mitigate a critical security issue. This feature will hopefully become available again in future releases.')
+}
+
 // generate correct path
 config.sslCAPath.forEach(function (capath, i, array) {
   array[i] = path.resolve(appRootPath, capath)
-- 
cgit v1.2.3