Commit graph

1341 commits

Author SHA1 Message Date
Sheogorath
5ce8f40eac Merge pull request #585 from xxyy/feature/hsts-cfg
Make HSTS Behaviour Configurable (Fixes #584)
2017-10-14 18:02:41 +02:00
Sheogorath
ec8936a9f1 Merge pull request #569 from SISheogorath/feature/extendedPermissionDocs
Provide table for permissions
2017-10-14 01:51:29 +02:00
Literallie
6bdc90d6ff
Add env vars for extra HSTS options 2017-10-13 01:42:05 +02:00
Literallie
1634d5c567
Add on/off env var for HSTS 2017-10-13 01:42:05 +02:00
Literallie
56411ca0e1
Make HSTS behaviour configurable; Fixes #584 2017-10-13 01:42:05 +02:00
Sheogorath
a16bde70be Provide table for permissions
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2017-10-12 11:05:22 +02:00
Sheogorath
53c2d0b5ca Merge pull request #581 from SISheogorath/fix/HMD_URL_ADDPORT
Fix missing boolean setting for HMD_URL_ADDPORT
2017-10-12 00:01:27 +02:00
Sheogorath
89c60d1331
Fix missing boolean setting for HMD_URL_ADDPORT
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2017-10-11 23:13:22 +02:00
Sheogorath
8b65d7df1a Merge pull request #575 from PeterDaveHello/fix.travis.yml
Remove duplicated nodejs version in .travis.yml
2017-10-11 10:23:30 +02:00
Sheogorath
4dd60cee50 Merge pull request #566 from ccoenen/fix-mysql-revision-order
createdAt DESC with quotation marks did not work with MySQL fixes #565
2017-10-11 01:08:16 +02:00
Claudius Coenen
87ac05738f Merge pull request #573 from PeterDaveHello/add-version-badge
Add version badge in README.md
2017-10-10 23:45:50 +02:00
Sheogorath
11133c3cec Merge pull request #571 from SISheogorath/fix/shellcheck
Prevent argument breaking by spaces
2017-10-10 23:28:16 +02:00
Peter Dave Hello
711c38403d Remove duplicated nodejs version in .travis.yml
lts/boron is v6
2017-10-11 00:16:11 +08:00
Peter Dave Hello
121b089d96 Add version badge in README.md 2017-10-10 21:54:13 +08:00
Sheogorath
6ed44f0864
Prevent argument breaking by spaces 2017-10-10 13:36:37 +02:00
Claudius Coenen
724a6bc26f createdAt DESC with quotation marks did not work with MySQL fixes #565 2017-10-09 14:03:33 +02:00
Sheogorath
a99cac0cf0 Merge pull request #550 from SISheogorath/fix/gitlabAvatar
Fix broken profile images in GitLab

Fixes #549
2017-10-08 22:20:35 +02:00
Claudius Coenen
132d4657d7 Merge pull request #564 from geekyd/pop_button
Adds button style to "new note"
2017-10-08 15:41:28 +02:00
Sheogorath
a4caac6276 Merge pull request #563 from geekyd/master
Updates default max_line_len in uglifyjs
2017-10-08 01:23:22 +02:00
geekyd
c6a1b65a91 Adds color to new note button 2017-10-07 23:23:03 +05:30
geekyd
4f53afe92e Increases max_line_len in uglifyjs 2017-10-07 07:21:02 +05:30
Sheogorath
74a7216a30 Merge pull request #553 from weisslj/fix-s3-bucket-documentation
Correct documentation of S3 bucket
2017-10-07 01:20:43 +02:00
Wu Cheng-Han
d96385eafd Fix to filter @import CSS syntax in style tag to prevent XSS [Security Issue] 2017-10-05 10:17:26 +08:00
Wu Cheng-Han
b0b417cefc Fix unescape > symbol inside the style tags to make the CSS works 2017-10-05 09:59:57 +08:00
Wu Cheng-Han
8979f215ab Fix blockquote not parse correctly in slide mode 2017-10-05 09:59:07 +08:00
Max Wu
b469592db8 Update .travis.yml 2017-09-27 22:26:03 +08:00
Wu Cheng-Han
7f52a4b38a Update yarn.lock file 2017-09-27 22:07:55 +08:00
Max Wu
6f2d1d4320 Merge pull request #538 from madebyherzblut/fix-yarn-lock
Update yarn.lock
2017-09-27 21:46:13 +08:00
Max Wu
fb14e121cd Merge pull request #527 from sygi/patch-1
Typo in Polish translation
2017-09-27 21:41:06 +08:00
Max Wu
8168615e10 Merge pull request #541 from Stonesjtu/patch-1
Fix naming typo.
2017-09-27 21:40:26 +08:00
Wu Cheng-Han
2bdccd3996 Fix home and end keys behavior for windows 2017-09-27 21:27:33 +08:00
Wu Cheng-Han
fe384d80bf Fix the < and > symbols are doubly escaped which affected by executing preventXSS twice 2017-09-27 18:22:49 +08:00
Wu Cheng-Han
f2743ff8f8 Fix slide mode contains unclosed tags might cause XSS [Security Issue] 2017-09-27 18:21:28 +08:00
Wu Cheng-Han
9b00afb863 Fix unclosed tags might cause XSS [Security Issue] 2017-09-27 18:20:04 +08:00
Johannes Weißl
89a2389586 Correct documentation of S3 bucket
Documentation added in aaf034b on Nov 17th 2016 says the S3 bucket can
be specified with `s3.bucket`, but commit c8bcc4c (#285) on Dec 18th
2016 used `s3bucket`. Instead of fixing the code (#552) to match the
documentation this commit changes just the documentation so that
existing configurations are not broken. Also, the `s3` object is passed
as is to `AWS.S3()`, which does not know the option `bucket` (but
silently ignores it in my test).

http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#constructor-property

Following the old documentation leads to this exception:

    2017-09-23T09:42:38.079Z - error:  MissingRequiredParameter: Missing required key 'Bucket' in params
        at ParamValidator.fail (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:50:37)
        at ParamValidator.validateStructure (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:61:14)
        at ParamValidator.validateMember (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:88:21)
        at ParamValidator.validate (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:34:10)
        at Request.VALIDATE_PARAMETERS (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:125:42)
        at Request.callListeners (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
        at callNextListener (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:95:12)
        at /srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:85:9
        at finish (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:315:7)
        at /srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:333:9
        at Credentials.get (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/credentials.js:126:7)
        at getAsyncCredentials (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:327:24)
        at Config.getCredentials (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:347:9)
        at Request.VALIDATE_CREDENTIALS (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:80:26)
        at Request.callListeners (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:101:18)
        at Request.emit (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
2017-09-23 18:28:57 +02:00
Sheogorath
500207545f
Fix broken profile images 2017-09-22 12:40:43 +02:00
Kaiyu Shi
4ae8086301 Give google the correct name. 2017-09-04 16:04:20 +08:00
Christian Schuhmann
355c805db8 Update yarn.lock 2017-08-29 16:53:15 +02:00
Jakub Sygnowski
3ca1255064 (nit) typo 2017-08-10 14:50:45 +02:00
Raccoon
d1d6d5810b Merge pull request #499 from bd808/no-ssh
Use git URLs in package.json
2017-07-03 10:58:23 +08:00
Bryan Davis
723c9d79b6 Use git URLs in package.json
Using the "github:..." form to declare a dependency in package.json
makes npm attempt to install the package using an ssh clone rather than
an https clone. Some deployment environments may not allow ssh access
to external servers which will prevent the clones from succeeding. Using
the "git+https://..." form will clone the same repo from GitHub without
requiring ssh connectivity.
2017-07-01 15:41:56 -06:00
Max Wu
ec2813f06e Merge pull request #488 from zuphilip/patch-1
Translate "revert" to "Zurücksetzen" in German
2017-06-18 15:26:41 +08:00
Philipp Zumstein
9d6c1b956c Translate "revert" to "Zurücksetzen" in German 2017-06-16 16:55:37 +02:00
Max Wu
a645f28b33 Fix slide mode might hide scrollbar on some linux 2017-06-14 12:12:28 +08:00
Max Wu
3b8f4bc1a2 Merge pull request #486 from kota-row/fix_s3_url
fix s3 us-east-1 region endpoint
2017-06-14 11:59:14 +08:00
Kotaro Yamamoto
1220bbe9f6 fix s3 us-east-1 region endpoint 2017-06-14 11:08:09 +09:00
Wu Cheng-Han
c8d3951d32 Add support of Danish locale 2017-06-11 15:52:04 +08:00
Max Wu
15a346bd36 Merge pull request #481 from TheBacha/sv
minor fix for swedish translation
2017-06-11 14:52:20 +08:00
Max Wu
46f657cac7 Merge pull request #480 from TheBacha/danish
add danish translation
2017-06-11 14:50:12 +08:00
Wu Cheng-Han
f715e8e5a3 Fix lodash will be ignored by webpack in pack bundle 2017-06-08 00:40:32 +08:00