diff --git a/CHANGELOG.md b/CHANGELOG.md index 74d06f453..02accf8cb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,17 @@ +# 1.6.4 + * SECURITY: exploitable /admin access - CVE-2018-9845 + * SECURITY: DoS with pad exports - CVE-2018-9327 + * SECURITY: Remote Code Execution - CVE-2018-9326 + * SECURITY: Pad data leak - CVE-2018-9325 + * Fix: Admin redirect URL + * Fix: Various script Fixes + * Fix: Various CSS/Style/Layout fixes + * NEW: Improved Pad contents readability + * NEW: Hook: onAccessCheck + * NEW: SESSIONKEY and APIKey customizable path + * NEW: checkPads script + * NEW: Support "cluster mode" + # 1.6.3 * SECURITY: Update ejs * SECURITY: xss vulnerability when reading window.location.href @@ -56,7 +70,7 @@ * NEW: Allow LibreOffice to be used when exporting a pad * NEW: Create hook exportHtmlAdditionalTagsWithData * NEW: Improve DB migration performance - * NEW: allow settings to be applied from the filesystem + * NEW: allow settings to be applied from the filesystem * NEW: remove applySettings hook and allow credentials.json to be part of core * NEW: Use exec to switch to node process * NEW: Validate incoming color codes @@ -85,7 +99,7 @@ * Fix: switchToPad method * Fix: Dead keys * Fix: Preserve new lines in copy-pasted text - * Fix: Compatibility mode on IE + * Fix: Compatibility mode on IE * Fix: Content Collector to get the class of the DOM-node * Fix: Timeslider export links * Fix: Double prompt on file upload @@ -212,7 +226,7 @@ * Fix: Session Deletion error * Fix: Allow browser tabs to be cycled when focus is in editor * Fix: Various Editor issues with Easysync potentially entering forever loop on bad changeset - + # 1.4 * NEW: Disable toolbar items through settings.json * NEW: Internal stats/metrics engine @@ -244,7 +258,7 @@ # 1.3 * NEW: We now follow the semantic versioning scheme! * NEW: Option to disable IP logging - * NEW: Localisation updates from http://translatewiki.net. + * NEW: Localisation updates from http://translatewiki.net. * Fix: Fix readOnly group pads * Fix: don't fetch padList on every request @@ -337,7 +351,7 @@ * NEW: Add authorId to chat and userlist as a data attribute * NEW: Refactor and fix our frontend tests * NEW: Localisation updates - + # 1.2.81 * Fix: CtrlZ-Y for Undo Redo @@ -377,7 +391,7 @@ * Other: Change loading message asking user to please wait on first build * Other: Allow etherpad to use global npm installation (Safe since node 6.3) * Other: Better documentation for log rotation and log message handling - + # 1.2.7 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 09ddc286d..669460801 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,4 +1,4 @@ -# Developer Guidelines +# Contributor Guidelines (Please talk to people on the mailing list before you change this page, see our section on [how to get in touch](https://github.com/ether/etherpad-lite#get-in-touch)) ## How to write a bug report @@ -35,7 +35,7 @@ The logfile location is defined in startup script or the log is directly shown i To make sure everybody is going in the same direction: * easy to install for admins and easy to use for people * easy to integrate into other apps, but also usable as standalone -* using less resources on server side +* lightweight and scalable * extensible, as much functionality should be extendable with plugins so changes don't have to be done in core. Also, keep it maintainable. We don't wanna end up as the monster Etherpad was! @@ -92,3 +92,19 @@ You can build the docs e.g. produce html, using `make docs`. At some point in th ## Testing Front-end tests are found in the `tests/frontend/` folder in the repository. Run them by pointing your browser to `/tests/frontend`. + +## Things you can help with +Etherpad is much more than software. So if you aren't a developer then worry not, there is still a LOT you can do! A big part of what we do is community engagement. You can help in the following ways + * Triage bugs (applying labels) and confirming their existance + * Testing fixes (simply applying them and seeing if it fixes your issue or not) - Some git experience required + * Notifying large site admins of new releases + * Writing Changelogs for releases + * Creating Windows packages + * Creating releases + * Bumping dependencies periodically and checking they don't break anything + * Write proposals for grants + * Co-Author and Publish CVEs + * Work with SFC to maintain legal side of project + * Maintain TODO page - https://github.com/ether/etherpad-lite/wiki/TODO#IMPORTANT_TODOS + * Replying to messages on IRC / The Mailing list / Emails + diff --git a/README.md b/README.md index e54ae18e6..d8d7b621e 100644 --- a/README.md +++ b/README.md @@ -1,28 +1,43 @@ +### This project is looking for a new project lead. If you wish to help steer Etherpad forward please email contact@etherpad.org + +[![Deps](https://david-dm.org/ether/etherpad-lite.svg?branch=develop)](https://david-dm.org/ether/etherpad-lite) +[![NSP Status](https://nodesecurity.io/orgs/etherpad/projects/635f6185-35c6-4ed7-931a-0bc62758ece7/badge)](https://nodesecurity.io/orgs/etherpad/projects/635f6185-35c6-4ed7-931a-0bc62758ece7) + # A really-real time collaborative word processor for the web -![alt text](https://i.imgur.com/zYrGkg3.gif "Etherpad in action on PrimaryPad") +![Demo Etherpad Animated Jif](https://i.imgur.com/zYrGkg3.gif "Etherpad in action on PrimaryPad") # About -Etherpad is a really-real time collaborative editor maintained by the Etherpad Community. +Etherpad is a really-real time collaborative editor scalable to thousands of simultanious real time users. Unlike all other collaborative tools Etherpad provides full fidelity data export and portability making it fully GDPR compliant. -Etherpad is written in JavaScript (99.9%) on both the server and client so it's easy for developers to maintain and add new features. Because of this Etherpad has tons of customizations that you can leverage. - -Etherpad is designed to be easily embeddable and provides a [HTTP API](https://github.com/ether/etherpad-lite/wiki/HTTP-API) -that allows your web application to manage pads, users and groups. It is recommended to use the [available client implementations](https://github.com/ether/etherpad-lite/wiki/HTTP-API-client-libraries) in order to interact with this API. - -There is also a [jQuery plugin](https://github.com/ether/etherpad-lite-jquery-plugin) that helps you to embed Pads into your website. - -There's also a full-featured plugin framework, allowing you to easily add your own features. By default your Etherpad is rather sparse and because Etherpad takes a lot of its inspiration from WordPress, plugins are really easy to install and update. Once you have Etherpad installed you should visit the plugin page and take control. - -Finally, Etherpad comes with translations into most languages! Users are automatically delivered the correct language for their local settings. - - -**Visit [beta.etherpad.org](http://beta.etherpad.org) to test it live.** - -Also, check out the **[FAQ](https://github.com/ether/etherpad-lite/wiki/FAQ)**, really! +**[Try it out](http://beta.etherpad.org)** # Installation -Etherpad works with node v0.10+ (except 6.0 and 6.1). +## Uber-Quick Ubuntu +``` +curl -sL https://deb.nodesource.com/setup_9.x | sudo -E bash - +sudo apt-get install -y nodejs +git clone https://github.com/ether/etherpad-lite.git && cd etherpad-lite && bin/run.sh +``` + +## GNU/Linux and other UNIX-like systems +You'll need gzip, git, curl, libssl develop libraries, python and gcc. +- *For Debian/Ubuntu*: `apt install gzip git curl python libssl-dev pkg-config build-essential` +- *For Fedora/CentOS*: `yum install gzip git curl python openssl-devel && yum groupinstall "Development Tools"` +- *For FreeBSD*: `portinstall node, npm, curl, git (optional)` + +Additionally, you'll need [node.js](https://nodejs.org) installed, Ideally the latest stable version, we recommend installing/compiling nodejs from source (avoiding apt). + +**As any user (we recommend creating a separate user called etherpad):** + +1. Move to a folder where you want to install Etherpad. Clone the git repository `git clone git://github.com/ether/etherpad-lite.git` +2. Change into the new directory containing the cloned source code `cd etherpad-lite` + +Now, run `bin/run.sh` and open in your browser. + +Update to the latest version with `git pull origin`. The next start with bin/run.sh will update the dependencies. + +[Next steps](#next-steps). ## Windows @@ -52,27 +67,6 @@ If cloning to a subdirectory within another project, you may need to do the foll 2. Edit the db `filename` in `settings.json` to the relative directory with the file (e.g. `application/lib/etherpad-lite/var/dirty.db`) 3. Add auto-generated files to the main project `.gitignore` -[Next steps](#next-steps). - -## GNU/Linux and other UNIX-like systems -You'll need gzip, git, curl, libssl develop libraries, python and gcc. -- *For Debian/Ubuntu*: `apt-get install gzip git curl python libssl-dev pkg-config build-essential` -- *For Fedora/CentOS*: `yum install gzip git curl python openssl-devel && yum groupinstall "Development Tools"` -- *For FreeBSD*: `portinstall node, npm, curl, git (optional)` - -Additionally, you'll need [node.js](https://nodejs.org) installed, Ideally the latest stable version, we recommend installing/compiling nodejs from source (avoiding apt). - -**As any user (we recommend creating a separate user called etherpad):** - -1. Move to a folder where you want to install Etherpad. Clone the git repository `git clone git://github.com/ether/etherpad-lite.git` -2. Change into the new directory containing the cloned source code `cd etherpad-lite` - -Now, run `bin/run.sh` and open in your browser. - -Update to the latest version with `git pull origin`. The next start with bin/run.sh will update the dependencies. - -You like it? [Next steps](#next-steps). - # Next Steps ## Tweak the settings @@ -85,9 +79,9 @@ You should use a dedicated database such as "mysql", if you are planning on usin Etherpad is very customizable through plugins. Instructions for installing themes and plugins can be found in [the plugin wiki article](https://github.com/ether/etherpad-lite/wiki/Available-Plugins). ## Helpful resources -The [wiki](https://github.com/ether/etherpad-lite/wiki) is your one-stop resource for Tutorials and How-to's, really check it out! Also, feel free to improve these wiki pages. +The [wiki](https://github.com/ether/etherpad-lite/wiki) is your one-stop resource for Tutorials and How-to's. -Documentation can be found in `docs/`. +Documentation can be found in `doc/`. # Development @@ -100,26 +94,38 @@ You can debug Etherpad using `bin/debugRun.sh`. If you want to find out how Etherpad's `Easysync` works (the library that makes it really realtime), start with this [PDF](https://github.com/ether/etherpad-lite/raw/master/doc/easysync/easysync-full-description.pdf) (complex, but worth reading). -## Getting started -You know all this and just want to know how you can help? - -Look at the [TODO list](https://github.com/ether/etherpad-lite/wiki/TODO) and our [Issue tracker](https://github.com/ether/etherpad-lite/issues). (Please consider using [jshint](http://www.jshint.com/about/), if you plan to contribute code.) - -Also, and most importantly, read our [**Developer Guidelines**](https://github.com/ether/etherpad-lite/blob/master/CONTRIBUTING.md), really! +## Contributing +Read our [**Developer Guidelines**](https://github.com/ether/etherpad-lite/blob/master/CONTRIBUTING.md) # Get in touch -Join the [mailinglist](https://groups.google.com/group/etherpad-lite-dev) and make some noise on our busy freenode irc channel [#etherpad-lite-dev](https://webchat.freenode.net?channels=#etherpad-lite-dev)! +[mailinglist](https://groups.google.com/group/etherpad-lite-dev) +[#etherpad-lite-dev freenode IRC](https://webchat.freenode.net?channels=#etherpad-lite-dev)! -# Modules created for this project +# Languages +Etherpad is written in JavaScript on both the server and client so it's easy for developers to maintain and add new features. -* [ueberDB](https://github.com/Pita/ueberDB) "transforms every database into a object key value store" - manages all database access -* [channels](https://github.com/Pita/channels) "Event channels in node.js" - ensures that ueberDB operations are atomic and in series for each key -* [async-stacktrace](https://github.com/Pita/async-stacktrace) "Improves node.js stacktraces and makes it easier to handle errors" +# HTTP API +Etherpad is designed to be easily embeddable and provides a [HTTP API](https://github.com/ether/etherpad-lite/wiki/HTTP-API) +that allows your web application to manage pads, users and groups. It is recommended to use the [available client implementations](https://github.com/ether/etherpad-lite/wiki/HTTP-API-client-libraries) in order to interact with this API. + +# jQuery plugin +There is a [jQuery plugin](https://github.com/ether/etherpad-lite-jquery-plugin) that helps you to embed Pads into your website. + +# Plugin Framework +Etherpad offers a plugin framework, allowing you to easily add your own features. By default your Etherpad is extremely light-weight and it's up to you to customize your experience. Once you have Etherpad installed you should visit the plugin page and take control. + +# Translations / Localizations (i18n / l10n) +Etherpad comes with translations into all languages thanks to the team at TranslateWiki. + +# FAQ +Visit the **[FAQ](https://github.com/ether/etherpad-lite/wiki/FAQ)**. # Donate! * [Flattr](https://flattr.com/thing/71378/Etherpad-Foundation) * Paypal - Press the donate button on [etherpad.org](http://etherpad.org) * [Bitcoin](https://coinbase.com/checkouts/1e572bf8a82e4663499f7f1f66c2d15a) +All donations go to the Etherpad foundation which is part of Software Freedom Conservency + # License [Apache License v2](http://www.apache.org/licenses/LICENSE-2.0.html) diff --git a/bin/checkAllPads.js b/bin/checkAllPads.js new file mode 100644 index 000000000..90cb15276 --- /dev/null +++ b/bin/checkAllPads.js @@ -0,0 +1,145 @@ +/* + This is a debug tool. It checks all revisions for data corruption +*/ + +if(process.argv.length != 2) +{ + console.error("Use: node bin/checkAllPads.js"); + process.exit(1); +} + +//initalize the variables +var db, settings, padManager; +var npm = require("../src/node_modules/npm"); +var async = require("../src/node_modules/async"); + +var Changeset = require("../src/static/js/Changeset"); + +async.series([ + //load npm + function(callback) { + npm.load({}, callback); + }, + //load modules + function(callback) { + settings = require('../src/node/utils/Settings'); + db = require('../src/node/db/DB'); + + //initalize the database + db.init(callback); + }, + //load pads + function (callback) + { + padManager = require('../src/node/db/PadManager'); + + padManager.listAllPads(function(err, res) + { + padIds = res.padIDs; + callback(err); + }); + }, + function (callback) + { + async.forEach(padIds, function(padId, callback) + { + padManager.getPad(padId, function(err, pad) { + if (err) { + callback(err); + } + + //check if the pad has a pool + if(pad.pool === undefined ) + { + console.error("[" + pad.id + "] Missing attribute pool"); + callback(); + return; + } + + //create an array with key kevisions + //key revisions always save the full pad atext + var head = pad.getHeadRevisionNumber(); + var keyRevisions = []; + for(var i=0;iinstall abiword.", + "pad.importExport.abiword.innerHTML": "Tuonti on tuettu vain HTML- ja raakatekstitiedostoista. Monipuoliset tuontiominaisuudet ovat käytettävissä asentamalla AbiWord.", "pad.modals.connected": "Yhdistetty.", "pad.modals.reconnecting": "Muodostetaan yhteyttä muistioon uudelleen...", "pad.modals.forcereconnect": "Pakota yhdistämään uudelleen", diff --git a/src/locales/fr.json b/src/locales/fr.json index 5f6b664a8..29583d092 100644 --- a/src/locales/fr.json +++ b/src/locales/fr.json @@ -23,7 +23,8 @@ "Fylip22", "C13m3n7", "Wladek92", - "Urhixidur" + "Urhixidur", + "Envlh" ] }, "index.newPad": "Nouveau pad", @@ -48,7 +49,7 @@ "pad.colorpicker.save": "Enregistrer", "pad.colorpicker.cancel": "Annuler", "pad.loading": "Chargement…", - "pad.noCookie": "Le témoin (cookie) n’a pas pu être trouvé. Veuillez autoriser les témoins dans votre navigateur !", + "pad.noCookie": "Le cookie n’a pas pu être trouvé. Veuillez autoriser les cookies dans votre navigateur !", "pad.passwordRequired": "Vous avez besoin d'un mot de passe pour accéder à ce pad", "pad.permissionDenied": "Vous n'avez pas la permission d’accéder à ce pad", "pad.wrongPassword": "Votre mot de passe est incorrect", diff --git a/src/locales/ku-latn.json b/src/locales/ku-latn.json index 725a84d72..b5edc68b0 100644 --- a/src/locales/ku-latn.json +++ b/src/locales/ku-latn.json @@ -5,7 +5,8 @@ "Dilyaramude", "George Animal", "Gomada", - "Mehk63" + "Mehk63", + "Ghybu" ] }, "index.newPad": "Bloknota nû", @@ -40,6 +41,7 @@ "pad.importExport.exportpdf": "PDF", "pad.modals.connected": "Hate girêdan.", "pad.modals.reconnecting": "Ji bloknota te re dîsa tê girêdan...", + "pad.modals.cancel": "Betal bike", "pad.modals.userdup": "Di pencereyek din de vebû", "pad.modals.userdup.advice": "Ji bo di vê pencereye de bikarbînîy dîsa giredanek çeke.", "pad.modals.unauth": "Desthilatdar nîne", diff --git a/src/locales/pms.json b/src/locales/pms.json new file mode 100644 index 000000000..80a857e39 --- /dev/null +++ b/src/locales/pms.json @@ -0,0 +1,48 @@ +{ + "@metadata": { + "authors": [ + "Borichèt" + ] + }, + "index.newPad": "Feuj neuv", + "index.createOpenPad": "o creé/duverté un feuj antitolà:", + "pad.toolbar.bold.title": "Grassèt (Ctrl+B)", + "pad.toolbar.italic.title": "Corsiv (Ctrl+I)", + "pad.toolbar.underline.title": "Sotlignà (Ctrl+U)", + "pad.toolbar.strikethrough.title": "Barà (Ctrl+5)", + "pad.toolbar.ol.title": "Lista ordinà (Ctrl+Shift+N)", + "pad.toolbar.ul.title": "Lista nen ordinà (Ctrl+Shift+L)", + "pad.toolbar.indent.title": "Andenté (TAB)", + "pad.toolbar.unindent.title": "Disandenté (Maj+TAB)", + "pad.toolbar.undo.title": "Anulé (Ctrl+Z)", + "pad.toolbar.redo.title": "Ristabilì (Ctrl+Y)", + "pad.toolbar.clearAuthorship.title": "Dëscancelé ij color ch'a identìfico j'autor (Ctrl+Shift+C)", + "pad.toolbar.import_export.title": "Amporté/Esporté da/vers dij formà d'archivi diferent", + "pad.toolbar.timeslider.title": "Stòria dinàmica", + "pad.toolbar.savedRevision.title": "Argistré la revision", + "pad.toolbar.settings.title": "Paràmeter", + "pad.toolbar.embed.title": "Partagé e antëgré ës feuj", + "pad.toolbar.showusers.title": "Smon-e j'utent ansima a 's feuj", + "pad.colorpicker.save": "Argistré", + "pad.colorpicker.cancel": "Anulé", + "pad.loading": "Antramentr ch'as caria…", + "pad.noCookie": "Ël bëscotin a l'é nen ëstàit trovà. Për piasì, ch'a autorisa ij bëscotin su sò navigador!", + "pad.passwordRequired": "A l'ha da manca ëd na ciav për acede a cost feuj-sì", + "pad.permissionDenied": "A l'ha nen ël përmess d'acede a 's feuj-sì", + "pad.wrongPassword": "Soa ciav a l'era nen giusta", + "pad.settings.padSettings": "Paràmeter dël feuj", + "pad.settings.myView": "Mia vista", + "pad.settings.stickychat": "Ciaciarade sempe an slë scren", + "pad.settings.chatandusers": "Smon-e le ciaciarade e j'utent", + "pad.settings.colorcheck": "Color d'identificassion", + "pad.settings.linenocheck": "Nùmer ëd linia", + "pad.settings.rtlcheck": "Ël contnù, dev-lo esse lesù da drita a snistra?", + "pad.settings.fontType": "Sòrt ëd caràter:", + "pad.settings.globalView": "Vista d'ansem", + "pad.settings.language": "Lenga:", + "pad.importExport.import_export": "Amporté/Esporté", + "pad.importExport.import": "Carié n'archivi o document ëd test", + "pad.importExport.importSuccessful": "Bele fàit!", + "pad.importExport.export": "Esporté ël feuj atual coma:", + "pad.importExport.exportetherpad": "Etherpad" +} diff --git a/src/locales/ru.json b/src/locales/ru.json index b9fbc3c82..801ceaa39 100644 --- a/src/locales/ru.json +++ b/src/locales/ru.json @@ -7,7 +7,8 @@ "Okras", "Volkov", "Nzeemin", - "Facenapalm" + "Facenapalm", + "Patrick Star" ] }, "index.newPad": "Создать", @@ -58,7 +59,7 @@ "pad.importExport.exportword": "Microsoft Word", "pad.importExport.exportpdf": "PDF", "pad.importExport.exportopen": "ODF (документ OpenOffice)", - "pad.importExport.abiword.innerHTML": "Вы можете импортировать только из обычного текста или HTML. Для более продвинутых функций импорта, пожалуйста, установите AbiWord.", + "pad.importExport.abiword.innerHTML": "Вы можете импортировать только из обычного текста или HTML. Для более продвинутых функций импорта, пожалуйста, установите AbiWord.", "pad.modals.connected": "Подключен.", "pad.modals.reconnecting": "Повторное подключение к вашему документу", "pad.modals.forcereconnect": "Принудительное переподключение", diff --git a/src/locales/te.json b/src/locales/te.json index 846ced8e3..13af39709 100644 --- a/src/locales/te.json +++ b/src/locales/te.json @@ -11,12 +11,12 @@ }, "index.newPad": "కొత్త పలక", "index.createOpenPad": "ఒక పేరుతో పలకని సృష్టించండి లేదా అదే పేరుతో ఉన్న పలకని తెరవండి", - "pad.toolbar.bold.title": "మందం", - "pad.toolbar.italic.title": "వాలు అక్షరాలు", + "pad.toolbar.bold.title": "బొద్దు (Ctrl+B)", + "pad.toolbar.italic.title": "వాలు (Ctrl+I)", "pad.toolbar.underline.title": "క్రిందగీత", "pad.toolbar.strikethrough.title": "కొట్టివేత (Ctrl+5)", - "pad.toolbar.ol.title": "నిర్ధేశింపబడిన జాబితా", - "pad.toolbar.ul.title": "అనిర్దేశిత జాబితా, ( క్రమపద్ధతి లేని జాబితా )", + "pad.toolbar.ol.title": "క్రమ జాబితా (Ctrl+Shift+N)", + "pad.toolbar.ul.title": "బిందు జాబితా (Ctrl+Shift+L)", "pad.toolbar.undo.title": "చేయవద్దు", "pad.toolbar.redo.title": "తిరిగిచెయ్యి", "pad.toolbar.clearAuthorship.title": "మూలకర్తపు వర్ణాలను తీసివేయండి", @@ -53,6 +53,7 @@ "pad.modals.connected": "సంబంధం కుదిరింది.", "pad.modals.reconnecting": "మీ పలకకు మరల సంబంధం కలుపుతుంది...", "pad.modals.forcereconnect": "బలవంతంగానైనా సంబంధం కుదిరించు", + "pad.modals.cancel": "రద్దుచేయి", "pad.modals.userdup.explanation": "ఈ పలక, ఈ కంప్యూటర్లో ఒకటికన్న ఎక్కువ గవాక్షములలో తెరుచుకున్నట్లు అనిపిస్తుంది.", "pad.modals.userdup.advice": "బదులుగా ఈ గవాక్షమును వాడడానికి మరల సంబంధం కలపండి", "pad.modals.unauth": "అధికారం లేదు", diff --git a/src/node/db/AuthorManager.js b/src/node/db/AuthorManager.js index 3e3b691a6..1f2a736be 100644 --- a/src/node/db/AuthorManager.js +++ b/src/node/db/AuthorManager.js @@ -25,7 +25,7 @@ var customError = require("../utils/customError"); var randomString = require('ep_etherpad-lite/static/js/pad_utils').randomString; exports.getColorPalette = function(){ - return ["#ffc7c7", "#fff1c7", "#e3ffc7", "#c7ffd5", "#c7ffff", "#c7d5ff", "#e3c7ff", "#ffc7f1", "#ff8f8f", "#ffe38f", "#c7ff8f", "#8fffab", "#8fffff", "#8fabff", "#c78fff", "#ff8fe3", "#d97979", "#d9c179", "#a9d979", "#79d991", "#79d9d9", "#7991d9", "#a979d9", "#d979c1", "#d9a9a9", "#d9cda9", "#c1d9a9", "#a9d9b5", "#a9d9d9", "#a9b5d9", "#c1a9d9", "#d9a9cd", "#4c9c82", "#12d1ad", "#2d8e80", "#7485c3", "#a091c7", "#3185ab", "#6818b4", "#e6e76d", "#a42c64", "#f386e5", "#4ecc0c", "#c0c236", "#693224", "#b5de6a", "#9b88fd", "#358f9b", "#496d2f", "#e267fe", "#d23056", "#1a1a64", "#5aa335", "#d722bb", "#86dc6c", "#b5a714", "#955b6a", "#9f2985", "#4b81c8", "#3d6a5b", "#434e16", "#d16084", "#af6a0e", "#8c8bd8"]; + return ["#ffc7c7", "#fff1c7", "#e3ffc7", "#c7ffd5", "#c7ffff", "#c7d5ff", "#e3c7ff", "#ffc7f1", "#ffa8a8", "#ffe699", "#cfff9e", "#99ffb3", "#a3ffff", "#99b3ff", "#cc99ff", "#ff99e5", "#e7b1b1", "#e9dcAf", "#cde9af", "#bfedcc", "#b1e7e7", "#c3cdee", "#d2b8ea", "#eec3e6", "#e9cece", "#e7e0ca", "#d3e5c7", "#bce1c5", "#c1e2e2", "#c1c9e2", "#cfc1e2", "#e0bdd9", "#baded3", "#a0f8eb", "#b1e7e0", "#c3c8e4", "#cec5e2", "#b1d5e7", "#cda8f0", "#f0f0a8", "#f2f2a6", "#f5a8eb", "#c5f9a9", "#ececbb", "#e7c4bc", "#daf0b2", "#b0a0fd", "#bce2e7", "#cce2bb", "#ec9afe", "#edabbd", "#aeaeea", "#c4e7b1", "#d722bb", "#f3a5e7", "#ffa8a8", "#d8c0c5", "#eaaedd", "#adc6eb", "#bedad1", "#dee9af", "#e9afc2", "#f8d2a0", "#b3b3e6"]; }; /** @@ -42,9 +42,9 @@ exports.doesAuthorExists = function (authorID, callback) } /** - * Returns the AuthorID for a token. - * @param {String} token The token - * @param {Function} callback callback (err, author) + * Returns the AuthorID for a token. + * @param {String} token The token + * @param {Function} callback callback (err, author) */ exports.getAuthor4Token = function (token, callback) { @@ -57,21 +57,21 @@ exports.getAuthor4Token = function (token, callback) } /** - * Returns the AuthorID for a mapper. + * Returns the AuthorID for a mapper. * @param {String} token The mapper * @param {String} name The name of the author (optional) - * @param {Function} callback callback (err, author) + * @param {Function} callback callback (err, author) */ exports.createAuthorIfNotExistsFor = function (authorMapper, name, callback) { mapAuthorWithDBKey("mapper2author", authorMapper, function(err, author) { if(ERR(err, callback)) return; - + //set the name of this author if(name) exports.setAuthorName(author.authorID, name); - + //return the authorID callback(null, author); }); @@ -80,27 +80,27 @@ exports.createAuthorIfNotExistsFor = function (authorMapper, name, callback) /** * Returns the AuthorID for a mapper. We can map using a mapperkey, * so far this is token2author and mapper2author - * @param {String} mapperkey The database key name for this mapper + * @param {String} mapperkey The database key name for this mapper * @param {String} mapper The mapper - * @param {Function} callback callback (err, author) + * @param {Function} callback callback (err, author) */ function mapAuthorWithDBKey (mapperkey, mapper, callback) -{ +{ //try to map to an author db.get(mapperkey + ":" + mapper, function (err, author) { if(ERR(err, callback)) return; - + //there is no author with this mapper, so create one if(author == null) { exports.createAuthor(null, function(err, author) { if(ERR(err, callback)) return; - + //create the token2author relation db.set(mapperkey + ":" + mapper, author.authorID); - + //return the author callback(null, author); }); @@ -110,7 +110,7 @@ function mapAuthorWithDBKey (mapperkey, mapper, callback) { //update the timestamp of this author db.setSub("globalAuthor:" + author, ["timestamp"], new Date().getTime()); - + //return the author callback(null, {authorID: author}); } @@ -118,20 +118,20 @@ function mapAuthorWithDBKey (mapperkey, mapper, callback) } /** - * Internal function that creates the database entry for an author - * @param {String} name The name of the author + * Internal function that creates the database entry for an author + * @param {String} name The name of the author */ exports.createAuthor = function(name, callback) { //create the new author name var author = "a." + randomString(16); - + //create the globalAuthors db entry var authorObj = {"colorId" : Math.floor(Math.random()*(exports.getColorPalette().length)), "name": name, "timestamp": new Date().getTime()}; - + //set the global author db entry db.set("globalAuthor:" + author, authorObj); - + callback(null, {authorID: author}); } @@ -212,7 +212,7 @@ exports.listPadsOfAuthor = function (authorID, callback) } //everything is fine, return the pad IDs else - { + { var pads = []; if(author.padIDs != null) { @@ -238,16 +238,16 @@ exports.addPad = function (authorID, padID) { if(ERR(err)) return; if(author == null) return; - + //the entry doesn't exist so far, let's create it if(author.padIDs == null) { author.padIDs = {}; } - + //add the entry for this pad author.padIDs[padID] = 1;// anything, because value is not used - + //save the new element back db.set("globalAuthor:" + authorID, author); }); @@ -264,11 +264,11 @@ exports.removePad = function (authorID, padID) { if(ERR(err)) return; if(author == null) return; - + if(author.padIDs != null) { //remove pad from author - delete author.padIDs[padID]; + delete author.padIDs[padID]; db.set("globalAuthor:" + authorID, author); } }); diff --git a/src/node/db/Pad.js b/src/node/db/Pad.js index d44cb7b36..0cb01cace 100644 --- a/src/node/db/Pad.js +++ b/src/node/db/Pad.js @@ -464,9 +464,10 @@ Pad.prototype.copy = function copy(destinationID, force, callback) { } else force = true; - //kick everyone from this pad - // TODO: this presents a message on the client saying that the pad was 'deleted'. Fix this? - padMessageHandler.kickSessionsFromPad(sourceID); + // Kick everyone from this pad. + // This was commented due to https://github.com/ether/etherpad-lite/issues/3183. + // Do we really need to kick everyone out? + // padMessageHandler.kickSessionsFromPad(sourceID); // flush the source pad: _this.saveToDatabase(); diff --git a/src/node/db/SecurityManager.js b/src/node/db/SecurityManager.js index bbd8cef49..98feafb3a 100644 --- a/src/node/db/SecurityManager.js +++ b/src/node/db/SecurityManager.js @@ -22,6 +22,7 @@ var ERR = require("async-stacktrace"); var async = require("async"); var authorManager = require("./AuthorManager"); +var hooks = require("ep_etherpad-lite/static/js/pluginfw/hooks.js"); var padManager = require("./PadManager"); var sessionManager = require("./SessionManager"); var settings = require("../utils/Settings"); @@ -45,6 +46,14 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback) return; } + // allow plugins to deny access + var deniedByHook = hooks.callAll("onAccessCheck", {'padID': padID, 'password': password, 'token': token, 'sessionCookie': sessionCookie}).indexOf(false) > -1; + if(deniedByHook) + { + callback(null, {accessStatus: "deny"}); + return; + } + // a valid session is required (api-only mode) if(settings.requireSession) { diff --git a/src/node/handler/APIHandler.js b/src/node/handler/APIHandler.js index 179c2b404..05e147058 100644 --- a/src/node/handler/APIHandler.js +++ b/src/node/handler/APIHandler.js @@ -24,17 +24,19 @@ var fs = require("fs"); var api = require("../db/API"); var padManager = require("../db/PadManager"); var randomString = require("../utils/randomstring"); +var argv = require('../utils/Cli').argv; //ensure we have an apikey var apikey = null; +var apikeyFilename = argv.apikey || "./APIKEY.txt"; try { - apikey = fs.readFileSync("./APIKEY.txt","utf8"); + apikey = fs.readFileSync(apikeyFilename,"utf8"); } catch(e) { apikey = randomString(32); - fs.writeFileSync("./APIKEY.txt",apikey,"utf8"); + fs.writeFileSync(apikeyFilename,apikey,"utf8"); } //a list of all functions diff --git a/src/node/handler/ImportHandler.js b/src/node/handler/ImportHandler.js index 6aa94e649..3e3dc195e 100644 --- a/src/node/handler/ImportHandler.js +++ b/src/node/handler/ImportHandler.js @@ -90,7 +90,7 @@ exports.doImport = function(req, res, padId) //this allows us to accept source code files like .c or .java function(callback) { var fileEnding = path.extname(srcFile).toLowerCase() - , knownFileEndings = [".txt", ".doc", ".docx", ".pdf", ".odt", ".html", ".htm", ".etherpad"] + , knownFileEndings = [".txt", ".doc", ".docx", ".pdf", ".odt", ".html", ".htm", ".etherpad", ".rtf"] , fileEndingKnown = (knownFileEndings.indexOf(fileEnding) > -1); //if the file ending is known, continue as normal diff --git a/src/node/hooks/express.js b/src/node/hooks/express.js index 17910e4b2..48dcf56cb 100644 --- a/src/node/hooks/express.js +++ b/src/node/hooks/express.js @@ -25,6 +25,10 @@ exports.createServer = function () { else{ console.warn("Admin username and password not set in settings.json. To access admin please uncomment and edit 'users' in settings.json"); } + var env = process.env.NODE_ENV || 'development'; + if(env !== 'production'){ + console.warn("Etherpad is running in Development mode. This mode is slower for users and less secure than production mode. You should set the NODE_ENV environment variable to production by using: export NODE_ENV=production"); + } } exports.restartServer = function () { diff --git a/src/node/hooks/express/admin.js b/src/node/hooks/express/admin.js index 70539f0c4..0884cde56 100644 --- a/src/node/hooks/express/admin.js +++ b/src/node/hooks/express/admin.js @@ -2,7 +2,7 @@ var eejs = require('ep_etherpad-lite/node/eejs'); exports.expressCreateServer = function (hook_name, args, cb) { args.app.get('/admin', function(req, res) { - if('/' != req.path[req.path.length-1]) return res.redirect('/admin/'); + if('/' != req.path[req.path.length-1]) return res.redirect('./admin/'); res.send( eejs.require("ep_etherpad-lite/templates/admin/index.html", {}) ); }); } diff --git a/src/node/hooks/express/apicalls.js b/src/node/hooks/express/apicalls.js index 4482fd849..e07bbb0be 100644 --- a/src/node/hooks/express/apicalls.js +++ b/src/node/hooks/express/apicalls.js @@ -3,7 +3,7 @@ var apiLogger = log4js.getLogger("API"); var clientLogger = log4js.getLogger("client"); var formidable = require('formidable'); var apiHandler = require('../../handler/APIHandler'); -var isVarName = require('is-var-name'); +var isValidJSONPName = require('./isValidJsonPName'); //This is for making an api call, collecting all post information and passing it to the apiHandler var apiCaller = function(req, res, fields) { @@ -19,7 +19,7 @@ var apiCaller = function(req, res, fields) { apiLogger.info("RESPONSE, " + req.params.func + ", " + response); //is this a jsonp call, if yes, add the function call - if(req.query.jsonp && isVarName(response)) + if(req.query.jsonp && isValidJSONPName.check(req.query.jsonp)) response = req.query.jsonp + "(" + response + ")"; res._____send(response); @@ -46,7 +46,7 @@ exports.expressCreateServer = function (hook_name, args, cb) { //The Etherpad client side sends information about how a disconnect happened args.app.post('/ep/pad/connection-diagnostic-info', function(req, res) { - new formidable.IncomingForm().parse(req, function(err, fields, files) { + new formidable.IncomingForm().parse(req, function(err, fields, files) { clientLogger.info("DIAGNOSTIC-INFO: " + fields.diagnosticInfo); res.end("OK"); }); @@ -54,7 +54,7 @@ exports.expressCreateServer = function (hook_name, args, cb) { //The Etherpad client side sends information about client side javscript errors args.app.post('/jserror', function(req, res) { - new formidable.IncomingForm().parse(req, function(err, fields, files) { + new formidable.IncomingForm().parse(req, function(err, fields, files) { try { var data = JSON.parse(fields.errorInfo) }catch(e){ @@ -64,7 +64,7 @@ exports.expressCreateServer = function (hook_name, args, cb) { res.end("OK"); }); }); - + //Provide a possibility to query the latest available API version args.app.get('/api', function (req, res) { res.json({"currentVersion" : apiHandler.latestApiVersion}); diff --git a/src/node/hooks/express/importexport.js b/src/node/hooks/express/importexport.js index 5ebac1db0..a62942cc0 100644 --- a/src/node/hooks/express/importexport.js +++ b/src/node/hooks/express/importexport.js @@ -2,6 +2,7 @@ var hasPadAccess = require("../../padaccess"); var settings = require('../../utils/Settings'); var exportHandler = require('../../handler/ExportHandler'); var importHandler = require('../../handler/ImportHandler'); +var padManager = require("../../db/PadManager"); exports.expressCreateServer = function (hook_name, args, cb) { args.app.get('/p/:pad/:rev?/export/:type', function(req, res, next) { @@ -22,14 +23,29 @@ exports.expressCreateServer = function (hook_name, args, cb) { res.header("Access-Control-Allow-Origin", "*"); hasPadAccess(req, res, function() { - exportHandler.doExport(req, res, req.params.pad, req.params.type); + console.log('req.params.pad', req.params.pad); + padManager.doesPadExists(req.params.pad, function(err, exists) + { + if(!exists) { + return next(); + } + + exportHandler.doExport(req, res, req.params.pad, req.params.type); + }); }); }); //handle import requests args.app.post('/p/:pad/import', function(req, res, next) { hasPadAccess(req, res, function() { - importHandler.doImport(req, res, req.params.pad); + padManager.doesPadExists(req.params.pad, function(err, exists) + { + if(!exists) { + return next(); + } + + importHandler.doImport(req, res, req.params.pad); + }); }); }); } diff --git a/src/node/hooks/express/isValidJSONPName.js b/src/node/hooks/express/isValidJSONPName.js new file mode 100644 index 000000000..47755ef86 --- /dev/null +++ b/src/node/hooks/express/isValidJSONPName.js @@ -0,0 +1,83 @@ +const RESERVED_WORDS = [ + 'abstract', + 'arguments', + 'await', + 'boolean', + 'break', + 'byte', + 'case', + 'catch', + 'char', + 'class', + 'const', + 'continue', + 'debugger', + 'default', + 'delete', + 'do', + 'double', + 'else', + 'enum', + 'eval', + 'export', + 'extends', + 'false', + 'final', + 'finally', + 'float', + 'for', + 'function', + 'goto', + 'if', + 'implements', + 'import', + 'in', + 'instanceof', + 'int', + 'interface', + 'let', + 'long', + 'native', + 'new', + 'null', + 'package', + 'private', + 'protected', + 'public', + 'return', + 'short', + 'static', + 'super', + 'switch', + 'synchronized', + 'this', + 'throw', + 'throws', + 'transient', + 'true', + 'try', + 'typeof', + 'var', + 'void', + 'volatile', + 'while', + 'with', + 'yield' +]; + +const regex = /^[a-zA-Z_$][0-9a-zA-Z_$]*(?:\[(?:".+"|\'.+\'|\d+)\])*?$/; + +module.exports.check = function(inputStr) { + var isValid = true; + inputStr.split(".").forEach(function(part) { + if (!regex.test(part)) { + isValid = false; + } + + if (RESERVED_WORDS.indexOf(part) !== -1) { + isValid = false; + } + }); + + return isValid; +} diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js index 190021a3e..4cb4b9d3e 100644 --- a/src/node/hooks/express/webaccess.js +++ b/src/node/hooks/express/webaccess.js @@ -20,7 +20,7 @@ exports.basicAuth = function (req, res, next) { // Do not require auth for static paths and the API...this could be a bit brittle if (req.path.match(/^\/(static|javascripts|pluginfw|api)/)) return cb(true); - if (req.path.indexOf('/admin') != 0) { + if (req.path.toLowerCase().indexOf('/admin') != 0) { if (!settings.requireAuthentication) return cb(true); if (!settings.requireAuthorization && req.session && req.session.user) return cb(true); } @@ -36,13 +36,16 @@ exports.basicAuth = function (req, res, next) { var userpass = new Buffer(req.headers.authorization.split(' ')[1], 'base64').toString().split(":") var username = userpass.shift(); var password = userpass.join(':'); - - if (settings.users[username] != undefined && settings.users[username].password == password) { - settings.users[username].username = username; - req.session.user = settings.users[username]; - return cb(true); - } - return hooks.aCallFirst("authenticate", {req: req, res:res, next:next, username: username, password: password}, hookResultMangle(cb)); + var fallback = function(success) { + if (success) return cb(true); + if (settings.users[username] != undefined && settings.users[username].password === password) { + settings.users[username].username = username; + req.session.user = settings.users[username]; + return cb(true); + } + return cb(false); + }; + return hooks.aCallFirst("authenticate", {req: req, res:res, next:next, username: username, password: password}, hookResultMangle(fallback)); } hooks.aCallFirst("authenticate", {req: req, res:res, next:next}, hookResultMangle(cb)); } @@ -126,4 +129,3 @@ exports.expressConfigure = function (hook_name, args, cb) { args.app.use(exports.basicAuth); } - diff --git a/src/node/utils/Cli.js b/src/node/utils/Cli.js index 9419ed26b..154590dc7 100644 --- a/src/node/utils/Cli.js +++ b/src/node/utils/Cli.js @@ -39,5 +39,15 @@ for ( var i = 0; i < argv.length; i++ ) { exports.argv.credentials = arg; } + // Override location of settings.json file + if ( prevArg == '--sessionkey' || prevArg == '-k' ) { + exports.argv.sessionkey = arg; + } + + // Override location of settings.json file + if ( prevArg == '--apikey' || prevArg == '-k' ) { + exports.argv.apikey = arg; + } + prevArg = arg; } diff --git a/src/node/utils/ExportEtherpad.js b/src/node/utils/ExportEtherpad.js index 46ae0d7af..a68ab0b2a 100644 --- a/src/node/utils/ExportEtherpad.js +++ b/src/node/utils/ExportEtherpad.js @@ -22,25 +22,18 @@ var ERR = require("async-stacktrace"); exports.getPadRaw = function(padId, callback){ async.waterfall([ function(cb){ - - // Get the Pad - db.findKeys("pad:"+padId, null, function(err,padcontent){ - if(!err){ - cb(err, padcontent); - } - }) + db.get("pad:"+padId, cb); }, function(padcontent,cb){ + var records = ["pad:"+padId]; + for (var i = 0; i <= padcontent.head; i++) { + records.push("pad:"+padId+":revs:" + i); + } + + for (var i = 0; i <= padcontent.chatHead; i++) { + records.push("pad:"+padId+":chat:" + i); + } - // Get the Pad available content keys - db.findKeys("pad:"+padId+":*", null, function(err,records){ - if(!err){ - for (var key in padcontent) { records.push(padcontent[key]);} - cb(err, records); - } - }) - }, - function(records, cb){ var data = {}; async.forEachSeries(Object.keys(records), function(key, r){ @@ -69,7 +62,7 @@ exports.getPadRaw = function(padId, callback){ } r(null); // callback; }); - }, function(err){ + }, function(err){ cb(err, data); }) } diff --git a/src/node/utils/LibreOffice.js b/src/node/utils/LibreOffice.js index 415772456..3cf63e1d6 100644 --- a/src/node/utils/LibreOffice.js +++ b/src/node/utils/LibreOffice.js @@ -35,7 +35,21 @@ var queue = async.queue(doConvertTask, 1); * @param {Function} callback Standard callback function */ exports.convertFile = function(srcFile, destFile, type, callback) { - queue.push({"srcFile": srcFile, "destFile": destFile, "type": type, "callback": callback}); + // soffice can't convert from html to doc directly (verified with LO 5 and 6) + // we need to convert to odt first, then to doc + // to avoid `Error: no export filter for /tmp/xxxx.doc` error + if (type === 'doc') { + queue.push({ + "srcFile": srcFile, + "destFile": destFile.replace(/\.doc$/, '.odt'), + "type": 'odt', + "callback": function () { + queue.push({"srcFile": srcFile.replace(/\.html$/, '.odt'), "destFile": destFile, "type": type, "callback": callback}); + } + }); + } else { + queue.push({"srcFile": srcFile, "destFile": destFile, "type": type, "callback": callback}); + } }; function doConvertTask(task, callback) { diff --git a/src/node/utils/Settings.js b/src/node/utils/Settings.js index cf7fea80a..08ace60ca 100644 --- a/src/node/utils/Settings.js +++ b/src/node/utils/Settings.js @@ -476,11 +476,12 @@ exports.reloadSettings = function reloadSettings() { } if (!exports.sessionKey) { + var sessionkeyFilename = argv.sessionkey || "./SESSIONKEY.txt"; try { - exports.sessionKey = fs.readFileSync("./SESSIONKEY.txt","utf8"); + exports.sessionKey = fs.readFileSync(sessionkeyFilename,"utf8"); } catch(e) { exports.sessionKey = randomString(32); - fs.writeFileSync("./SESSIONKEY.txt",exports.sessionKey,"utf8"); + fs.writeFileSync(sessionkeyFilename,exports.sessionKey,"utf8"); } } else { console.warn("Declaring the sessionKey in the settings.json is deprecated. This value is auto-generated now. Please remove the setting from the file."); diff --git a/src/package.json b/src/package.json index a29c06e5d..bf2f8858c 100644 --- a/src/package.json +++ b/src/package.json @@ -17,18 +17,18 @@ "etherpad-require-kernel" : "1.0.9", "resolve" : "1.1.7", "socket.io" : "1.7.3", - "ueberdb2" : "0.3.0", + "ueberdb2" : "0.3.8", "express" : "4.13.4", "express-session" : "1.13.0", "cookie-parser" : "1.3.4", "async" : "0.9.0", "clean-css" : "3.4.19", "uglify-js" : "2.6.2", - "formidable" : "1.0.17", + "formidable" : "1.2.1", "log4js" : "0.6.35", "cheerio" : "0.20.0", "async-stacktrace" : "0.0.2", - "npm" : "4.0.2", + "npm" : ">=4.0.2", "ejs" : "2.5.7", "graceful-fs" : "4.1.3", "slide" : "1.1.6", @@ -42,13 +42,12 @@ "channels" : "0.0.4", "jsonminify" : "0.4.1", "measured" : "1.1.0", - "mocha" : "2.4.5", - "supertest" : "1.2.0", - "is-var-name" : "1.0.0" - }, + "mocha" : "5.0.5", + "supertest" : "3.0.0" + }, "bin": { "etherpad-lite": "./node/server.js" }, "devDependencies": { - "wd" : "0.3.11" + "wd" : "1.6.1" }, "engines" : { "node" : ">=0.10.0", "npm" : ">=1.0" @@ -56,6 +55,6 @@ "repository" : { "type" : "git", "url" : "http://github.com/ether/etherpad-lite.git" }, - "version" : "1.6.3", + "version" : "1.6.4", "license" : "Apache-2.0" } diff --git a/src/static/css/iframe_editor.css b/src/static/css/iframe_editor.css index 9aa003aaf..757bfa964 100644 --- a/src/static/css/iframe_editor.css +++ b/src/static/css/iframe_editor.css @@ -31,13 +31,17 @@ body { body.grayedout { background-color: #eee !important } #innerdocbody { - font-size: 12px; /* overridden by body.style */ + font-size: 16px; /* overridden by body.style */ font-family:Arial, sans-serif; /* overridden by body.style */ line-height: 16px; /* overridden by body.style */ background-color: white; color: black; } +.innerdocbody>div{ + padding: 1px; +} + body.doesWrap { /* white-space: pre-wrap; */ @@ -58,9 +62,11 @@ body.doesWrap { white-space: normal; } -body.doesWrap:not(.noprewrap) > div{ - /* Related to #1766 */ - white-space: pre-wrap; +@-moz-document url-prefix() { + body.doesWrap:not(.noprewrap) > div{ + /* Related to #1766 */ + white-space: pre-wrap; + } } #innerdocbody { diff --git a/src/static/css/pad.css b/src/static/css/pad.css index cabde7ef2..484e6f2ab 100644 --- a/src/static/css/pad.css +++ b/src/static/css/pad.css @@ -3,8 +3,9 @@ html, body, p { margin: 0; - padding: 0; + padding: 0px; } + .clear { clear: both } @@ -1071,9 +1072,9 @@ input[type=checkbox] { overflow: auto; } #mycolorpicker { - left: -73px; - top:auto !important; - bottom:33px !important; + left: 0px; + top:37px !important; + position:fixed; /* #mycolorpicker: width -#users: width */; } #editorcontainer { diff --git a/src/static/js/ace2_inner.js b/src/static/js/ace2_inner.js index df9c96425..90cefa506 100644 --- a/src/static/js/ace2_inner.js +++ b/src/static/js/ace2_inner.js @@ -5404,8 +5404,8 @@ function Ace2Inner(){ // height is taken to be the top offset of the next line. If we // didn't do this special case, we would miss out on any top margin // included on the first line. The default stylesheet doesn't add - // extra margins, but plugins might. - h = b.nextSibling.offsetTop; + // extra margins/padding, but plugins might. + h = b.nextSibling.offsetTop - window.getComputedStyle(doc.body).getPropertyValue("padding-top"); } else { h = b.nextSibling.offsetTop - b.offsetTop; } diff --git a/src/templates/export_html.html b/src/templates/export_html.html index b29941c9f..b8893b717 100644 --- a/src/templates/export_html.html +++ b/src/templates/export_html.html @@ -139,6 +139,5 @@ ol > ol > ol > ol > ol > ol > ol > ol > ol > ol > ol > ol > ol > ol > ol > ol { <%- body %> -
JavaScript license information