libretic/etherpad-lite
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
1852 commits 2 branches 0 tags 24 MiB
Commit graph

1852 commits

This branch
This branch
All branches
Author SHA1 Message Date
Richard Braakman
e4841212a6 USERINFO_UPDATE: construct a new message for broadcast 
The server was reusing the client's message when broadcasting userinfo
updates. This would allow a malicious client to insert arbitrary fields
into a message that the other clients would trust as coming from the
server. For example, adding "disconnect" or renaming other authors.

This commit fixes it by having the server construct a new message with
known fields before broadcasting.
 2012-10-11 17:29:29 +02:00
Dmitry
8ea3ee080f fix for error handling in callback code 
The callback code does not follow error handling guidelines, thus always
receiving NULL instead of results array.
 2012-10-11 17:12:16 +02:00
Dmitry
e0d4a16208 fixed variable name in handleMessageHook 
the code would never work as expected with this type
 2012-10-11 16:54:36 +02:00
Marcel Klehr
3dede0528c Fix issue caused by broken async update 
Conflicts:

	src/package.json
 2012-10-11 16:54:27 +02:00
John McLear
3caa030c39 Merge pull request #1040 from Pita/release/releases-1.1.3 
Release/releases 1.1.3 -- More of a hotfix than a release but we strongly recommend updating.
 2012-10-03 10:08:44 -07:00
John McLear
f408d0f9c7 Merge pull request #1038 from cweider/fix-relative 
Upgrade to Yajsml bug fix.
 2012-10-03 06:16:28 -07:00
Chad Weider
b29fc11e9d Upgrade to Yajsml bug fix. 2012-10-02 19:57:23 -07:00
John McLear
2cf46d3964 Merge pull request #1031 from gedion/develop 
Update docs for new hooks and ace exposures
 2012-10-02 11:31:58 -07:00
John McLear
c0a2202e34 Merge pull request #1033 from marcelklehr/fix/shutdown-on-middlware-error 
Don't shut down the whole server, if error handling middleware is called...
 2012-10-02 11:31:41 -07:00
Marcel Klehr
7656001cb5 Don't shut down the whole server, if error handling middleware is called. 
The errors passed to error handling middleware aren't that severe, so it's fine to just stay alive...
 2012-10-02 20:11:18 +02:00
John McLear
56453409a5 Update src/static/js/pad_editbar.js 
Somehow </iframe> was no more.  Now it is back..  Oh boy.
 2012-10-02 02:19:44 +02:00
Gedion
6009903095 added comments to ace exposed methods 2012-10-01 19:18:19 -05:00
Gedion
61022be6e4 added comments to ace exposed methods 2012-10-01 19:14:27 -05:00
John McLear
7f6a81b0ed Merge pull request #1006 from cweider/ace-cleanup 
Ace cleanup
 2012-10-01 13:05:10 -07:00
Gedion
3fe3df91ae update docs for new hooks and ace exposures 2012-09-30 17:13:14 -05:00
John McLear
c75941d1e3 Merge pull request #1028 from amtep/develop 
Fix server crash if client disconnects too soon after connecting
 2012-09-30 04:22:36 -07:00
Peter 'Pita' Martischka
a2394fc3a6 Merge branch 'develop' into releases-1.1.2 2012-09-29 17:52:56 +01:00
Richard Braakman
2e72a1e489 Prevent server crash in handleClientReady 
The client might have disconnected between callbacks so don't try to
write to the session before checking this. The main callback of this
function now has a single check at its top.

Removed a redundant check halfway through the callback.

Also normalized use of client.id for the session index instead of a mix of
client.id and sessionId.

Added some explanatory comments.
 2012-09-28 23:23:00 +03:00
Richard Braakman
413ddb393e Add some explanatory comments to handleUserChanges() 2012-09-28 22:49:20 +03:00
Marcel Klehr
3578e36616 Merge pull request #1025 from amtep/develop 
Fix race condition and a stack error caused by too old changesets
 2012-09-28 05:43:47 -07:00
Richard Braakman
7aaef01346 Prettify session handling in handleUserChanges 
Also add a comment to explain what's going on with thisSession.
No changes in behavior.
 2012-09-27 23:07:00 +03:00
Richard Braakman
f1b4206cad Fix crash when client submits changeset based on too-old revision 
We had a problem with the server running out of stack space if a client
submitted a changeset based on a revision more than about 1000 revs old.
(944 was our cutoff but yours may vary). This happened in the wild with
about 30 people editing via flaky wifi. A disconnected client would try
to submit a fairly old changeset when reconnecting, and a few minutes
was enough for 30 people to generate that many revs.

The stack kept growing because pad.getRevisionChangeset was being answered
from the cache, so no I/O interrupted the callback chain. (This was seen with
mysql, I don't know about other backends.)

This patch forces a nextTick every 200 revisions to solve this problem.
 2012-09-26 03:01:59 +03:00
Richard Braakman
e16008b371 Fix sessioninfos race that can cause crash during USER_CHANGES handling 
When stress testing etherpad-lite we occasionally got this error:

TypeError: Cannot read property 'author' of undefined
    at /home/etherpad/etherpad-lite/src/node/handler/PadMessageHandler.js:556:47

handleUserChanges was accessing sessioninfos[client.id].author in a callback,
after spending some time in the loop that updates the changeset to the
latest revision. It's possible for a disconnect request to be processed
during that loop so the session might no longer be there.

This patch fixes it by looking up the author at the start of the function.
 2012-09-26 03:01:59 +03:00
Marcel Klehr
49799bfa97 Merge pull request #1018 from cweider/fix-windows 
Upgrade to Yajsml with another Windows backslash fix.
 2012-09-22 07:17:53 -07:00
John McLear
3c828ab1a6 Merge pull request #1019 from marcelklehr/feature/github-contributing-file 
Let Github know our Dev Guidelines
 2012-09-22 04:04:16 -07:00
Marcel Klehr
087560ea6c Let Github know our Dev Guidelines 
https://github.com/blog/1184-contributing-guidelines
 2012-09-22 12:55:49 +02:00
Chad Weider
622819ba93 Make intialization of Ace2Inner analogous to other page controllers. 2012-09-21 22:09:55 -07:00
Chad Weider
9f5946c942 Reformat Ace2Editor frame boot scripts. 2012-09-21 22:09:55 -07:00
Chad Weider
fa65f889ec Consolidate Ace2Editor frame's boot script. 2012-09-21 22:09:55 -07:00
Chad Weider
49915dfeb8 Upgrade to Yajsml with another Windows backslash fix. 2012-09-21 22:09:44 -07:00
John McLear
cd3e65e043 Merge pull request #1015 from marcelklehr/fix/multiSession-foreach 
Fix async.forEach in MultiSession code
 2012-09-19 10:07:20 -07:00
Marcel Klehr
a72ade4494 Fix async.forEach in MultiSession code 2012-09-19 17:48:26 +02:00
Marcel Klehr
b9da0e187e Revert "Fixed foreach loop on session IDs, was breaking EP on single session in cookie." 
This reverts commit 443a71bc9c.

	modified:   src/node/db/SecurityManager.js
 2012-09-19 17:42:36 +02:00
John McLear
0883043eb9 Merge pull request #1014 from marcelklehr/feature/list-all-groups 
Add listAllGroups API endpoint
 2012-09-18 15:36:19 -07:00
John McLear
f81a110229 Merge pull request #1013 from eldiddio/develop 
Fixed foreach loop on session IDs, was breaking EP on single session in cookie
 2012-09-18 08:53:43 -07:00
johnyma22
443a71bc9c Fixed foreach loop on session IDs, was breaking EP on single session in cookie. 2012-09-18 16:30:26 +01:00
John McLear
923b51033b List 12 plugins instead of 4 
4 was a bit stingy :)  12 is a bit more friendly from a UX persepctive.
 2012-09-18 15:54:08 +02:00
John McLear
363ce7a9ad Merge pull request #1008 from marcelklehr/fix/api-v1.1 
Still support API endpoints of v1 in v1.1
 2012-09-17 14:19:31 -07:00
Marcel Klehr
f8f002adc0 Add listAllGroups API endpoint 
Adds a database key that lists all groups
 2012-09-17 23:03:56 +02:00
Marcel Klehr
bbc8848af3 Still support API endpoints of v1 in v1.1 2012-09-17 16:29:39 +02:00
John McLear
9cfcafb852 Merge pull request #1005 from cweider/fix-ie 
Remember, the `class` symbol is reserved in some environments.
 2012-09-17 04:53:42 -07:00
Chad Weider
a0177e5d3c Remember, the class symbol is reserved in some environments. 
Fixes issue introduced in 9be69ef258.
 2012-09-16 18:07:55 -07:00
Marcel Klehr
2cd586e022 Resolve merge conflicts 
Conflicts:
	README.md
 2012-09-15 19:49:29 +02:00
John McLear
6f37de2fae Update src/package.json 
Bump to v 1.1.2
 2012-09-14 17:33:45 +02:00
John McLear
e9e3ea305b Merge pull request #992 from gedion/develop 
Added hooks and made some ace functions available to editorInfo Object
 2012-09-14 04:51:17 -07:00
John McLear
ba8177fc6f Merge pull request #999 from lepidum/develop 
Fixed international composition issues (e.g., Japanese Input method)
 2012-09-14 04:50:08 -07:00
lepidum
22315cd30e Merge pull request #2 from ayokura/fix-international-composition 
Fixed international composition issues (e.g., Japanese Input method)
 2012-09-14 00:17:49 -07:00
NAGOYA, Yoshihiko
71c9444694 fix for InternationalComposition(e.g., Japanese Input) 
moved inInternationalComposition from Ace2Inner to top window
fix bindTheEventHandlers() because ie9 implement CompositionEvent
when inInternationalComposition, NEW_CHANGES msg and ACCEPT_COMMIT msg
are pushed msgQueue.
when handleUserChanges(), apply msgQueue.
 2012-09-13 23:37:26 +09:00
John McLear
c2f5fc32cc Merge pull request #998 from marcelklehr/bump/api-version-1.1 
Bump API version to v1.1
 2012-09-13 07:20:44 -07:00
Marcel Klehr
ad16c0d0d4 Bump API version to v1.1 2012-09-13 16:13:54 +02:00