Commit Graph

1964 Commits

Author SHA1 Message Date
Chad Weider b29fc11e9d Upgrade to Yajsml bug fix. 2012-10-02 19:57:23 -07:00
Richard Braakman 85b44119ae USERINFO_UPDATE: construct a new message for broadcast
The server was reusing the client's message when broadcasting userinfo
updates. This would allow a malicious client to insert arbitrary fields
into a message that the other clients would trust as coming from the
server. For example, adding "disconnect" or renaming other authors.

This commit fixes it by having the server construct a new message with
known fields before broadcasting.
2012-10-02 23:27:30 +03:00
d-a-n 4652751285 Updated docs for new pad hooks (add, edit, remove) 2012-10-02 22:32:30 +03:00
d-a-n 64a3d60b94 Added pad hooks (create, load, edit, remove) 2012-10-02 22:30:13 +03:00
d-a-n c0f2e557d3 Updated docs for new pad hooks (add, edit, remove) 2012-10-02 22:11:54 +03:00
d-a-n 07c33c77c4 Updated docs for new pad hooks (add, edit, remove) 2012-10-02 22:10:18 +03:00
John McLear 2cf46d3964 Merge pull request #1031 from gedion/develop
Update docs for new hooks and ace exposures
2012-10-02 11:31:58 -07:00
John McLear c0a2202e34 Merge pull request #1033 from marcelklehr/fix/shutdown-on-middlware-error
Don't shut down the whole server, if error handling middleware is called...
2012-10-02 11:31:41 -07:00
Marcel Klehr 7656001cb5 Don't shut down the whole server, if error handling middleware is called.
The errors passed to error handling middleware aren't that severe, so it's fine to just stay alive...
2012-10-02 20:11:18 +02:00
johnyma22 649a28b6c6 first user contributed test, note the two files that needed to be edited, this kinda sucks 2012-10-02 15:32:31 +01:00
John McLear 56453409a5 Update src/static/js/pad_editbar.js
Somehow </iframe> was no more.  Now it is back..  Oh boy.
2012-10-02 02:19:44 +02:00
Gedion 6009903095 added comments to ace exposed methods 2012-10-01 19:18:19 -05:00
Gedion 61022be6e4 added comments to ace exposed methods 2012-10-01 19:14:27 -05:00
Peter 'Pita' Martischka ba4ebbba3b Setted up an enviroment for frontend tests, first steps 2012-10-02 00:35:43 +01:00
John McLear 7f6a81b0ed Merge pull request #1006 from cweider/ace-cleanup
Ace cleanup
2012-10-01 13:05:10 -07:00
Gedion 3fe3df91ae update docs for new hooks and ace exposures 2012-09-30 17:13:14 -05:00
John McLear c75941d1e3 Merge pull request #1028 from amtep/develop
Fix server crash if client disconnects too soon after connecting
2012-09-30 04:22:36 -07:00
John McLear d91b1ecd24 Merge pull request #1020 from marcelklehr/fix/express-v3
Fixes for express-v3 branch
2012-09-30 04:22:17 -07:00
Richard Braakman 2e72a1e489 Prevent server crash in handleClientReady
The client might have disconnected between callbacks so don't try to
write to the session before checking this. The main callback of this
function now has a single check at its top.

Removed a redundant check halfway through the callback.

Also normalized use of client.id for the session index instead of a mix of
client.id and sessionId.

Added some explanatory comments.
2012-09-28 23:23:00 +03:00
Richard Braakman 413ddb393e Add some explanatory comments to handleUserChanges() 2012-09-28 22:49:20 +03:00
Marcel Klehr 3578e36616 Merge pull request #1025 from amtep/develop
Fix race condition and a stack error caused by too old changesets
2012-09-28 05:43:47 -07:00
Richard Braakman 7aaef01346 Prettify session handling in handleUserChanges
Also add a comment to explain what's going on with thisSession.
No changes in behavior.
2012-09-27 23:07:00 +03:00
Richard Braakman f1b4206cad Fix crash when client submits changeset based on too-old revision
We had a problem with the server running out of stack space if a client
submitted a changeset based on a revision more than about 1000 revs old.
(944 was our cutoff but yours may vary). This happened in the wild with
about 30 people editing via flaky wifi. A disconnected client would try
to submit a fairly old changeset when reconnecting, and a few minutes
was enough for 30 people to generate that many revs.

The stack kept growing because pad.getRevisionChangeset was being answered
from the cache, so no I/O interrupted the callback chain. (This was seen with
mysql, I don't know about other backends.)

This patch forces a nextTick every 200 revisions to solve this problem.
2012-09-26 03:01:59 +03:00
Richard Braakman e16008b371 Fix sessioninfos race that can cause crash during USER_CHANGES handling
When stress testing etherpad-lite we occasionally got this error:

TypeError: Cannot read property 'author' of undefined
    at /home/etherpad/etherpad-lite/src/node/handler/PadMessageHandler.js:556:47

handleUserChanges was accessing sessioninfos[client.id].author in a callback,
after spending some time in the loop that updates the changeset to the
latest revision. It's possible for a disconnect request to be processed
during that loop so the session might no longer be there.

This patch fixes it by looking up the author at the start of the function.
2012-09-26 03:01:59 +03:00
Marcel Klehr 49799bfa97 Merge pull request #1018 from cweider/fix-windows
Upgrade to Yajsml with another Windows backslash fix.
2012-09-22 07:17:53 -07:00
Marcel Klehr 1c38f5bab9 Update docs 2012-09-22 16:04:30 +02:00
Marcel Klehr 0c9c1f514f Fix socket.io auth: Use connect to parse signed cookies (migrate to express v3) 2012-09-22 16:03:40 +02:00
Marcel Klehr 0f436d5916 Migrate error handling middleware to express v3 2012-09-22 15:22:15 +02:00
Marcel Klehr 794c3d1afe Set secret on cookieParser (migrate to express v3) 2012-09-22 14:05:41 +02:00
Marcel Klehr 71579d1478 Fix res.send (migrate to express v3) 2012-09-22 13:51:39 +02:00
John McLear 3c828ab1a6 Merge pull request #1019 from marcelklehr/feature/github-contributing-file
Let Github know our Dev Guidelines
2012-09-22 04:04:16 -07:00
Marcel Klehr 087560ea6c Let Github know our Dev Guidelines
https://github.com/blog/1184-contributing-guidelines
2012-09-22 12:55:49 +02:00
Chad Weider 622819ba93 Make intialization of Ace2Inner analogous to other page controllers. 2012-09-21 22:09:55 -07:00
Chad Weider 9f5946c942 Reformat Ace2Editor frame boot scripts. 2012-09-21 22:09:55 -07:00
Chad Weider fa65f889ec Consolidate Ace2Editor frame's boot script. 2012-09-21 22:09:55 -07:00
Chad Weider 49915dfeb8 Upgrade to Yajsml with another Windows backslash fix. 2012-09-21 22:09:44 -07:00
Marcel Klehr ff7cf991c9 Upgrade log4js to v0.5 2012-09-21 21:39:08 +02:00
Marcel Klehr 4416210471 Differentiate between http server and express app 2012-09-21 17:12:22 +02:00
John McLear cd3e65e043 Merge pull request #1015 from marcelklehr/fix/multiSession-foreach
Fix async.forEach in MultiSession code
2012-09-19 10:07:20 -07:00
Marcel Klehr a72ade4494 Fix async.forEach in MultiSession code 2012-09-19 17:48:26 +02:00
Marcel Klehr b9da0e187e Revert "Fixed foreach loop on session IDs, was breaking EP on single session in cookie."
This reverts commit 443a71bc9c.

	modified:   src/node/db/SecurityManager.js
2012-09-19 17:42:36 +02:00
John McLear 0883043eb9 Merge pull request #1014 from marcelklehr/feature/list-all-groups
Add listAllGroups API endpoint
2012-09-18 15:36:19 -07:00
John McLear f81a110229 Merge pull request #1013 from eldiddio/develop
Fixed foreach loop on session IDs, was breaking EP on single session in cookie
2012-09-18 08:53:43 -07:00
johnyma22 443a71bc9c Fixed foreach loop on session IDs, was breaking EP on single session in cookie. 2012-09-18 16:30:26 +01:00
John McLear 923b51033b List 12 plugins instead of 4
4 was a bit stingy :)  12 is a bit more friendly from a UX persepctive.
2012-09-18 15:54:08 +02:00
John McLear 363ce7a9ad Merge pull request #1008 from marcelklehr/fix/api-v1.1
Still support API endpoints of v1 in v1.1
2012-09-17 14:19:31 -07:00
Marcel Klehr f8f002adc0 Add listAllGroups API endpoint
Adds a database key that lists all groups
2012-09-17 23:03:56 +02:00
Charlie DeTar 53113644a0 Require userColor to be valid css hex
The utility functions colorutils.js assume that background colors are in
CSS hex format, so require userColor to do the same, rather than
allowing inputs like "red" and "rgba(...)", to insure that inversion
checks will succeed.
2012-09-17 10:59:12 -04:00
Marcel Klehr bbc8848af3 Still support API endpoints of v1 in v1.1 2012-09-17 16:29:39 +02:00
John McLear 9cfcafb852 Merge pull request #1005 from cweider/fix-ie
Remember, the `class` symbol is reserved in some environments.
2012-09-17 04:53:42 -07:00