Commit e509824f authored by Stefan's avatar Stefan

Merge new release into master branch!

parents 24b0712d 2393ea01
# 1.5.6
* Fix: Error on windows installations
# 1.5.5
* SECURITY: Also don't allow read files on directory traversal on minify paths
* NEW: padOptions can be set in settings.json now
......
......@@ -92,7 +92,7 @@ Documentation can be found in `docs/`.
# Development
## Things you should know
Read this [git guide](http://learn.github.com/p/index.html) and watch this [video on getting started with Etherpad Development](http://youtu.be/67-Q26YH97E).
Understand [git](https://training.github.com/) and watch this [video on getting started with Etherpad Development](http://youtu.be/67-Q26YH97E).
If you're new to node.js, start with Ryan Dahl's [Introduction to Node.js](http://youtu.be/jo_B4LTHi3I).
......
#!/bin/sh
NODE_VERSION="0.10.38"
NODE_VERSION="0.12.2"
#Move to the folder where ep-lite is installed
cd `dirname $0`
......@@ -56,8 +56,6 @@ echo "remove git history to reduce folder size"
rm -rf .git/objects
echo "remove windows jsdom-nocontextify/test folder"
rm -rf /tmp/etherpad-lite-win/node_modules/ep_etherpad-lite/node_modules/jsdom-nocontextifiy/test/
rm -rf /tmp/etherpad-lite-win/src/node_modules/jsdom-nocontextifiy/test/
rm -rf /tmp/etherpad-lite-win/src/node_modules/wd/node_modules/request/node_modules/form-data/node_modules/combined-stream/test
rm -rf /tmp/etherpad-lite-win/src/node_modules/nodemailer/node_modules/mailcomposer/node_modules/mimelib/node_modules/encoding/node_modules/iconv-lite/encodings/tables
......
......@@ -143,8 +143,11 @@ function minify(req, res, next)
// No relative paths, especially if they may go up the file hierarchy.
filename = path.normalize(path.join(ROOT_DIR, filename));
filename = filename.replace(/\.\./g, '')
if (filename.indexOf(ROOT_DIR) == 0) {
filename = filename.slice(ROOT_DIR.length);
filename = filename.replace(/\\/g, '/')
} else {
res.writeHead(404, {});
res.end();
......@@ -165,6 +168,7 @@ function minify(req, res, next)
var plugin = plugins.plugins[library];
var pluginPath = plugin.package.realPath;
filename = path.relative(ROOT_DIR, pluginPath + libraryPath);
filename = filename.replace(/\\/g, '/'); // windows path fix
} else if (LIBRARY_WHITELIST.indexOf(library) != -1) {
// Go straight into node_modules
// Avoid `require.resolve()`, since 'mustache' and 'mustache/index.js'
......
......@@ -55,5 +55,5 @@
"repository" : { "type" : "git",
"url" : "http://github.com/ether/etherpad-lite.git"
},
"version" : "1.5.5"
"version" : "1.5.6"
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment