Commit graph

6 commits

Author SHA1 Message Date
David Mehren
0ca8e2dc7d
Fix error import
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:07 +02:00
David Mehren
9f284b752b
Use import syntax for logger and config
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:05 +02:00
Yannick Bungers
bb8297dca3
Added Types to actions.js and reformat
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:04 +02:00
David Mehren
77e336dfda
Various refactors to use the new models
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:01 +02:00
Sheogorath
a2522888b2
Remove PDF export
As we already decleared in earlier versions, this patch removes PDF
export entirely. It's a not acceptable security risk for every CodiMD
instance.

The current implementation allowed to extract arbitary files from the
CodiMD host and therefore leaking secrets from a `/etc/passwd` to
CodiMD's own config files and all secrets contained in it.

Thanks to Joona for finding this vulnerability in August last year,
which lead to an emergency disabling of PDF exports in 1.5.0.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-26 15:05:54 +01:00
David Mehren
f6eec0ce90
Convert first files to TypeScript
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-02-24 15:08:23 +01:00