github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-09-16 02:52:31 -04:00
Code Issues Projects Releases Packages Wiki Activity
overleaf/services/web/app/coffee/Features
History
Simon Detheridge 56dcbefb5b Check for safe paths in all ProjectEntityHandler methods 
Some import mechanisms (for example, Github project import) call methods such as 'upsert*' directly, bypassing existing filename checks.

Added checks to all methods in ProjectEntityHandler that can create or rename a file.

bug: overleaf/sharelatex#908
Signed-off-by: Simon Detheridge <s@sd.ai>
2018-10-08 15:31:04 +01:00
..
Analytics review fixes and moving licences endpoint to module 2018-08-23 14:39:48 +01:00
Announcements Update analytics manager to use new path 2018-02-07 09:39:00 +00:00
Authentication Fix ordering of boolean check to be more readable 2018-10-08 11:25:24 +01:00
Authorization use ProjectGetter rather than Project directly 2018-02-16 08:55:09 +00:00
BetaProgram remove UserLocator 2018-05-28 14:11:13 +02:00
Blog
Captcha remove 'script blocker' from recaptcha message 2018-02-07 14:24:15 +00:00
Chat
Collaborators use multiple emails when relevant 2018-06-08 17:53:45 +02:00
Compile Merge branch 'master' into ns-use-regex-test 2018-08-27 14:26:51 -04:00
Contacts fix undefined last name 2018-06-26 07:50:31 -04:00
Cooldown
Docstore
Documents return projectHistoryId in DocumentController.getDoc 2018-04-13 13:45:02 +01:00
DocumentUpdater send projectHistoryId with resync requests 2018-04-13 13:45:03 +01:00
Downloads Replace ShareLaTeX with Overleaf in name of multiple project download file (Closes: #963) 2018-09-24 16:33:54 +01:00
Editor remove unused call to UserGetter.getUser 2018-09-13 17:39:30 +01:00
Email Remove secondary CTA link from account merge confirmation email 2018-10-05 13:19:05 +01:00
Errors Add error handling for InvalidError 2018-10-08 10:44:25 +01:00
Exports make the zip fetching endpoint for exports generic to either zips or pdfs 2018-09-27 16:11:11 +01:00
FileStore
HealthCheck added a /health_check/mongo endpoint 2018-08-29 11:24:01 +01:00
Helpers use EmailHelper.parseEmail on registration 2018-06-11 12:31:18 +02:00
History Revert "Record and show last modified by user for projects" 2018-09-13 14:00:30 +01:00
InactiveData
Institutions add getInstitutionsPlan function 2018-09-24 13:16:31 +01:00
LinkedFiles Merge branch 'sk-flush-when-refreshing-linked-file' 2018-08-29 09:27:05 +01:00
Metadata
Newsletter change email: catch invalid emails and don't pass the error back on invalid requests 2018-08-31 11:06:55 +01:00
Notifications move call for creating ip matched notifcation to project controller 2018-09-05 15:40:59 +01:00
PasswordReset Send out confirmation emails on register and record confirmedAt date 2018-06-21 10:21:15 +01:00
Project Check for safe paths in all ProjectEntityHandler methods 2018-10-08 15:31:04 +01:00
RealTimeProxy
Referal Return blank features, not default features if no bonuses 2018-07-06 09:09:41 +01:00
References add references host into settings 2018-05-30 15:28:59 +01:00
Security Just generate a new token on resending confirmation email 2018-07-13 10:42:31 +01:00
ServerAdmin
Spelling
StaticPages Add v2 homepage 2018-09-20 08:57:07 -05:00
Subscription Merge pull request #893 from sharelatex/ja-fix-duplicate-text-in-email 2018-09-28 11:15:40 +01:00
SudoMode Remove stray log 2018-10-04 15:05:40 +01:00
SystemMessages
Tags add new tag methods 2018-09-03 10:40:28 -04:00
Templates Lookup correct compiler when importing v1 templates 2018-10-04 16:42:03 +01:00
ThirdPartyDataStore First pass at URL based linked files 2018-03-05 10:37:00 +00:00
TokenAccess use v1 doc info api 2018-10-02 11:16:46 -04:00
Uploads Add latexmkrc in FileTypeManager 2018-05-10 16:59:58 -04:00
User Refactor to validate in AuthenticationManager 2018-10-08 10:44:25 +01:00
V1 WIP: trying to get acceptance tests to pass 2018-10-04 15:05:40 +01:00