pengjunjie/server
1
0
Fork 1
mirror of https://github.com/ONLYOFFICE/server.git synced 2026-04-07 14:04:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,042 Commits 51 Branches 8,495 Tags
d886c510e75e6750b94f89d504b0bc129fbe6152
Commit Graph

40 Commits

Author SHA1 Message Date
Sergey Konovalov
d886c510e7 [copyright] Update Copyright 2023-02-26 15:31:59 +03:00
Sergey Konovalov
24cb8e2249 [bug] Fix image file upload from userid with url inside 2022-08-18 15:00:17 +03:00
Sergey Konovalov
41399fa3d4 Feature/multi tenant (#377) 
* [feature] Add tenantManager

* [fix] Fix export

* [schema] Change schema for tenants

* [de] For auth

* [config] Remove unused secret.browser param to unify with multitenancy

* [feature] Add OperationContext to store state of request

* [log] Remove docId and userId from log message

* [feature] Add OperationContext class

* [feature] For logging

* [feature] Add content to some methods

* [feature] For multitenancy

* [feature] For multitenancy

* [feature] For multitenancy

* [feature] For multitenancy

* [feature] For multitenancy

* [feature] For multitenancy

* [feature] Move all tenant logic to tenantManager

* [feature] Fix reading of tenant license

* [feature] Move tenant logic to EditorData interface

* [feature] Use context in SQL queries

* [feature] Refactoring

* [feature] Fix editorDataMemory

* [feature] Fix before merge
 2022-08-02 17:34:06 +03:00
Sergey Konovalov
3160b04c12 [feature] Add 'ooxml', 'odf' as resulting conversion types 2021-07-18 19:21:49 +03:00
Sergey Konovalov
4750d09566 [bug] Fix Path Traversal vulnerability via FileUploader.ashx params 2020-10-19 15:17:16 +03:00
Sergey Konovalov
8740bb8902 [bug] Fix Path Traversal vulnerability via image upload params 2020-08-12 13:49:58 +03:00
Sergey Konovalov
1d2f3c9528 [bug] Fix uploading encrypted image after Revision: 1fef4b7043 2020-05-25 16:44:56 +03:00
Sergey Konovalov
1fef4b7043 [jwt] Move token from url to header when uploading image 
Prevent potential session hijacking using token from server logs
 2020-05-13 17:03:00 +03:00
Sergey Konovalov
a13ba3ea27 [jwt] Prevent vulnerability(downloadAs(with url) creates request to integrator with authorization); Rename token params for clarity 2019-10-10 20:03:31 +03:00
Sergey Konovalov
d804c6b54e [bug] Fix bug 41383 2019-07-11 15:57:04 +03:00
Alexey Golubev
09db4f4410 v5.2.8 2019-02-05 16:25:12 +03:00
Alexander.Trofimov
8576cc397f [copyright] For bug 39644 
Change address Latvian office.
 2019-01-17 12:01:22 +03:00
Alexander.Trofimov
6dfa5f39e6 [copyright] Update Copyright 
2018 -> 2019
 2019-01-17 11:59:54 +03:00
Sergey Konovalov
981741bb84 [request] Send 403 http status to request without permissions 2019-01-09 19:13:30 +03:00
Sergey Konovalov
97cf8b96f0 [bug] For bug 36960 
Fill response Content-Type.
 2018-08-17 19:08:12 +03:00
Sergey Konovalov
36f116fe99 [feature] Allow upload encrypted images 2018-05-25 13:11:28 +03:00
Sergey Konovalov
99eaae21f4 Reduce log level for non-critical errors from error to warn 2018-03-14 14:38:57 +03:00
Pavel Lobashov
61526e53ea Update copyright to 2018 2018-03-01 14:07:54 +03:00
Sergey Konovalov
c95e6f485f feat: add 'converter' as another address for ConverterService.ashx with json output by default 2018-02-05 18:07:40 +03:00
Sergey Konovalov
c5ed6716d7 break: add inbox.inBody param; docbuilder enter in compatibility mode if query params exist 2018-02-02 16:50:29 +03:00
Sergey Konovalov
de6713f766 feat: split inbox secret into browser and request part 2018-02-01 14:18:45 +03:00
Alexey Golubev
fe14962278 v5.0.7 2018-01-15 15:19:39 +03:00
Sergey Konovalov
49180649af change location of jwt when uploading image from link to query string, to prevent problems with IIS URL Rewrite 2017-12-13 17:31:35 +03:00
konovalovsergey
f826e1f4b0 different expires period for session and temporary url 2017-09-28 14:38:09 +03:00
konovalovsergey
f93c2d0193 'use strict'; 2017-02-15 19:40:41 +03:00
Alexander.Trofimov
5cc068db6c change license to 2017 2017-01-17 18:02:27 +03:00
konovalovsergey
cd3a1ebbe2 FileUploader.ashx, ConvertService.ashx return json object if Accept header is 'application/json' 2016-12-08 17:08:16 +03:00
konovalovsergey
055d628e9e checkJwt 2016-11-28 11:42:10 +03:00
konovalovsergey
c9acd8272a separate jwt open and session token;error in strict mode 2016-11-25 19:33:18 +03:00
konovalovsergey
0a165772a8 change config format 2016-11-25 17:51:24 +03:00
konovalovsergey
41c66d1232 extend input params by jwt in http request 2016-11-25 16:56:54 +03:00
konovalovsergey
c87cac8d13 jwt token for http request 2016-11-16 18:06:29 +03:00
konovalovsergey
119524c3bd jwt token on open 2016-11-15 20:40:15 +03:00
konovalovsergey
ce07b4bb10 jwt token on open 2016-11-01 20:19:48 +03:00
Alexander.Trofimov
98a7458aeb add AGPL header 2016-06-20 18:34:32 +03:00
Sergey.Konovalov
a52798f560 tj/co вместо utils.spawn 
git-svn-id: svn://192.168.3.15/activex/AVS/Sources/TeamlabOffice/trunk/nodeJSProjects@68941 954022d7-b5bf-4e40-9824-e11837661b57
 2016-05-18 10:38:44 +03:00
Sergey.Konovalov
9e9955cd6e можно было сделать upload картинки не из списка разрешенных. 
git-svn-id: svn://192.168.3.15/activex/AVS/Sources/TeamlabOffice/trunk/nodeJSProjects@65694 954022d7-b5bf-4e40-9824-e11837661b57
 2016-05-18 10:38:19 +03:00
Sergey.Konovalov
1049192f80 в логи добавлен docId 
git-svn-id: svn://192.168.3.15/activex/AVS/Sources/TeamlabOffice/trunk/nodeJSProjects@65367 954022d7-b5bf-4e40-9824-e11837661b57
 2016-05-18 10:38:13 +03:00
Sergey.Konovalov
1ae91134a8 add log 
git-svn-id: svn://192.168.3.15/activex/AVS/Sources/TeamlabOffice/trunk/nodeJSProjects@65275 954022d7-b5bf-4e40-9824-e11837661b57
 2016-05-18 10:38:10 +03:00
Alexey.Golubev
bc3a8ea8df CoAuthoring -> DocService 
git-svn-id: svn://192.168.3.15/activex/AVS/Sources/TeamlabOffice/trunk/nodeJSProjects@64979 954022d7-b5bf-4e40-9824-e11837661b57
 2016-05-18 10:38:05 +03:00