Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-09-22 01:50:48 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
10346 commits 1 branch 823 tags 89 MiB
Commit graph

88 commits

Author SHA1 Message Date
Martin Filser
6e1ef3d94a Move every Users.findOne() to the ReactiveCache 2023-07-18 21:25:28 +02:00
Martin Filser
9022e9949f Move every Boards.findOne(Session.get('currentBoard')) to the ReactiveCache 2023-07-18 21:25:28 +02:00
Lauri Ojansivu
382168a5b4 Try to fix some security issues. Part 2. 
Thanks to responsible security disclosure contributors and xet7 !
 2023-02-20 16:48:02 -05:00
Lauri Ojansivu
ff993e7c91 Try to fix some security issues. 
Thanks to responsible security disclosure contributors and xet7 !
 2023-02-20 01:21:33 +02:00
Lauri Ojansivu
8560b36a5a Revert Fix Open card links in current tab. So now links open in new tab. 
Thanks to dvsk, mfilser and xet7 !

Fixes https://github.com/wekan/wekan/discussions/3534
 2022-08-14 14:10:44 +03:00
Lauri Ojansivu
ee3c5cbb6a Fix Open card links in current tab. Not in new tab anymore. 
Thanks to bronger, ManZosh and xet7 !

Fixes https://github.com/wekan/wekan/discussions/3534
 2022-08-13 12:54:37 +03:00
David Arnold
be712541d5 Revert "Do those imports!" 
This reverts commit 64dcc70bd2.
 2022-02-06 13:19:58 +03:00
David Arnold
3da88ed858 Do those imports! 2022-02-06 13:19:58 +03:00
David Arnold
e702f17c7b Ref: original & and use fileObj.meta 
fileObj.meta is part of the ostrio:files API and be passed to the
constructor. This is less hacky than trying tu update a persistet object
after the fact.
 2022-02-06 13:19:58 +03:00
David Arnold
16506e7a6a Ref: Attachment upload handlers 2022-02-06 13:19:58 +03:00
David Arnold
55acce9f0c Ref: Attachment upload handlers 2022-02-06 13:19:57 +03:00
Ben0it-T
4589c3df15 User mentions now return @username (full name) - part 2 2022-01-02 19:35:47 +01:00
Ben0it-T
a160b662ef User mentions now return @username (full name) 2022-01-02 18:44:28 +01:00
Martin Filser
7444c11c82 Moved "copied!" code to Utils 
- same implementation in all files, so it's better to have one function
  for it
 2021-11-25 23:16:09 +01:00
Martin Filser
6d3ecdea55 Changed copy icon to a "href" link 
- mouse hover changes the icon
 2021-11-25 23:16:09 +01:00
Martin Filser
7db1445d09 Added copy button to all editor's 2021-11-25 23:16:09 +01:00
Martin Filser
fdf40f4584 Use Utils#getCurrentCard() everywhere in the code 2021-10-20 18:41:33 +02:00
Emile NDAGIJIMANA
d9329a9e15 add full name if exists in email-invite-subject or when tagging someone with '@' while commenting a card 2021-10-18 15:26:01 +02:00
Kai Lehmann
547d82fe57 adds handles to notifiy board or card members 2021-08-03 23:35:12 +02:00
Lauri Ojansivu
ec01e5182d Fixed Line break which is wrongly added in Cards description and Cards comments. 
Added Code View `</>` button when RICHER_CARD_COMMENT_EDITOR=true and in desktop view
(=non-mobile, so there is enough screen space for buttons in desktop view).

Thanks to Emile840 and xet7 !

Fixes #3885
 2021-07-06 20:59:47 +03:00
Lauri Ojansivu
5ab20a9257 Added markdown-it-mermaid for some charts support in all input fields. Replaced xss with dompurify. 
Thanks to xuguotong and xet7 !

Fixes #3794
 2021-05-07 02:13:20 +03:00
Lauri Ojansivu
c2da477735 Fixed Non-ASCII attachment filename will crash when downloading. 
Thanks to xet7 !

Fixes #2759
 2021-04-29 13:26:49 +03:00
ryanMushy
e380ad26c2 Images are uploaded twice 
- make sure only pastes which contain text are processed
- remove execCommand() as it results in errors
- enable drag & drop
- fix resize buttons to be the proper summernote commands
- remove un-needed comma
 2021-04-26 23:31:07 -07:00
Lauri Ojansivu
6ff9c5b58d Added German (Switzerland) (de_CH) Part 3. 
Fixed lint.

Thanks to translators and xet7 !
 2021-04-16 21:47:39 +03:00
ryanMushy
96c6fa0276 - Add new button to insert a URL link 
- Add new popover allowing you to edit URL links
- enable spell check and grammerly extension
 2021-04-14 18:31:32 -07:00
Lauri Ojansivu
47ecc654b8 Added back Summernote editor. Removed emoji picker. 
Thanks to ryanMushy and xet7 !

Related 84fde1ecfc (commitcomment-48956373)
 2021-04-01 00:30:46 +03:00
Lauri Ojansivu
84fde1ecfc Added emoji picker to card description edit and card comment edit. 
Removed Summernote wysiwyg editor, package-lock.json etc.

Thanks to xet7 !
 2021-03-28 06:56:05 +03:00
tod31
2c30714c6f
Update editor.js 
add custom URL schemes for SolidWorks PDM (conisio:) and abas ERP (abasurl:)
 2021-01-26 13:54:22 +01:00
Lauri Ojansivu
6253bbdc0b Fix file permissions. 2021-01-18 12:22:00 +02:00
Lauri Ojansivu
3977f2187a Try to allow links to onenote, mailspring and file. 
Thanks to lime918, rgalonso, ocdtrekkie, gkarachuk and xet7 !

Fixes #1615
 2021-01-13 00:02:17 +02:00
Lauri Ojansivu
9d2a9ee70b Fix lint. 2020-11-29 04:19:28 +02:00
brian-j
1741808e53 Replace tabs with spaces 2020-11-10 22:01:04 -03:00
brian-j
0180196d7e Alter call to sanitizeXss 
Addressing feature: Custom URL Schemes autolinked #3218

Create a custom SafeAttrValue function which can allow non-standard protocols such as thunderlink: cbthunderlink: and aodroplink: to operate correctly without getting the value stripped away. Any other protocols and code remain to be processed by the default safeAttrValue routine.
 2020-11-10 18:03:17 -03:00
Lauri Ojansivu
4e2d337620 When RICHER_CARD_COMMENT_EDITOR=true, use richer editor 
also when editing card description.

Thanks to xet7 !
 2020-11-02 21:58:13 +02:00
Lauri Ojansivu
d52affe658 Move In Progress ostrio-files changes to separate branch, and revert ostrio-files changes, so that: 
- Export to CSV/TSV with custom fields works
- Attachments are not exported to disk
- It is possible to build arm64/s390x versions again.

Thanks to xet7 !

Related #3110
 2020-05-25 17:54:51 +03:00
Romulus Tsai 蔡仲明
0735981366 Merge branch 'master' into lib-change 2020-05-14 16:47:05 +08:00
Romulus Tsai 蔡仲明
c3458855bd Merge branch 'master' into lib-change 2020-05-08 10:13:11 +08:00
Nico
3cc0a93e0e Card vote options in new fork 2020-05-03 00:33:15 +02:00
Lauri Ojansivu
033d671047 Fix richer editor submit did not clear edit area. 
Thanks to xet7 !
 2020-03-31 23:17:58 +03:00
Lauri Ojansivu
3546d7aa02 Fix Browser always reload the whole page when I change one of the card color. 
Fixed by making label colors and text again editable.
Regression from [Wekan v3.86 2)](b9099a8b7e).

Thanks to javen9881 and xet7 !

Closes #2971
 2020-03-31 16:56:32 +03:00
Lauri Ojansivu
b9099a8b7e 1) Fix Pasting text into a card is adding a line before and after 
(and multiplies by pasting more) by changing paste "p" to "br".
2) Fixes to summernote and markdown comment editors, related
   to keeping them open when adding comments, having
   @member mention not close card, and disabling clicking of
   @member mention.

Thanks to xet7 !

Closes #2890
 2020-03-24 20:39:49 +02:00
Lauri Ojansivu
12ab8fac5d Fix Rich editor can not be disabled, regression from changes yesterday at Wekan v3.85. 
Thanks to uusijani, vjrj and xet7 !

Closes #2967,
closes #104
 2020-03-24 11:04:04 +02:00
Lauri Ojansivu
482682e500 SECURITY VULNERABILITY FIX: Fix XSS bug reported today 4 hours ago by Cyb3rjunky. 
Logged in users could run javascript in input fields.
This affects Wekan versions v3.12-v3.84.
In [Wekan v3.12](https://github.com/wekan/wekan/blob/master/CHANGELOG.md#v312-2019-08-09-wekan-release)
there was [changes for XSS filter to allow inserting images, videos etc
on comment WYSIWYG editor](https://github.com/wekan/wekan/pull/2593)
so features related to that are now removed.
After this fix, Javascript in input fields is not executed.

Thanks to Cyb3rjunky and xet7 !
 2020-03-23 22:29:20 +02:00
Lauri Ojansivu
2b26bbe78a Fix: img tag did not allow width and height. 
Removed swipebox from markdown editor img tag and
updated marked markdown to newest version.

Thanks to hradec and xet7 !

Closes #2956
 2020-03-06 03:52:12 +02:00
Romulus Urakagi Tsai
d26bf04bfa Change to relative path and /var/attachments to store 2020-01-14 06:29:34 +00:00
Romulus Urakagi Tsai
93337c20f8 Change upload routine, add upload popup 2019-12-24 08:57:34 +00:00
Romulus Urakagi Tsai
4dcdec0084 Attachment upload from card done, need to fix download link 2019-11-20 10:40:09 +00:00
Sam X. Chen
4ee88e026e Buxfixed: if username contains space, it will cause @ commment failed to send out email and other 2019-09-19 15:16:48 -04:00
Sam X. Chen
f29d7daa1d BugFix: in richer editor @ autocomplete doesn't really insert the user name into comment properly 2019-09-17 09:30:26 -04:00
Sam X. Chen
194b6ad46e BugFix: in richer editor @ autocomplete doesn't really insert the user name into comment properly 2019-09-17 09:27:23 -04:00