From f8e947e2a743151f54c2c3cd1c441bd16ff9e203 Mon Sep 17 00:00:00 2001 From: Misty Release Bot Date: Mon, 28 Nov 2022 01:01:09 +0000 Subject: [PATCH 01/29] chore: incrementing version number - v2.6.1 --- install/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/package.json b/install/package.json index 294b9f1ca9..cb7eb36c43 100644 --- a/install/package.json +++ b/install/package.json @@ -2,7 +2,7 @@ "name": "nodebb", "license": "GPL-3.0", "description": "NodeBB Forum", - "version": "2.6.0", + "version": "2.6.1", "homepage": "http://www.nodebb.org", "repository": { "type": "git", From b5ce7e8ed8e04457b7d27341d9530186bf3a4bd9 Mon Sep 17 00:00:00 2001 From: Misty Release Bot Date: Mon, 28 Nov 2022 01:01:10 +0000 Subject: [PATCH 02/29] chore: update changelog for v2.6.1 --- CHANGELOG.md | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7055ccfb7b..8b43ddb762 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,40 @@ +#### v2.6.1 (2022-11-28) + +##### Chores + +* incrementing version number - v2.6.0 (e7fcf482) +* update changelog for v2.6.0 (eedd84ae) +* incrementing version number - v2.5.8 (dec0e7de) +* incrementing version number - v2.5.7 (5836bf4a) +* incrementing version number - v2.5.6 (c7bd7dbf) +* incrementing version number - v2.5.5 (3509ed94) +* incrementing version number - v2.5.4 (e83260ca) +* incrementing version number - v2.5.3 (7e922936) +* incrementing version number - v2.5.2 (babcd17e) +* incrementing version number - v2.5.1 (ce3aa950) +* incrementing version number - v2.5.0 (01d276cb) +* incrementing version number - v2.4.5 (dd3e1a28) +* incrementing version number - v2.4.4 (d5525c87) +* incrementing version number - v2.4.3 (9c647c6c) +* incrementing version number - v2.4.2 (3aa7b855) +* incrementing version number - v2.4.1 (60cbd148) +* incrementing version number - v2.4.0 (4834cde3) +* incrementing version number - v2.3.1 (d2425942) +* incrementing version number - v2.3.0 (046ea120) + +##### Documentation Changes + +* remote extraneous lines from changelog (8a15e58d) + +##### Bug Fixes + +* prototype vulnerability in socket.io onMessage (48d14392) +* #11066, fix custom privilege/path in routePrefixMap (0e495f9e) + +##### Refactors + +* not deprecated on 2.x (91c2e5ac) + #### v2.6.0 (2022-11-23) ##### Chores From 4efc19d5f1071f0e49d46fa9fddacbbfc60dd3a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Thu, 24 Nov 2022 11:17:06 -0500 Subject: [PATCH 03/29] feat: add ./nodebb install will install the suggested version for current nodebb closes #11060 --- src/cli/index.js | 13 +++++++++---- src/cli/manage.js | 32 +++++++++++++++++++++++++++++++- src/plugins/install.js | 9 +++++++++ 3 files changed, 49 insertions(+), 5 deletions(-) diff --git a/src/cli/index.js b/src/cli/index.js index b1ce151f4c..cad46b4609 100644 --- a/src/cli/index.js +++ b/src/cli/index.js @@ -173,11 +173,16 @@ program }); program - .command('install') - .description('Launch the NodeBB web installer for configuration setup') - .action(() => { - require('./setup').webInstall(); + .command('install [plugin]') + .description('Launch the NodeBB web installer for configuration setup or install a plugin') + .action((plugin) => { + if (plugin) { + require('./manage').install(plugin); + } else { + require('./setup').webInstall(); + } }); + program .command('build [targets...]') .description(`Compile static assets ${chalk.red('(JS, CSS, templates, languages)')}`) diff --git a/src/cli/manage.js b/src/cli/manage.js index 24052e21f6..45480e735f 100644 --- a/src/cli/manage.js +++ b/src/cli/manage.js @@ -12,7 +12,36 @@ const plugins = require('../plugins'); const events = require('../events'); const analytics = require('../analytics'); const reset = require('./reset'); -const { pluginNamePattern, themeNamePattern } = require('../constants'); +const { pluginNamePattern, themeNamePattern, paths } = require('../constants'); + +async function install(plugin) { + try { + await db.init(); + if (!pluginNamePattern.test(plugin)) { + // Allow omission of `nodebb-plugin-` + plugin = `nodebb-plugin-${plugin}`; + } + + plugin = await plugins.autocomplete(plugin); + + const isInstalled = await plugins.isInstalled(plugin); + if (isInstalled) { + throw new Error('plugin already installed'); + } + const nbbVersion = require(paths.currentPackage).version; + const suggested = await plugins.suggest(plugin, nbbVersion); + if (!suggested.version) { + throw new Error(suggested.message); + } + winston.info('Installing Plugin `%s@%s`', plugin, suggested.version); + await plugins.toggleInstall(plugin, suggested.version); + + process.exit(0); + } catch (err) { + winston.error(`An error occurred during plugin installation\n${err.stack}`); + process.exit(1); + } +} async function activate(plugin) { if (themeNamePattern.test(plugin)) { @@ -166,6 +195,7 @@ async function buildWrapper(targets, options) { } exports.build = buildWrapper; +exports.install = install; exports.activate = activate; exports.listPlugins = listPlugins; exports.listEvents = listEvents; diff --git a/src/plugins/install.js b/src/plugins/install.js index 3784df09a0..d358c917a5 100644 --- a/src/plugins/install.js +++ b/src/plugins/install.js @@ -87,6 +87,15 @@ module.exports = function (Plugins) { throw new Error('[[error:plugin-not-whitelisted]]'); }; + Plugins.suggest = async function (pluginId, nbbVersion) { + const body = await request({ + method: 'GET', + url: `https://packages.nodebb.org/api/v1/suggest?package=${encodeURIComponent(pluginId)}&version=${encodeURIComponent(nbbVersion)}`, + json: true, + }); + return body; + }; + Plugins.toggleInstall = async function (id, version) { pubsub.publish('plugins:toggleInstall', { hostname: os.hostname(), id: id, version: version }); return await toggleInstall(id, version); From 07a0212571f764697ad2c4dd4e9b43c347f4f587 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Wed, 7 Dec 2022 09:55:25 -0500 Subject: [PATCH 04/29] fix: #11077, add admin uploads paths to priv mapping closes #11077 --- src/privileges/admin.js | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/privileges/admin.js b/src/privileges/admin.js index 1f7255f52a..5a733d30f4 100644 --- a/src/privileges/admin.js +++ b/src/privileges/admin.js @@ -56,6 +56,14 @@ privsAdmin.routeMap = { 'extend/plugins': 'admin:settings', 'extend/widgets': 'admin:settings', 'extend/rewards': 'admin:settings', + // uploads + 'category/uploadpicture': 'admin:categories', + uploadfavicon: 'admin:settings', + uploadTouchIcon: 'admin:settings', + uploadMaskableIcon: 'admin:settings', + uploadlogo: 'admin:settings', + uploadOgImage: 'admin:settings', + uploadDefaultAvatar: 'admin:settings', }; privsAdmin.routePrefixMap = { 'manage/categories/': 'admin:categories', From c2bb2b30be296d6840c3046fea4ce28a899431dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Wed, 7 Dec 2022 10:08:16 -0500 Subject: [PATCH 05/29] test: dont try to load admin upload routes --- test/controllers-admin.js | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/test/controllers-admin.js b/test/controllers-admin.js index 48137ddd81..c53f3ce3e3 100644 --- a/test/controllers-admin.js +++ b/test/controllers-admin.js @@ -832,7 +832,18 @@ describe('Admin Controllers', () => { }); }); } - for (const route of Object.keys(privileges.admin.routeMap)) { + const uploadRoutes = [ + 'category/uploadpicture', + 'uploadfavicon', + 'uploadTouchIcon', + 'uploadMaskableIcon', + 'uploadlogo', + 'uploadOgImage', + 'uploadDefaultAvatar', + ]; + const adminRoutes = Object.keys(privileges.admin.routeMap) + .filter(route => !uploadRoutes.includes(route)); + for (const route of adminRoutes) { /* eslint-disable no-await-in-loop */ await privileges.admin.rescind([privileges.admin.routeMap[route]], uid); let res = await makeRequest(`${nconf.get('url')}/api/admin/${route}`); @@ -845,7 +856,7 @@ describe('Admin Controllers', () => { await privileges.admin.rescind([privileges.admin.routeMap[route]], uid); } - for (const route of Object.keys(privileges.admin.routeMap)) { + for (const route of adminRoutes) { /* eslint-disable no-await-in-loop */ await privileges.admin.rescind([privileges.admin.routeMap[route]], uid); let res = await makeRequest(`${nconf.get('url')}/api/admin`); From 8c4d6bbebbc0d4eb3e34db11148109214eee3b67 Mon Sep 17 00:00:00 2001 From: Manuel Valle Date: Fri, 9 Dec 2022 09:13:38 -0600 Subject: [PATCH 06/29] Fix: categories.js not showing custom privileges (#10856) No shows correctly custom privileges in the Other section for a category. --- src/privileges/categories.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/privileges/categories.js b/src/privileges/categories.js index 92b0edd849..8abdd0b34f 100644 --- a/src/privileges/categories.js +++ b/src/privileges/categories.js @@ -47,6 +47,7 @@ privsCategories.getPrivilegeList = async () => { }; privsCategories.init = async () => { + privsCategories._coreSize = _privilegeMap.size; await plugins.hooks.fire('static:privileges.categories.init', { privileges: _privilegeMap, }); @@ -72,8 +73,8 @@ privsCategories.list = async function (cid) { }); payload.keys = keys; - payload.columnCountUserOther = payload.labels.users.length - labels.users.length; - payload.columnCountGroupOther = payload.labels.groups.length - labels.groups.length; + payload.columnCountUserOther = payload.labels.users.length - privsCategories._coreSize; + payload.columnCountGroupOther = payload.labels.groups.length - privsCategories._coreSize; return payload; }; From e14d4abc5d5e0252fbb46258baa68aa6ecb00dfe Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 23 Nov 2022 14:26:25 -0500 Subject: [PATCH 07/29] fix(deps): update dependency mongodb to v4.12.1 (#11062) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- install/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/package.json b/install/package.json index cb7eb36c43..a3da9ac8d4 100644 --- a/install/package.json +++ b/install/package.json @@ -83,7 +83,7 @@ "material-design-lite": "1.3.0", "mime": "3.0.0", "mkdirp": "1.0.4", - "mongodb": "4.12.0", + "mongodb": "4.12.1", "morgan": "1.10.0", "mousetrap": "1.6.5", "multiparty": "4.2.3", From e1238a58220c6be77d3ad435522aec0260f24aa0 Mon Sep 17 00:00:00 2001 From: Misty Release Bot Date: Thu, 24 Nov 2022 09:06:27 +0000 Subject: [PATCH 08/29] Latest translations and fallbacks --- public/language/bg/admin/settings/advanced.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/language/bg/admin/settings/advanced.json b/public/language/bg/admin/settings/advanced.json index 32caf79de0..7992505008 100644 --- a/public/language/bg/admin/settings/advanced.json +++ b/public/language/bg/admin/settings/advanced.json @@ -21,7 +21,7 @@ "headers.coop": "Cross-Origin-Opener-Policy", "headers.corp": "Cross-Origin-Resource-Policy", "headers.permissions-policy": "Permissions-Policy", - "headers.permissions-policy-help": "Allows setting permissions policy header, for example \"geolocation=*, camera=()\", see this for more info.", + "headers.permissions-policy-help": "Позволява задаването на стойност в заглавката „permissions-policy“ (политика за разрешенията), като например „geolocation=*, camera=()“. Вижте тук за повече информация.", "hsts": "Стриктна транспортна сигурност", "hsts.enabled": "Включване на HSTS (препоръчително)", "hsts.maxAge": "Максимална възраст на HSTS", From dadbcd731cd1182d6de5b2985b9e4a9908ad3c04 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Wed, 23 Nov 2022 17:23:04 -0500 Subject: [PATCH 09/29] feat: integrating basic client-side form validity checking in settings v1 and v2 --- public/src/admin/settings.js | 7 ++++++- public/src/modules/settings.js | 26 ++++++++++++++++++++++++++ src/views/admin/settings/advanced.tpl | 2 +- 3 files changed, 33 insertions(+), 2 deletions(-) diff --git a/public/src/admin/settings.js b/public/src/admin/settings.js index beecc17649..7af0babd2a 100644 --- a/public/src/admin/settings.js +++ b/public/src/admin/settings.js @@ -1,7 +1,7 @@ 'use strict'; -define('admin/settings', ['uploader', 'mousetrap', 'hooks', 'alerts'], function (uploader, mousetrap, hooks, alerts) { +define('admin/settings', ['uploader', 'mousetrap', 'hooks', 'alerts', 'settings'], function (uploader, mousetrap, hooks, alerts, settings) { const Settings = {}; Settings.populateTOC = function () { @@ -66,6 +66,11 @@ define('admin/settings', ['uploader', 'mousetrap', 'hooks', 'alerts'], function saveBtn.off('click').on('click', function (e) { e.preventDefault(); + const ok = settings.check(document.querySelectorAll('#content [data-field][pattern]')); + if (!ok) { + return; + } + saveFields(fields, function onFieldsSaved(err) { if (err) { return alerts.alert({ diff --git a/public/src/modules/settings.js b/public/src/modules/settings.js index 57dfa2abee..5c78ede9e7 100644 --- a/public/src/modules/settings.js +++ b/public/src/modules/settings.js @@ -517,6 +517,12 @@ define('settings', ['hooks', 'alerts'], function (hooks, alerts) { save: function (hash, formEl, callback) { formEl = $(formEl); + const controls = formEl.get(0).querySelectorAll('input[name][pattern]'); + const ok = Settings.check(controls); + if (!ok) { + return; + } + if (formEl.length) { const values = helper.serializeForm(formEl); @@ -559,6 +565,26 @@ define('settings', ['hooks', 'alerts'], function (hooks, alerts) { }); } }, + check: function (controls) { + const onTrigger = (e) => { + const wrapper = e.target.closest('.form-group'); + if (wrapper) { + wrapper.classList.add('has-error'); + } + + e.target.removeEventListener('invalid', onTrigger); + }; + + return Array.prototype.map.call(controls, (controlEl) => { + const wrapper = controlEl.closest('.form-group'); + if (wrapper) { + wrapper.classList.remove('has-error'); + } + + controlEl.addEventListener('invalid', onTrigger); + return controlEl.reportValidity(); + }).every(Boolean); + }, }; diff --git a/src/views/admin/settings/advanced.tpl b/src/views/admin/settings/advanced.tpl index 1041848878..860e730790 100644 --- a/src/views/admin/settings/advanced.tpl +++ b/src/views/admin/settings/advanced.tpl @@ -121,7 +121,7 @@
-
+