As it turns out, if the serverURL can't be generated correctly, HackMD
will use relative paths in image upload. This causes broken links in
PDF.
With this commit we force absolute links during PDF creation which
hopefully fixes the problem.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
By uploading a malicous note currently it is possible to prevent this
note from being edited. This happens when using Windows line endings.
With this commit we remove all `\r` characters from the notes and this
way prevent this problem.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Since static path is providing with a high expiration data, we provide
configs via API. This shouldn't add any noticeable load while making it
uncached and this way working again.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Since Gravatar is an external image source and not perfect from a
privacy perspective, forbidding it allows to improve privacy.
This commit also simplifies and optimizes the avatar code.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Since the original idea of using a symlink didn't work anyway, we should
remove the zh.json symlink from the repo. It doesn't provide any
benefit but alters the repo on start of HackMD.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
First fixed some linting issues. Also optimized some functions to be
undoable with one ctrl+z.
This should also speedup some operations
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
We don't support it on CDN false instances, but it doesn't hurt to keep
it in for CDN-enabled instances
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
We wrongly state that the default image upload location is imgur. This
is no longer true, but got lost when updating docs. This commit should
fix it.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
We have an official K8s chart for helm out there but probably no one
knows about it. Let's advertise it a bit!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This translation was contributed via POEditor by the user Basix.
Thanks a lot for your work!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit should prevent the i18n module from adding missing
translations to the local files in setups that are not for development.
This way we keep the directory clean and idempotent.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Splitting the documentation should provide an easier access to the
documentation people searching for and result in less merge conflicts
when adding new documentation here.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
As we use various services and integration we should provide an example
privacy policy.
It has to be adjust when using it to match your setup.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
To export the notes we need the archiver package that takes care of
creating the zip files.
Looks like I forgot this one in the initial commit.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This adds the UI for the export feature introduced in
bcbb8c67c9
It allows to download all notes from the main page in the default user
submenu.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
In the current setup users could be tricked into deleting their data by
providing a malicious link like `[click me](/me/delete)`. This commit
prevents such an easy attack and need the user's deleteToken to get his
data deleted. In case someone requests his deletion by email you can
also ask him for this token.
We can add a GUI that shows it later on.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
