common/Png.hpp | 6 +++++ configure.ac | 2 - loleaflet/js/toolbar.js | 12 ++++++++--- loleaflet/src/map/handler/Map.Keyboard.js | 23 ++++++++++++++------- net/Socket.hpp | 6 ++++- wsd/DocumentBroker.cpp | 23 +++++++++++++++------ wsd/DocumentBroker.hpp | 21 +++++++++++++++---- wsd/LOOLWSD.cpp | 32 ++++++++++++++++++------------ 8 files changed, 90 insertions(+), 35 deletions(-)
New commits: commit e340f89a8b80fdfe592beb2d066d7e187ba98bf5 Author: Andras Timar <andras.ti...@collabora.com> AuthorDate: Sun May 5 19:36:37 2019 +0200 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sun May 5 19:36:37 2019 +0200 Bump version to 6.1.6.2 Change-Id: I353dd5f90a63d3ce43f0fc9ed558d83414d586a2 diff --git a/configure.ac b/configure.ac index d18186a24..f1f592e9c 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) -AC_INIT([libreoffice-online], [6.1.3.2], [libreoffice@lists.freedesktop.org]) +AC_INIT([libreoffice-online], [6.1.6.2], [libreoffice@lists.freedesktop.org]) LT_INIT([shared, disable-static, dlopen]) AM_INIT_AUTOMAKE([1.10 subdir-objects tar-pax -Wno-portability]) commit a71683d5b3ac978b22cf4c331ae1e8a15486ccdd Author: Iván Sánchez Ortega <ivan.sanc...@collabora.com> AuthorDate: Thu May 2 09:28:55 2019 +0200 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sun May 5 19:34:02 2019 +0200 tdf#124749:loleaflet: use "KeyboardEvent.key" to detect ignored key events Replace KeyboardEvent.keyCode with KeyboardEvent.key for detection of "Delete" and "Insert" keys. keyCode misbehaves when using an AZERTY/DVORAK keyboard layout, e.g. the keyCode for "Delete" in QWERTY is the same as "." in AZERTY. This works on all major browsers, the only outlier being MSIE8: https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/key#Browser_compatibility Change-Id: I5cbfa18ef59ab4989a866fdf4b5708610beccaad Reviewed-on: https://gerrit.libreoffice.org/71735 Reviewed-by: Andras Timar <andras.ti...@collabora.com> Tested-by: Andras Timar <andras.ti...@collabora.com> diff --git a/loleaflet/src/map/handler/Map.Keyboard.js b/loleaflet/src/map/handler/Map.Keyboard.js index b0d309527..385007920 100644 --- a/loleaflet/src/map/handler/Map.Keyboard.js +++ b/loleaflet/src/map/handler/Map.Keyboard.js @@ -181,16 +181,23 @@ L.Map.Keyboard = L.Handler.extend({ this._map.off('compositionstart compositionupdate compositionend textInput', this._onKeyDown, this); }, + /* + * Returns true whenever the key event shall be ignored. + * This means shift+insert and shift+delete (or "insert or delete when holding + * shift down"). Those events are handled elsewhere to trigger "cut" and + * "paste" events, and need to be ignored in order to avoid double-handling them. + */ _ignoreKeyEvent: function(e) { - var shift = e.originalEvent.shiftKey ? this.keyModifier.shift : 0; - if (shift && (e.originalEvent.keyCode === 45 || e.originalEvent.keyCode === 46)) { - // don't handle shift+insert, shift+delete - // These are converted to 'cut', 'paste' events which are - // automatically handled by us, so avoid double-handling - return true; + var shift = e.originalEvent.shiftKey; + if ('key' in e.originalEvent) { + var key = e.originalEvent.key; + return (shift && (key === 'Delete' || key === 'Insert')); + } else { + // keyCode is not reliable in AZERTY/DVORAK keyboard layouts, is used + // only as a fallback for MSIE8. + var keyCode = e.originalEvent.keyCode; + return (shift && (keyCode === 45 || keyCode === 46)); } - - return false; }, _setPanOffset: function (pan) { commit 9498edfea92f255699475adc6173390ad027caef Author: Ashod Nakashian <ashod.nakash...@collabora.co.uk> AuthorDate: Fri Apr 19 20:09:22 2019 -0400 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sun May 5 19:31:39 2019 +0200 wsd: use fast deflate level for png The default deflate level of 6 is quite slow and the benefits are hardly worth the high latency that users experience. Tested on a writer document with some small images and a few pages of text: Level 4 gives virtually identical compression ratio to level 6, but is between 5-10% faster. Level 3 runs almost twice as fast as level 6, but the output is typically 2-3x larger. Perhaps this should be exposed via config so it would be possible to reduce latency due to compression when CPU is scarce but network bandwidth ample, and vice versa. Change-Id: Iba88eea8f180d11458b33c68389e797234df1a60 Reviewed-on: https://gerrit.libreoffice.org/71038 Reviewed-by: Michael Meeks <michael.me...@collabora.com> Tested-by: Michael Meeks <michael.me...@collabora.com> diff --git a/common/Png.hpp b/common/Png.hpp index 921792acf..e1fcb33b2 100644 --- a/common/Png.hpp +++ b/common/Png.hpp @@ -127,6 +127,12 @@ bool encodeSubBufferToPNG(unsigned char* pixmap, size_t startX, size_t startY, return false; } + // Level 4 gives virtually identical compression + // ratio to level 6, but is between 5-10% faster. + // Level 3 runs almost twice as fast, but the + // output is typically 2-3x larger. + png_set_compression_level(png_ptr, 4); + png_set_IHDR(png_ptr, info_ptr, width, height, 8, PNG_COLOR_TYPE_RGB_ALPHA, PNG_INTERLACE_NONE, PNG_COMPRESSION_TYPE_DEFAULT, PNG_FILTER_TYPE_DEFAULT); png_set_write_fn(png_ptr, &output, user_write_fn, user_flush_fn); commit 3f419b3284d01e65a3160ab2c1223ed010d0687f Author: Szymon Kłos <szymon.k...@collabora.com> AuthorDate: Thu Mar 28 12:29:09 2019 +0100 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sun May 5 19:28:21 2019 +0200 Block executing JS code from links Example: hyperlink with target "javascript:alert(document.domain)" After user clicked the link alert was shown. Change-Id: Id9fe06015b45f37ae415f8e3607434d984a6074f diff --git a/loleaflet/js/toolbar.js b/loleaflet/js/toolbar.js index 56e5cc52a..7762f760b 100644 --- a/loleaflet/js/toolbar.js +++ b/loleaflet/js/toolbar.js @@ -1617,7 +1617,9 @@ function setupToolbar(e) { }); map.on('hyperlinkclicked', function (e) { - window.open(e.url, '_blank'); + if (!e.url.startsWith('javascript:')) { + window.open(e.url, '_blank'); + } }); map.on('cellformula', function (e) { commit a788dd238a27b36ca6f3cf98a20c52c56654b3f4 Author: Michael Meeks <michael.me...@collabora.com> AuthorDate: Sat Mar 2 16:41:47 2019 +0100 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sun May 5 19:24:57 2019 +0200 tdf#123482 - cleanup convert-to folder more reliably. Change-Id: I029bb4136984e05485e462c92da80b92b00fdebc also squashes: Simpify DocumentBroker constructor. Change-Id: I0bf29df9316b129d34862c7464bb6636d42a850d Avoid using un-necessary reference. Change-Id: Id5a9fed8fb790f2af8facac119e9e0da476b1e47 Change-Id: I40eb5ae5b4721ffd709db6ecc7754dff8106475d Reviewed-on: https://gerrit.libreoffice.org/68623 Reviewed-by: Andras Timar <andras.ti...@collabora.com> Tested-by: Andras Timar <andras.ti...@collabora.com> diff --git a/wsd/DocumentBroker.cpp b/wsd/DocumentBroker.cpp index 1006dc2dc..c0aa1b995 100644 --- a/wsd/DocumentBroker.cpp +++ b/wsd/DocumentBroker.cpp @@ -37,6 +37,7 @@ #include <common/Message.hpp> #include <common/Protocol.hpp> #include <common/Unit.hpp> +#include <common/FileUtil.hpp> #include <sys/types.h> #include <sys/wait.h> @@ -143,13 +144,11 @@ std::atomic<unsigned> DocumentBroker::DocBrokerId(1); DocumentBroker::DocumentBroker(const std::string& uri, const Poco::URI& uriPublic, - const std::string& docKey, - const std::string& childRoot) : + const std::string& docKey) : _uriOrig(uri), _uriPublic(uriPublic), _docKey(docKey), _docId(Util::encodeId(DocBrokerId++, 3)), - _childRoot(childRoot), _cacheRoot(getCachePath(uriPublic.toString())), _documentChangedInStorage(false), _lastSaveTime(std::chrono::steady_clock::now()), @@ -169,10 +168,10 @@ DocumentBroker::DocumentBroker(const std::string& uri, _debugRenderedTileCount(0) { assert(!_docKey.empty()); - assert(!_childRoot.empty()); + assert(!LOOLWSD::ChildRoot.empty()); LOG_INF("DocumentBroker [" << _uriPublic.toString() << - "] created with docKey [" << _docKey << "] and root [" << _childRoot << "]"); + "] created with docKey [" << _docKey << "]"); } void DocumentBroker::startThread() @@ -987,7 +986,7 @@ bool DocumentBroker::sendUnoSave(const std::string& sessionId, bool dontTerminat std::string DocumentBroker::getJailRoot() const { assert(!_jailId.empty()); - return Poco::Path(_childRoot, _jailId).toString(); + return Poco::Path(LOOLWSD::ChildRoot, _jailId).toString(); } size_t DocumentBroker::addSession(const std::shared_ptr<ClientSession>& session) @@ -1634,6 +1633,18 @@ void DocumentBroker::getIOStats(uint64_t &sent, uint64_t &recv) } } +ConvertToBroker::~ConvertToBroker() +{ + if (!_uriOrig.empty()) + { + // Remove source file and directory + Poco::Path path = _uriOrig; + Poco::File(path).remove(); + Poco::File(path.makeParent()).remove(); + FileUtil::removeFile(_uriOrig); + } +} + void DocumentBroker::dumpState(std::ostream& os) { std::unique_lock<std::mutex> lock(_mutex); diff --git a/wsd/DocumentBroker.hpp b/wsd/DocumentBroker.hpp index fc3cb095d..f4023edf6 100644 --- a/wsd/DocumentBroker.hpp +++ b/wsd/DocumentBroker.hpp @@ -212,10 +212,9 @@ public: /// Construct DocumentBroker with URI, docKey, and root path. DocumentBroker(const std::string& uri, const Poco::URI& uriPublic, - const std::string& docKey, - const std::string& childRoot); + const std::string& docKey); - ~DocumentBroker(); + virtual ~DocumentBroker(); /// Start processing events void startThread(); @@ -386,8 +385,9 @@ private: /// Sum the I/O stats from all connected sessions void getIOStats(uint64_t &sent, uint64_t &recv); -private: +protected: const std::string _uriOrig; +private: const Poco::URI _uriPublic; /// URL-based key. May be repeated during the lifetime of WSD. const std::string _docKey; @@ -452,6 +452,19 @@ private: static std::atomic<unsigned> DocBrokerId; }; +class ConvertToBroker : public DocumentBroker +{ +public: + /// Construct DocumentBroker with URI and docKey + ConvertToBroker(const std::string& uri, + const Poco::URI& uriPublic, + const std::string& docKey) + : DocumentBroker(uri, uriPublic, docKey) + { + } + virtual ~ConvertToBroker(); +}; + #endif /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp index f2d4b60f6..44439568d 100644 --- a/wsd/LOOLWSD.cpp +++ b/wsd/LOOLWSD.cpp @@ -471,18 +471,24 @@ std::shared_ptr<ChildProcess> getNewChild_Blocks() return nullptr; } -/// Handles the filename part of the convert-to POST request payload. +/// Handles the filename part of the convert-to POST request payload, +/// Also owns the file - cleaning it up when destroyed. class ConvertToPartHandler : public PartHandler { - std::string& _filename; + std::string _filename; /// Is it really a convert-to, ie. use an especially formed path? bool _convertTo; public: - ConvertToPartHandler(std::string& filename, bool convertTo = false) - : _filename(filename) - , _convertTo(convertTo) + std::string getFilename() const { return _filename; } + + ConvertToPartHandler(bool convertTo = false) + : _convertTo(convertTo) + { + } + + virtual ~ConvertToPartHandler() { } @@ -500,6 +506,7 @@ public: if (!params.has("filename")) return; + // FIXME: needs wrapping - until then - keep in sync with ~ConvertToBroker Path tempPath = _convertTo? Path::forDirectory(Poco::TemporaryFile::tempName("/tmp/convert-to") + "/") : Path::forDirectory(Poco::TemporaryFile::tempName() + "/"); File(tempPath).createDirectories(); @@ -1505,7 +1512,7 @@ static std::shared_ptr<DocumentBroker> findOrCreateDocBroker(WebSocketHandler& w // Set the one we just created. LOG_DBG("New DocumentBroker for docKey [" << docKey << "]."); - docBroker = std::make_shared<DocumentBroker>(uri, uriPublic, docKey, LOOLWSD::ChildRoot); + docBroker = std::make_shared<DocumentBroker>(uri, uriPublic, docKey); DocBrokers.emplace(docKey, docBroker); LOG_TRC("Have " << DocBrokers.size() << " DocBrokers after inserting [" << docKey << "]."); } @@ -2040,8 +2047,7 @@ private: StringTokenizer tokens(request.getURI(), "/?"); if (tokens.count() > 2 && tokens[2] == "convert-to") { - std::string fromPath; - ConvertToPartHandler handler(fromPath, /*convertTo =*/ true); + ConvertToPartHandler handler(/*convertTo =*/ true); HTMLForm form(request, message, handler); std::string format = (form.has("format") ? form.get("format") : ""); @@ -2066,6 +2072,7 @@ private: format = tokens[3]; bool sent = false; + std::string fromPath = handler.getFilename(); if (!fromPath.empty()) { if (!format.empty()) @@ -2080,7 +2087,7 @@ private: std::unique_lock<std::mutex> docBrokersLock(DocBrokersMutex); LOG_DBG("New DocumentBroker for docKey [" << docKey << "]."); - auto docBroker = std::make_shared<DocumentBroker>(fromPath, uriPublic, docKey, LOOLWSD::ChildRoot); + auto docBroker = std::make_shared<ConvertToBroker>(fromPath, uriPublic, docKey); cleanupDocBrokers(); @@ -2154,8 +2161,7 @@ private: { LOG_INF("Insert file request."); - std::string tmpPath; - ConvertToPartHandler handler(tmpPath); + ConvertToPartHandler handler; HTMLForm form(request, message, handler); if (form.has("childid") && form.has("name")) @@ -2185,7 +2191,7 @@ private: + JAILED_DOCUMENT_ROOT + "insertfile"; File(dirPath).createDirectories(); std::string fileName = dirPath + "/" + form.get("name"); - File(tmpPath).moveTo(fileName); + File(handler.getFilename()).moveTo(fileName); response.setContentLength(0); socket->send(response); return; commit 6a29d125cceaff4415313127e500b4b786bf74da Author: Michael Meeks <michael.me...@collabora.com> AuthorDate: Sat Mar 30 11:38:17 2019 +0000 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sun May 5 19:19:41 2019 +0200 Only erase buffer if socket is not shutting down. Change-Id: I23886db8d2fdb6297862947e031e14d7a485ecd7 Reviewed-on: https://gerrit.libreoffice.org/69954 Reviewed-by: Andras Timar <andras.ti...@collabora.com> Tested-by: Andras Timar <andras.ti...@collabora.com> diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp index d93fe94f2..f2d4b60f6 100644 --- a/wsd/LOOLWSD.cpp +++ b/wsd/LOOLWSD.cpp @@ -1868,6 +1868,7 @@ private: << "\r\n"; socket->send(oss.str()); socket->shutdown(); + return; } } } @@ -1886,6 +1887,7 @@ private: // NOTE: Check _wsState to choose between HTTP response or WebSocket (app-level) error. LOG_INF("#" << socket->getFD() << " Exception while processing incoming request: [" << LOOLProtocol::getAbbreviatedMessage(socket->_inBuffer) << "]: " << exc.what()); + return; } // if we succeeded - remove the request from our input buffer commit 8ef6e6507cb60bda1c65957319730ec0516d9ca3 Author: Michael Meeks <michael.me...@collabora.com> AuthorDate: Sat Mar 30 11:30:39 2019 +0000 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sun May 5 19:18:29 2019 +0200 Crop socket buffer removal to socket buffer size & warn. Change-Id: I734b4682941d71eee02a25aab61c8e4353a11718 Reviewed-on: https://gerrit.libreoffice.org/69950 Reviewed-by: Andras Timar <andras.ti...@collabora.com> Tested-by: Andras Timar <andras.ti...@collabora.com> diff --git a/net/Socket.hpp b/net/Socket.hpp index 965f08247..d1b2070d8 100644 --- a/net/Socket.hpp +++ b/net/Socket.hpp @@ -844,7 +844,11 @@ public: /// Remove the first @count bytes from input buffer void eraseFirstInputBytes(size_t count) { - _inBuffer.erase(_inBuffer.begin(), _inBuffer.begin() + count); + size_t toErase = std::min(count, _inBuffer.size()); + if (toErase < count) + LOG_ERR("#" << getFD() << ": attempted to remove: " << count << " which is > size: " << _inBuffer.size() << " clamped to " << toErase); + if (toErase > 0) + _inBuffer.erase(_inBuffer.begin(), _inBuffer.begin() + count); } /// Detects if we have an HTTP header in the provided message and commit 41e0166da5238e3db8628ce8bd4658669e040f6f Author: Szymon Kłos <szymon.k...@collabora.com> AuthorDate: Tue Mar 19 10:07:50 2019 +0100 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sun May 5 19:18:00 2019 +0200 Escape username In case of guest users it was possible to inject html. Change-Id: I642de3efa0fa03cd2a8d63834605f46eacd0f464 Reviewed-on: https://gerrit.libreoffice.org/69410 Reviewed-by: Szymon Kłos <szymon.k...@collabora.com> Tested-by: Szymon Kłos <szymon.k...@collabora.com> (cherry picked from commit 3084565981d85d5734436c3411266c529ad5d879) (cherry picked from commit 7176214de3177ad3ecc2f79871cca686e2683ea3) Reviewed-on: https://gerrit.libreoffice.org/69422 Reviewed-by: Samuel Mehrbrodt <samuel.mehrbr...@cib.de> Tested-by: Samuel Mehrbrodt <samuel.mehrbr...@cib.de> diff --git a/loleaflet/js/toolbar.js b/loleaflet/js/toolbar.js index f179bff59..56e5cc52a 100644 --- a/loleaflet/js/toolbar.js +++ b/loleaflet/js/toolbar.js @@ -1530,11 +1530,16 @@ function updateUserListCount() { $('#zoomlevel').html(zoomlevel); } +function escapeHtml(input) { + return $('<div>').text(input).html(); +} + function onAddView(e) { + var username = escapeHtml(e.username); $('#tb_toolbar-down_item_userlist') .w2overlay({ class: 'loleaflet-font', - html: userJoinedPopupMessage.replace('%user', e.username), + html: userJoinedPopupMessage.replace('%user', username), style: 'padding: 5px' }); clearTimeout(userPopupTimeout); @@ -1544,7 +1549,6 @@ function onAddView(e) { userPopupTimeout = null; }, 3000); - var username = e.username; var color = L.LOUtil.rgbToHex(map.getViewColor(e.viewId)); if (e.viewId === map._docLayer._viewId) { username = _('You'); _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits