diff options
| -rw-r--r-- | CHANGELOG.md | 22 | ||||
| -rw-r--r-- | api/templates/signup_team_subject.html | 2 | ||||
| -rw-r--r-- | doc/install/Upgrade-Guide.md | 2 | ||||
| -rw-r--r-- | web/react/components/docs.jsx | 41 | ||||
| -rw-r--r-- | web/react/components/login.jsx | 16 | ||||
| -rw-r--r-- | web/react/components/textbox.jsx | 15 | ||||
| -rw-r--r-- | web/react/pages/docs.jsx | 16 | ||||
| -rw-r--r-- | web/react/stores/browser_store.jsx | 2 | ||||
| -rw-r--r-- | web/react/utils/async_client.jsx | 2 | ||||
| -rw-r--r-- | web/sass-files/sass/partials/_post.scss | 31 | ||||
| l--------- | web/static/help/Messaging.md | 1 | ||||
| -rw-r--r-- | web/templates/docs.html | 24 | ||||
| -rw-r--r-- | web/web.go | 11 |
13 files changed, 153 insertions, 32 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 3e423557d..702d96c7e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,14 @@ # Mattermost Changelog -## Release v1.2.0 +## Release v1.2.1 -- **Final release anticipated:** 2015-11-16 +- **Released:** 2015-11-16 + +### Security Notice + +Mattermost v1.2.1 is a bug fix release addressing a security issue in v1.2.0 affecting a newly introduced outgoing webhooks feature. Specifically, in v1.2.0 there was a check missing from outgoing webhooks, so a team member creating outgoing webhooks could in theory find a way to listen to messages in private channels containing popular words like "a", "the", "at", etc. For added security, Mattermost v1.2.1 now installs with incoming and outgoing webhooks disabled by default. + +To limit the impact of this security issue, Mattermost v1.2.0 has been removed from the source repo. It is recommended that anyone who's installed v1.2.0 upgrade to v1.2.1 via [the procedure described in the Mattermost Upgrade Guide](https://github.com/mattermost/platform/blob/master/doc/install/Upgrade-Guide.md). ### Release Highlights @@ -10,7 +16,7 @@ - Mattermost users can now interact with external applications using [outgoing webhooks](https://github.com/mattermost/platform/blob/master/doc/integrations/webhooks/Outgoing-Webhooks.md) - An [application template](https://github.com/mattermost/mattermost-integration-giphy) demonstrating user queries sent to the Giphy search engine via Mattermost webhooks now available -- A community application, [Matterbrige](https://github.com/42wim/matterbridge?files=1), shows how to use webhooks to connect Mattermost with IRC +- A community application, [Matterbridge](https://github.com/42wim/matterbridge?files=1), shows how to use webhooks to connect Mattermost with IRC #### Search Scope Modifiers @@ -79,13 +85,14 @@ System Console - New statistics page - Configurable option to create an account directly from team page -#### Bug Fixes +#### Bug Fixes - Various fixes to theme colors - Fixed issue with the centre channel scroll position jumping when right hand side was opened and closed - Added support for simultaneous login to different teams in different browser tabs - Incoming webhooks no longer disrupted when channel is deleted - You can now paste a Mattermost incoming webhook URL into the same field designed for a Slack URL and integrations will work + ### Compatibility - IE 11 new minimum version for IE, since IE 10 share fell below 5% on desktop @@ -98,7 +105,8 @@ Multiple settings were added to [`config.json`](./config/config.json). These opt - Added: `"RestrictTeamNames": true` to control whether team names can contain reserved words like www, admin, support, test, etc. - Added: `"EnableTeamListing": false` to control whether teams can be listed on the root page of the site - Under `ServiceSettings` in `config.json` - - Added: `EnableOutgoingWebhooks": false` to control whether outgoing webhooks are enabled + - Added: `"EnableOutgoingWebhooks": false` to control whether outgoing webhooks are enabled + - Changed: `"EnableIncomingWebhooks": true` to `"EnableIncomingWebhooks": false` to turn incoming webhooks off by default, to increase security of default install. Documentation updated to enable webhooks before use. #### Database Changes from v1.1 to v1.2 @@ -153,6 +161,10 @@ Many thanks to our external contributors. In no particular order: - [yuvipanda](https://github.com/yuvipanda) - [toyorg](https://github.com/toyorg) +## Release v1.2.0 (Redacted Release) + +- **Final release:** 2015-11-16 (**Note:** This release was removed from public availability and replaced by v1.2.1 owing to a security issue with the new outgoing webhooks feature. See v1.2.1 Release Notes for details). + ## Release v1.1.1 (Bug Fix Release) Released 2015-10-20 diff --git a/api/templates/signup_team_subject.html b/api/templates/signup_team_subject.html index 236b288fa..4fc5b3d72 100644 --- a/api/templates/signup_team_subject.html +++ b/api/templates/signup_team_subject.html @@ -1 +1 @@ -{{define "signup_team_subject"}}Invitation to {{ .ClientCfg.SiteName }}{{end}}
\ No newline at end of file +{{define "signup_team_subject"}}{{ .ClientCfg.SiteName }} Team Setup{{end}}
\ No newline at end of file diff --git a/doc/install/Upgrade-Guide.md b/doc/install/Upgrade-Guide.md index aec9aa8ef..e01bdb9a0 100644 --- a/doc/install/Upgrade-Guide.md +++ b/doc/install/Upgrade-Guide.md @@ -30,7 +30,7 @@ If you're upgrading across multiple major releases, from 1.0.x to 1.2.x for exam 1. Run `sudo start mattermost` 2. Go to the **System Console** to update any settings that have been added or modified based on the **Compatibility** section in the release notes of the version you are installing (Release notes across versions are available from the [CHANGELOG](https://github.com/mattermost/platform/blob/master/CHANGELOG.md)). 1. Opening the System Console and saving a change will upgrade your `config.json` schema to the latest version using default values for new settings added -7. Test the system is working by going to the URL of an existing team +7. Test the system is working by going to the URL of an existing team. You may need to refresh your Mattermost browser page in order to get the latest updates from the upgrade ### Upgrading from Mattermost Beta (Version 0.7) diff --git a/web/react/components/docs.jsx b/web/react/components/docs.jsx new file mode 100644 index 000000000..68baa6dad --- /dev/null +++ b/web/react/components/docs.jsx @@ -0,0 +1,41 @@ +// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +const TextFormatting = require('../utils/text_formatting.jsx'); +const UserStore = require('../stores/user_store.jsx'); + +export default class Docs extends React.Component { + constructor(props) { + super(props); + UserStore.setCurrentUser(global.window.mm_user || {}); + + this.state = {text: ''}; + const errorState = {text: '## 404'}; + + if (props.site) { + $.get('/static/help/' + props.site + '.md').then((response) => { + this.setState({text: response}); + }, () => { + this.setState(errorState); + }); + } else { + this.setState(errorState); + } + } + + render() { + return ( + <div + dangerouslySetInnerHTML={{__html: TextFormatting.formatText(this.state.text)}} + > + </div> + ); + } +} + +Docs.defaultProps = { + site: '' +}; +Docs.propTypes = { + site: React.PropTypes.string +}; diff --git a/web/react/components/login.jsx b/web/react/components/login.jsx index 423ba9067..7f8820d9f 100644 --- a/web/react/components/login.jsx +++ b/web/react/components/login.jsx @@ -201,14 +201,12 @@ export default class Login extends React.Component { if (global.window.mm_config.EnableTeamCreation === 'true') { teamSignUp = ( <div className='margin--extra'> - <span>{'Want to create your own team? '} - <a - href='/' - className='signup-team-login' - > - {'Create one now'} - </a> - </span> + <a + href='/' + className='signup-team-login' + > + {'Create a new team'} + </a> </div> ); } @@ -227,7 +225,7 @@ export default class Login extends React.Component { {emailSignup} {userSignUp} <div className='form-group margin--extra form-group--small'> - <span><a href='/find_team'>{'Find other teams'}</a></span> + <span><a href='/find_team'>{'Find your other teams'}</a></span> </div> {forgotPassword} {teamSignUp} diff --git a/web/react/components/textbox.jsx b/web/react/components/textbox.jsx index e6530b941..1a5269baa 100644 --- a/web/react/components/textbox.jsx +++ b/web/react/components/textbox.jsx @@ -295,6 +295,13 @@ export default class Textbox extends React.Component { this.resize(); } + showHelp(e) { + e.preventDefault(); + e.target.blur(); + + global.window.open('/docs/Messaging'); + } + render() { const previewLinkVisible = this.props.messageText.length > 0; @@ -336,11 +343,17 @@ export default class Textbox extends React.Component { > </div> <a + onClick={this.showHelp} + className='textbox-help-link' + > + {'Help'} + </a> + <a style={{visibility: previewLinkVisible ? 'visible' : 'hidden'}} onClick={this.showPreview} className='textbox-preview-link' > - {this.state.preview ? 'Edit message' : 'Preview'} + {this.state.preview ? 'Edit' : 'Preview'} </a> </div> ); diff --git a/web/react/pages/docs.jsx b/web/react/pages/docs.jsx new file mode 100644 index 000000000..ed2b6d0c9 --- /dev/null +++ b/web/react/pages/docs.jsx @@ -0,0 +1,16 @@ +// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +var Docs = require('../components/docs.jsx'); + +function setupDocumentationPage(props) { + ReactDOM.render( + <Docs + site={props.Site} + />, + document.getElementById('docs') + ); +} + +global.window.mm_user = global.window.mm_user || {}; +global.window.setup_documentation_page = setupDocumentationPage; diff --git a/web/react/stores/browser_store.jsx b/web/react/stores/browser_store.jsx index 8e86ce32f..2e3a26cff 100644 --- a/web/react/stores/browser_store.jsx +++ b/web/react/stores/browser_store.jsx @@ -72,7 +72,7 @@ class BrowserStoreClass { console.log('An error occurred while setting local storage, clearing all props'); //eslint-disable-line no-console localStorage.clear(); sessionStorage.clear(); - window.location.href = window.location.href; + window.location.reload(true); } } diff --git a/web/react/utils/async_client.jsx b/web/react/utils/async_client.jsx index 205c7461c..b39648bf0 100644 --- a/web/react/utils/async_client.jsx +++ b/web/react/utils/async_client.jsx @@ -63,7 +63,7 @@ export function getChannels(force, updateLastViewed, checkVersion) { if (serverVersion !== BrowserStore.getLastServerVersion()) { BrowserStore.setLastServerVersion(serverVersion); - window.location.href = window.location.href; + window.location.reload(true); console.log('Detected version update refreshing the page'); //eslint-disable-line no-console } } diff --git a/web/sass-files/sass/partials/_post.scss b/web/sass-files/sass/partials/_post.scss index 5a7d79afe..fad6f5074 100644 --- a/web/sass-files/sass/partials/_post.scss +++ b/web/sass-files/sass/partials/_post.scss @@ -47,20 +47,25 @@ body.ios { .textarea-wrapper { position:relative; - .textbox-preview-area { - position: absolute; - z-index: 2; - top: 0; - left: 0; - box-shadow: none; - } - .textbox-preview-link { - position: absolute; - z-index: 3; - bottom: -23px; - right: 0; + .textbox-preview-area { + position: absolute; + z-index: 2; + top: 0; + left: 0; + box-shadow: none; + } + .textbox-preview-link, .textbox-help-link { + position: absolute; + z-index: 3; + bottom: -23px; font-size: 13px; - cursor: pointer; + cursor: pointer; + } + .textbox-preview-link { + right: 45px; + } + .textbox-help-link { + right: 0; } min-height:36px; } diff --git a/web/static/help/Messaging.md b/web/static/help/Messaging.md new file mode 120000 index 000000000..f74c0b879 --- /dev/null +++ b/web/static/help/Messaging.md @@ -0,0 +1 @@ +../../../doc/help/Messaging.md
\ No newline at end of file diff --git a/web/templates/docs.html b/web/templates/docs.html new file mode 100644 index 000000000..21659e810 --- /dev/null +++ b/web/templates/docs.html @@ -0,0 +1,24 @@ +{{define "docs"}} +<!DOCTYPE html> +<html> +{{template "head" . }} +<body class="white"> +<div class="container-fluid"> + <div class="inner__wrap"> + <div class="row content"> + <div class="col-sm-12"> + <div id="docs"></div> + </div> + <div class="footer-push"></div> + </div> + <div class="row footer"> + {{template "footer" . }} + </div> + </div> +</div> +<script> + window.setup_documentation_page({{ .Props }}); +</script> +</body> +</html> +{{end}} diff --git a/web/web.go b/web/web.go index 02ceb69ba..477bd8b27 100644 --- a/web/web.go +++ b/web/web.go @@ -80,6 +80,8 @@ func InitWeb() { mainrouter.Handle("/hooks/{id:[A-Za-z0-9]+}", api.ApiAppHandler(incomingWebhook)).Methods("POST") + mainrouter.Handle("/docs/{doc:[A-Za-z0-9]+}", api.AppHandlerIndependent(docs)).Methods("GET") + // ---------------------------------------------------------------------------------------------- // *ANYTHING* team specific should go below this line // ---------------------------------------------------------------------------------------------- @@ -494,6 +496,15 @@ func findTeam(c *api.Context, w http.ResponseWriter, r *http.Request) { page.Render(c, w) } +func docs(c *api.Context, w http.ResponseWriter, r *http.Request) { + params := mux.Vars(r) + doc := params["doc"] + + page := NewHtmlTemplatePage("docs", "Documentation") + page.Props["Site"] = doc + page.Render(c, w) +} + func resetPassword(c *api.Context, w http.ResponseWriter, r *http.Request) { isResetLink := true hash := r.URL.Query().Get("h") |