diff options
Diffstat (limited to 'api')
-rw-r--r-- | api/channel.go | 5 | ||||
-rw-r--r-- | api/context.go | 6 | ||||
-rw-r--r-- | api/file.go | 6 | ||||
-rw-r--r-- | api/templates/email_change_body.html | 4 | ||||
-rw-r--r-- | api/templates/find_teams_body.html | 4 | ||||
-rw-r--r-- | api/templates/invite_body.html | 4 | ||||
-rw-r--r-- | api/templates/password_change_body.html | 4 | ||||
-rw-r--r-- | api/templates/post_body.html | 4 | ||||
-rw-r--r-- | api/templates/reset_body.html | 4 | ||||
-rw-r--r-- | api/templates/signup_team_body.html | 4 | ||||
-rw-r--r-- | api/templates/verify_body.html | 4 | ||||
-rw-r--r-- | api/templates/welcome_body.html | 4 |
12 files changed, 32 insertions, 21 deletions
diff --git a/api/channel.go b/api/channel.go index 4d8dbad09..123fd8a35 100644 --- a/api/channel.go +++ b/api/channel.go @@ -710,6 +710,11 @@ func removeChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { return } + message := model.NewMessage(c.Session.TeamId, "", userId, model.ACTION_USER_REMOVED) + message.Add("channel_id",id) + message.Add("remover", c.Session.UserId) + PublishAndForget(message) + c.LogAudit("name=" + channel.Name + " user_id=" + userId) result := make(map[string]string) diff --git a/api/context.go b/api/context.go index ac9dffcbc..16da0a6eb 100644 --- a/api/context.go +++ b/api/context.go @@ -101,6 +101,12 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { w.Header().Set(model.HEADER_REQUEST_ID, c.RequestId) w.Header().Set(model.HEADER_VERSION_ID, utils.Cfg.ServiceSettings.Version) + // Instruct the browser not to display us in an iframe for anti-clickjacking + if !h.isApi { + w.Header().Set("X-Frame-Options", "DENY") + w.Header().Set("Content-Security-Policy", "frame-ancestors none") + } + sessionId := "" // attempt to parse the session token from the header diff --git a/api/file.go b/api/file.go index 82cee9d1e..3ef50fbbd 100644 --- a/api/file.go +++ b/api/file.go @@ -33,7 +33,7 @@ func InitFile(r *mux.Router) { sr := r.PathPrefix("/files").Subrouter() sr.Handle("/upload", ApiUserRequired(uploadFile)).Methods("POST") - sr.Handle("/get/{channel_id:[A-Za-z0-9]+}/{user_id:[A-Za-z0-9]+}/{filename:([A-Za-z0-9]+/)?.+\\.[A-Za-z0-9]{3,}}", ApiAppHandler(getFile)).Methods("GET") + sr.Handle("/get/{channel_id:[A-Za-z0-9]+}/{user_id:[A-Za-z0-9]+}/{filename:([A-Za-z0-9]+/)?.+(\\.[A-Za-z0-9]{3,})?}", ApiAppHandler(getFile)).Methods("GET") sr.Handle("/get_public_link", ApiUserRequired(getPublicLink)).Methods("POST") } @@ -142,7 +142,7 @@ func fireAndForgetHandleImages(filenames []string, fileData [][]byte, teamId, ch go func() { var thumbnail image.Image if imgConfig.Width > int(utils.Cfg.ImageSettings.ThumbnailWidth) { - thumbnail = resize.Resize(utils.Cfg.ImageSettings.ThumbnailWidth, utils.Cfg.ImageSettings.ThumbnailHeight, img, resize.NearestNeighbor) + thumbnail = resize.Resize(utils.Cfg.ImageSettings.ThumbnailWidth, utils.Cfg.ImageSettings.ThumbnailHeight, img, resize.Lanczos3) } else { thumbnail = img } @@ -164,7 +164,7 @@ func fireAndForgetHandleImages(filenames []string, fileData [][]byte, teamId, ch go func() { var preview image.Image if imgConfig.Width > int(utils.Cfg.ImageSettings.PreviewWidth) { - preview = resize.Resize(utils.Cfg.ImageSettings.PreviewWidth, utils.Cfg.ImageSettings.PreviewHeight, img, resize.NearestNeighbor) + preview = resize.Resize(utils.Cfg.ImageSettings.PreviewWidth, utils.Cfg.ImageSettings.PreviewHeight, img, resize.Lanczos3) } else { preview = img } diff --git a/api/templates/email_change_body.html b/api/templates/email_change_body.html index f8f3845e7..439fffd5b 100644 --- a/api/templates/email_change_body.html +++ b/api/templates/email_change_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -32,7 +32,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> diff --git a/api/templates/find_teams_body.html b/api/templates/find_teams_body.html index 6eaaf56e0..a73ed0ad4 100644 --- a/api/templates/find_teams_body.html +++ b/api/templates/find_teams_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -40,7 +40,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> diff --git a/api/templates/invite_body.html b/api/templates/invite_body.html index 46189fae5..ad0658e3d 100644 --- a/api/templates/invite_body.html +++ b/api/templates/invite_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -35,7 +35,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> diff --git a/api/templates/password_change_body.html b/api/templates/password_change_body.html index 515c0a7d9..1d4a6e1c8 100644 --- a/api/templates/password_change_body.html +++ b/api/templates/password_change_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -32,7 +32,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> diff --git a/api/templates/post_body.html b/api/templates/post_body.html index c0f4375d8..0aa913db5 100644 --- a/api/templates/post_body.html +++ b/api/templates/post_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -35,7 +35,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> diff --git a/api/templates/reset_body.html b/api/templates/reset_body.html index af9f6b4e8..4c2fec1e7 100644 --- a/api/templates/reset_body.html +++ b/api/templates/reset_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -35,7 +35,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> diff --git a/api/templates/signup_team_body.html b/api/templates/signup_team_body.html index 5a5ae4d47..5e60a042b 100644 --- a/api/templates/signup_team_body.html +++ b/api/templates/signup_team_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -38,7 +38,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> diff --git a/api/templates/verify_body.html b/api/templates/verify_body.html index 67ded9c20..1a68c16f5 100644 --- a/api/templates/verify_body.html +++ b/api/templates/verify_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -35,7 +35,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> diff --git a/api/templates/welcome_body.html b/api/templates/welcome_body.html index 7107bc2e0..cc4d95fb1 100644 --- a/api/templates/welcome_body.html +++ b/api/templates/welcome_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -32,7 +32,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> |