Merge pull request #596 from hedgedoc/remove-pdf-export-code

Remove pdf export code
2025-05-30 06:45:47 -04:00 · 2020-11-27 18:31:19 +01:00 · 2020-11-27 18:31:19 +01:00 · 61f54db63e
commit 61f54db63e
parent 07f72adc54 97312b5ed3
16 changed files with 4 additions and 96 deletions
--- a/lib/config/default.js
+++ b/lib/config/default.js
@ -160,7 +160,6 @@ module.exports = {
  email: true,
  allowEmailRegister: true,
  allowGravatar: true,
-  allowPDFExport: true,
  openID: false,
  // linkifyHeaderStyle - How is a header text converted into a link id.
  // Header Example: "3.1. Good Morning my Friend! - Do you have 5$?"
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@ -140,7 +140,6 @@ module.exports = {
  email: toBooleanConfig(process.env.CMD_EMAIL),
  allowEmailRegister: toBooleanConfig(process.env.CMD_ALLOW_EMAIL_REGISTER),
  allowGravatar: toBooleanConfig(process.env.CMD_ALLOW_GRAVATAR),
-  allowPDFExport: toBooleanConfig(process.env.CMD_ALLOW_PDF_EXPORT),
  openID: toBooleanConfig(process.env.CMD_OPENID),
  linkifyHeaderStyle: process.env.CMD_LINKIFY_HEADER_STYLE
 }
--- a/lib/config/hackmdEnvironment.js
+++ b/lib/config/hackmdEnvironment.js
@ -121,6 +121,5 @@ module.exports = {
    }
  },
  email: toBooleanConfig(process.env.HMD_EMAIL),
-  allowEmailRegister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER),
-  allowPDFExport: toBooleanConfig(process.env.HMD_ALLOW_PDF_EXPORT)
+  allowEmailRegister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER)
 }
--- a/lib/config/index.js
+++ b/lib/config/index.js
@ -125,7 +125,6 @@ config.isMattermostEnable = config.mattermost.clientID && config.mattermost.clie
 config.isLDAPEnable = config.ldap.url
 config.isSAMLEnable = config.saml.idpSsoUrl
 config.isOAuth2Enable = config.oauth2.clientID && config.oauth2.clientSecret
-config.isPDFExportEnable = config.allowPDFExport

 // Check gitlab api version
 if (config.gitlab && config.gitlab.version !== 'v4' && config.gitlab.version !== 'v3') {
@ -194,12 +193,6 @@ switch (config.imageUploadType) {
    ]
 }

-// Disable PDF export due to security issue
-if (config.allowPDFExport) {
-  config.allowPDFExport = false
-  logger.warn('PDF export was disabled for this release to mitigate a critical security issue. This feature will hopefully become available again in future releases.')
-}
-
 // generate correct path
 config.sslCAPath.forEach(function (capath, i, array) {
  array[i] = path.resolve(appRootPath, capath)
--- a/lib/config/oldDefault.js
+++ b/lib/config/oldDefault.js
@ -37,6 +37,5 @@ module.exports = {
  // document
  documentmaxlength: undefined,
  imageuploadtype: undefined,
-  allowemailregister: undefined,
-  allowpdfexport: undefined
+  allowemailregister: undefined
 }
--- a/lib/web/note/actions.js
+++ b/lib/web/note/actions.js
@ -2,9 +2,7 @@ const models = require('../../models')
 const logger = require('../../logger')
 const config = require('../../config')
 const errors = require('../../errors')
-const fs = require('fs')
 const shortId = require('shortid')
-const markdownpdf = require('markdown-pdf')
 const moment = require('moment')
 const querystring = require('querystring')

@ -33,37 +31,6 @@ exports.getInfo = function getInfo (req, res, note) {
  res.send(data)
 }

-exports.createPDF = function createPDF (req, res, note) {
-  const url = config.serverURL || 'http://' + req.get('host')
-  const body = note.content
-  const extracted = models.Note.extractMeta(body)
-  let content = extracted.markdown
-  const title = models.Note.decodeTitle(note.title)
-
-  if (!fs.existsSync(config.tmpPath)) {
-    fs.mkdirSync(config.tmpPath)
-  }
-  const path = config.tmpPath + '/' + Date.now() + '.pdf'
-  content = content.replace(/\]\(\//g, '](' + url + '/')
-  markdownpdf().from.string(content).to(path, function () {
-    if (!fs.existsSync(path)) {
-      logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path)
-      return errors.errorInternalError(res)
-    }
-    const stream = fs.createReadStream(path)
-    let filename = title
-    // Be careful of special characters
-    filename = encodeURIComponent(filename)
-    // Ideally this should strip them
-    res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"')
-    res.setHeader('Cache-Control', 'private')
-    res.setHeader('Content-Type', 'application/pdf; charset=UTF-8')
-    res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling
-    stream.pipe(res)
-    fs.unlinkSync(path)
-  })
-}
-
 exports.createGist = function createGist (req, res, note) {
  const data = {
    client_id: config.github.clientID,
--- a/lib/web/note/controller.js
+++ b/lib/web/note/controller.js
@ -110,14 +110,6 @@ exports.doAction = function (req, res, next) {
      case 'info':
        noteActions.getInfo(req, res, note)
        break
-      case 'pdf':
-        if (config.allowPDFExport) {
-          noteActions.createPDF(req, res, note)
-        } else {
-          logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details')
-          errors.errorForbidden(res)
-        }
-        break
      case 'gist':
        noteActions.createGist(req, res, note)
        break