diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 19b3a7d1..924101cb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -19,7 +19,7 @@ jobs: packages: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set Build Variables run: | @@ -42,20 +42,20 @@ jobs: cat package.json - name: Login to DockerHub - uses: docker/login-action@v2.1.0 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry - uses: docker/login-action@v2.1.0 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push Docker images - uses: docker/build-push-action@v4.0.0 + uses: docker/build-push-action@v5 with: context: . file: dev/build/Dockerfile @@ -77,7 +77,7 @@ jobs: find _dist/wiki/ -printf "%P\n" | tar -czf wiki-js.tar.gz --no-recursion -C _dist/wiki/ -T - - name: Upload a Build Artifact - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@v4 with: name: drop path: wiki-js.tar.gz @@ -92,7 +92,7 @@ jobs: dbtype: [postgres, mysql, mariadb, mssql, sqlite] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set Test Variables run: | @@ -129,7 +129,7 @@ jobs: docker: armv7 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set Version Variables run: | @@ -142,26 +142,26 @@ jobs: fi - name: Set up QEMU - uses: docker/setup-qemu-action@v2.1.0 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2.4.0 + uses: docker/setup-buildx-action@v3 - name: Login to DockerHub - uses: docker/login-action@v2.1.0 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry - uses: docker/login-action@v2.1.0 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Download a Build Artifact - uses: actions/download-artifact@v3.0.2 + uses: actions/download-artifact@v4 with: name: drop path: drop @@ -172,7 +172,7 @@ jobs: tar -xzf $GITHUB_WORKSPACE/drop/wiki-js.tar.gz -C $GITHUB_WORKSPACE/build --exclude=node_modules - name: Build and push Docker images - uses: docker/build-push-action@v4.0.0 + uses: docker/build-push-action@v5 with: context: . file: dev/build-arm/Dockerfile @@ -190,12 +190,12 @@ jobs: steps: - name: Setup Node.js environment - uses: actions/setup-node@v3.6.0 + uses: actions/setup-node@v4 with: node-version: 18.x - name: Download a Build Artifact - uses: actions/download-artifact@v3.0.2 + uses: actions/download-artifact@v4 with: name: drop path: drop @@ -221,7 +221,7 @@ jobs: run: tar -czf wiki-js-windows.tar.gz -C $env:GITHUB_WORKSPACE\win . - name: Upload a Build Artifact - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@v4 with: name: drop-win path: wiki-js-windows.tar.gz @@ -241,13 +241,13 @@ jobs: echo "REL_VERSION_STRICT=${GITHUB_REF_NAME#?}" >> $GITHUB_ENV - name: Login to DockerHub - uses: docker/login-action@v2.1.0 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry - uses: docker/login-action@v2.1.0 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -282,13 +282,13 @@ jobs: echo "REL_VERSION_STRICT=${GITHUB_REF_NAME#?}" >> $GITHUB_ENV - name: Login to DockerHub - uses: docker/login-action@v2.1.0 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry - uses: docker/login-action@v2.1.0 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -328,13 +328,13 @@ jobs: docker manifest push -p ghcr.io/requarks/wiki:latest - name: Download Linux Build - uses: actions/download-artifact@v3.0.2 + uses: actions/download-artifact@v4 with: name: drop path: drop - name: Download Windows Build - uses: actions/download-artifact@v3.0.2 + uses: actions/download-artifact@v4 with: name: drop-win path: drop-win @@ -359,7 +359,7 @@ jobs: artifacts: 'drop/wiki-js.tar.gz,drop-win/wiki-js-windows.tar.gz' - name: Notify Slack Releases Channel - uses: slackapi/slack-github-action@v1.18.0 + uses: slackapi/slack-github-action@v1.26.0 with: payload: | { @@ -381,34 +381,34 @@ jobs: See [release notes](https://github.com/requarks/wiki/releases) for details. - name: Notify Discord Channel - uses: sebastianpopp/discord-action@v1.0 + uses: sebastianpopp/discord-action@v2.0 with: webhook: ${{ secrets.DISCORD_WEBHOOK }} message: Wiki.js ${{ github.ref_name }} has been released! See https://github.com/requarks/wiki/releases for details. - build-do-image: - name: Build DigitalOcean Image - runs-on: ubuntu-latest - needs: [release] - - steps: - - uses: actions/checkout@v3 - - - name: Set Version Variables - run: | - echo "Using TAG mode: $GITHUB_REF_NAME" - echo "REL_VERSION_STRICT=${GITHUB_REF_NAME#?}" >> $GITHUB_ENV - - - name: Install Packer - run: | - curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - - sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" - sudo apt-get update && sudo apt-get install packer - - - name: Build Droplet Image - env: - DIGITALOCEAN_API_TOKEN: ${{ secrets.DO_TOKEN }} - WIKI_APP_VERSION: ${{ env.REL_VERSION_STRICT }} - working-directory: dev/packer - run: | - packer build digitalocean.json + # build-do-image: + # name: Build DigitalOcean Image + # runs-on: ubuntu-latest + # needs: [release] + + # steps: + # - uses: actions/checkout@v4 + + # - name: Set Version Variables + # run: | + # echo "Using TAG mode: $GITHUB_REF_NAME" + # echo "REL_VERSION_STRICT=${GITHUB_REF_NAME#?}" >> $GITHUB_ENV + + # - name: Install Packer + # run: | + # curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - + # sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" + # sudo apt-get update && sudo apt-get install packer + + # - name: Build Droplet Image + # env: + # DIGITALOCEAN_API_TOKEN: ${{ secrets.DO_TOKEN }} + # WIKI_APP_VERSION: ${{ env.REL_VERSION_STRICT }} + # working-directory: dev/packer + # run: | + # packer build digitalocean.json diff --git a/README.md b/README.md index 40fac120..d02727e9 100644 --- a/README.md +++ b/README.md @@ -211,6 +211,7 @@ Support this project by becoming a sponsor. Your name will show up in the Contri - Ruizhe Li ([@liruizhe1995](https://github.com/liruizhe1995)) - Sam Martin ([@ABitMoreDepth](https://github.com/ABitMoreDepth)) - Sean Coffey ([@seanecoffey](https://github.com/seanecoffey)) +- Simon Ott ([@ottsimon](https://github.com/ottsimon)) - Stephan Kristyn ([@stevek-pro](https://github.com/stevek-pro)) - Theodore Chu ([@TheodoreChu](https://github.com/TheodoreChu)) - Tyler Denman ([@tylerguy](https://github.com/tylerguy)) diff --git a/SECURITY.md b/SECURITY.md index 44cfc409..a68b8b9f 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -13,11 +13,11 @@ If you find such vulnerability, it's important to disclose it in a quick and sec ## Reporting a Vulnerability -**DO NOT CREATE AN ISSUE ON GITHUB** to report a potential vulnerability / security problem. Instead, choose one of these options: +**DO NOT CREATE A GITHUB ISSUE / DISCUSSION** to report a potential vulnerability / security problem. Instead, choose one of these options: -### A) Disclose on Huntr.dev +### A) Submit a Vulnerability Report *(recommended)* -Disclose the vulnerability on [Huntr.dev](https://huntr.dev/bounties/disclose) for the repository `https://github.com/Requarks/wiki`. +Fill in the form on https://github.com/requarks/wiki/security/advisories/new ### B) Send an email diff --git a/server/modules/rendering/html-core/renderer.js b/server/modules/rendering/html-core/renderer.js index f0ffbec8..a6426089 100644 --- a/server/modules/rendering/html-core/renderer.js +++ b/server/modules/rendering/html-core/renderer.js @@ -10,7 +10,7 @@ const mustacheRegExp = /(\{|{?){2}(.+?)(\}|}?){2}/i module.exports = { async render() { - const $ = cheerio.load(this.input, { + let $ = cheerio.load(this.input, { decodeEntities: true }) @@ -253,17 +253,35 @@ module.exports = { } }) + // -------------------------------- + // STEP: POST + // -------------------------------- + + let output = decodeEscape($.html('body').replace('', '').replace('', '')) + + for (let child of _.sortBy(_.filter(this.children, ['step', 'post']), ['order'])) { + const renderer = require(`../${_.kebabCase(child.key)}/renderer.js`) + output = await renderer.init(output, child.config) + } + // -------------------------------- // Escape mustache expresions // -------------------------------- + $ = cheerio.load(output, { + decodeEntities: true + }) + function iterateMustacheNode (node) { - const list = $(node).contents().toArray() - list.forEach(item => { + $(node).contents().each((idx, item) => { if (item && item.type === 'text') { const rawText = $(item).text().replace(/\r?\n|\r/g, '') if (mustacheRegExp.test(rawText)) { - $(item).parent().attr('v-pre', true) + if (!item.parent || item.parent.name === 'body') { + $(item).wrap($('

').attr('v-pre', true)) + } else { + $(item).parent().attr('v-pre', true) + } } } else { iterateMustacheNode(item) @@ -276,18 +294,7 @@ module.exports = { $(elm).attr('v-pre', true) }) - // -------------------------------- - // STEP: POST - // -------------------------------- - - let output = decodeEscape($.html('body').replace('', '').replace('', '')) - - for (let child of _.sortBy(_.filter(this.children, ['step', 'post']), ['order'])) { - const renderer = require(`../${_.kebabCase(child.key)}/renderer.js`) - output = await renderer.init(output, child.config) - } - - return output + return decodeEscape($.html('body').replace('', '').replace('', '')) } }