diff --git a/CHANGELOG.md b/CHANGELOG.md index 384814692..54952f524 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,25 @@ -# WIP +# 4.7.0 ## Goals +* deploy new forms page + ## Update notes * `bower update` for `chainpad-crypto#0.2.6` ([signed mailbox extensions](https://github.com/xwiki-labs/chainpad-crypto/releases/tag/0.2.6)) * log some information about the checkup page when launching the server +* new admin panel features + * link to checkup for better discoverability + * opt in to public listings + * opt in to email contact + * opt out of telemetry + * `blockDailyCheck` option moved here from default config + * preliminary work for statistical aggregation + * `removeDonateButton` option moved here from default config +* new app, so you probably want to review that your custom color schemes don't conflict +* server update and restart is required +* ready to display warnings about new server updates starting in 4.7.1 or 4.8.0 +* lots of new translations! ## Features @@ -13,10 +27,30 @@ * log messages which fail signature validation * make drive-redirect configurable via the settings page (disabled by default) * minor UI improvements for report page + * copy report to clipboard + * margins? +* new form app + * with participant, author, and auditor roles + * partially replaces the poll app + * polls no longer listed on home page + * it is still possible to make copies of existing polls + * otherwise the poll app redirects to the form app +* ability to add a file to your drive from the file menu even if it's already in a team +* embed file option in markdown toolbar + * kanban + * code + * slide? ## Bug fixes * variably display "Features" or "Pricing" in the _top bar_ +* default to the 'general' tab of the admin panel when the URL includes an unsupported hash +* guard against DOMException when updating atime in cache entries +* code app improvements + * guard against codemirror scroll-jank + * allow preview pane resize +* self-XSS via accountName +* password-protected files could not be opened or shared # 4.6.0 diff --git a/docs/example.nginx.conf b/docs/example.nginx.conf index a51a1ecaa..85f42dd81 100644 --- a/docs/example.nginx.conf +++ b/docs/example.nginx.conf @@ -214,7 +214,7 @@ server { # The nodejs server has some built-in forwarding rules to prevent # URLs like /pad from resulting in a 404. This simply adds a trailing slash # to a variety of applications. - location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc)$ { + location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report)$ { rewrite ^(.*)$ $1/ redirect; } diff --git a/server.js b/server.js index 72779c5f5..848167a98 100644 --- a/server.js +++ b/server.js @@ -24,8 +24,8 @@ var fancyURL = function (domain, path) { }; (function () { - // you absolutely must provide an 'httpUnsafeOrigin' - if (typeof(Env.httpUnsafeOrigin) !== 'string') { + // you absolutely must provide an 'httpUnsafeOrigin' (a truthy string) + if (!Env.httpUnsafeOrigin || typeof(Env.httpUnsafeOrigin) !== 'string') { throw new Error("No 'httpUnsafeOrigin' provided"); } @@ -66,7 +66,7 @@ var setHeaders = (function () { } // next define the base Content Security Policy (CSP) headers - if (typeof(config.contentSecurity) === 'string') { // XXX deprecate this + if (typeof(config.contentSecurity) === 'string') { headers['Content-Security-Policy'] = config.contentSecurity; if (!/;$/.test(headers['Content-Security-Policy'])) { headers['Content-Security-Policy'] += ';' } if (headers['Content-Security-Policy'].indexOf('frame-ancestors') === -1) { diff --git a/www/common/drive-ui.js b/www/common/drive-ui.js index b897d75ae..a145ab23b 100644 --- a/www/common/drive-ui.js +++ b/www/common/drive-ui.js @@ -4453,7 +4453,6 @@ define([ // Form: get auditor hash var auditorHash; if (parsed.hash && parsed.type === "form") { - console.error('ICI'); var formData = Hash.getFormData(null, parsed.hash, data.password); console.log(formData); if (formData) { diff --git a/www/form/app-form.less b/www/form/app-form.less index f68b02be5..24ff46de3 100644 --- a/www/form/app-form.less +++ b/www/form/app-form.less @@ -177,7 +177,8 @@ .cp-form-creator-add-full { display: flex; flex-flow: column; - margin: 20px 0px 100px 0px; + margin: 20px 0px 0px 0px; + padding-bottom: 100px; &> div:first-child { display: flex; height: 100%; @@ -224,7 +225,8 @@ .cp-form-send-container { text-align: center; - margin: 50px auto 100px auto; + margin: 50px auto 0px auto; + padding-bottom: 100px; button { &:not(:last-child) { margin-right: 10px; @@ -461,11 +463,16 @@ display: flex; flex-flow: column; position: relative; - & > div { - background: @cp_form-bg1; - padding: 10px; - &:not(:last-child) { - margin-bottom: 20px; + .cp-form-creator-results-controls { + margin-bottom: 20px; + //background: @cp_form-bg1; + //padding: 10px; + + } + .cp-form-creator-results-content { + .cp-form-block { + background: @cp_form-bg1; + padding: 10px; } } .cp-form-block-question { @@ -477,7 +484,7 @@ margin-top: -10px; margin-right: -10px; i { margin-right: 5px; } - background: @cp_form-bg2; + background: fade(@cryptpad_text_col, 15%); } .cp-form-results-type-text { max-height: 300px; @@ -515,6 +522,8 @@ } } .cp-form-individual { + background: @cp_form-bg1; + padding: 10px; & > *:not(:last-child) { margin-right: 10px; } diff --git a/www/form/inner.js b/www/form/inner.js index 9cc093f3c..648721843 100644 --- a/www/form/inner.js +++ b/www/form/inner.js @@ -1931,7 +1931,7 @@ define([ return h('div.cp-form-send-container', [ invalid, cbox ? h('div.cp-form-anon-answer', cbox) : undefined, - send, reset + reset, send ]); }; var updateForm = function (framework, content, editable, answers, temp) {