BigBlueButton/bigbluebutton-Github
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
29,784 Commits 13 Branches 260 Tags 1.1 GiB
2cda889d51
Commit Graph

1505 Commits

Author SHA1 Message Date
Tiago Daniel Jacobs
e59bcd0c33 Sanitize all received parameters 2020-11-13 06:54:32 +00:00
Tiago Daniel Jacobs
52e3eea552 Split error message from session token ( making it easier to translate - and more secure/ ) 2020-11-13 06:13:48 +00:00
Tiago Daniel Jacobs
5c911ddeec Sanitize fullName parameter of join API. Fixes #10818 2020-11-13 05:59:31 +00:00
Your Name
b4ecf53c80 Remove unwanted debug logging: This pushed the whole binary of every PDF uploaded into the logs. 2020-11-08 16:56:26 +01:00
Fred Dixon
d0bc77c3db Updating stun: for bbb-web to use Google's stun server 2020-10-23 11:26:41 -03:00
Fred Dixon
f0867bed76 Fix typo 2020-10-21 22:10:44 -05:00
Fred Dixon
3da71359f1 Updating stun: for bbb-web to use Google's stun server 2020-10-21 22:08:59 -05:00
Anton Georgiev
0c7ead1916 Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into oct16-merge 2020-10-21 14:48:02 +00:00
Pedro Beschorner Marin
2fb26ff0cf Patch of improvements for bbb-web 
This patch includes two improvements made for bbb-web. It tries to better isolate
the sessionToken's handling and session's validation, including logs for each one of
these steps; and removes maxParticipats control from registered users (that are no
longer removed from bbb-web collections) binding it to joined users or users that
reached the enter API call. The following adds more details about this last one:

User's regular flow to join a meeting goes around an API join call -> redis register event ->
redirect to client page -> API enter call -> redis join event. When the guest policy is ASK_MODERATOR,
non-moderators are registered and redirected to a guest lobby that polls for her/his guest status and
only enters the meeting after a moderator approval.
Using registered users as control to check how many participants are in a meeting is problematic because
non-approved guests are counted as participants and bbb-web has to find out when to ditch registered users
records to make a seat in a meeting available again. In other words, a meeting with maxParicipants
of 5 can get it's joins locked with a moderator and 4 waiting guests or bbb-web can wrongly drop a registered
user record on a reconnection inducing weird 401 responses from the API.

This change proposes to control maxParticipants both at join and enter API calls monitoring the number
of redis joined users. This also includes an extra buffer to capture users that called the enter API but
still don't have an user joined event.
User left events are now handled different holding the user data before removing from the joined users collection
and only releasing after verifying that the user didn't reconnected.

Both user left timeout `usersTimeout` and entered user timeout `enteredUsersTimeout` can be configured at properties.
 2020-09-28 09:59:52 -03:00
Pedro Beschorner Marin
a98c4b68b5 Add secure tag to bbb-web JSESSIONID cookie 
Revert this to make whatever you want when running bbb-web without https
 2020-09-22 16:11:53 -03:00
Anton Georgiev
124b2d9b51
Merge branch 'develop' into move-guest-wait 2020-09-21 16:28:59 -04:00
Anton Georgiev
918f58b343 Moved the default avatar.png to be part of bigbluebutton-html5/ 2020-09-21 12:24:12 +00:00
Anton Georgiev
d5450af5df
Merge pull request #10458 from pedrobmarin/avatar-image 
Support for avatar images
 2020-09-21 08:22:04 -04:00
Anton Georgiev
377dc27a8d Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into 09-16-merge 2020-09-17 14:37:28 +00:00
Pedro Beschorner Marin
e2adf24546 Support for avatar images 
Use the former Flash client avatarURL join param to replace the name
initials avatar from the user list, chat, waiting guests and connection
status list.

It is possible to define a defaultAvatarURL at bbb-web and enable/disable it
 2020-09-15 16:50:10 -03:00
Richard Alam
9e6a40280e - set html5 as default client 
- add meetingEndedURL and endWhenNoModerator create param
 - meetingEndedURL is complete
 - endWhenNoModerator is partially implemented. Will be continued in another PR.
 2020-09-05 08:43:12 -07:00
Anton Georgiev
14f464087f
Merge pull request #8417 from pedrobmarin/backend-cleanup 
Backend cleanup
 2020-08-28 15:37:00 -04:00
Anton Georgiev
5be5aed1d9 Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into merge-2020-08-12 2020-08-12 17:12:58 +00:00
Anton Georgiev
614e4dd68f
Remove event: from welcomeMessage link 
Obsolete in html5 and also was breaking the message sanitizer
 2020-07-29 17:24:08 -04:00
Anton Georgiev
0d6faa0b57 only allow for https uri in welcome and modOnly messages 2020-07-29 16:08:47 -04:00
Anton Georgiev
c6669d1d7a
Merge branch 'develop' into move-guest-wait 2020-07-28 13:50:04 -04:00
Tiago Jacobs
153c59307d Improvements on bbb-libreoffice 2020-07-24 02:42:51 -03:00
Jesus Federico
56403c31a0
enable post_events by default by setting keepEvents=true (#10097) 2020-07-20 08:11:02 -04:00
Tainan Felipe
1c8677d7d8 Move guest wait from bbb-client to bbb-html 2020-07-02 17:14:49 -03:00
Joao Siebel
9981b021ef Merge remote-tracking branch 'upstream/develop' into merge-2.2 2020-06-22 09:00:43 -03:00
Pedro Beschorner Marin
de40885768 Define API's voice bridge error 2020-06-16 17:01:57 -03:00
Joao Siebel
3e95ed0e4b Merge remote-tracking branch 'upstream/v2.2.x-release' into merge-2.2 2020-06-16 16:40:56 -03:00
Fred Dixon
0475d4c3b3
Merge pull request #9595 from miztaka/catalyst-fix-xml-injection 
Fix XML(Formula) Injection
 2020-06-02 10:24:00 -04:00
Anton Georgiev
3a9173297b
Merge pull request #8502 from Fenn-CS/secure-gradle-source 
http => https to prevent 403 access denied during gradle download
 2020-05-28 16:46:43 -04:00
Anton Georgiev
56e16d79a3
Merge pull request #9251 from elor/fix-voicebridge-collision 
Fix voiceBridge collision (Issue #9024)
 2020-05-28 16:17:59 -04:00
Anton Georgiev
c9e996de21 Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into merge-2.2-into-develop 2020-05-25 17:32:24 +00:00
Anton Georgiev
201fa2902e Only provide modOnlyMessage to moderators. Promoted mod requires refresh to see it 2020-05-20 15:56:44 -04:00
Mitsutaka Sato
e5349d9b27 Fix XML(Formula) Injection 2020-05-19 08:56:00 +12:00
Anton Georgiev
cc79c4b6ae merge 2.2.10 into 2.3 2020-05-05 19:52:44 +00:00
Richard Alam
f876ce01c2 Rework presentation download and upload 
- verify presentation and meeting id formats
 - construct presentation file path making sure that they are valid
 - add "downloadable" flag to check if presentation can be downloaded or not
 - collect presentation upload errors so we can send to the client in the future
 2020-05-01 14:16:42 -07:00
Ghazi Triki
84ba925014 Improve the file download in the browser. 2020-04-30 15:41:06 +01:00
Anton Georgiev
4f786f7f03
Merge pull request #9257 from lkiesow/https-links 
Switch To HTTPS Links
 2020-04-27 13:58:25 -04:00
Ghazi Triki
b21ca8355a Return 404 error when the file download is not allowed. 2020-04-25 19:51:17 +03:00
Lars Kiesow
6e6f9cbb51
Switch To HTTPS Links 
This patch switches to HTTPS for the links configured for and displayed
in the client.
 2020-04-25 18:28:53 +02:00
Erik E. Lorenz
868374516e Check for existing voicebridge in ApiController 2020-04-25 09:35:29 +02:00
Erik E. Lorenz
bccf3664db Guarantee unique meeting TelVoice (API create) 2020-04-25 08:51:37 +02:00
Richard Alam
e805e7a3d2 Bind to localhost 
Made a mistake of defining param twice
 2020-04-24 15:05:17 -07:00
Richard Alam
b30a8093d1 Bind to localhost 
Make bbb-web bind to localhost
 2020-04-24 14:29:36 -07:00
Mitsutaka Sato
79361bd485 Set content-type for presentation download, to prevent vulnerable files from being executed 2020-04-16 11:39:49 +12:00
Ghazi Triki
5ebdf5ca77 Improve nginx matching on incoming URLs 2020-04-09 21:40:33 +03:00
Ghazi Triki
78c649650e Strip HTML tags from name and fullName API params. 2020-04-03 20:00:33 +03:00
Anton Georgiev
8129468300 Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into merging 2020-03-04 23:36:21 +00:00
Richard Alam
251b3c20dd - move location of presentation page blank files 2020-03-04 10:05:36 -08:00
Richard Alam
6c841ce772 - cleanup 2020-03-02 09:42:43 -08:00
Richard Alam
4f453c4026 - add option to skip office pre-check 2020-03-02 09:40:01 -08:00
Richard Alam
673cbb9cac - downscale pdf page larger than 2MB 2020-03-01 08:24:20 -08:00
Richard Alam
f8437fb19d Merge branch 'v2.2.x-release' of https://github.com/bigbluebutton/bigbluebutton into pres-url-on-page-convert 2020-03-01 05:38:04 -08:00
Anton Georgiev
3754d0ab6f Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into merge-2.2-into-master-feb-28-2020 2020-02-28 17:47:06 -05:00
Richard Alam
c0372e3a97 Merge branch 'blank-presentation' of https://github.com/riadvice/bigbluebutton into riadvice-blank-presentation 2020-02-28 13:32:02 -08:00
Ghazi Triki
64d08d69c7 Updated java projects dependencies versions. 2020-02-28 10:44:28 +01:00
Richard Alam
e2a4bf3bb2
Turn off png generation 
Turn off png generation as we don't use it.
 2020-02-27 16:57:13 -05:00
Richard Alam
859c6a2220 - clean up 
- addjust timeouts
 2020-02-27 13:37:42 -08:00
Richard Alam
3a5b990e4a - turn off png generation 
- setup number of processing threads
 2020-02-27 13:30:55 -08:00
Richard Alam
5428e86448 - try to process multiple presentations in parallel 2020-02-26 14:36:04 -08:00
Richard Alam
f4a4b8be5d - downscale large pdf page 2020-02-25 14:18:56 -08:00
Ghazi Triki
0c96050fde Improvements to conversion default fall-back files and process. 2020-02-22 18:26:50 +01:00
Richard Alam
db4dc4aff0 - add urls on presentation page conversion message 2020-02-18 14:03:08 -08:00
Anton Georgiev
60e3e7986c
Merge pull request #8499 from pedrobmarin/waiting-guests-clean 
Removes waiting guests that stop polling for their status
 2020-01-29 17:40:19 -05:00
fenn-cs
6a204f0826 http => https to prevent 403 access denied during gradle download 
Signed-off-by: fenn-cs <fenn25.fn@gmail.com>
 2020-01-16 13:45:51 +01:00
Pedro Beschorner Marin
397041efcc Removes waiting guests that stop polling for their status 2020-01-15 12:03:52 -03:00
Pedro Beschorner Marin
ec7785ff22 Check for maxParticipants before registering an user 2019-12-18 16:12:30 -03:00
Pedro Beschorner Marin
b11113c165 Remove meeting inactivity monitor 2019-12-11 17:11:57 -03:00
Ghazi Triki
ba109530ae Disallow converting PDF files that have at least one big weighted page. 2019-10-16 08:37:03 +01:00
Chad Pilkey
027c28c320 add lock setting option to hide viewers from each other 2019-08-09 16:45:26 -07:00
Pedro Beschorner Marin
517e252901 Fix on getting caption file content type 2019-07-17 18:47:31 +00:00
Fred Dixon
2bd95f7596 Set default URL to http for testing 2019-06-23 17:23:35 -05:00
Richard Alam
ff6c5e4d7c
Merge pull request #7639 from riadvice/html5-conversion-progress 
Display SVG conversion progress
 2019-06-17 12:35:17 -04:00
Ghazi Triki
2f571eab10 Display SVG conversion progress. 2019-06-17 18:49:25 +03:00
Richard Alam
67ca66c842
Merge pull request #7565 from pedrobmarin/401-guest-false 
Avoid checking for authentication
 2019-06-14 11:03:53 -04:00
Richard Alam
e3dee6d7a2 - turn on svg generation by default while swf is turned off by default 2019-06-07 13:37:24 -07:00
Richard Alam
19caf3a386 Merge branch 'fix-recording-swf-disabled' of https://github.com/riadvice/bigbluebutton into riadvice-fix-recording-swf-disabled 2019-06-07 09:14:11 -07:00
Richard Alam
6e7ece7a9f - minor cleanup 2019-06-06 15:16:43 -07:00
Richard Alam
a46d0b9680 Merge branch 'master' of github.com:bigbluebutton/bigbluebutton into captions-text-tracks-intermediate-branch 2019-06-06 15:04:53 -07:00
Richard Alam
5d9f72ae21 - add single use token to request for the text track 2019-06-06 14:54:31 -07:00
Richard Alam
7577bf5310 - check if lang param is valid 2019-06-06 07:21:54 -07:00
Richard Alam
c92bfbb591 - deploy recording scripts in proper location 
- log upload captions params
 2019-06-04 14:07:10 -04:00
Pedro Beschorner Marin
a32037baa3 Avoid checking for authentication 2019-06-03 18:06:11 -03:00
Richard Alam
8db3903942 - add checksum check on put recordings text track api 2019-06-03 12:59:37 -07:00
Richard Alam
08f0c2b4e7 - make changes to align closer to spec document 2019-06-03 11:59:20 -07:00
Fred Dixon
63c36cb5d3
Set bigbluebutton.web.serverURL to http by default 2019-06-02 21:30:29 -04:00
Richard Alam
9d416ee473 Merge branch 'text-tracks' of https://github.com/riadvice/bigbluebutton into riadvice-text-tracks 2019-05-30 12:30:07 -07:00
Ghazi Triki
ddb02f57e7 Validate recordID in putRecordingTextTrack. 2019-05-22 16:18:57 +03:00
Ghazi Triki
05cc75eabf Validate kind in putRecordingTextTrack. 2019-05-21 17:58:31 +03:00
Ghazi Triki
6667360cfe Validate locale in putRecordingTextTrack. 2019-05-21 17:41:09 +03:00
Richard Alam
2e3350cc5c
Revert "Create API returns now returns error when no passwords provided for meeting" 2019-05-20 16:39:45 -04:00
Ghazi Triki
deae4bc831 Fix svgImagesRequired, generatePngs and swfSlidesRequired flags. 2019-05-15 18:50:28 +01:00
Ghazi Triki
7c5727750f Merge remote-tracking branch 'bigbluebutton/master' into text-tracks 2019-05-13 14:46:20 +01:00
Ghazi Triki
dbd86eb096 Code improve. 2019-05-10 15:51:05 +01:00
Fred Dixon
056ef6ee8c
Merge pull request #7327 from ritzalam/add-redis-password-on-master 
Add redis password on master
 2019-05-09 16:35:42 -04:00
Ghazi Triki
1974f903ea Fix downloaded file encoding. 2019-05-09 17:35:10 +01:00
Fred Dixon
b2dc8bd4c6
Merge pull request #7384 from riadvice/mandatory-api-passwords 
Create API returns an error when no password parameter is provided
 2019-05-09 06:28:35 -04:00
Ghazi Triki
b469f8c642 Update error format for Create API returns if none of the passwords parameters are provided. 2019-05-09 07:26:20 +01:00
Pedro Beschorner Marin
9867aa6b78 Shared notes lock settings first commit 2019-05-08 20:36:36 +00:00
Ghazi Triki
8892389234 Create API returns an error when no password parameter is provided. 2019-05-08 17:35:00 +01:00
Ghazi Triki
0c46ef2ae6 Revert "Change RecordingController.groovy EOL" and delete unused import. 2019-05-07 18:32:07 +01:00