Allowed page includes on custom home

For #2279 Old hold-over for when include content permissions were handled less delicately.
2024-10-01 05:36:00 +00:00 · 2021-10-04 11:26:26 +01:00 · 2021-10-04 11:26:26 +01:00 · d3a9645161
commit d3a9645161
parent 505d7e604e
3 changed files with 23 additions and 1 deletions
--- a/app/Entities/Tools/PageContent.php
+++ b/app/Entities/Tools/PageContent.php
@ -316,6 +316,7 @@ class PageContent
            }

            // Find page and skip this if page not found
+            /** @var ?Page $matchedPage */
            $matchedPage = Page::visible()->find($pageId);
            if ($matchedPage === null) {
                $html = str_replace($fullMatch, '', $html);
--- a/app/Http/Controllers/HomeController.php
+++ b/app/Http/Controllers/HomeController.php
@ -96,9 +96,10 @@ class HomeController extends Controller
        if ($homepageOption === 'page') {
            $homepageSetting = setting('app-homepage', '0:');
            $id = intval(explode(':', $homepageSetting)[0]);
+            /** @var Page $customHomepage */
            $customHomepage = Page::query()->where('draft', '=', false)->findOrFail($id);
            $pageContent = new PageContent($customHomepage);
-            $customHomepage->html = $pageContent->render(true);
+            $customHomepage->html = $pageContent->render(false);

            return view('home.specific-page', array_merge($commonData, ['customHomepage' => $customHomepage]));
        }
--- a/tests/HomepageTest.php
+++ b/tests/HomepageTest.php
@ -5,6 +5,7 @@ namespace Tests;
 use BookStack\Auth\Role;
 use BookStack\Auth\User;
 use BookStack\Entities\Models\Bookshelf;
+use BookStack\Entities\Models\Page;

 class HomepageTest extends TestCase
 {
@ -78,6 +79,25 @@ class HomepageTest extends TestCase
        $pageDeleteReq->assertSessionMissing('error');
    }

+    public function test_custom_homepage_renders_includes()
+    {
+        $this->asEditor();
+        /** @var Page $included */
+        $included = Page::query()->first();
+        $content = str_repeat('This is the body content of my custom homepage.', 20);
+        $included->html = $content;
+        $included->save();
+
+        $name = 'My custom homepage';
+        $customPage = $this->newPage(['name' => $name, 'html' => '{{@' . $included->id . '}}']);
+        $this->setSettings(['app-homepage' => $customPage->id]);
+        $this->setSettings(['app-homepage-type' => 'page']);
+
+        $homeVisit = $this->get('/');
+        $homeVisit->assertSee($name);
+        $homeVisit->assertSee($content);
+    }
+
    public function test_set_book_homepage()
    {
        $editor = $this->getEditor();