Dan Brown
1a189640f1
Integrated favicon handler with correct files & actions
...
Format does not look 100% correct though, won't show in Firefox/gimp.
2023-02-09 13:24:43 +00:00
Dan Brown
420f89af99
Built custom favicon.ico file creator
...
Followed wikipedia-defined ICO file format info, and used with
Intervention's good bmp support, to create a working proof-of-concept.
2023-02-08 23:06:42 +00:00
Dan Brown
da1a66abd3
Extracted test file handling to its own class
...
Closes #3995
2023-02-08 14:39:13 +00:00
Dan Brown
5e8ec56196
Fixed issues found from tests
2023-02-06 20:41:33 +00:00
Dan Brown
9ca088a4e2
Fixed static analysis issues
2023-02-06 20:00:44 +00:00
Dan Brown
3c658e39ab
Extracted app icon text, fixed issues
...
Tweaked sizes and meta tags based unpon ipad testing.
Fixed reduced sizes not being cleaned up.
2023-01-25 16:11:34 +00:00
Dan Brown
55b6a7842e
Added ability to control app icon (favicon) via settings
2023-01-25 11:03:19 +00:00
Dan Brown
1660e72cc5
Migrated remaining relation permission usages
...
Now all tests are passing.
Some level of manual checks to do.
2023-01-24 19:04:32 +00:00
Dan Brown
d2260b234c
Fixed app logo visibility with secure_restricted images
...
Includes test to cover.
For #3827
2022-11-10 14:15:59 +00:00
Dan Brown
8a749c6acf
Added and ran PHPCS
2022-09-18 01:25:20 +01:00
Dan Brown
7f8b3eff5a
Fixed failing tests due to shelf text changes, applied styleci changes
2022-09-02 14:47:44 +01:00
Dan Brown
c76b5e2ec4
Fixed local_secure_restricted preventing attachment uploads
...
Due to option name change and therefore lack of handling.
Added test case to cover.
2022-09-02 14:40:17 +01:00
Dan Brown
092b6d6378
Added test and handling for local_secure_restricted in exports
2022-09-02 14:21:43 +01:00
Dan Brown
27ac122502
Started work on local_secure_restricted image option
2022-09-01 16:17:14 +01:00
Dan Brown
d4a119b2aa
Fixed disabling of avatar urls, Removed id from gravatar image name
...
Included test to cover avatar url disabling.
Related to #1835
2022-07-26 12:10:19 +01:00
Dan Brown
afe1a04239
Aligned permission applicator method names
...
Also removed lesser used function, that was mostly a duplicate of an
existing function, and only used for search.
2022-07-16 19:54:25 +01:00
Dan Brown
b0a4d3d059
Renamed and cleaned up existing permission service classes use
2022-07-12 20:15:41 +01:00
Dan Brown
abc283fc64
Extracted download response logic to its own class
...
Cleans up base controller and groups up download & streaming logic for
potential future easier addition of range request support.
2022-06-08 23:50:42 +01:00
Dan Brown
2b0ae23da0
Updated composer deps, applied latest StyleCI changes
2022-04-24 18:22:40 +01:00
Dan Brown
cb770c534d
Added streamed uploads for attachments
2022-04-02 18:46:48 +01:00
Dan Brown
82e8b1577e
Updated attachment download responses to stream from filesystem
...
This allows download of attachments that are larger than current memory
limits, since we're not loading the entire file into memory any more.
For inline file responses, we take a 1kb portion of the file to sniff
before to check mime before we proceed.
2022-04-02 18:07:43 +01:00
Dan Brown
b5281bc9ca
Fixed tests, applied StyleCI changes
2022-03-26 20:38:03 +00:00
Dan Brown
55d61fceb2
Added manual image thumbnail exif orientation handling
...
Uses original image data to extract orientation exif to apply image
transformations before scaling and save. Manually done due to issues
with exif data loss during the existing Invervention image path.
For #1854
2022-03-26 12:32:08 +00:00
Dan Brown
1a26b47782
Applied latest styleCI changes
2022-01-06 12:18:11 +00:00
Dan Brown
31f1dca8a8
Added detection and thumbnail bypass for apng images
...
Adds apng sniffing when generating thumbnails with retained ratios to
serve the original image files, as we do for GIF images, to prevent
the image being resized to a static version.
Is more tricky than GIF since apng file mimes and extensions
are the same as png, we have to detect part of the file header
to sniff the type. Means we have to sniff at a later stage
than GIF since we have to load the image file data.
Made some changes to the image thubmnail caching while doing
this work to fit in with this handling.
Added test to cover.
For #3136 .
2022-01-04 13:10:35 +00:00
Dan Brown
024924eef3
Applied another round of static analysis updates
2021-11-22 23:33:55 +00:00
Dan Brown
85154fff69
Added an env configurable file upload size limit
...
Replaces the old suggestion of setting JS head 'window.uploadLimit'
variable. This new env option will be used by back-end validation and
front-end libs/logic too.
Limits already likely exist within prod environments at a PHP and
webserver level but this allows an app-level limit and centralises the
option on the BookStack side into the .env
Closes #3033
2021-11-14 22:03:22 +00:00
Dan Brown
8d7c8ac8bf
Done a round of phpstan fixes
2021-11-06 00:32:01 +00:00
Dan Brown
bc291bee78
Added inital phpstan/larastan setup
2021-11-05 16:18:06 +00:00
Dan Brown
c9c4dbcb5b
Merge branch 'laravel_upgrade'
2021-11-04 22:42:35 +00:00
Dan Brown
a17be959d8
Applied latest styleci changes
2021-11-01 13:26:02 +00:00
Dan Brown
bfbccbede1
Updated attachments to not be saved with a complete extension
...
Intended to limit impact in the event the storage path is potentially
exposed.
2021-11-01 11:32:00 +00:00
Dan Brown
4360da03d4
Ran a pass through image and attachment routes
...
Added some stronger types, formatting changes and simplifications along
the way.
2021-11-01 11:17:30 +00:00
Dan Brown
c7fea8fe08
Cleaned up logic within ImageRepo
...
- Moved out extension check to ImageService as that seems more relevant.
- Updated models to use static-style references instead of facade to align with common modern usage within the app.
- Updated custom image_extension validation rule to use shared logic in image service.
2021-11-01 00:24:42 +00:00
Dan Brown
43830a372f
Updated showImage file serving to not be traversable
...
For #3030
2021-10-31 23:53:17 +00:00
Dan Brown
f139cded78
Laravel 8 shift squash & merge ( #3029 )
...
* Temporarily moved back config path
* Apply Laravel coding style
* Shift exception handler
* Shift HTTP kernel and middleware
* Shift service providers
* Convert options array to fluent methods
* Shift to class based routes
* Shift console routes
* Ignore temporary framework files
* Shift to class based factories
* Namespace seeders
* Shift PSR-4 autoloading
* Shift config files
* Default config files
* Shift Laravel dependencies
* Shift return type of base TestCase methods
* Shift cleanup
* Applied stylci style changes
* Reverted config files location
* Applied manual changes to Laravel 8 shift
Co-authored-by: Shift <shift@laravelshift.com>
2021-10-30 21:29:59 +01:00
Dan Brown
4f55fe2f8e
Made further changes to page image extraction validation
...
Fixes #3019
Increased testing to cover the failing case amoung others.
2021-10-28 15:54:00 +01:00
Dan Brown
f77236aa38
Laravel 7.x Shift ( #3011 )
...
* Apply Laravel coding style
* Shift bindings
* Shift core files
* Shift to Throwable
* Add laravel/ui dependency
* Shift Eloquent methods
* Shift config files
* Shift Laravel dependencies
* Shift cleanup
* Shift test config and references
* Applied styleci changes
* Applied fixes post shift to laravel 7
Co-authored-by: Shift <shift@laravelshift.com>
2021-10-26 22:04:18 +01:00
Haxatron
64937ab826
Update ImageRepo.php
...
fix image validation vulnerability
2021-10-26 09:39:16 +08:00
Dan Brown
859934d6a3
Applied latest changes from styleCI
2021-10-20 10:49:45 +01:00
Dan Brown
60d4c5902b
Added attachment API examples during manual testing
2021-10-20 10:43:03 +01:00
Dan Brown
2409d1850f
Added TestCase for attachments API methods
2021-10-20 00:58:56 +01:00
Dan Brown
32f6ea946f
Build out core attachments API controller
...
Related to #2942
2021-10-18 17:46:55 +01:00
Dan Brown
cb45c53029
Added base64 image extraction to markdown page content
...
- Included tests to cover.
- Manually tested via API update and interface page update.
Closes #2898
2021-10-18 11:42:50 +01:00
Dan Brown
a9b3df537f
Applied changes from styleci
2021-10-08 22:23:17 +01:00
Dan Brown
7224fbcc89
Added protections against path traversal in file system operations
...
- Files within the storage/ path could be accessed via path traversal
references in content, accessed upon HTML export.
- This addresses this via two layers:
- Scoped local flysystem filesystems down to the specific image &
file folders since flysystem has built-in checking against the
escaping of the root folder.
- Added path normalization before enforcement of uploads/{images,file}
prefix to prevent traversal at a path level.
Thanks to @Haxatron via huntr.dev for discovery and reporting.
Ref: https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a/
2021-10-08 17:47:14 +01:00
Dan Brown
05d99a312d
Applied styleci changes
2021-09-26 15:48:22 +01:00
Dan Brown
c32b315cd7
Standardised facade usage to use via their FQCN
...
Done via Laravel Shift Workbench
2021-09-26 15:37:55 +01:00
Dan Brown
934a833818
Apply fixes from StyleCI
2021-06-26 15:23:15 +00:00
Dan Brown
3d5899d28c
Fixed issue with using old non-existing reference in controller
...
Also done a little code cleanup.
2021-06-13 14:16:09 +01:00