Commit Graph

23 Commits

Author SHA1 Message Date
Dan Brown
2e39e45886
Added test to check text gen decodes HTML entities 2020-09-19 14:58:18 +01:00
Dan Brown
f84bf8e883
Updated test files to be PSR-4 compliant
Closes #1924
2020-04-04 01:16:05 +01:00
Dan Brown
31f5786e01
Entity Repo & Controller Refactor (#1690)
* Started mass-refactoring of the current entity repos

* Rewrote book tree logic

- Now does two simple queries instead of one really complex one.
- Extracted logic into its own class.
- Remove model-level akward union field listing.
- Logic now more readable than being large separate query and
compilation functions.

* Extracted and split book sort logic

* Finished up Book controller/repo organisation

* Refactored bookshelves controllers and repo parts

* Fixed issues found via phpunit

* Refactored Chapter controller

* Updated Chapter export controller

* Started Page controller/repo refactor

* Refactored another chunk of PageController

* Completed initial pagecontroller refactor pass

* Fixed tests and continued reduction of old repos

* Removed old page remove and further reduced entity repo

* Removed old entity repo, split out page controller

* Ran phpcbf and split out some page content methods

* Tidied up some EntityProvider elements

* Fixed issued caused by viewservice change
2019-10-05 12:55:01 +01:00
Dan Brown
cbf9d701af
Updated to laravel 6 2019-09-14 14:12:39 +01:00
Dan Brown
7cc17934a8
Made MD editor display a sandboxed iframe
- Also added escaping of srcdoc elements in escape logic.

Related to #1531
2019-08-26 12:16:50 +01:00
Dan Brown
2955f414dd
Added iframe JS and data url escaping
Related to #1531
2019-08-06 21:08:24 +01:00
Dan Brown
c732970f6e
Hardened page content script escaping
Increased range of tests to cover.

Fixes #1531
2019-07-10 20:17:22 +01:00
Dan Brown
ad542f0407
Prevented potential inline JS event usage
- Removes 'on*' attributes from elements.
- Also updated script logic to remove scripts instead of escaping.
- All JS injection removal now uses DomDocument + xpath parsing.
2019-05-05 13:53:37 +01:00
Dan Brown
2bb06463d5
Added deeper content id de-duplication
Closes #1393
2019-04-21 12:22:41 +01:00
Dan Brown
0bc5ccba32
Add revision restore confirm and changed http method
Closes #1321
2019-04-20 13:25:16 +01:00
Dan Brown
6c66a8935a
Added test to check page HTML id de-duplication
Relates to #1393
2019-04-20 13:01:56 +01:00
Dan Brown
c380c10d54
Prevented bad duplicate IDs causing major exception
Related to #1393
2019-04-15 21:20:32 +01:00
Dan Brown
0e0a17cc30
Prevented page text content includes
Avoids possible permission issues where included content shown in search or preview
where the user would not normally have permission to view the included content.

Closes #1178
2019-01-05 17:18:40 +00:00
Dan Brown
85f330c79a
Extracted many page-specific repo methods into page-specific repo 2018-10-13 11:27:55 +01:00
Dan Brown
919660678b
Re-structured the app code to be feature based rather than code type based 2018-09-25 12:30:50 +01:00
Dan Brown
1ad6fe1cbd
Added togglable script escaping to page content
Configurable via 'ALLOW_CONTENT_SCRIPTS' env variable.
Fixes #575
2018-03-17 15:52:42 +00:00
Dan Brown
359b1b40a2
Fixed broken table/ol/ul page includes
Fixes #640
2017-12-30 15:50:33 +00:00
Dan Brown
74a5e3113e
Fixed page includes erroring on save
Closes #514
2017-09-20 21:03:40 +01:00
Dan Brown
cc0ce7c630
Fixed bug preventing page revision restore
Added regression tests to cover.
Fixes #341
2017-03-23 22:19:14 +00:00
Dan Brown
387047f262
Fixed inaccessible revisions, added regression tests
Fixes #309
2017-02-25 12:29:01 +00:00
Dan Brown
33a2999a57
Namespaced tests to align with new laravel default 2017-02-04 11:58:42 +00:00
Dan Brown
6669998c10
Upgraded to Laravel 5.4 2017-01-25 19:35:40 +00:00
Dan Brown
2d4034f3b7
Added transclusion tests and fixed other tests 2017-01-21 16:16:27 +00:00