Dan Brown
c732970f6e
Hardened page content script escaping
...
Increased range of tests to cover.
Fixes #1531
2019-07-10 20:17:22 +01:00
Dan Brown
94441832c5
Removed old translation endpoint tests
2019-07-07 13:54:17 +01:00
Dan Brown
71167426bb
Started implementation of page template
2019-07-07 13:45:46 +01:00
Dan Brown
5c70413784
Fixed incorrect testing vars and reset env vars in config test
2019-06-25 22:52:07 +01:00
Dan Brown
762d1d7595
Allowed different storage types for images and attachments
...
- Added new env and config vars to allow this.
- Also added tests for awkward config logic including fallback for new
env vars.
Closes #1302
2019-06-23 16:01:15 +01:00
Dan Brown
fbb2b7ac6a
Updated page nav header shift logic to be accurate
...
Added tests to cover.
Fixes #542
2019-06-16 11:32:38 +01:00
Dan Brown
3ad1b42a74
Updated page delete to handle inactive custom homepage correctly
...
Fixes #1447
2019-05-27 12:40:19 +01:00
Dan Brown
35e6635379
Fixed chapter description not showing in book exports
...
Closes #1465
2019-05-25 15:21:02 +01:00
Dan Brown
8ae35f645a
Fixed faulty baseUrl rewrites
...
Fixes #1452
May help #1377
2019-05-19 16:25:05 +01:00
Dan Brown
896f88174a
Updated page navigation logic to ignore empty headers
...
Fixes #1429
2019-05-15 21:02:11 +01:00
Dan Brown
97ffbaa740
Fixed issue where books titles could be leaked via shelf home view
...
- Also added test to cover
Fixes #1425
2019-05-07 22:42:48 +01:00
Dan Brown
ad542f0407
Prevented potential inline JS event usage
...
- Removes 'on*' attributes from elements.
- Also updated script logic to remove scripts instead of escaping.
- All JS injection removal now uses DomDocument + xpath parsing.
2019-05-05 13:53:37 +01:00
Dan Brown
8c190324ac
Updated existing image tests to reflect changes
...
- Also added some new tests
2019-05-04 18:11:19 +01:00
Dan Brown
aeb1fc4d49
Started rewriting back-end image managment
2019-04-21 15:52:29 +01:00
Dan Brown
4e49d06182
Merge branch 'fix/registraion-form-validation' of git://github.com/cw1998/BookStack into cw1998-fix/registraion-form-validation
2019-04-21 12:24:39 +01:00
Dan Brown
2bb06463d5
Added deeper content id de-duplication
...
Closes #1393
2019-04-21 12:22:41 +01:00
Dan Brown
0bc5ccba32
Add revision restore confirm and changed http method
...
Closes #1321
2019-04-20 13:25:16 +01:00
Dan Brown
6c66a8935a
Added test to check page HTML id de-duplication
...
Relates to #1393
2019-04-20 13:01:56 +01:00
Dan Brown
c24764018a
Updated ldap server option parsing to work with protocol and port
...
- Aligns with PHP behaviour where ports is ignore for full LDAP URI.
- Added tests to check format being passed to LDAP is as expected.
- May be related to #1220
- Related to #1386 and #1278
2019-04-16 22:47:53 +01:00
Christopher Wilkinson
c8cf6731e2
Add min length validation on name on register form & add sign up link
2019-04-16 12:18:51 +01:00
Dan Brown
c380c10d54
Prevented bad duplicate IDs causing major exception
...
Related to #1393
2019-04-15 21:20:32 +01:00
Dan Brown
7f3f6e65b9
Aligned item creation wording and updated shelf-book-add logic
2019-04-15 20:45:04 +01:00
Christopher Wilkinson
50a9c71de0
Add tests for creating a book and adding directly to a shelf
2019-04-15 09:27:17 +01:00
Christopher Wilkinson
faa3a8b842
Add button to add a book directly from a shelf view
2019-04-15 09:27:17 +01:00
Dan Brown
9406b4d4c9
Updated view toggle to store date
...
Also added test for user list order preferences
2019-04-14 13:01:51 +01:00
Dan Brown
b12ae6d11b
Added bookshelves to breadcrumbs
...
- Updated breadcrumb dropdown switchers and back-end sibling code to handle new breadcrumbs.
- Added breadcrumb view composer and EntityContext system to mangage
tracking if in the context of a bookshelf.
2019-04-07 18:28:11 +01:00
Dan Brown
7cda9b026e
Updated tests to suit layout changes, Updated 404 page
...
- Also replaced 'or' usage in templates with null coalescing operator
2019-04-06 18:36:17 +01:00
Dan Brown
193e2ffebe
Prevent dbl exts. on img upload, Randomized attachment upload names
2019-03-24 19:08:21 +00:00
Dan Brown
f5fe524e6c
Added extension whitelist for image uploads
...
- A continuation of the security issues addressed in v0.25.3
2019-03-21 19:43:15 +00:00
Dan Brown
37b91b6b0e
Hardened image file validation by removing custom validation
...
- Added test to check PHP files cannot be uploaded as an image.
2019-03-20 23:59:55 +00:00
Dan Brown
44c537de1a
Performed some LDAP service/test cleanup
2019-03-10 10:54:19 +00:00
Dan Brown
6bccf0e64a
Merge branch 'feature-ldap-attributes' of git://github.com/dfanara/BookStack into dfanara-feature-ldap-attributes
2019-03-10 10:31:09 +00:00
Dan Brown
042a6f9760
Updated shelf menu item to show on custom permission
...
- Extended new 'userCanOnAny' helper to take a entity class for
filtering.
Closes #1201
2019-03-09 21:15:45 +00:00
Dan Brown
5c9b528517
Abstracted userCanCreatePage helper to work for any permisison
...
- Added test to cover scenario where someone with create-own permission
would want to copy a viewable item into a container entity that they
own.
2019-03-09 16:50:22 +00:00
Daniel Fanara
6d20bdc1fb
Preserve original display_name_attribute configuration values.
2019-03-09 01:13:30 -05:00
Daniel Fanara
502ea608bf
Issue #1306 - Unit Tests for LdapService Changes
2019-03-09 01:08:49 -05:00
Dan Brown
0e0a17cc30
Prevented page text content includes
...
Avoids possible permission issues where included content shown in search or preview
where the user would not normally have permission to view the included content.
Closes #1178
2019-01-05 17:18:40 +00:00
Dan Brown
50e5527483
Added test to cover "users" header link in correct permission conditions
2019-01-05 15:22:47 +00:00
Dan Brown
70ad707c3c
Tweaked profile page anchor links and swapped register/login links
...
Also added test for login/register links on non-auth app view
Relates to #1146
2019-01-05 15:01:16 +00:00
Dan Brown
a2087fe3ff
Made delete permissions a requirement for move operations
...
Closes #1200
2019-01-05 14:39:40 +00:00
Dan Brown
2317bf2350
Added check for last admin on role change
...
Will show error message if last admin and admin role is removed.
Closes #1124
Also cleaned up user controller a little.
2018-12-30 16:11:58 +00:00
Dan Brown
68017e2553
Added testing for avatar fetching systems & config
...
Abstracts imageservice http interaction.
Closes #1193
2018-12-23 15:34:38 +00:00
Dan Brown
f4ea5f1f55
Updated page exports to use absolute time format
...
For #1065
2018-12-22 16:35:04 +00:00
Dan Brown
26ec1cc3dc
Added proper escaping to LDAP filter operations
...
To cover #1163
2018-12-20 20:04:09 +00:00
Dan Brown
651ae2f3be
Fixed failing language test after addition of formatter
2018-12-16 15:46:02 +00:00
Dan Brown
323bff7d6d
Extended translations system for arrays & extension
...
Extended the base Laravel translation system to
allow a locale to be based upon another.
Also adds functionality to take base & fallback locales into account when fetching
an array of translations.
Related to work done in #1159
2018-12-12 20:46:27 +00:00
Dan Brown
178b5af83a
Added google select_account test
...
Also cleaned the function naming a little to be more descriptive of the
work they do.
2018-11-10 14:52:43 +00:00
Dan Brown
ffc1aa873e
Merge branch 'v0.24-dev'
2018-11-04 15:36:40 +00:00
Dan Brown
19b7093438
Fixed redirect issue when custom app url in use
...
Fixes #956 & #1048
Also added tests to cover this url logic.
Also removed debugbar during tests to maybe improve test speed.
2018-11-04 15:18:27 +00:00
Dan Brown
85f330c79a
Extracted many page-specific repo methods into page-specific repo
2018-10-13 11:27:55 +01:00
Dan Brown
919660678b
Re-structured the app code to be feature based rather than code type based
2018-09-25 12:30:50 +01:00
Dan Brown
9243c635f2
Made search test a little more consistent
2018-09-23 15:15:44 +01:00
Dan Brown
7b32aa163f
Added Bookshelves to search system.
...
Also cleaned up and made search indexing system a little more efficient.
Closes #1023
2018-09-23 12:34:30 +01:00
Dan Brown
da58c41ab6
Prevented attachDefaultRole from trying to re-attach if already existing
...
Fixes #1003
Added test to cover
2018-09-22 22:09:34 +01:00
Dan Brown
3f58800ed1
Added ability to configure revision limit
2018-09-22 17:30:42 +01:00
Dan Brown
1cb6ae39c8
Added base RTL support
...
For #939
- Adds way to check if current language is RTL via config system.
- Made TinyMCE default direction be based on current language text
direction.
- Fixed bullet points to be RTL compatible.
- Set page content body to have direction based on content.
2018-09-22 13:18:26 +01:00
Dan Brown
e3e484e561
Added custom head content to exports
...
Closes #981
Also fixed incorrect download tests.
2018-09-22 11:53:40 +01:00
Dan Brown
e60d11ee04
Altered social auto-reg to be configurable per service
...
- Added {$service}_AUTO_REGISTER and {$service}_AUTO_CONFIRM_EMAIL env
options for each social auth system.
- Auto-register will allow registration from login, even if registration
is disabled.
- Auto-confirm-email indicates trust and will mark new registrants as
'email_confirmed' and skip 'confirmation email' flow.
- Also added covering tests.
2018-09-21 18:05:06 +01:00
Dan Brown
131fcae4c7
Merge pull request #947 from BookStackApp/bookshelves
...
Bookshelves
2018-09-21 15:29:52 +01:00
Dan Brown
c8d893fac7
Updated 404 test to not fail based on random long name
2018-09-21 15:24:29 +01:00
Dan Brown
b59e5942c8
Added testing coverage for Bookshelves
...
Created modified TestResponse so we can use DOM operations in new
Testcases as we move away from the BrowserKit tests.
2018-09-21 15:15:16 +01:00
Dan Brown
81eb642f75
Added bookshelves homepage options
...
- Updated homepage selection UI to be more scalable
- Cleaned homepage selection logic in code
- Added seed test data for bookshelves
- Added bookshelves to permission system
2018-09-20 15:27:30 +01:00
Abijeet
08b967607f
Changes as per code review, and fixes failing test cases.
...
Signed-off-by: Abijeet <abijeetpatro@gmail.com>
2018-09-16 20:44:09 +05:30
Abijeet
0c8b6b7324
Final tweaks after code review and fixing failing test cases.
2018-09-16 01:12:36 +05:30
Abijeet
54ca4487fa
Adds tests and few fixes.
...
Signed-off-by: Abijeet <abijeetpatro@gmail.com>
2018-09-15 21:05:51 +05:30
Dan Brown
098128aafb
Added test to cover new language autodetect config option
2018-08-12 13:34:14 +01:00
Dan Brown
f421d83627
Added ability to set custom ldap group -> role mapping
...
Added input in role form to allow matching against custom names.
Changed default mapping to use role display name instead of the hidden
DB name.
2018-07-15 19:34:42 +01:00
Dan Brown
17bca662a7
Added tests to cover ldap group mapping
...
Also updated .env.example formatting.
Updated how LdapRepo uses Ldap so can be mocked by testing.
2018-07-15 17:57:25 +01:00
Dan Brown
2bcc159fd6
Allowed creating pages in visible chapters in invisible books
...
Fixes permissions with test to cover in the event a page is created,
with permission, in a chapter but the user does not have permission to
see the parent book.
Fixes #912
2018-07-14 14:12:29 +01:00
Dan Brown
6b84a76af1
Merge branch 'drawing_updates'
2018-05-27 19:42:25 +01:00
Dan Brown
2bd6ba9895
Added maintenance view with image-cleanup
2018-05-27 19:40:07 +01:00
Dan Brown
61c9324229
Removed old image versions test
2018-05-20 17:12:44 +01:00
Dan Brown
13ad0031d6
Drawings now generate revisions, not replace
...
Updated drawing update test to accomodate.
Image deletion system now takes revisions into account.
2018-05-13 17:41:35 +01:00
Abijeet
47cb99a2d6
Added test cases.
...
Signed-off-by: Abijeet <abijeetpatro@gmail.com>
2018-05-12 13:07:28 +05:30
Dan Brown
eb5069ca66
Attempted to fix failing time-based test
2018-04-22 20:06:46 +01:00
Dan Brown
67e0c3d2a5
Improved export base64 encoding of images
...
Now will use set storage mechanism to find image files.
Fixes #786
Added test to cover
2018-04-22 12:23:43 +01:00
Dan Brown
cdb1c7ef88
Added destination permission checking to entity move
2018-04-14 18:47:13 +01:00
Dan Brown
0f7b0ad45a
Added ability to copy a page
...
In 'More' menu alongside move.
Allows you to move if you have permission to create within the new
target parent.
Closes #673
2018-04-14 18:00:16 +01:00
Dan Brown
1a72208d27
Added configurable robots.txt file.
...
Deleted old static file.
Default output depends on app-public setting.
Otherwise can be overidden in `.env` file via `ALLOW_ROBOTS`
Otherwise view file can be customized.
Fixes #779
2018-03-31 12:41:40 +01:00
Dan Brown
582158f70e
Added tags to chapters and books
...
Closes #121
2018-03-30 14:09:51 +01:00
Dan Brown
23f90ed6b4
Ensured uploaded system images remain public
...
Also added tests to cover local_secure image storage.
Fixes #725
2018-03-25 12:41:52 +01:00
Dan Brown
1a9f676416
Updated create routes to prevent slug clashes
...
Fixes #758
2018-03-25 11:34:42 +01:00
Dan Brown
1ad6fe1cbd
Added togglable script escaping to page content
...
Configurable via 'ALLOW_CONTENT_SCRIPTS' env variable.
Fixes #575
2018-03-17 15:52:42 +00:00
Dan Brown
81fa021083
Finished migrated from icon-font to SVG
2018-02-17 19:49:00 +00:00
Dan Brown
548dcd4db1
Fixed error when accessing non-authed attachment
...
Also updated attachment tests to use standard test-case.
Fixes #681
2018-02-11 12:37:02 +00:00
Dan Brown
59e809be16
Added command to add a new admin user
...
Closes #609
2018-01-28 18:09:26 +00:00
Dan Brown
ec050a5eef
Fixed validation issue on register post
...
Added test to cover and also cleaned up RegisterController comments.
Fixes #670
2018-01-28 17:15:30 +00:00
Dan Brown
ead4b14d94
Updated user profile image delete to delete all uploads
...
Also moved test and made more comprehensive
2018-01-28 14:08:14 +00:00
Sampath Kumar
35e00ddb95
#630 : Deleting user's profile pics on deleting of user account ( #646 )
...
* Issue-630: Fixed issue with deleting user profile pics when deleting a user.
* Issue #630 : Deleting user's profile pics on deleting of user account
* Issue-630: Added test case for deleting user
2018-01-28 13:50:24 +00:00
Dan Brown
faf7c55fdd
Actually fixed the BaseURL this time 🤦
2018-01-28 13:33:50 +00:00
Dan Brown
ba6eb6727a
Fixed test failing from missing baseURL
...
Also updated image upload test to delete before upload to prevent failed
tests breaking subsequent tests.
2018-01-28 13:27:41 +00:00
Dan Brown
88d09a2a3b
Added drawing endpoint tests
...
Also refactored ImageTests away from BrowserKit
Also added image upload type validation.
2018-01-28 13:18:28 +00:00
Abijeet
e269cc7ea7
Adds test case for sorting permissions.
...
Signed-off-by: Abijeet <abijeetpatro@gmail.com>
2017-12-31 20:17:08 +05:30
Dan Brown
96b8c403a8
Fixed failing book view test
...
Also ensured setting system localcache is cleared correctly
2017-12-30 16:09:27 +00:00
Dan Brown
359b1b40a2
Fixed broken table/ol/ul page includes
...
Fixes #640
2017-12-30 15:50:33 +00:00
Dan Brown
1aa4d0dc59
Merge branch 'feature-613' of git://github.com/Abijeet/BookStack into Abijeet-feature-613
2017-12-29 16:25:15 +00:00
Dan Brown
afe781bc39
Enabled session in 404 responses
...
Fixes #634
2017-12-28 13:19:02 +00:00
Abijeet
d5a2529775
Adds test cases and fixes an issue with the permission checking.
...
Signed-off-by: Abijeet <abijeetpatro@gmail.com>
2017-12-26 15:46:20 +05:30
Dan Brown
a5e49f642b
Merge branch 'disable-comments' of git://github.com/Abijeet/BookStack into Abijeet-disable-comments
2017-12-07 19:15:26 +00:00
Dan Brown
261e57fc4e
Converted books view setting to user setting
...
Also cleaned up/moved new CSS and removed redundant new book methods.
2017-12-06 16:34:26 +00:00