Dan Brown
349162ea13
Prevented possible XSS via link attachments
...
This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.
Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.
2020-10-31 15:01:52 +00:00
Ole Aldric
461977cf9a
added missing comma that caused the testprocess to fail.
2020-10-19 12:26:18 +02:00
Ole Aldric
837cccd4d4
Added translation for Norwegian (Bokmål)
...
This will add translations for Norwegian to BookStack. It is identified by the langID no_NB
2020-10-19 11:43:43 +02:00
Dan Brown
ff7cbd14fc
Added recycle bin empty notification response with count
2020-10-03 18:53:09 +01:00
Dan Brown
04197e393a
Started work on the recycle bin interface
2020-10-03 18:44:12 +01:00
Dan Brown
ff46d81681
Merge branch 'jb-l10n-fix-czech' of git://github.com/jakubboucek/BookStack into jakubboucek-jb-l10n-fix-czech
2020-09-19 15:44:18 +01:00
Dan Brown
1f202f6dbc
Updated locale lists for Bulgarian
2020-09-19 15:36:17 +01:00
Dan Brown
78bf044a7a
Added audit log interface
...
- Displays the currently tracked activities in the system.
Related to #2173 and #1167
2020-09-19 12:06:45 +01:00
Dan Brown
09c6d6c722
Added button for inserting attachment link to a page
...
For #1460
2020-09-13 18:58:05 +01:00
Jakub Bouček
fefcaa21e7
Fix English translations
...
- Fix obvious bug
- Reunite capitalisation
2020-08-31 20:45:09 +02:00
Dan Brown
1ac11c1852
Added warning to role screen for important permissions
...
Warning related to permissions that could allow a person to promote
their own permissions to gain more privileges than expected.
For #2105 .
2020-08-04 15:26:13 +01:00
Dan Brown
02dc3154e3
Converted image-manager to be component/HTML based
...
Instead of vue based.
2020-07-25 00:20:58 +01:00
Dan Brown
d41452f39c
Finished breakdown of attachment vue into components
2020-07-04 16:53:02 +01:00
Dan Brown
14b6cd1091
Started migration of attachment manager from vue
...
- Created new dropzone component.
- Added standard component event system using custom DOM events.
- Added tabs component.
- Added ajax-delete-row component.
2020-06-30 22:12:45 +01:00
Dan Brown
a5fa745749
Moved overlay component, migrated code-editor & added features
...
- Moved Code-editor from vue to component.
- Updated popup code so it background click only hides if the click
originated on the same background. Clicks within the popup will no
longer cause it to hide.
- Added session-level history tracking to code editor.
2020-06-28 00:06:47 +01:00
Dan Brown
715dee2d0e
Converted search filters to not be vue based
2020-06-27 13:29:00 +01:00
Nikhil Jha
a34a07c610
basic markdown export
2020-05-12 21:12:26 -07:00
Dan Brown
50669e3f4a
Added tests and translations for dark-mode components
2020-04-11 20:44:23 +01:00
Dan Brown
ba1be9d710
Updated password reset process not to indicate if email exists
...
- Intended to prevent enumeration to check if a user exists.
- Updated messages on both the reqest-reset and set-password elements.
- Also updated notification auto-hide to be dynamic based upon the
amount of words within the notification.
- Added tests to cover.
For #2016
2020-04-10 13:38:08 +01:00
Dan Brown
47e645909e
Reviewed #1688 , Show parent shelves on books page
...
- Moved list to the left of the page to align with other navigational
items.
- Hid list of no shelves, to help hide shelf references if not in use.
- Tweaked test to ensure it wasn't finding shelf name in breadcrumb
rather than list being tested.
2020-04-09 17:29:22 +01:00
Dan Brown
898cedf536
Merge branch 'feature/#1598' of git://github.com/cw1998/BookStack into cw1998-feature/#1598
2020-04-09 17:18:37 +01:00
Dan Brown
f94fd44ff6
Updated styles to use logical properties/values
...
- Intended to improve RTL support in the interface.
- Also adds hebrew to language dropdown since that was missing.
Related to #1794
2020-04-05 13:07:19 +01:00
James Geiger
fe438bdb45
Add footer element, styles, and associated settings
2020-03-18 22:28:06 -05:00
Dan Brown
64942268b8
Added Slovenian to available language options
...
Related to #1946
2020-03-14 22:24:27 +00:00
Dan Brown
7f6cbead33
Performed review of "public intended" functionality provided in #1817
...
- Updated logic to take url from referrer rather than pass as a query parameter.
- Added tests to cover functionality.
- Updated 404 page with login action button if not signed in.
- Updated 404 page with text to indicate permissions may be affecting visibility.
Related to #1817 and #1706
2020-03-14 18:29:31 +00:00
Dan Brown
34616ac195
Updated lanauge lists to match latest translations
2020-03-04 22:14:25 +00:00
Dan Brown
49386b42da
Updated email test send to show error on failure
...
- Added test to cover
- Closes #1874
2020-02-15 14:13:15 +00:00
Dan Brown
718a97537e
Added app theme setting to complete env and fixed text error
2020-02-03 20:33:10 +00:00
Dan Brown
3991fbe726
Checked over and aligned registration option behavior across all auth options
...
- Added tests to cover
2020-02-02 17:31:00 +00:00
Dan Brown
e6c6de0848
Simplified guard names and rolled out guard route checks
...
- Included tests to cover for LDAP and SAML
- Updated wording for external auth id option.
- Updated 'assertPermissionError' test case to be usable in BrowserKitTests
2020-02-02 13:10:21 +00:00
Dan Brown
5ff89a1abb
Added danish to language arrays
2020-01-18 16:10:16 +00:00
Dan Brown
b9fb655b60
Added "Getting Started" API docs
2020-01-18 14:03:11 +00:00
Dan Brown
3cacda6762
Added expiry checking to API token auth
...
- Added test to cover to ensure its checked going forward
2019-12-30 19:51:41 +00:00
Dan Brown
3de55ee645
Linked new API token system into middleware
...
Base logic in place but needs review and refactor to see if can better
fit into Laravel using 'Guard' system. Currently has issues due to
cookies in use from active session on API.
2019-12-30 02:16:07 +00:00
Dan Brown
692fc46c7d
Removed token 'client' text, avoid confusion w/ oAuth
...
- Instead have a token_id and a secret.
- Displayed a 'Token ID' and 'Token Secret'.
2019-12-29 20:07:28 +00:00
Dan Brown
832fbd65af
Added testing coverage to user API token interfaces
2019-12-29 19:46:46 +00:00
Dan Brown
dccb279c84
Built out interfaces & endpoints for API token managment
2019-12-29 17:03:52 +00:00
Dan Brown
d336ba6874
Started work on API token controls
...
- Added access-api permission.
- Started user profile UI work.
- Created database table and model for tokens.
- Fixed incorrect templates down migration :(
2019-12-29 13:02:26 +00:00
Dan Brown
865e8d4ec5
Improved markdown mobile editor experience
...
- Updated styles of codemirror area to be a bit more forefull in taking
up space.
- Added a fullscreen toggle as a backup option.
For #1675
2019-12-22 14:22:38 +00:00
Dan Brown
e06f9f7fe3
Removed setting override system due to confusing behaviour
...
- Was only used to disable registration when LDAP was enabled.
- Caused saved option not to show on settings page causing confusion.
- Extended setting logic where used to take ldap into account instead of
global override.
- Added warning on setting page to show registration enable setting is
not used while ldap is active.
For #1541
2019-12-22 13:19:17 +00:00
Dan Brown
cee4dccc55
Compacted entity color options in settings view
...
- Also extracted the view code into it's own blade template
- Made smaller color input styles
2019-12-07 21:23:15 +00:00
Dan Brown
615a050856
Merge branch 'settings-color-selector' of git://github.com/james-geiger/BookStack into james-geiger-settings-color-selector
2019-12-07 20:36:39 +00:00
Dan Brown
3a17ba2cb9
Started using OneLogin SAML lib directly
...
- Aligned and formatted config options.
- Provided way to override onelogin lib options if required.
- Added endpoints in core bookstack routes.
- Provided way to debug details provided by idp and formatted by
bookstack.
- Started on test work
- Handled case of email address already in use.
2019-11-17 13:26:43 +00:00
Dan Brown
8169c725d5
Started review of SAML implementation
...
- Updated PHPdoc of SAML service to use type hinting instead.
- Updated groups to only sync if enabled.
- Updated names of some config props.
- Removed a couple of unused config props.
- Added exception to handle no email on SAML response.
2019-11-16 14:42:51 +00:00
Dan Brown
bb1f43cbd8
Merge branch 'feature/saml' of git://github.com/Xiphoseer/BookStack into Xiphoseer-feature/saml
2019-11-16 12:42:45 +00:00
Dan Brown
1366fc45ce
Added tests to cover test email sends
...
- Also tweaked wording of 'E-mail' to 'Email' to remain consistent with
the rest of the app.
Related to #1696 and #1719
2019-10-23 20:25:51 +01:00
Dan Brown
a2370f7c9d
Merge branch 'feature-send-test-email' of git://github.com/timoschwarzer/BookStack into timoschwarzer-feature-send-test-email
2019-10-23 19:53:51 +01:00
Dan Brown
f37131a5bf
Removed old Translation Service + Provider
...
Was no longer needed due to only being there to perform
language extension for de_informal but now this is done by crowdin
instead so it's redundant. Same goes for checking and formatting
scripts.
Also removed comment advising deletion form settings.php language list
since this is now auto-copied to languages anyway.
Related to #1261
2019-10-19 00:04:49 +01:00
Dan Brown
f1d7699df5
Updated Korean to be correct country code
2019-10-18 14:27:41 +01:00
James Geiger
e6fe299c4f
added additional color settings into UI
...
Adds new options in the customization section of the settings to change the shelf, book, chapter, page, and draft colors.
2019-10-17 13:46:18 -05:00
Dan Brown
df98deb59d
Added Turkish to locale system
2019-10-17 14:01:19 +01:00
Timo Schwarzer
61a9139bf0
Add feature to send test e-mails
2019-10-16 08:24:33 +02:00
Christopher Wilkinson
4ad4dfa55a
Show bookshelves that a book belongs to on a book view
...
Closes #1598
2019-09-27 00:45:22 +01:00
Dan Brown
140298bd96
Updated to Laravel 5.8
2019-09-13 23:58:40 +01:00
Dan Brown
213e9d2941
Upgraded to Laravel 5.6
2019-09-06 22:14:39 +01:00
Dan Brown
cf5d51e7b8
Made another mass of accessibility improvements
...
- Set proper semantic tags for main parts of content.
- Removed focus-trap from tag manager/autosuggest.
- Set better accessibility labelling on tag manager.
- Updated collapsible sections to be keyboard navigatable.
- Improved input focus styling to better fit theme.
- Updated custom styled file picker to be accessible via keyboard.
Related to #1320
2019-08-25 15:44:51 +01:00
Dan Brown
b27a5c7fb8
Made a mass of accessibility improvements
...
- Changed default focus styles
- Updated dropdowns with keyboard navigation
- Updated modals with esc exiting
- Added accessibility attirbutes where needed
- Made many more elements focusable
- Updated hover effects of many items to also apply when focused within
Related to #1320 and #1198
2019-08-24 18:29:02 +01:00
Dan Brown
42d8548960
Finished new user invite flow
2019-08-18 13:11:30 +01:00
Dan Brown
44330bdd24
Start user invite system
2019-08-17 15:52:33 +01:00
Dan Brown
de3e9ab094
Added ability to use templates
...
- Added replace, append and prepend actions for template content into
both the WYSIWYG editor and markdown editor.
- Added further testing to cover.
2019-08-11 20:04:43 +01:00
Daniel Seiler
8e723f10dc
Add error messages, fix LDAP error
2019-08-07 15:31:10 +02:00
Dan Brown
2ebbc6b658
Merge branch 'master' into 129-page-templates
2019-08-04 16:26:38 +01:00
miles
d63157175b
Hungarian translation
2019-07-27 14:03:01 +02:00
Dan Brown
71167426bb
Started implementation of page template
2019-07-07 13:45:46 +01:00
Brian Jubelirer
e7508689de
fix missing word
2019-07-02 09:14:42 -04:00
Dan Brown
214c09c2b2
Changed translation key for last commit
2019-06-10 21:21:27 +01:00
Dan Brown
dda0200a94
Added note to custom HTML head input
...
To warn of being inactive while viewing the settings page.
Closes #1144
2019-06-10 19:54:22 +01:00
Dan Brown
ff841cff2e
Removed "Toggle Header" option in page editor
...
Somewhat overlaps with the editor fullscreen button and is using jQuery
2019-06-06 14:14:32 +01:00
Dan Brown
79f6dc00a3
Change image-selector to not use manager
...
- Now changes the images directly for user, system & cover.
- Extra permission checks added to edit & delete actions.
2019-05-04 15:50:29 +01:00
Dan Brown
e0c229114f
Updated register link text/placement on login card
...
- Also extracted "Already have account?" text to translation files.
2019-04-21 12:45:09 +01:00
Dan Brown
0bc5ccba32
Add revision restore confirm and changed http method
...
Closes #1321
2019-04-20 13:25:16 +01:00
Dan Brown
7f3f6e65b9
Aligned item creation wording and updated shelf-book-add logic
2019-04-15 20:45:04 +01:00
Dan Brown
8d358e4894
Updated tri-layout on mobile to be tab based
2019-04-13 17:36:27 +01:00
Dan Brown
07adfb2ff1
Added select-all helpers to permission tables
2019-04-13 12:07:27 +01:00
Dan Brown
4d5e47a2d2
Updated empty container item states
2019-04-13 11:24:41 +01:00
Dan Brown
17969c0bbf
Added shelves and search shortcuts to profile page
2019-04-06 16:21:20 +01:00
Dan Brown
53a26a365c
Merge branch 'master' into 2019-design
2019-03-30 13:17:29 +00:00
Dan Brown
9879a0d12c
Added helper text for no_double_extension validation
2019-03-24 19:40:45 +00:00
Dan Brown
83818234c8
Merge pull request #1347 from cima/czech-translation
...
Czech translation
2019-03-24 19:13:48 +00:00
Dan Brown
f5fe524e6c
Added extension whitelist for image uploads
...
- A continuation of the security issues addressed in v0.25.3
2019-03-21 19:43:15 +00:00
Dan Brown
37b91b6b0e
Hardened image file validation by removing custom validation
...
- Added test to check PHP files cannot be uploaded as an image.
2019-03-20 23:59:55 +00:00
Martin Šimek
b3a4d8af2a
Czech translation
...
+ Czech language (cs)
+ settings.php in english populated by new option
Note: validation php taken from lavarel official translation (https://github.com/caouecs/Laravel-lang/blob/master/src/cs/validation.php )
2019-03-19 22:45:14 +01:00
Dan Brown
5f2d226f09
Merge branch 'master' into 2019-design
2019-03-10 21:40:02 +00:00
Dan Brown
8445304fe9
Added book sort helper buttons
2019-02-17 11:44:02 +00:00
Dan Brown
e9be2b7174
Standardized setting casing
2019-02-16 15:39:23 +00:00
Dan Brown
a112c11df8
Re-ordered and updated main settings page
2019-02-16 14:17:35 +00:00
Dan Brown
5325870271
Updated auth pages to new design, Removed public layout
2019-02-03 17:34:15 +00:00
Dan Brown
138f5d5c4f
Updated user and shelf views to new design
2019-02-03 13:45:45 +00:00
Dan Brown
880d4f35da
Started the migration of the setting views
2019-02-02 15:49:57 +00:00
Dan Brown
20988962fe
Migrated a whole load more page/chapter/shelf views
2019-02-02 11:41:41 +00:00
abijeet
9dba9ca178
Fixes tooltip on the image manager.
...
Fixes #1186
2019-01-27 19:43:31 +05:30
Dan Brown
163a57cf70
Merge branch 'master' into 2019-design
2019-01-13 14:10:27 +00:00
Dan Brown
2317bf2350
Added check for last admin on role change
...
Will show error message if last admin and admin role is removed.
Closes #1124
Also cleaned up user controller a little.
2018-12-30 16:11:58 +00:00
Dan Brown
5fe630b8d2
Merge branch 'master' into dropzone-timeout
2018-12-22 15:08:54 +00:00
Mantikor
9a444b4a04
Update settings.php
...
added 'uk' language
2018-12-17 18:16:43 +02:00
Dan Brown
1930ed4d6a
Made some further fixes to the formatting script
...
Takes into account single and double quotes.
Ignores //! comments and the 'language_select' array.
Language files may need some cleaning up and may encounter some other bugs when running.
2018-12-16 14:04:04 +00:00
Dan Brown
2753629dbe
Cleaned up script and formatted remaining EN files
2018-12-16 13:12:13 +00:00
Dan Brown
86a00a59d4
Created sketchy translation formatter script
...
Compares a translation file to a EN version to
place translations on matching line numbers and matches
up comments.
2018-12-14 21:23:05 +00:00
ezzra
a2acd063f3
add german informal language
2018-12-11 19:39:16 +01:00
Dan Brown
4c574c22a8
Implemented functionality to make books sort function
...
Also changed public user settings to be stored in session rather than DB.
Cleaned existing list view type logic.
2018-12-07 18:33:53 +00:00