Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-01 01:36:00 -04:00
Code Issues Packages Projects Releases Wiki Activity
2,838 Commits 18 Branches 197 Tags 95 MiB
859934d6a3
Commit Graph

31 Commits

Author SHA1 Message Date
Dan Brown
a9b3df537f
Applied changes from styleci 2021-10-08 22:23:17 +01:00
Dan Brown
7224fbcc89
Added protections against path traversal in file system operations 
- Files within the storage/ path could be accessed via path traversal
  references in content, accessed upon HTML export.
- This addresses this via two layers:
  - Scoped local flysystem filesystems down to the specific image &
    file folders since flysystem has built-in checking against the
    escaping of the root folder.
  - Added path normalization before enforcement of uploads/{images,file}
    prefix to prevent traversal at a path level.

Thanks to @Haxatron via huntr.dev for discovery and reporting.
Ref: https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a/
 2021-10-08 17:47:14 +01:00
Dan Brown
05d99a312d
Applied styleci changes 2021-09-26 15:48:22 +01:00
Dan Brown
c32b315cd7
Standardised facade usage to use via their FQCN 
Done via Laravel Shift Workbench
 2021-09-26 15:37:55 +01:00
Dan Brown
934a833818 Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
Dan Brown
2c3523f6a1
Updated image permission setting logic 
To ensure thhat the visibility is still set on local storage options
since the previous recent changes could cause problems where in
scenarios where the server user could not read images uploaded by the
php process user.

Closes #2758
 2021-05-24 12:09:28 +01:00
Dan Brown
c1f070a136
Handle acl set of images differently for s3 and s3-like 
Related to #2739
 2021-05-15 17:25:51 +01:00
Dan Brown
f8cdd6e80d
Reduced calls for s3-based uploads 
Combined the public ACL update into the put operation.
 2021-04-27 20:36:42 +01:00
Dan Brown
60ffe6a993 Updated packages and added better upload failure logging 
To fix #2689
Updates all packages but mainly focused on aws-sdk
 2021-04-19 20:16:49 +01:00
Dan Brown
215c69acb2 Merge image name cleaning functions 
Updated testing for changes and to check existing of new expected file
name.
Related to #2611
 2021-03-14 23:20:21 +00:00
Timo Förster
745d15d200
Allow uploads of files containing dots in filename. Closes BookStackApp/BookStack#2217 2021-03-04 22:27:20 +01:00
Dan Brown
4e82d93350
Updated wording of image cleanup option 
As per #2352
 2020-12-18 22:59:47 +00:00
Dan Brown
00308ad4ab
Cleaned up some user/image areas of the app 
Further cleanup of docblocks and standardisation of repos.
 2020-12-08 23:46:38 +00:00
Dan Brown
884664bfe9
Ensured base64 images are read from image upload folder 
Also removed unused storage systems and updated testing.
 2020-12-06 15:34:18 +00:00
Dan Brown
8911e3f441
Removed http fetching from image base64 generation 2020-12-06 14:24:22 +00:00
Dan Brown
7d38c96a23
Removed generic "UploadService" which was doing very little 2020-12-06 12:58:40 +00:00
Dan Brown
8213ea9a71
Fixed issue where URL params in image names would cause loading failure 
Updated file name handling to route through str:slug to be cleaned up
a little.
Added testing to cover.

Fixes #2161
 2020-07-25 11:18:40 +01:00
Dan Brown
b6aa232205
Fixed issue where more images than expected could be deleted 
When deleting images, images within the same directory, that have
a suffix of the delete image name, would also be deleted.

Added test to cover.
 2020-07-24 23:41:59 +01:00
Dan Brown
32e7f0a2e6
Made display thumbnail generation use original data if smaller 
Thumbnail generation would sometimes create a file larger than the
original, if the original was already well optimized, therefore making
the thumbnail counter-productive. This change compares the sizes of the
original and the generated thumbnail, and uses the smaller of the two if
the thumbnail does not change the aspect ratio of the image.

Fixes #1751
 2019-12-22 12:44:49 +00:00
Dan Brown
140298bd96
Updated to Laravel 5.8 2019-09-13 23:58:40 +01:00
Dan Brown
4b0c4e621a
Replaced use of custom 'baseUrl' helper with 'url' 
Also changed up how base URL setting was being done
by manipulating incoming request URLs instead of
altering then on generation.
 2019-08-04 14:26:39 +01:00
Dan Brown
1e7df28238
Set export service to set correct svg image mimetype 
For #1538
 2019-07-17 22:37:19 +01:00
Dan Brown
762d1d7595
Allowed different storage types for images and attachments 
- Added new env and config vars to allow this.
- Also added tests for awkward config logic including fallback for new
env vars.

Closes #1302
 2019-06-23 16:01:15 +01:00
Dan Brown
3f83c548f8
Ran phpcbf 2019-05-05 14:54:37 +01:00
Dan Brown
8c190324ac
Updated existing image tests to reflect changes 
- Also added some new tests
 2019-05-04 18:11:19 +01:00
Dan Brown
79f6dc00a3
Change image-selector to not use manager 
- Now changes the images directly for user, system & cover.
- Extra permission checks added to edit & delete actions.
 2019-05-04 15:50:29 +01:00
Dan Brown
68017e2553
Added testing for avatar fetching systems & config 
Abstracts imageservice http interaction.
Closes #1193
 2018-12-23 15:34:38 +00:00
Dan Brown
b56fc21aaf
Abstracted user avatar fetching away from gravatar 
Still uses gravatar as a default.
Updated URL placeholders to follow LDAP format.
Potential breaking config change: `GRAVATAR=false` replaced by `AVATAR_URL=false`
Builds upon #1111
 2018-12-22 19:29:19 +00:00
Vinrobot
5e6c039b08
Added config to change Gravatar URL 2018-11-10 16:11:11 +01:00
Dan Brown
257a5a23ec
Fleshed out entity provided and optimized imports 2018-09-25 16:58:03 +01:00
Dan Brown
919660678b
Re-structured the app code to be feature based rather than code type based 2018-09-25 12:30:50 +01:00