Dan Brown
916a82616f
Complete base flow for TOTP setup
...
- Includes DB storage and code validation.
- Extracted TOTP work to its own service file.
- Still needs testing to cover this side of things.
2021-06-30 22:10:02 +01:00
Timo Förster
745d15d200
Allow uploads of files containing dots in filename. Closes BookStackApp/BookStack#2217
2021-03-04 22:27:20 +01:00
Dan Brown
349162ea13
Prevented possible XSS via link attachments
...
This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.
Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.
2020-10-31 15:01:52 +00:00
Dan Brown
140298bd96
Updated to Laravel 5.8
2019-09-13 23:58:40 +01:00
Dan Brown
213e9d2941
Upgraded to Laravel 5.6
2019-09-06 22:14:39 +01:00
Dan Brown
79f6dc00a3
Change image-selector to not use manager
...
- Now changes the images directly for user, system & cover.
- Extra permission checks added to edit & delete actions.
2019-05-04 15:50:29 +01:00
Dan Brown
9879a0d12c
Added helper text for no_double_extension validation
2019-03-24 19:40:45 +00:00
Dan Brown
f5fe524e6c
Added extension whitelist for image uploads
...
- A continuation of the security issues addressed in v0.25.3
2019-03-21 19:43:15 +00:00
Dan Brown
37b91b6b0e
Hardened image file validation by removing custom validation
...
- Added test to check PHP files cannot be uploaded as an image.
2019-03-20 23:59:55 +00:00
abijeet
9dba9ca178
Fixes tooltip on the image manager.
...
Fixes #1186
2019-01-27 19:43:31 +05:30
Dan Brown
86a00a59d4
Created sketchy translation formatter script
...
Compares a translation file to a EN version to
place translations on matching line numbers and matches
up comments.
2018-12-14 21:23:05 +00:00
Dan Brown
573357a08c
Extracted text from logic files
2016-12-04 16:51:39 +00:00
Dan Brown
eaa1765c7a
Initial commit
2015-07-12 20:01:42 +01:00