BookStack

mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-01 01:36:00 -04:00

Author	SHA1	Message	Date
Dan Brown	de5322288c	Applied latest styleci changes	2021-11-04 22:57:49 +00:00
Dan Brown	f139cded78	Laravel 8 shift squash & merge (#3029 ) * Temporarily moved back config path * Apply Laravel coding style * Shift exception handler * Shift HTTP kernel and middleware * Shift service providers * Convert options array to fluent methods * Shift to class based routes * Shift console routes * Ignore temporary framework files * Shift to class based factories * Namespace seeders * Shift PSR-4 autoloading * Shift config files * Default config files * Shift Laravel dependencies * Shift return type of base TestCase methods * Shift cleanup * Applied stylci style changes * Reverted config files location * Applied manual changes to Laravel 8 shift Co-authored-by: Shift <shift@laravelshift.com>	2021-10-30 21:29:59 +01:00
Dan Brown	7224fbcc89	Added protections against path traversal in file system operations - Files within the storage/ path could be accessed via path traversal references in content, accessed upon HTML export. - This addresses this via two layers: - Scoped local flysystem filesystems down to the specific image & file folders since flysystem has built-in checking against the escaping of the root folder. - Added path normalization before enforcement of uploads/{images,file} prefix to prevent traversal at a path level. Thanks to @Haxatron via huntr.dev for discovery and reporting. Ref: https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a/	2021-10-08 17:47:14 +01:00
Dan Brown	934a833818	Apply fixes from StyleCI	2021-06-26 15:23:15 +00:00
Dan Brown	884664bfe9	Ensured base64 images are read from image upload folder Also removed unused storage systems and updated testing.	2020-12-06 15:34:18 +00:00
Dan Brown	97fdfa6ebe	Moved config dir into app dir Closes #1506	2019-07-06 13:44:50 +01:00

6 Commits