Commit Graph

4597 Commits

Author SHA1 Message Date
Dan Brown
04d21c8a97
Includes: Started foundations for new include tag parser 2023-11-22 22:14:28 +00:00
Dan Brown
15d7161428
Images: Prevented base64 extraction without permission
Also added content sniffing as an extra check.
Added tests to cover.
2023-11-20 13:32:31 +00:00
Dan Brown
9b1f820596
Images: Forced intervention loading via specific method
Updated image loading for intervention library to be via a specific
'initFromBinary' method to avoid being overly accepting of input types
and mechansisms.

For CVE-2023-6199
2023-11-19 16:34:29 +00:00
Dan Brown
2fb873f7ef
Favicon: Moved resizing to specific resizer class 2023-11-19 15:57:19 +00:00
Dan Brown
22a9cf1e48
LogicalTheme: Added events for registering web routes
Added to allow easier registration of routes.
Added for normal web and authed routes.
Included testing to cover.
2023-11-17 13:45:57 +00:00
Dan Brown
37a17e858a
HTML: Tweaked output from full HtmlDocument
Saves specifically the document element on output to HTML, since this
results in just the outer HTML being saved while not including the extra
XML tags which would show up before with the changes to force utf8
usage.
2023-11-14 17:23:05 +00:00
Dan Brown
eab9c1081e
Merge pull request #4673 from BookStackApp/html_doc_alignment
HTML: Aligned and standardised DOMDocument usage
2023-11-14 17:22:30 +00:00
Dan Brown
db7b11fe93
HTML: Aligned and standardised DOMDocument usage
Adds a thin wrapper for DOMDocument to simplify and align usage within
all areas of BookStack.
Also means we move away from old depreacted mb_convert_encoding usage.

Closes #4638
2023-11-14 15:46:32 +00:00
Dan Brown
3a6f50e668
Merge pull request #4661 from BookStackApp/tinymce_update
WYSIWYG: Updated TinyMCE from 6.5.1 to 6.7.2
2023-11-14 13:15:32 +00:00
Dan Brown
76417efd6f
Merge branch 'Man-in-Black-patch-1' into development 2023-11-14 10:40:30 +00:00
Dan Brown
d41fd7a8dd
Notifications: Review of PR to include path path #4629
- Merged book and chapter name items to a single page path list item
  which has links to parent page/chapter.
- Added permission filtering to page path elements.
- Added page path to also be on comment notifications.
- Updated testing to cover.
- Added new Message Line objects to support.

Done during review of #4629
2023-11-14 10:38:34 +00:00
Sascha
65ac197be4
Added book name to the mail template
added book name

synced with actual file from dev branch

added book name

add book name

added book name

extended with chaptername

extended with chapter name

Update PageUpdateNotification.php

Update notifications.php

Update notifications.php

Update notifications.php

correction of chapter syntax

correction of chapter syntax
2023-11-14 10:38:34 +00:00
Dan Brown
bff1f502bb
JS: Removed random extra import 2023-11-09 13:36:00 +00:00
Dan Brown
f8ebbb7553
WYSIWYG: Updated TinyMCE from 6.5.1 to 6.7.2 2023-11-09 13:34:00 +00:00
Dan Brown
48f115291a
Updated translator attribution before release v23.10.2 2023-11-07 15:12:15 +00:00
Dan Brown
6cd38a8ace
Merge branch 'development' of github.com:BookStackApp/BookStack into development 2023-11-07 15:09:54 +00:00
Dan Brown
fa6ac211b6
Dropdowns: Fixed bad direction logic, added dynmaic height
Changes since adding notifications would cause direction to be assessed
upon max height of 80vh, which caused large dropdowns like the audit log
dropdown to drop up and/or go offscreen.
This restores the default assessment of 500px, and adds dynamic
max-height adjustment to provide more room for large dropdowns.

For #4652
2023-11-07 15:07:11 +00:00
Dan Brown
1310db19ca
Updated translations with latest Crowdin changes (#4643) 2023-11-07 14:40:53 +00:00
Dan Brown
ea0469e61a
PWA: Prevent passing credentials to avoid redirection issues
For #4649
More of a patch around the issue for now.
Have opened #4656 to properly address.
2023-11-07 14:33:37 +00:00
Dan Brown
889b0dae3b
Updated translations with latest Crowdin changes (#4631) 2023-11-02 14:30:34 +00:00
Dan Brown
48bda115aa
Langs: Enabled Nynorsk option, updated translator attribution 2023-11-02 14:17:56 +00:00
Dan Brown
9dd05b8751
MD Editor: Fixed lack of toolbar BG when in fullscreen
For #4641
2023-11-02 12:41:07 +00:00
Dan Brown
02d140120a
Editor toolbox: Updated tabs to use link color
Change due to link color being more suitable in this case since it's not
specifically a block with light text which is what app color is suited
for.
Specifically better for dark mode when a dark app color is used.

For #4630
2023-11-02 12:34:57 +00:00
Dan Brown
38ac3c959b
Page JS: Improved block jumping and highlighting
- Updated anchor scroll change to open up details blocks if the target
  exists within.
- Updated highlighting and animation implementation to fix hardly visible highlighting.
- Removed old, now unused, handing of CM instances in details blocks.

Related to #4637.
2023-11-01 18:49:47 +00:00
Dan Brown
324e403ae5
JS Events: Added CM pre/post init events
To allow hacking of all CodeMirror instances.
Closes #4639.
2023-11-01 17:56:52 +00:00
Dan Brown
fce7190257
Testing: Added PHP8.3 support
Also fixed text which could through deprecation notice due to not having
a properly formed comment in use.
For #4633
2023-10-31 15:52:01 +00:00
Dan Brown
c640db8434
Readme: Updated sponsorship links and language contribution info
- Updated sponsor text since it only mentioned GitHub, nothing else.
- Updated translation contribution info to dissuade code-based
  contributions due to issues with conflicts/sync.
2023-10-30 17:13:39 +00:00
Dan Brown
49b286cd34
Demo mode: Updated my account access to be more selective 2023-10-30 12:07:18 +00:00
Dan Brown
e006f9674f
Langs: Updated translators and locale list pre v23.10 2023-10-30 11:41:36 +00:00
Dan Brown
8bffcebd64
Updated translations with latest Crowdin changes (#4523) 2023-10-30 11:16:19 +00:00
Dan Brown
7c4dc981cd
Middlware: Prevented caching of all app requests
Previously we'd prevent caching of authed responses for security
(prevent back cache or proxy caching) but caching could still be an
issue in non-auth scenarios due to CSRF (eg. returning to login screen after
session expiry).

For #4600
2023-10-23 13:32:15 +01:00
Dan Brown
9b4f1fb981
Styles: Aligned empty state alignment & consistency
- Fixed inital empty state margins/paddings to be aligned and not differ
when lists are empty.
- Aligned button/action display when viewing empty entities.
- Fixed use of non-existing permission in books for book empty state
  button.

Fixes #4563
2023-10-23 11:53:19 +01:00
Dan Brown
d42af4affc
Shortcuts: Prevented help shown when in inputs
For #4606
2023-10-23 11:04:09 +01:00
Dan Brown
8375d341ea
Deps: Updated npm and composer packages 2023-10-20 16:39:40 +01:00
Dan Brown
f5756ff28a
Security: Swapped twitter for mastodon link 2023-10-19 16:53:02 +01:00
Dan Brown
c513cdaebe
Merge pull request #4618 from radiantwave/patch-1
Remove huntr from SECURITY.md
2023-10-19 16:50:30 +01:00
Dan Brown
995b7d61e9
Merge pull request #4615 from BookStackApp/user_account
User preferences/options cleanup
2023-10-19 16:49:06 +01:00
Dan Brown
02bfaffeb4
My Acount: Updated old preference url reference for watches 2023-10-19 16:37:55 +01:00
Daniel
38fe40809b
Update SECURITY.md
Remove huntr
2023-10-19 17:12:18 +02:00
Dan Brown
ce53f641ad
My Account: Covered profile and auth pages with tests 2023-10-19 16:06:59 +01:00
Dan Brown
f55e7ca3c9
User Account: Ensured page titles for pages and api tokens 2023-10-19 15:24:48 +01:00
Dan Brown
fabc854390
My Account: Updated and started adding to tests
- Updated existing tests now affected by my-account changes.
- Updated some existing tests to more accuractly check the scenario.
- Updated some code styling in SocialController.
- Fixed redirects for social account flows to fit my-account.
- Added test for social account attaching.
- Added test for api token redirect handling.
2023-10-19 14:18:42 +01:00
Dan Brown
12946414b0
API Tokens: Updated interfaces to return to correct location
Since management of API tokens can be accessed via two routes, this adds
tracking and handling to reutrn the user to the correct place.
2023-10-19 11:31:45 +01:00
Dan Brown
f9422dff18
My Account: Added self-delete flow 2023-10-19 10:48:27 +01:00
Dan Brown
cf72e48d2a
User form: Always show external auth field, update access control
Updated old user management routes to only be accessible with permission
to manage users, so also removed old content controls checking for that
permission.
2023-10-19 10:20:04 +01:00
Dan Brown
e4ea73ee25
My Account: Cleaned-up/reorganised user header dropdown 2023-10-18 17:57:14 +01:00
Dan Brown
03c44b3992
My Account: Extracted/tweaked profile text, removed old index 2023-10-18 17:53:58 +01:00
Dan Brown
c1b01639c1
My Account: Built out profile page & endpoints
Text currently hard-coded, needs finalising and extracting.
2023-10-18 12:39:57 +01:00
Dan Brown
a868012048
Users: Built out auth page for my-account section 2023-10-17 17:38:07 +01:00
Dan Brown
a9d0f36766
User: Started cleanup of user self-management
- Moved preference views to more general "my-account" area.
- Started new layout for my-account with sidebar.
- Added MFA to prefeences view (to be moved).
2023-10-17 13:11:10 +01:00