mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-11-25 03:13:45 +08:00
349162ea13
This filters out potentially malicious javascript: or data: uri's coming through to be attached to attachments. Added tests to cover. Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this vulnerability.
116 lines
6.6 KiB
PHP
116 lines
6.6 KiB
PHP
<?php
|
|
/**
|
|
* Validation Lines
|
|
* The following language lines contain the default error messages used by
|
|
* the validator class. Some of these rules have multiple versions such
|
|
* as the size rules. Feel free to tweak each of these messages here.
|
|
*/
|
|
return [
|
|
|
|
// Standard laravel validation lines
|
|
'accepted' => 'The :attribute must be accepted.',
|
|
'active_url' => 'The :attribute is not a valid URL.',
|
|
'after' => 'The :attribute must be a date after :date.',
|
|
'alpha' => 'The :attribute may only contain letters.',
|
|
'alpha_dash' => 'The :attribute may only contain letters, numbers, dashes and underscores.',
|
|
'alpha_num' => 'The :attribute may only contain letters and numbers.',
|
|
'array' => 'The :attribute must be an array.',
|
|
'before' => 'The :attribute must be a date before :date.',
|
|
'between' => [
|
|
'numeric' => 'The :attribute must be between :min and :max.',
|
|
'file' => 'The :attribute must be between :min and :max kilobytes.',
|
|
'string' => 'The :attribute must be between :min and :max characters.',
|
|
'array' => 'The :attribute must have between :min and :max items.',
|
|
],
|
|
'boolean' => 'The :attribute field must be true or false.',
|
|
'confirmed' => 'The :attribute confirmation does not match.',
|
|
'date' => 'The :attribute is not a valid date.',
|
|
'date_format' => 'The :attribute does not match the format :format.',
|
|
'different' => 'The :attribute and :other must be different.',
|
|
'digits' => 'The :attribute must be :digits digits.',
|
|
'digits_between' => 'The :attribute must be between :min and :max digits.',
|
|
'email' => 'The :attribute must be a valid email address.',
|
|
'ends_with' => 'The :attribute must end with one of the following: :values',
|
|
'filled' => 'The :attribute field is required.',
|
|
'gt' => [
|
|
'numeric' => 'The :attribute must be greater than :value.',
|
|
'file' => 'The :attribute must be greater than :value kilobytes.',
|
|
'string' => 'The :attribute must be greater than :value characters.',
|
|
'array' => 'The :attribute must have more than :value items.',
|
|
],
|
|
'gte' => [
|
|
'numeric' => 'The :attribute must be greater than or equal :value.',
|
|
'file' => 'The :attribute must be greater than or equal :value kilobytes.',
|
|
'string' => 'The :attribute must be greater than or equal :value characters.',
|
|
'array' => 'The :attribute must have :value items or more.',
|
|
],
|
|
'exists' => 'The selected :attribute is invalid.',
|
|
'image' => 'The :attribute must be an image.',
|
|
'image_extension' => 'The :attribute must have a valid & supported image extension.',
|
|
'in' => 'The selected :attribute is invalid.',
|
|
'integer' => 'The :attribute must be an integer.',
|
|
'ip' => 'The :attribute must be a valid IP address.',
|
|
'ipv4' => 'The :attribute must be a valid IPv4 address.',
|
|
'ipv6' => 'The :attribute must be a valid IPv6 address.',
|
|
'json' => 'The :attribute must be a valid JSON string.',
|
|
'lt' => [
|
|
'numeric' => 'The :attribute must be less than :value.',
|
|
'file' => 'The :attribute must be less than :value kilobytes.',
|
|
'string' => 'The :attribute must be less than :value characters.',
|
|
'array' => 'The :attribute must have less than :value items.',
|
|
],
|
|
'lte' => [
|
|
'numeric' => 'The :attribute must be less than or equal :value.',
|
|
'file' => 'The :attribute must be less than or equal :value kilobytes.',
|
|
'string' => 'The :attribute must be less than or equal :value characters.',
|
|
'array' => 'The :attribute must not have more than :value items.',
|
|
],
|
|
'max' => [
|
|
'numeric' => 'The :attribute may not be greater than :max.',
|
|
'file' => 'The :attribute may not be greater than :max kilobytes.',
|
|
'string' => 'The :attribute may not be greater than :max characters.',
|
|
'array' => 'The :attribute may not have more than :max items.',
|
|
],
|
|
'mimes' => 'The :attribute must be a file of type: :values.',
|
|
'min' => [
|
|
'numeric' => 'The :attribute must be at least :min.',
|
|
'file' => 'The :attribute must be at least :min kilobytes.',
|
|
'string' => 'The :attribute must be at least :min characters.',
|
|
'array' => 'The :attribute must have at least :min items.',
|
|
],
|
|
'no_double_extension' => 'The :attribute must only have a single file extension.',
|
|
'not_in' => 'The selected :attribute is invalid.',
|
|
'not_regex' => 'The :attribute format is invalid.',
|
|
'numeric' => 'The :attribute must be a number.',
|
|
'regex' => 'The :attribute format is invalid.',
|
|
'required' => 'The :attribute field is required.',
|
|
'required_if' => 'The :attribute field is required when :other is :value.',
|
|
'required_with' => 'The :attribute field is required when :values is present.',
|
|
'required_with_all' => 'The :attribute field is required when :values is present.',
|
|
'required_without' => 'The :attribute field is required when :values is not present.',
|
|
'required_without_all' => 'The :attribute field is required when none of :values are present.',
|
|
'same' => 'The :attribute and :other must match.',
|
|
'safe_url' => 'The provided link may not be safe.',
|
|
'size' => [
|
|
'numeric' => 'The :attribute must be :size.',
|
|
'file' => 'The :attribute must be :size kilobytes.',
|
|
'string' => 'The :attribute must be :size characters.',
|
|
'array' => 'The :attribute must contain :size items.',
|
|
],
|
|
'string' => 'The :attribute must be a string.',
|
|
'timezone' => 'The :attribute must be a valid zone.',
|
|
'unique' => 'The :attribute has already been taken.',
|
|
'url' => 'The :attribute format is invalid.',
|
|
'uploaded' => 'The file could not be uploaded. The server may not accept files of this size.',
|
|
|
|
// Custom validation lines
|
|
'custom' => [
|
|
'password-confirm' => [
|
|
'required_with' => 'Password confirmation required',
|
|
],
|
|
],
|
|
|
|
// Custom validation attributes
|
|
'attributes' => [],
|
|
];
|