colin
/
bookstack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into release

This commit is contained in:
Dan Brown 2021-11-01 13:30:36 +00:00
parent 3cdab19319 a17be959d8
commit fc8bbf3eab
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
27 changed files with 370 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
LICENSE
View File

@ -1,6 +1,6 @@
The MIT License (MIT) The MIT License (MIT)
Copyright (c) 2020 Dan Brown and the BookStack Project contributors Copyright (c) 2015-present, Dan Brown and the BookStack Project contributors
https://github.com/BookStackApp/BookStack/graphs/contributors https://github.com/BookStackApp/BookStack/graphs/contributors
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy

4
app/Actions/CommentRepo.php
View File

@ -66,13 +66,13 @@ class CommentRepo
/** /**
* Delete a comment from the system. * Delete a comment from the system.
*/ */
public function delete(Comment $comment) public function delete(Comment $comment): void
{ {
$comment->delete(); $comment->delete();
} }
/** /**
* Convert the given comment markdown text to HTML. * Convert the given comment Markdown to HTML.
*/ */
public function commentToHtml(string $commentText): string public function commentToHtml(string $commentText): string
{ {

3
app/Auth/Access/SocialAuthService.php
View File

@ -281,9 +281,6 @@ class SocialAuthService
if ($driverName === 'google' && config('services.google.select_account')) { if ($driverName === 'google' && config('services.google.select_account')) {
$driver->with(['prompt' => 'select_account']); $driver->with(['prompt' => 'select_account']);
} }
if ($driverName === 'azure') {
$driver->with(['resource' => 'https://graph.windows.net']);
}
if (isset($this->configureForRedirectCallbacks[$driverName])) { if (isset($this->configureForRedirectCallbacks[$driverName])) {
$this->configureForRedirectCallbacks[$driverName]($driver); $this->configureForRedirectCallbacks[$driverName]($driver);

2
app/Auth/User.php
View File

@ -27,7 +27,7 @@ use Illuminate\Support\Collection;
/** /**
* Class User. * Class User.
* *
* @property string $id * @property int $id
* @property string $name * @property string $name
* @property string $slug * @property string $slug
* @property string $email * @property string $email

7
app/Entities/Tools/PageContent.php
View File

@ -9,6 +9,7 @@ use BookStack\Exceptions\ImageUploadException;
use BookStack\Facades\Theme; use BookStack\Facades\Theme;
use BookStack\Theming\ThemeEvents; use BookStack\Theming\ThemeEvents;
use BookStack\Uploads\ImageRepo; use BookStack\Uploads\ImageRepo;
use BookStack\Uploads\ImageService;
use BookStack\Util\HtmlContentFilter; use BookStack\Util\HtmlContentFilter;
use DOMDocument; use DOMDocument;
use DOMNodeList; use DOMNodeList;
@ -130,7 +131,7 @@ class PageContent
$imageInfo = $this->parseBase64ImageUri($uri); $imageInfo = $this->parseBase64ImageUri($uri);
// Validate extension and content // Validate extension and content
if (empty($imageInfo['data']) || !$imageRepo->imageExtensionSupported($imageInfo['extension'])) { if (empty($imageInfo['data']) || !ImageService::isExtensionSupported($imageInfo['extension'])) {
return ''; return '';
} }
@ -148,15 +149,17 @@ class PageContent
/** /**
* Parse a base64 image URI into the data and extension. * Parse a base64 image URI into the data and extension.
*
* @return array{extension: array, data: string} * @return array{extension: array, data: string}
*/ */
protected function parseBase64ImageUri(string $uri): array protected function parseBase64ImageUri(string $uri): array
{ {
[$dataDefinition, $base64ImageData] = explode(',', $uri, 2); [$dataDefinition, $base64ImageData] = explode(',', $uri, 2);
$extension = strtolower(preg_split('/[\/;]/', $dataDefinition)[1] ?? ''); $extension = strtolower(preg_split('/[\/;]/', $dataDefinition)[1] ?? '');
return [ return [
'extension' => $extension, 'extension' => $extension,
'data' => base64_decode($base64ImageData) ?: '', 'data' => base64_decode($base64ImageData) ?: '',
]; ];
} }

6
app/Http/Controllers/AttachmentController.php
View File

@ -68,6 +68,7 @@ class AttachmentController extends Controller
'file' => 'required|file', 'file' => 'required|file',
]); ]);
/** @var Attachment $attachment */
$attachment = Attachment::query()->findOrFail($attachmentId); $attachment = Attachment::query()->findOrFail($attachmentId);
$this->checkOwnablePermission('view', $attachment->page); $this->checkOwnablePermission('view', $attachment->page);
$this->checkOwnablePermission('page-update', $attachment->page); $this->checkOwnablePermission('page-update', $attachment->page);
@ -86,11 +87,10 @@ class AttachmentController extends Controller
/** /**
* Get the update form for an attachment. * Get the update form for an attachment.
*
* @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View
*/ */
public function getUpdateForm(string $attachmentId) public function getUpdateForm(string $attachmentId)
{ {
/** @var Attachment $attachment */
$attachment = Attachment::query()->findOrFail($attachmentId); $attachment = Attachment::query()->findOrFail($attachmentId);
$this->checkOwnablePermission('page-update', $attachment->page); $this->checkOwnablePermission('page-update', $attachment->page);
@ -173,6 +173,8 @@ class AttachmentController extends Controller
/** /**
* Get the attachments for a specific page. * Get the attachments for a specific page.
*
* @throws NotFoundException
*/ */
public function listForPage(int $pageId) public function listForPage(int $pageId)
{ {

15
app/Http/Controllers/Controller.php
View File

@ -5,7 +5,7 @@ namespace BookStack\Http\Controllers;
use BookStack\Facades\Activity; use BookStack\Facades\Activity;
use BookStack\Interfaces\Loggable; use BookStack\Interfaces\Loggable;
use BookStack\Model; use BookStack\Model;
use finfo; use BookStack\Util\WebSafeMimeSniffer;
use Illuminate\Foundation\Bus\DispatchesJobs; use Illuminate\Foundation\Bus\DispatchesJobs;
use Illuminate\Foundation\Validation\ValidatesRequests; use Illuminate\Foundation\Validation\ValidatesRequests;
use Illuminate\Http\Exceptions\HttpResponseException; use Illuminate\Http\Exceptions\HttpResponseException;
@ -117,8 +117,9 @@ abstract class Controller extends BaseController
protected function downloadResponse(string $content, string $fileName): Response protected function downloadResponse(string $content, string $fileName): Response
{ {
return response()->make($content, 200, [ return response()->make($content, 200, [
'Content-Type' => 'application/octet-stream', 'Content-Type' => 'application/octet-stream',
'Content-Disposition' => 'attachment; filename="' . $fileName . '"', 'Content-Disposition' => 'attachment; filename="' . $fileName . '"',
'X-Content-Type-Options' => 'nosniff',
]); ]);
} }
@ -128,12 +129,12 @@ abstract class Controller extends BaseController
*/ */
protected function inlineDownloadResponse(string $content, string $fileName): Response protected function inlineDownloadResponse(string $content, string $fileName): Response
{ {
$finfo = new finfo(FILEINFO_MIME_TYPE); $mime = (new WebSafeMimeSniffer())->sniff($content);
$mime = $finfo->buffer($content) ?: 'application/octet-stream';
return response()->make($content, 200, [ return response()->make($content, 200, [
'Content-Type' => $mime, 'Content-Type' => $mime,
'Content-Disposition' => 'inline; filename="' . $fileName . '"', 'Content-Disposition' => 'inline; filename="' . $fileName . '"',
'X-Content-Type-Options' => 'nosniff',
]); ]);
} }

5
app/Http/Controllers/Images/DrawioImageController.php
View File

@ -67,13 +67,12 @@ class DrawioImageController extends Controller
public function getAsBase64($id) public function getAsBase64($id)
{ {
$image = $this->imageRepo->getById($id); $image = $this->imageRepo->getById($id);
$page = $image->getPage(); if (is_null($image) || $image->type !== 'drawio' || !userCan('page-view', $image->getPage())) {
if ($image === null || $image->type !== 'drawio' || !userCan('page-view', $page)) {
return $this->jsonError('Image data could not be found'); return $this->jsonError('Image data could not be found');
} }
$imageData = $this->imageRepo->getImageData($image); $imageData = $this->imageRepo->getImageData($image);
if ($imageData === null) { if (is_null($imageData)) {
return $this->jsonError('Image data could not be found'); return $this->jsonError('Image data could not be found');
} }

15
app/Http/Controllers/Images/ImageController.php
View File

@ -7,25 +7,23 @@ use BookStack\Exceptions\NotFoundException;
use BookStack\Http\Controllers\Controller; use BookStack\Http\Controllers\Controller;
use BookStack\Uploads\Image; use BookStack\Uploads\Image;
use BookStack\Uploads\ImageRepo; use BookStack\Uploads\ImageRepo;
use BookStack\Uploads\ImageService;
use Exception; use Exception;
use Illuminate\Filesystem\Filesystem as File;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Validation\ValidationException; use Illuminate\Validation\ValidationException;
class ImageController extends Controller class ImageController extends Controller
{ {
protected $image;
protected $file;
protected $imageRepo; protected $imageRepo;
protected $imageService;
/** /**
* ImageController constructor. * ImageController constructor.
*/ */
public function __construct(Image $image, File $file, ImageRepo $imageRepo) public function __construct(ImageRepo $imageRepo, ImageService $imageService)
{ {
$this->image = $image;
$this->file = $file;
$this->imageRepo = $imageRepo; $this->imageRepo = $imageRepo;
$this->imageService = $imageService;
} }
/** /**
@ -35,14 +33,13 @@ class ImageController extends Controller
*/ */
public function showImage(string $path) public function showImage(string $path)
{ {
$path = storage_path('uploads/images/' . $path); if (!$this->imageService->pathExistsInLocalSecure($path)) {
if (!file_exists($path)) {
throw (new NotFoundException(trans('errors.image_not_found'))) throw (new NotFoundException(trans('errors.image_not_found')))
->setSubtitle(trans('errors.image_not_found_subtitle')) ->setSubtitle(trans('errors.image_not_found_subtitle'))
->setDetails(trans('errors.image_not_found_details')); ->setDetails(trans('errors.image_not_found_details'));
} }
return response()->file($path); return $this->imageService->streamImageFromStorageResponse('gallery', $path);
} }
/** /**

5
app/Providers/CustomValidationServiceProvider.php
View File

@ -2,6 +2,7 @@
namespace BookStack\Providers; namespace BookStack\Providers;
use BookStack\Uploads\ImageService;
use Illuminate\Support\Facades\Validator; use Illuminate\Support\Facades\Validator;
use Illuminate\Support\ServiceProvider; use Illuminate\Support\ServiceProvider;
@ -13,9 +14,9 @@ class CustomValidationServiceProvider extends ServiceProvider
public function boot(): void public function boot(): void
{ {
Validator::extend('image_extension', function ($attribute, $value, $parameters, $validator) { Validator::extend('image_extension', function ($attribute, $value, $parameters, $validator) {
$validImageExtensions = ['png', 'jpg', 'jpeg', 'gif', 'webp']; $extension = strtolower($value->getClientOriginalExtension());
return in_array(strtolower($value->getClientOriginalExtension()), $validImageExtensions); return ImageService::isExtensionSupported($extension);
}); });
Validator::extend('safe_url', function ($attribute, $value, $parameters, $validator) { Validator::extend('safe_url', function ($attribute, $value, $parameters, $validator) {

10
app/Uploads/AttachmentService.php
View File

@ -27,7 +27,7 @@ class AttachmentService
/** /**
* Get the storage that will be used for storing files. * Get the storage that will be used for storing files.
*/ */
protected function getStorage(): FileSystemInstance protected function getStorageDisk(): FileSystemInstance
{ {
return $this->fileSystem->disk($this->getStorageDiskName()); return $this->fileSystem->disk($this->getStorageDiskName());
} }
@ -70,7 +70,7 @@ class AttachmentService
*/ */
public function getAttachmentFromStorage(Attachment $attachment): string public function getAttachmentFromStorage(Attachment $attachment): string
{ {
return $this->getStorage()->get($this->adjustPathForStorageDisk($attachment->path)); return $this->getStorageDisk()->get($this->adjustPathForStorageDisk($attachment->path));
} }
/** /**
@ -195,7 +195,7 @@ class AttachmentService
*/ */
protected function deleteFileInStorage(Attachment $attachment) protected function deleteFileInStorage(Attachment $attachment)
{ {
$storage = $this->getStorage(); $storage = $this->getStorageDisk();
$dirPath = $this->adjustPathForStorageDisk(dirname($attachment->path)); $dirPath = $this->adjustPathForStorageDisk(dirname($attachment->path));
$storage->delete($this->adjustPathForStorageDisk($attachment->path)); $storage->delete($this->adjustPathForStorageDisk($attachment->path));
@ -213,10 +213,10 @@ class AttachmentService
{ {
$attachmentData = file_get_contents($uploadedFile->getRealPath()); $attachmentData = file_get_contents($uploadedFile->getRealPath());
$storage = $this->getStorage(); $storage = $this->getStorageDisk();
$basePath = 'uploads/files/' . date('Y-m-M') . '/'; $basePath = 'uploads/files/' . date('Y-m-M') . '/';
$uploadFileName = Str::random(16) . '.' . $uploadedFile->getClientOriginalExtension(); $uploadFileName = Str::random(16) . '-' . $uploadedFile->getClientOriginalExtension();
while ($storage->exists($this->adjustPathForStorageDisk($basePath . $uploadFileName))) { while ($storage->exists($this->adjustPathForStorageDisk($basePath . $uploadFileName))) {
$uploadFileName = Str::random(3) . $uploadFileName; $uploadFileName = Str::random(3) . $uploadFileName;
} }

60
app/Uploads/ImageRepo.php
View File

@ -11,36 +11,16 @@ use Symfony\Component\HttpFoundation\File\UploadedFile;
class ImageRepo class ImageRepo
{ {
protected $image;
protected $imageService; protected $imageService;
protected $restrictionService; protected $restrictionService;
protected $page;
protected static $supportedExtensions = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
/** /**
* ImageRepo constructor. * ImageRepo constructor.
*/ */
public function __construct( public function __construct(ImageService $imageService, PermissionService $permissionService)
Image $image, {
ImageService $imageService,
PermissionService $permissionService,
Page $page
) {
$this->image = $image;
$this->imageService = $imageService; $this->imageService = $imageService;
$this->restrictionService = $permissionService; $this->restrictionService = $permissionService;
$this->page = $page;
}
/**
* Check if the given image extension is supported by BookStack.
* The extension must not be altered in this function. This check should provide a guarantee
* that the provided extension is safe to use for the image to be saved.
*/
public function imageExtensionSupported(string $extension): bool
{
return in_array($extension, static::$supportedExtensions);
} }
/** /**
@ -48,7 +28,7 @@ class ImageRepo
*/ */
public function getById($id): Image public function getById($id): Image
{ {
return $this->image->findOrFail($id); return Image::query()->findOrFail($id);
} }
/** /**
@ -61,7 +41,7 @@ class ImageRepo
$hasMore = count($images) > $pageSize; $hasMore = count($images) > $pageSize;
$returnImages = $images->take($pageSize); $returnImages = $images->take($pageSize);
$returnImages->each(function ($image) { $returnImages->each(function (Image $image) {
$this->loadThumbs($image); $this->loadThumbs($image);
}); });
@ -83,7 +63,7 @@ class ImageRepo
string $search = null, string $search = null,
callable $whereClause = null callable $whereClause = null
): array { ): array {
$imageQuery = $this->image->newQuery()->where('type', '=', strtolower($type)); $imageQuery = Image::query()->where('type', '=', strtolower($type));
if ($uploadedTo !== null) { if ($uploadedTo !== null) {
$imageQuery = $imageQuery->where('uploaded_to', '=', $uploadedTo); $imageQuery = $imageQuery->where('uploaded_to', '=', $uploadedTo);
@ -114,7 +94,8 @@ class ImageRepo
int $uploadedTo = null, int $uploadedTo = null,
string $search = null string $search = null
): array { ): array {
$contextPage = $this->page->findOrFail($uploadedTo); /** @var Page $contextPage */
$contextPage = Page::visible()->findOrFail($uploadedTo);
$parentFilter = null; $parentFilter = null;
if ($filterType === 'book' || $filterType === 'page') { if ($filterType === 'book' || $filterType === 'page') {
@ -149,7 +130,7 @@ class ImageRepo
* *
* @throws ImageUploadException * @throws ImageUploadException
*/ */
public function saveNewFromData(string $imageName, string $imageData, string $type, int $uploadedTo = 0) public function saveNewFromData(string $imageName, string $imageData, string $type, int $uploadedTo = 0): Image
{ {
$image = $this->imageService->saveNew($imageName, $imageData, $type, $uploadedTo); $image = $this->imageService->saveNew($imageName, $imageData, $type, $uploadedTo);
$this->loadThumbs($image); $this->loadThumbs($image);
@ -158,13 +139,13 @@ class ImageRepo
} }
/** /**
* Save a drawing the the database. * Save a drawing in the database.
* *
* @throws ImageUploadException * @throws ImageUploadException
*/ */
public function saveDrawing(string $base64Uri, int $uploadedTo): Image public function saveDrawing(string $base64Uri, int $uploadedTo): Image
{ {
$name = 'Drawing-' . strval(user()->id) . '-' . strval(time()) . '.png'; $name = 'Drawing-' . user()->id . '-' . time() . '.png';
return $this->imageService->saveNewFromBase64Uri($base64Uri, $name, 'drawio', $uploadedTo); return $this->imageService->saveNewFromBase64Uri($base64Uri, $name, 'drawio', $uploadedTo);
} }
@ -172,7 +153,6 @@ class ImageRepo
/** /**
* Update the details of an image via an array of properties. * Update the details of an image via an array of properties.
* *
* @throws ImageUploadException
* @throws Exception * @throws Exception
*/ */
public function updateImageDetails(Image $image, $updateDetails): Image public function updateImageDetails(Image $image, $updateDetails): Image
@ -189,13 +169,11 @@ class ImageRepo
* *
* @throws Exception * @throws Exception
*/ */
public function destroyImage(Image $image = null): bool public function destroyImage(Image $image = null): void
{ {
if ($image) { if ($image) {
$this->imageService->destroy($image); $this->imageService->destroy($image);
} }
return true;
} }
/** /**
@ -203,9 +181,9 @@ class ImageRepo
* *
* @throws Exception * @throws Exception
*/ */
public function destroyByType(string $imageType) public function destroyByType(string $imageType): void
{ {
$images = $this->image->where('type', '=', $imageType)->get(); $images = Image::query()->where('type', '=', $imageType)->get();
foreach ($images as $image) { foreach ($images as $image) {
$this->destroyImage($image); $this->destroyImage($image);
} }
@ -213,25 +191,21 @@ class ImageRepo
/** /**
* Load thumbnails onto an image object. * Load thumbnails onto an image object.
*
* @throws Exception
*/ */
public function loadThumbs(Image $image) public function loadThumbs(Image $image): void
{ {
$image->thumbs = [ $image->setAttribute('thumbs', [
'gallery' => $this->getThumbnail($image, 150, 150, false), 'gallery' => $this->getThumbnail($image, 150, 150, false),
'display' => $this->getThumbnail($image, 1680, null, true), 'display' => $this->getThumbnail($image, 1680, null, true),
]; ]);
} }
/** /**
* Get the thumbnail for an image. * Get the thumbnail for an image.
* If $keepRatio is true only the width will be used. * If $keepRatio is true only the width will be used.
* Checks the cache then storage to avoid creating / accessing the filesystem on every check. * Checks the cache then storage to avoid creating / accessing the filesystem on every check.
*
* @throws Exception
*/ */
protected function getThumbnail(Image $image, ?int $width = 220, ?int $height = 220, bool $keepRatio = false): ?string protected function getThumbnail(Image $image, ?int $width, ?int $height, bool $keepRatio): ?string
{ {
try { try {
return $this->imageService->getThumbnail($image, $width, $height, $keepRatio); return $this->imageService->getThumbnail($image, $width, $height, $keepRatio);

97
app/Uploads/ImageService.php
View File

@ -11,11 +11,14 @@ use Illuminate\Contracts\Filesystem\FileNotFoundException;
use Illuminate\Contracts\Filesystem\Filesystem as FileSystemInstance; use Illuminate\Contracts\Filesystem\Filesystem as FileSystemInstance;
use Illuminate\Contracts\Filesystem\Filesystem as Storage; use Illuminate\Contracts\Filesystem\Filesystem as Storage;
use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Str; use Illuminate\Support\Str;
use Intervention\Image\Exception\NotSupportedException; use Intervention\Image\Exception\NotSupportedException;
use Intervention\Image\ImageManager; use Intervention\Image\ImageManager;
use League\Flysystem\Util; use League\Flysystem\Util;
use Psr\SimpleCache\InvalidArgumentException;
use Symfony\Component\HttpFoundation\File\UploadedFile; use Symfony\Component\HttpFoundation\File\UploadedFile;
use Symfony\Component\HttpFoundation\StreamedResponse;
class ImageService class ImageService
{ {
@ -25,6 +28,8 @@ class ImageService
protected $image; protected $image;
protected $fileSystem; protected $fileSystem;
protected static $supportedExtensions = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
/** /**
* ImageService constructor. * ImageService constructor.
*/ */
@ -39,11 +44,20 @@ class ImageService
/** /**
* Get the storage that will be used for storing images. * Get the storage that will be used for storing images.
*/ */
protected function getStorage(string $imageType = ''): FileSystemInstance protected function getStorageDisk(string $imageType = ''): FileSystemInstance
{ {
return $this->fileSystem->disk($this->getStorageDiskName($imageType)); return $this->fileSystem->disk($this->getStorageDiskName($imageType));
} }
/**
* Check if local secure image storage (Fetched behind authentication)
* is currently active in the instance.
*/
protected function usingSecureImages(): bool
{
return $this->getStorageDiskName('gallery') === 'local_secure_images';
}
/** /**
* Change the originally provided path to fit any disk-specific requirements. * Change the originally provided path to fit any disk-specific requirements.
* This also ensures the path is kept to the expected root folders. * This also ensures the path is kept to the expected root folders.
@ -126,7 +140,7 @@ class ImageService
*/ */
public function saveNew(string $imageName, string $imageData, string $type, int $uploadedTo = 0): Image public function saveNew(string $imageName, string $imageData, string $type, int $uploadedTo = 0): Image
{ {
$storage = $this->getStorage($type); $storage = $this->getStorageDisk($type);
$secureUploads = setting('app-secure-images'); $secureUploads = setting('app-secure-images');
$fileName = $this->cleanImageFileName($imageName); $fileName = $this->cleanImageFileName($imageName);
@ -144,7 +158,7 @@ class ImageService
try { try {
$this->saveImageDataInPublicSpace($storage, $this->adjustPathForStorageDisk($fullPath, $type), $imageData); $this->saveImageDataInPublicSpace($storage, $this->adjustPathForStorageDisk($fullPath, $type), $imageData);
} catch (Exception $e) { } catch (Exception $e) {
\Log::error('Error when attempting image upload:' . $e->getMessage()); Log::error('Error when attempting image upload:' . $e->getMessage());
throw new ImageUploadException(trans('errors.path_not_writable', ['filePath' => $fullPath])); throw new ImageUploadException(trans('errors.path_not_writable', ['filePath' => $fullPath]));
} }
@ -219,17 +233,10 @@ class ImageService
* If $keepRatio is true only the width will be used. * If $keepRatio is true only the width will be used.
* Checks the cache then storage to avoid creating / accessing the filesystem on every check. * Checks the cache then storage to avoid creating / accessing the filesystem on every check.
* *
* @param Image $image
* @param int $width
* @param int $height
* @param bool $keepRatio
*
* @throws Exception * @throws Exception
* @throws ImageUploadException * @throws InvalidArgumentException
*
* @return string
*/ */
public function getThumbnail(Image $image, $width = 220, $height = 220, $keepRatio = false) public function getThumbnail(Image $image, ?int $width, ?int $height, bool $keepRatio = false): string
{ {
if ($keepRatio && $this->isGif($image)) { if ($keepRatio && $this->isGif($image)) {
return $this->getPublicUrl($image->path); return $this->getPublicUrl($image->path);
@ -243,7 +250,7 @@ class ImageService
return $this->getPublicUrl($thumbFilePath); return $this->getPublicUrl($thumbFilePath);
} }
$storage = $this->getStorage($image->type); $storage = $this->getStorageDisk($image->type);
if ($storage->exists($this->adjustPathForStorageDisk($thumbFilePath, $image->type))) { if ($storage->exists($this->adjustPathForStorageDisk($thumbFilePath, $image->type))) {
return $this->getPublicUrl($thumbFilePath); return $this->getPublicUrl($thumbFilePath);
} }
@ -257,27 +264,16 @@ class ImageService
} }
/** /**
* Resize image data. * Resize the image of given data to the specified size, and return the new image data.
*
* @param string $imageData
* @param int $width
* @param int $height
* @param bool $keepRatio
* *
* @throws ImageUploadException * @throws ImageUploadException
*
* @return string
*/ */
protected function resizeImage(string $imageData, $width = 220, $height = null, bool $keepRatio = true) protected function resizeImage(string $imageData, ?int $width, ?int $height, bool $keepRatio): string
{ {
try { try {
$thumb = $this->imageTool->make($imageData); $thumb = $this->imageTool->make($imageData);
} catch (Exception $e) { } catch (ErrorException|NotSupportedException $e) {
if ($e instanceof ErrorException || $e instanceof NotSupportedException) { throw new ImageUploadException(trans('errors.cannot_create_thumbs'));
throw new ImageUploadException(trans('errors.cannot_create_thumbs'));
}
throw $e;
} }
if ($keepRatio) { if ($keepRatio) {
@ -307,7 +303,7 @@ class ImageService
*/ */
public function getImageData(Image $image): string public function getImageData(Image $image): string
{ {
$storage = $this->getStorage(); $storage = $this->getStorageDisk();
return $storage->get($this->adjustPathForStorageDisk($image->path, $image->type)); return $storage->get($this->adjustPathForStorageDisk($image->path, $image->type));
} }
@ -330,7 +326,7 @@ class ImageService
protected function destroyImagesFromPath(string $path, string $imageType): bool protected function destroyImagesFromPath(string $path, string $imageType): bool
{ {
$path = $this->adjustPathForStorageDisk($path, $imageType); $path = $this->adjustPathForStorageDisk($path, $imageType);
$storage = $this->getStorage($imageType); $storage = $this->getStorageDisk($imageType);
$imageFolder = dirname($path); $imageFolder = dirname($path);
$imageFileName = basename($path); $imageFileName = basename($path);
@ -417,7 +413,7 @@ class ImageService
} }
$storagePath = $this->adjustPathForStorageDisk($storagePath); $storagePath = $this->adjustPathForStorageDisk($storagePath);
$storage = $this->getStorage(); $storage = $this->getStorageDisk();
$imageData = null; $imageData = null;
if ($storage->exists($storagePath)) { if ($storage->exists($storagePath)) {
$imageData = $storage->get($storagePath); $imageData = $storage->get($storagePath);
@ -435,6 +431,42 @@ class ImageService
return 'data:image/' . $extension . ';base64,' . base64_encode($imageData); return 'data:image/' . $extension . ';base64,' . base64_encode($imageData);
} }
/**
* Check if the given path exists in the local secure image system.
* Returns false if local_secure is not in use.
*/
public function pathExistsInLocalSecure(string $imagePath): bool
{
$disk = $this->getStorageDisk('gallery');
// Check local_secure is active
return $this->usingSecureImages()
// Check the image file exists
&& $disk->exists($imagePath)
// Check the file is likely an image file
&& strpos($disk->getMimetype($imagePath), 'image/') === 0;
}
/**
* For the given path, if existing, provide a response that will stream the image contents.
*/
public function streamImageFromStorageResponse(string $imageType, string $path): StreamedResponse
{
$disk = $this->getStorageDisk($imageType);
return $disk->response($path);
}
/**
* Check if the given image extension is supported by BookStack.
* The extension must not be altered in this function. This check should provide a guarantee
* that the provided extension is safe to use for the image to be saved.
*/
public static function isExtensionSupported(string $extension): bool
{
return in_array($extension, static::$supportedExtensions);
}
/** /**
* Get a storage path for the given image URL. * Get a storage path for the given image URL.
* Ensures the path will start with "uploads/images". * Ensures the path will start with "uploads/images".
@ -476,7 +508,7 @@ class ImageService
*/ */
private function getPublicUrl(string $filePath): string private function getPublicUrl(string $filePath): string
{ {
if ($this->storageUrl === null) { if (is_null($this->storageUrl)) {
$storageUrl = config('filesystems.url'); $storageUrl = config('filesystems.url');
// Get the standard public s3 url if s3 is set as storage type // Get the standard public s3 url if s3 is set as storage type
@ -490,6 +522,7 @@ class ImageService
$storageUrl = 'https://s3-' . $storageDetails['region'] . '.amazonaws.com/' . $storageDetails['bucket']; $storageUrl = 'https://s3-' . $storageDetails['region'] . '.amazonaws.com/' . $storageDetails['bucket'];
} }
} }
$this->storageUrl = $storageUrl; $this->storageUrl = $storageUrl;
} }

63
app/Util/WebSafeMimeSniffer.php Normal file
View File

@ -0,0 +1,63 @@
<?php
namespace BookStack\Util;
use finfo;
/**
* Helper class to sniff out the mime-type of content resulting in
* a mime-type that's relatively safe to serve to a browser.
*/
class WebSafeMimeSniffer
{
/**
* @var string[]
*/
protected $safeMimes = [
'application/json',
'application/octet-stream',
'application/pdf',
'image/bmp',
'image/jpeg',
'image/png',
'image/gif',
'image/webp',
'image/avif',
'image/heic',
'text/css',
'text/csv',
'text/javascript',
'text/json',
'text/plain',
'video/x-msvideo',
'video/mp4',
'video/mpeg',
'video/ogg',
'video/webm',
'video/vp9',
'video/h264',
'video/av1',
];
/**
* Sniff the mime-type from the given file content while running the result
* through an allow-list to ensure a web-safe result.
* Takes the content as a reference since the value may be quite large.
*/
public function sniff(string &$content): string
{
$fInfo = new finfo(FILEINFO_MIME_TYPE);
$mime = $fInfo->buffer($content) ?: 'application/octet-stream';
if (in_array($mime, $this->safeMimes)) {
return $mime;
}
[$category] = explode('/', $mime, 2);
if ($category === 'text') {
return 'text/plain';
}
return 'application/octet-stream';
}
}

2
composer.json
View File

@ -33,7 +33,7 @@
"predis/predis": "^1.1.6", "predis/predis": "^1.1.6",
"socialiteproviders/discord": "^4.1", "socialiteproviders/discord": "^4.1",
"socialiteproviders/gitlab": "^4.1", "socialiteproviders/gitlab": "^4.1",
"socialiteproviders/microsoft-azure": "^4.1", "socialiteproviders/microsoft-azure": "^5.0.1",
"socialiteproviders/okta": "^4.1", "socialiteproviders/okta": "^4.1",
"socialiteproviders/slack": "^4.1", "socialiteproviders/slack": "^4.1",
"socialiteproviders/twitch": "^5.3", "socialiteproviders/twitch": "^5.3",

138
composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "fc6d8f731e3975127a9101802cc4bb3a", "content-hash": "4780c46ffc4d1a09af810f62ca59e4a7",
"packages": [ "packages": [
{ {
"name": "aws/aws-crt-php", "name": "aws/aws-crt-php",
@ -58,16 +58,16 @@
}, },
{ {
"name": "aws/aws-sdk-php", "name": "aws/aws-sdk-php",
"version": "3.199.3", "version": "3.199.7",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/aws/aws-sdk-php.git", "url": "https://github.com/aws/aws-sdk-php.git",
"reference": "132a1148ebb63d04023837bcf9a36f49b308a0bd" "reference": "fda176884d2952cffc7e67209470bff49609339c"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/132a1148ebb63d04023837bcf9a36f49b308a0bd", "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/fda176884d2952cffc7e67209470bff49609339c",
"reference": "132a1148ebb63d04023837bcf9a36f49b308a0bd", "reference": "fda176884d2952cffc7e67209470bff49609339c",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -143,9 +143,9 @@
"support": { "support": {
"forum": "https://forums.aws.amazon.com/forum.jspa?forumID=80", "forum": "https://forums.aws.amazon.com/forum.jspa?forumID=80",
"issues": "https://github.com/aws/aws-sdk-php/issues", "issues": "https://github.com/aws/aws-sdk-php/issues",
"source": "https://github.com/aws/aws-sdk-php/tree/3.199.3" "source": "https://github.com/aws/aws-sdk-php/tree/3.199.7"
}, },
"time": "2021-10-25T18:17:28+00:00" "time": "2021-10-29T18:25:02+00:00"
}, },
{ {
"name": "bacon/bacon-qr-code", "name": "bacon/bacon-qr-code",
@ -3297,16 +3297,16 @@
}, },
{ {
"name": "phpseclib/phpseclib", "name": "phpseclib/phpseclib",
"version": "3.0.10", "version": "3.0.11",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/phpseclib/phpseclib.git", "url": "https://github.com/phpseclib/phpseclib.git",
"reference": "62fcc5a94ac83b1506f52d7558d828617fac9187" "reference": "6e794226a35159eb06f355efe59a0075a16551dd"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/62fcc5a94ac83b1506f52d7558d828617fac9187", "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/6e794226a35159eb06f355efe59a0075a16551dd",
"reference": "62fcc5a94ac83b1506f52d7558d828617fac9187", "reference": "6e794226a35159eb06f355efe59a0075a16551dd",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -3388,7 +3388,7 @@
], ],
"support": { "support": {
"issues": "https://github.com/phpseclib/phpseclib/issues", "issues": "https://github.com/phpseclib/phpseclib/issues",
"source": "https://github.com/phpseclib/phpseclib/tree/3.0.10" "source": "https://github.com/phpseclib/phpseclib/tree/3.0.11"
}, },
"funding": [ "funding": [
{ {
@ -3404,7 +3404,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2021-08-16T04:24:45+00:00" "time": "2021-10-27T03:01:46+00:00"
}, },
{ {
"name": "pragmarx/google2fa", "name": "pragmarx/google2fa",
@ -4224,16 +4224,16 @@
}, },
{ {
"name": "socialiteproviders/microsoft-azure", "name": "socialiteproviders/microsoft-azure",
"version": "4.2.1", "version": "5.0.1",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/SocialiteProviders/Microsoft-Azure.git", "url": "https://github.com/SocialiteProviders/Microsoft-Azure.git",
"reference": "64779ec21db0bee3111039a67c0fa0ab550a3462" "reference": "9b23e02ff711de42e513aa55f768a4f1c67c0e41"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/SocialiteProviders/Microsoft-Azure/zipball/64779ec21db0bee3111039a67c0fa0ab550a3462", "url": "https://api.github.com/repos/SocialiteProviders/Microsoft-Azure/zipball/9b23e02ff711de42e513aa55f768a4f1c67c0e41",
"reference": "64779ec21db0bee3111039a67c0fa0ab550a3462", "reference": "9b23e02ff711de42e513aa55f768a4f1c67c0e41",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -4258,10 +4258,20 @@
} }
], ],
"description": "Microsoft Azure OAuth2 Provider for Laravel Socialite", "description": "Microsoft Azure OAuth2 Provider for Laravel Socialite",
"keywords": [
"azure",
"laravel",
"microsoft",
"oauth",
"provider",
"socialite"
],
"support": { "support": {
"source": "https://github.com/SocialiteProviders/Microsoft-Azure/tree/4.2.1" "docs": "https://socialiteproviders.com/microsoft-azure",
"issues": "https://github.com/socialiteproviders/providers/issues",
"source": "https://github.com/socialiteproviders/providers"
}, },
"time": "2021-06-14T22:51:38+00:00" "time": "2021-10-07T22:21:59+00:00"
}, },
{ {
"name": "socialiteproviders/okta", "name": "socialiteproviders/okta",
@ -4515,16 +4525,16 @@
}, },
{ {
"name": "symfony/console", "name": "symfony/console",
"version": "v4.4.30", "version": "v4.4.33",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/console.git", "url": "https://github.com/symfony/console.git",
"reference": "a3f7189a0665ee33b50e9e228c46f50f5acbed22" "reference": "8dbd23ef7a8884051482183ddee8d9061b5feed0"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/symfony/console/zipball/a3f7189a0665ee33b50e9e228c46f50f5acbed22", "url": "https://api.github.com/repos/symfony/console/zipball/8dbd23ef7a8884051482183ddee8d9061b5feed0",
"reference": "a3f7189a0665ee33b50e9e228c46f50f5acbed22", "reference": "8dbd23ef7a8884051482183ddee8d9061b5feed0",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -4585,7 +4595,7 @@
"description": "Eases the creation of beautiful and testable command line interfaces", "description": "Eases the creation of beautiful and testable command line interfaces",
"homepage": "https://symfony.com", "homepage": "https://symfony.com",
"support": { "support": {
"source": "https://github.com/symfony/console/tree/v4.4.30" "source": "https://github.com/symfony/console/tree/v4.4.33"
}, },
"funding": [ "funding": [
{ {
@ -4601,7 +4611,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2021-08-25T19:27:26+00:00" "time": "2021-10-25T16:36:08+00:00"
}, },
{ {
"name": "symfony/css-selector", "name": "symfony/css-selector",
@ -5177,16 +5187,16 @@
}, },
{ {
"name": "symfony/http-foundation", "name": "symfony/http-foundation",
"version": "v4.4.30", "version": "v4.4.33",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/http-foundation.git", "url": "https://github.com/symfony/http-foundation.git",
"reference": "09b3202651ab23ac8dcf455284a48a3500e56731" "reference": "b9a91102f548e0111f4996e8c622fb1d1d479850"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/symfony/http-foundation/zipball/09b3202651ab23ac8dcf455284a48a3500e56731", "url": "https://api.github.com/repos/symfony/http-foundation/zipball/b9a91102f548e0111f4996e8c622fb1d1d479850",
"reference": "09b3202651ab23ac8dcf455284a48a3500e56731", "reference": "b9a91102f548e0111f4996e8c622fb1d1d479850",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -5225,7 +5235,7 @@
"description": "Defines an object-oriented layer for the HTTP specification", "description": "Defines an object-oriented layer for the HTTP specification",
"homepage": "https://symfony.com", "homepage": "https://symfony.com",
"support": { "support": {
"source": "https://github.com/symfony/http-foundation/tree/v4.4.30" "source": "https://github.com/symfony/http-foundation/tree/v4.4.33"
}, },
"funding": [ "funding": [
{ {
@ -5241,20 +5251,20 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2021-08-26T15:51:23+00:00" "time": "2021-10-07T15:31:35+00:00"
}, },
{ {
"name": "symfony/http-kernel", "name": "symfony/http-kernel",
"version": "v4.4.32", "version": "v4.4.33",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/http-kernel.git", "url": "https://github.com/symfony/http-kernel.git",
"reference": "f7bda3ea8f05ae90627400e58af5179b25ce0f38" "reference": "6f1fcca1154f782796549f4f4e5090bae9525c0e"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/symfony/http-kernel/zipball/f7bda3ea8f05ae90627400e58af5179b25ce0f38", "url": "https://api.github.com/repos/symfony/http-kernel/zipball/6f1fcca1154f782796549f4f4e5090bae9525c0e",
"reference": "f7bda3ea8f05ae90627400e58af5179b25ce0f38", "reference": "6f1fcca1154f782796549f4f4e5090bae9525c0e",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -5329,7 +5339,7 @@
"description": "Provides a structured process for converting a Request into a Response", "description": "Provides a structured process for converting a Request into a Response",
"homepage": "https://symfony.com", "homepage": "https://symfony.com",
"support": { "support": {
"source": "https://github.com/symfony/http-kernel/tree/v4.4.32" "source": "https://github.com/symfony/http-kernel/tree/v4.4.33"
}, },
"funding": [ "funding": [
{ {
@ -5345,7 +5355,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2021-09-28T10:20:04+00:00" "time": "2021-10-29T08:14:01+00:00"
}, },
{ {
"name": "symfony/mime", "name": "symfony/mime",
@ -6477,16 +6487,16 @@
}, },
{ {
"name": "symfony/var-dumper", "name": "symfony/var-dumper",
"version": "v4.4.31", "version": "v4.4.33",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/var-dumper.git", "url": "https://github.com/symfony/var-dumper.git",
"reference": "1f12cc0c2e880a5f39575c19af81438464717839" "reference": "50286e2b7189bfb4f419c0731e86632cddf7c5ee"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/symfony/var-dumper/zipball/1f12cc0c2e880a5f39575c19af81438464717839", "url": "https://api.github.com/repos/symfony/var-dumper/zipball/50286e2b7189bfb4f419c0731e86632cddf7c5ee",
"reference": "1f12cc0c2e880a5f39575c19af81438464717839", "reference": "50286e2b7189bfb4f419c0731e86632cddf7c5ee",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -6546,7 +6556,7 @@
"dump" "dump"
], ],
"support": { "support": {
"source": "https://github.com/symfony/var-dumper/tree/v4.4.31" "source": "https://github.com/symfony/var-dumper/tree/v4.4.33"
}, },
"funding": [ "funding": [
{ {
@ -6562,7 +6572,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2021-09-24T15:30:11+00:00" "time": "2021-10-25T20:24:58+00:00"
}, },
{ {
"name": "tijsverkoyen/css-to-inline-styles", "name": "tijsverkoyen/css-to-inline-styles",
@ -6919,16 +6929,16 @@
}, },
{ {
"name": "composer/ca-bundle", "name": "composer/ca-bundle",
"version": "1.2.11", "version": "1.3.1",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/composer/ca-bundle.git", "url": "https://github.com/composer/ca-bundle.git",
"reference": "0b072d51c5a9c6f3412f7ea3ab043d6603cb2582" "reference": "4c679186f2aca4ab6a0f1b0b9cf9252decb44d0b"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/composer/ca-bundle/zipball/0b072d51c5a9c6f3412f7ea3ab043d6603cb2582", "url": "https://api.github.com/repos/composer/ca-bundle/zipball/4c679186f2aca4ab6a0f1b0b9cf9252decb44d0b",
"reference": "0b072d51c5a9c6f3412f7ea3ab043d6603cb2582", "reference": "4c679186f2aca4ab6a0f1b0b9cf9252decb44d0b",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -6975,7 +6985,7 @@
"support": { "support": {
"irc": "irc://irc.freenode.org/composer", "irc": "irc://irc.freenode.org/composer",
"issues": "https://github.com/composer/ca-bundle/issues", "issues": "https://github.com/composer/ca-bundle/issues",
"source": "https://github.com/composer/ca-bundle/tree/1.2.11" "source": "https://github.com/composer/ca-bundle/tree/1.3.1"
}, },
"funding": [ "funding": [
{ {
@ -6991,20 +7001,20 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2021-09-25T20:32:43+00:00" "time": "2021-10-28T20:44:15+00:00"
}, },
{ {
"name": "composer/composer", "name": "composer/composer",
"version": "2.1.9", "version": "2.1.10",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/composer/composer.git", "url": "https://github.com/composer/composer.git",
"reference": "e558c88f28d102d497adec4852802c0dc14c7077" "reference": "ea5f64d1a15c66942979b804c9fb3686be852ca0"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/composer/composer/zipball/e558c88f28d102d497adec4852802c0dc14c7077", "url": "https://api.github.com/repos/composer/composer/zipball/ea5f64d1a15c66942979b804c9fb3686be852ca0",
"reference": "e558c88f28d102d497adec4852802c0dc14c7077", "reference": "ea5f64d1a15c66942979b804c9fb3686be852ca0",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -7015,7 +7025,7 @@
"composer/xdebug-handler": "^2.0", "composer/xdebug-handler": "^2.0",
"justinrainbow/json-schema": "^5.2.11", "justinrainbow/json-schema": "^5.2.11",
"php": "^5.3.2 || ^7.0 || ^8.0", "php": "^5.3.2 || ^7.0 || ^8.0",
"psr/log": "^1.0", "psr/log": "^1.0 || ^2.0",
"react/promise": "^1.2 || ^2.7", "react/promise": "^1.2 || ^2.7",
"seld/jsonlint": "^1.4", "seld/jsonlint": "^1.4",
"seld/phar-utils": "^1.0", "seld/phar-utils": "^1.0",
@ -7039,7 +7049,7 @@
"type": "library", "type": "library",
"extra": { "extra": {
"branch-alias": { "branch-alias": {
"dev-master": "2.1-dev" "dev-main": "2.1-dev"
} }
}, },
"autoload": { "autoload": {
@ -7073,7 +7083,7 @@
"support": { "support": {
"irc": "ircs://irc.libera.chat:6697/composer", "irc": "ircs://irc.libera.chat:6697/composer",
"issues": "https://github.com/composer/composer/issues", "issues": "https://github.com/composer/composer/issues",
"source": "https://github.com/composer/composer/tree/2.1.9" "source": "https://github.com/composer/composer/tree/2.1.10"
}, },
"funding": [ "funding": [
{ {
@ -7089,7 +7099,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2021-10-05T07:47:38+00:00" "time": "2021-10-29T20:34:57+00:00"
}, },
{ {
"name": "composer/metadata-minifier", "name": "composer/metadata-minifier",
@ -8230,23 +8240,23 @@
}, },
{ {
"name": "phpunit/php-code-coverage", "name": "phpunit/php-code-coverage",
"version": "9.2.7", "version": "9.2.8",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/sebastianbergmann/php-code-coverage.git", "url": "https://github.com/sebastianbergmann/php-code-coverage.git",
"reference": "d4c798ed8d51506800b441f7a13ecb0f76f12218" "reference": "cf04e88a2e3c56fc1a65488afd493325b4c1bc3e"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/d4c798ed8d51506800b441f7a13ecb0f76f12218", "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/cf04e88a2e3c56fc1a65488afd493325b4c1bc3e",
"reference": "d4c798ed8d51506800b441f7a13ecb0f76f12218", "reference": "cf04e88a2e3c56fc1a65488afd493325b4c1bc3e",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
"ext-dom": "*", "ext-dom": "*",
"ext-libxml": "*", "ext-libxml": "*",
"ext-xmlwriter": "*", "ext-xmlwriter": "*",
"nikic/php-parser": "^4.12.0", "nikic/php-parser": "^4.13.0",
"php": ">=7.3", "php": ">=7.3",
"phpunit/php-file-iterator": "^3.0.3", "phpunit/php-file-iterator": "^3.0.3",
"phpunit/php-text-template": "^2.0.2", "phpunit/php-text-template": "^2.0.2",
@ -8295,7 +8305,7 @@
], ],
"support": { "support": {
"issues": "https://github.com/sebastianbergmann/php-code-coverage/issues", "issues": "https://github.com/sebastianbergmann/php-code-coverage/issues",
"source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.7" "source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.8"
}, },
"funding": [ "funding": [
{ {
@ -8303,7 +8313,7 @@
"type": "github" "type": "github"
} }
], ],
"time": "2021-09-17T05:39:03+00:00" "time": "2021-10-30T08:01:38+00:00"
}, },
{ {
"name": "phpunit/php-file-iterator", "name": "phpunit/php-file-iterator",

19
readme.md
View File

@ -27,6 +27,25 @@ BookStack is not designed as an extensible platform to be used for purposes that
In regard to development philosophy, BookStack has a relaxed, open & positive approach. At the end of the day this is free software developed and maintained by people donating their own free time. In regard to development philosophy, BookStack has a relaxed, open & positive approach. At the end of the day this is free software developed and maintained by people donating their own free time.
## 🌟 Project Sponsors
Shown below are our bronze, silver and gold project sponsors.
Big thanks to these companies for supporting the project.
Note: Listed services are not tested, vetted nor supported by the official BookStack project in any manner.
[View all sponsors](https://github.com/sponsors/ssddanbrown).
#### Bronze Sponsors
<table><tbody><tr>
<td><a href="https://www.diagrams.net/" target="_blank">
<img width="280" src="https://media.githubusercontent.com/media/BookStackApp/website/master/static/images/sponsors/diagramsnet.png" alt="Diagrams.net logo">
</a></td>
<td><a href="https://www.stellarhosted.com/bookstack/" target="_blank">
<img width="280" src="https://media.githubusercontent.com/media/BookStackApp/website/master/static/images/sponsors/stellarhosted.png" alt="Stellar Hosted Logo">
</a></td>
</tr></tbody></table>
## 🛣️ Road Map ## 🛣️ Road Map
Below is a high-level road map view for BookStack to provide a sense of direction of where the project is going. This can change at any point and does not reflect many features and improvements that will also be included as part of the journey along this road map. For more granular detail of what will be included in upcoming releases you can review the project milestones as defined in the "Release Process" section below. Below is a high-level road map view for BookStack to provide a sense of direction of where the project is going. This can change at any point and does not reflect many features and improvements that will also be included as part of the journey along this road map. For more granular detail of what will be included in upcoming releases you can review the project milestones as defined in the "Release Process" section below.

2
resources/lang/lv/settings.php
View File

@ -248,7 +248,7 @@ return [
'de_informal' => 'Deutsch (Du)', 'de_informal' => 'Deutsch (Du)',
'es' => 'Español', 'es' => 'Español',
'es_AR' => 'Español Argentina', 'es_AR' => 'Español Argentina',
'et' => 'Eesti keel', 'et' => 'Igauņu',
'fr' => 'Français', 'fr' => 'Français',
'he' => 'עברית', 'he' => 'עברית',
'hr' => 'Hrvatski', 'hr' => 'Hrvatski',

4
resources/lang/nl/activities.php
View File

@ -48,8 +48,8 @@ return [
'favourite_remove_notification' => '":name" is verwijderd uit je favorieten', 'favourite_remove_notification' => '":name" is verwijderd uit je favorieten',
// MFA // MFA
'mfa_setup_method_notification' => 'Multi-factor method successfully configured', 'mfa_setup_method_notification' => 'Multi-factor methode succesvol geconfigureerd',
'mfa_remove_method_notification' => 'Multi-factor method successfully removed', 'mfa_remove_method_notification' => 'Multi-factor methode succesvol verwijderd',
// Other // Other
'commented_on' => 'reageerde op', 'commented_on' => 'reageerde op',

40
resources/lang/nl/auth.php
View File

@ -76,27 +76,27 @@ return [
'user_invite_success' => 'Wachtwoord ingesteld, je hebt nu toegang tot :appName!', 'user_invite_success' => 'Wachtwoord ingesteld, je hebt nu toegang tot :appName!',
// Multi-factor Authentication // Multi-factor Authentication
'mfa_setup' => 'Setup Multi-Factor Authentication', 'mfa_setup' => 'Multi-factor authenticatie instellen',
'mfa_setup_desc' => 'Setup multi-factor authentication as an extra layer of security for your user account.', 'mfa_setup_desc' => 'Stel multi-factor authenticatie in als een extra beveiligingslaag voor uw gebruikersaccount.',
'mfa_setup_configured' => 'Already configured', 'mfa_setup_configured' => 'Reeds geconfigureerd',
'mfa_setup_reconfigure' => 'Reconfigure', 'mfa_setup_reconfigure' => 'Herconfigureren1',
'mfa_setup_remove_confirmation' => 'Are you sure you want to remove this multi-factor authentication method?', 'mfa_setup_remove_confirmation' => 'Weet je zeker dat je deze multi-factor authenticatie methode wilt verwijderen?',
'mfa_setup_action' => 'Setup', 'mfa_setup_action' => 'Instellen',
'mfa_backup_codes_usage_limit_warning' => 'You have less than 5 backup codes remaining, Please generate and store a new set before you run out of codes to prevent being locked out of your account.', 'mfa_backup_codes_usage_limit_warning' => 'U heeft minder dan 5 back-upcodes resterend. Genereer en sla een nieuwe set op voordat je geen codes meer hebt om te voorkomen dat je buiten je account wordt gesloten.',
'mfa_option_totp_title' => 'Mobile App', 'mfa_option_totp_title' => 'Mobiele app',
'mfa_option_totp_desc' => 'To use multi-factor authentication you\'ll need a mobile application that supports TOTP such as Google Authenticator, Authy or Microsoft Authenticator.', 'mfa_option_totp_desc' => 'Om multi-factor authenticatie te gebruiken heeft u een mobiele applicatie nodig die TOTP ondersteunt, zoals Google Authenticator, Authy of Microsoft Authenticator.',
'mfa_option_backup_codes_title' => 'Backup Codes', 'mfa_option_backup_codes_title' => 'Back-up Codes',
'mfa_option_backup_codes_desc' => 'Securely store a set of one-time-use backup codes which you can enter to verify your identity.', 'mfa_option_backup_codes_desc' => 'Bewaar veilig een set eenmalige back-upcodes die u kunt invoeren om uw identiteit te verifiëren.',
'mfa_gen_confirm_and_enable' => 'Confirm and Enable', 'mfa_gen_confirm_and_enable' => 'Bevestigen en inschakelen',
'mfa_gen_backup_codes_title' => 'Backup Codes Setup', 'mfa_gen_backup_codes_title' => 'Reservekopiecodes instellen',
'mfa_gen_backup_codes_desc' => 'Store the below list of codes in a safe place. When accessing the system you\'ll be able to use one of the codes as a second authentication mechanism.', 'mfa_gen_backup_codes_desc' => 'De onderstaande lijst met codes opslaan op een veilige plaats. Bij de toegang tot het systeem kun je een van de codes gebruiken als tweede verificatiemechanisme.',
'mfa_gen_backup_codes_download' => 'Download Codes', 'mfa_gen_backup_codes_download' => 'Download Codes',
'mfa_gen_backup_codes_usage_warning' => 'Each code can only be used once', 'mfa_gen_backup_codes_usage_warning' => 'Elke code kan slechts eenmaal gebruikt worden',
'mfa_gen_totp_title' => 'Mobile App Setup', 'mfa_gen_totp_title' => 'Mobiele app installatie',
'mfa_gen_totp_desc' => 'To use multi-factor authentication you\'ll need a mobile application that supports TOTP such as Google Authenticator, Authy or Microsoft Authenticator.', 'mfa_gen_totp_desc' => 'Om multi-factor authenticatie te gebruiken heeft u een mobiele applicatie nodig die TOTP ondersteunt, zoals Google Authenticator, Authy of Microsoft Authenticator.',
'mfa_gen_totp_scan' => 'Scan the QR code below using your preferred authentication app to get started.', 'mfa_gen_totp_scan' => 'Scan de onderstaande QR-code door gebruik te maken van uw favoriete authenticatie app om aan de slag te gaan.',
'mfa_gen_totp_verify_setup' => 'Verify Setup', 'mfa_gen_totp_verify_setup' => 'Installatie verifiëren',
'mfa_gen_totp_verify_setup_desc' => 'Verify that all is working by entering a code, generated within your authentication app, in the input box below:', 'mfa_gen_totp_verify_setup_desc' => 'Controleer of alles werkt door het invoeren van een code, die wordt gegenereerd binnen uw authenticatie-app, in het onderstaande invoerveld:',
'mfa_gen_totp_provide_code_here' => 'Provide your app generated code here', 'mfa_gen_totp_provide_code_here' => 'Provide your app generated code here',
'mfa_verify_access' => 'Verify Access', 'mfa_verify_access' => 'Verify Access',
'mfa_verify_access_desc' => 'Your user account requires you to confirm your identity via an additional level of verification before you\'re granted access. Verify using one of your configured methods to continue.', 'mfa_verify_access_desc' => 'Your user account requires you to confirm your identity via an additional level of verification before you\'re granted access. Verify using one of your configured methods to continue.',

2
resources/lang/nl/common.php
View File

@ -39,7 +39,7 @@ return [
'reset' => 'Resetten', 'reset' => 'Resetten',
'remove' => 'Verwijderen', 'remove' => 'Verwijderen',
'add' => 'Toevoegen', 'add' => 'Toevoegen',
'configure' => 'Configure', 'configure' => 'Configureer',
'fullscreen' => 'Volledig scherm', 'fullscreen' => 'Volledig scherm',
'favourite' => 'Favoriet', 'favourite' => 'Favoriet',
'unfavourite' => 'Verwijderen uit favoriet', 'unfavourite' => 'Verwijderen uit favoriet',

4
resources/lang/nl/entities.php
View File

@ -99,7 +99,7 @@ return [
'shelves_permissions' => 'Boekenplank permissies', 'shelves_permissions' => 'Boekenplank permissies',
'shelves_permissions_updated' => 'Boekenplank permissies opgeslagen', 'shelves_permissions_updated' => 'Boekenplank permissies opgeslagen',
'shelves_permissions_active' => 'Boekenplank permissies actief', 'shelves_permissions_active' => 'Boekenplank permissies actief',
'shelves_permissions_cascade_warning' => 'Permissions on bookshelves do not automatically cascade to contained books. This is because a book can exist on multiple shelves. Permissions can however be copied down to child books using the option found below.', 'shelves_permissions_cascade_warning' => 'Machtigingen op boekenplanken zijn niet automatisch een cascade om boeken te bevatten. Dit komt omdat een boek in meerdere schappen kan bestaan. Machtigingen kunnen echter worden gekopieerd naar subboeken door gebruik te maken van onderstaande optie.',
'shelves_copy_permissions_to_books' => 'Kopieer permissies naar boeken', 'shelves_copy_permissions_to_books' => 'Kopieer permissies naar boeken',
'shelves_copy_permissions' => 'Kopieer permissies', 'shelves_copy_permissions' => 'Kopieer permissies',
'shelves_copy_permissions_explain' => 'Met deze actie worden de permissies van deze boekenplank gekopieërd naar alle boeken op de plank. Voordat deze actie wordt uitgevoerd, zorg dat de wijzigingen in de permissies van deze boekenplank zijn opgeslagen.', 'shelves_copy_permissions_explain' => 'Met deze actie worden de permissies van deze boekenplank gekopieërd naar alle boeken op de plank. Voordat deze actie wordt uitgevoerd, zorg dat de wijzigingen in de permissies van deze boekenplank zijn opgeslagen.',
@ -234,7 +234,7 @@ return [
'pages_initial_name' => 'Nieuwe pagina', 'pages_initial_name' => 'Nieuwe pagina',
'pages_editing_draft_notification' => 'U bewerkt momenteel een concept dat voor het laatst is opgeslagen op :timeDiff.', 'pages_editing_draft_notification' => 'U bewerkt momenteel een concept dat voor het laatst is opgeslagen op :timeDiff.',
'pages_draft_edited_notification' => 'Deze pagina is sindsdien bijgewerkt. Het wordt aanbevolen dat u dit concept verwijderd.', 'pages_draft_edited_notification' => 'Deze pagina is sindsdien bijgewerkt. Het wordt aanbevolen dat u dit concept verwijderd.',
'pages_draft_page_changed_since_creation' => 'This page has been updated since this draft was created. It is recommended that you discard this draft or take care not to overwrite any page changes.', 'pages_draft_page_changed_since_creation' => 'Deze pagina is bijgewerkt sinds het aanmaken van dit concept. Het wordt aanbevolen dat u dit ontwerp verwijdert of ervoor zorgt dat u wijzigingen op de pagina niet overschrijft.',
'pages_draft_edit_active' => [ 'pages_draft_edit_active' => [
'start_a' => ':count gebruikers zijn begonnen deze pagina te bewerken', 'start_a' => ':count gebruikers zijn begonnen deze pagina te bewerken',
'start_b' => ':userName is begonnen met het bewerken van deze pagina', 'start_b' => ':userName is begonnen met het bewerken van deze pagina',

6
resources/lang/pl/errors.php
View File

@ -24,9 +24,9 @@ return [
'saml_invalid_response_id' => 'Żądanie z zewnętrznego systemu uwierzytelniania nie zostało rozpoznane przez proces rozpoczęty przez tę aplikację. Cofnięcie po zalogowaniu mogło spowodować ten problem.', 'saml_invalid_response_id' => 'Żądanie z zewnętrznego systemu uwierzytelniania nie zostało rozpoznane przez proces rozpoczęty przez tę aplikację. Cofnięcie po zalogowaniu mogło spowodować ten problem.',
'saml_fail_authed' => 'Logowanie przy użyciu :system nie powiodło się, system nie mógł pomyślnie ukończyć uwierzytelniania', 'saml_fail_authed' => 'Logowanie przy użyciu :system nie powiodło się, system nie mógł pomyślnie ukończyć uwierzytelniania',
'oidc_already_logged_in' => 'Już zalogowany', 'oidc_already_logged_in' => 'Już zalogowany',
'oidc_user_not_registered' => 'The user :name is not registered and automatic registration is disabled', 'oidc_user_not_registered' => 'Użytkownik :name nie jest zarejestrowany, a automatyczna rejestracja jest wyłączona',
'oidc_no_email_address' => 'Could not find an email address, for this user, in the data provided by the external authentication system', 'oidc_no_email_address' => 'Nie można odnaleźć adresu email dla tego użytkownika w danych dostarczonych przez zewnętrzny system uwierzytelniania',
'oidc_fail_authed' => 'Login using :system failed, system did not provide successful authorization', 'oidc_fail_authed' => 'Logowanie przy użyciu :system nie powiodło się, system nie mógł pomyślnie ukończyć uwierzytelniania',
'social_no_action_defined' => 'Brak zdefiniowanej akcji', 'social_no_action_defined' => 'Brak zdefiniowanej akcji',
'social_login_bad_response' => "Podczas próby logowania :socialAccount wystąpił błąd: \n:error", 'social_login_bad_response' => "Podczas próby logowania :socialAccount wystąpił błąd: \n:error",
'social_account_in_use' => 'To konto :socialAccount jest już w użyciu. Spróbuj zalogować się za pomocą opcji :socialAccount.', 'social_account_in_use' => 'To konto :socialAccount jest już w użyciu. Spróbuj zalogować się za pomocą opcji :socialAccount.',

4
tests/Auth/MfaVerificationTest.php
View File

@ -242,7 +242,7 @@ class MfaVerificationTest extends TestCase
} }
/** /**
* @return Array<User, string, TestResponse> * @return array<User, string, TestResponse>
*/ */
protected function startTotpLogin(): array protected function startTotpLogin(): array
{ {
@ -260,7 +260,7 @@ class MfaVerificationTest extends TestCase
} }
/** /**
* @return Array<User, string, TestResponse> * @return array<User, string, TestResponse>
*/ */
protected function startBackupCodeLogin($codes = ['kzzu6-1pgll', 'bzxnf-plygd', 'bwdsp-ysl51', '1vo93-ioy7n', 'lf7nw-wdyka', 'xmtrd-oplac']): array protected function startBackupCodeLogin($codes = ['kzzu6-1pgll', 'bzxnf-plygd', 'bwdsp-ysl51', '1vo93-ioy7n', 'lf7nw-wdyka', 'xmtrd-oplac']): array
{ {

1
tests/Entity/PageContentTest.php
View File

@ -614,7 +614,6 @@ class PageContentTest extends TestCase
$page->refresh(); $page->refresh();
$this->assertStringContainsString('<img src=""', $page->html); $this->assertStringContainsString('<img src=""', $page->html);
} }
} }
public function test_base64_images_get_extracted_from_markdown_page_content() public function test_base64_images_get_extracted_from_markdown_page_content()

34
tests/Uploads/AttachmentTest.php
View File

@ -44,6 +44,21 @@ class AttachmentTest extends TestCase
return Attachment::query()->latest()->first(); return Attachment::query()->latest()->first();
} }
/**
* Create a new upload attachment from the given data.
*/
protected function createUploadAttachment(Page $page, string $filename, string $content, string $mimeType): Attachment
{
$file = tmpfile();
$filePath = stream_get_meta_data($file)['uri'];
file_put_contents($filePath, $content);
$upload = new UploadedFile($filePath, $filename, $mimeType, null, true);
$this->call('POST', '/attachments/upload', ['uploaded_to' => $page->id], [], ['file' => $upload], []);
return $page->attachments()->latest()->firstOrFail();
}
/** /**
* Delete all uploaded files. * Delete all uploaded files.
* To assist with cleanup. * To assist with cleanup.
@ -94,7 +109,8 @@ class AttachmentTest extends TestCase
$attachment = Attachment::query()->orderBy('id', 'desc')->first(); $attachment = Attachment::query()->orderBy('id', 'desc')->first();
$this->assertStringNotContainsString($fileName, $attachment->path); $this->assertStringNotContainsString($fileName, $attachment->path);
$this->assertStringEndsWith('.txt', $attachment->path); $this->assertStringEndsWith('-txt', $attachment->path);
$this->deleteUploads();
} }
public function test_file_display_and_access() public function test_file_display_and_access()
@ -305,6 +321,22 @@ class AttachmentTest extends TestCase
// http-foundation/Response does some 'fixing' of responses to add charsets to text responses. // http-foundation/Response does some 'fixing' of responses to add charsets to text responses.
$attachmentGet->assertHeader('Content-Type', 'text/plain; charset=UTF-8'); $attachmentGet->assertHeader('Content-Type', 'text/plain; charset=UTF-8');
$attachmentGet->assertHeader('Content-Disposition', 'inline; filename="upload_test_file.txt"'); $attachmentGet->assertHeader('Content-Disposition', 'inline; filename="upload_test_file.txt"');
$attachmentGet->assertHeader('X-Content-Type-Options', 'nosniff');
$this->deleteUploads();
}
public function test_html_file_access_with_open_forces_plain_content_type()
{
$page = Page::query()->first();
$this->asAdmin();
$attachment = $this->createUploadAttachment($page, 'test_file.html', '<html></html><p>testing</p>', 'text/html');
$attachmentGet = $this->get($attachment->getUrl(true));
// http-foundation/Response does some 'fixing' of responses to add charsets to text responses.
$attachmentGet->assertHeader('Content-Type', 'text/plain; charset=UTF-8');
$attachmentGet->assertHeader('Content-Disposition', 'inline; filename="test_file.html"');
$this->deleteUploads(); $this->deleteUploads();
} }

30
tests/Uploads/ImageTest.php
View File

@ -241,6 +241,36 @@ class ImageTest extends TestCase
} }
} }
public function test_secure_image_paths_traversal_causes_500()
{
config()->set('filesystems.images', 'local_secure');
$this->asEditor();
$resp = $this->get('/uploads/images/../../logs/laravel.log');
$resp->assertStatus(500);
}
public function test_secure_image_paths_traversal_on_non_secure_images_causes_404()
{
config()->set('filesystems.images', 'local');
$this->asEditor();
$resp = $this->get('/uploads/images/../../logs/laravel.log');
$resp->assertStatus(404);
}
public function test_secure_image_paths_dont_serve_non_images()
{
config()->set('filesystems.images', 'local_secure');
$this->asEditor();
$testFilePath = storage_path('/uploads/images/testing.txt');
file_put_contents($testFilePath, 'hello from test_secure_image_paths_dont_serve_non_images');
$resp = $this->get('/uploads/images/testing.txt');
$resp->assertStatus(404);
}
public function test_secure_images_included_in_exports() public function test_secure_images_included_in_exports()
{ {
config()->set('filesystems.images', 'local_secure'); config()->set('filesystems.images', 'local_secure');