Existing mime sniffer wasn't great at distinguishing between plaintext
file types, so added a custom extension based mapping for common web
formats that may be expected to be used with this.
Allows files to be placed within a "public" folder within a theme
directory which the contents of will served by BookStack for access.
- Only "web safe" content-types are provided.
- A static 1 day cache time it set on served files.
For #3904
- Fixed failing tests due to Laravel 11 changes
- Updated phpstan to 3.x branch
- Removed some seemingly redundant comment code, which was triggering
phpstan.
Just as a measure to prevent potential abuse of these potentially
longer-running endpoints.
Adds test to cover for ZIP exports, but applied to all formats.
Failed notification sends could block the user action, whereas it's
probably more important that the user action takes places uninteruupted
than showing an error screen for the user to debug.
Logs notification errors so issues can still be debugged by admins.
Closes#5315
Due to hitting statement placeholder limits (typically 65k)
when inserting index terms for single page.
Added test to cover.
Also added skipped tests for tests we don't always want to run.
For #5322
Hardened things to enforce the intent that the guest account should not
be used for logins.
Currently this would not be allowed due to empty set password, and no
password fields on user edit forms, but an error could occur if the
login was attempted.
This adds:
- Handling to show normal invalid user warning on login instead of a
hash check error.
- Prevention of guest user via main login route, in the event that
inventive workarounds would be used by admins to set a password for
this account.
- Test for guest user login.
Review of #5280.
- Removed additional non-needed loads which could ignore permissions.
- Updated new formatter method name to be more specific on use.
- Added test case to cover changes.
- Updated API examples to align parent id/info in info to be
representative.
We were not responsing with a range request, where the requested range
was for the full extent of content. This changes things to always
provide a range request, even for the full range.
Change made since our existing logic could cause problems in chromium
browsers.
Elseif statement removed as its was likley redundant based upon other
existing checks.
This also changes responses for requested ranges beyond content, but I
think that's technically correct looking at the spec (416 are for when
there are no overlapping request/response ranges at all).
Updated tests to cover.
For #5342
- Handled links to within-zip page images found in chapter/book
descriptions; Added test to cover.
- Fixed session showing unrelated success on failed import.
Tested import file-create undo on failure as part of this testing.
Images were missing their extension after import since it was
(potentially) not part of the import data.
This adds validation via mime sniffing (to match normal image upload
checks) and also uses the same logic to sniff out a correct extension.
Added tests to cover.
Also fixed some existing tests around zip functionality.
Added file creation reverting and DB rollback on error.
Added error display on failed import.
Extracted likely shown import form/error text to translation files.
Added specific handling to show relevant error message when user
creation fails due to invite sending errors, while also returning user
to the form with previous input.
Includes test to cover.
For #5195
Previously if a custom port was used in the DRAWIO option it would not
be considered in the CSP handling, which would block loading.
Added test to cover.
For #5107
An empty (but valid formed) groups list provided via the OIDC ID token
would be considered as a lacking detail, and therefore trigger a lookup
to the userinfo endpoint in an attempt to get that information.
This fixes this to properly distinguish between not-provided and empty
state, to avoid userinfo where provided as valid but empty.
Includes test to cover.
For #5101
Changes GIF image thumbnail handling to direcly load via gd instead of
going through interventions own handling (which supports frames) since
we don't need animation for our thumbnails, and since performance issues
could arise with GIFs that have large frame counts.
For #5029
Change made during Laravel 10 updates to align (Laravel made this change
much earlier in 5.x series) but it caused issues due to folder not
pre-existing and due to potentiall permission issues.
(CLI could create this during update, with non-compatible permissions
for webserver).
For #4999
Dan Brown
Talstra Ruben SRSNL
Wes Biggs
czemu
Matthieu Leboeuf
Rashad
Lachlan Tripolone
Maximilian Walter
DanielGordonIT