a17be959d8
Applied latest styleci changes
2021-11-01 13:26:02 +00:00
bfbccbede1
Updated attachments to not be saved with a complete extension
...
Intended to limit impact in the event the storage path is potentially
exposed.
2021-11-01 11:32:00 +00:00
4360da03d4
Ran a pass through image and attachment routes
...
Added some stronger types, formatting changes and simplifications along
the way.
2021-11-01 11:17:30 +00:00
c7fea8fe08
Cleaned up logic within ImageRepo
...
- Moved out extension check to ImageService as that seems more relevant.
- Updated models to use static-style references instead of facade to align with common modern usage within the app.
- Updated custom image_extension validation rule to use shared logic in image service.
2021-11-01 00:24:42 +00:00
43830a372f
Updated showImage file serving to not be traversable
...
For #3030
2021-10-31 23:53:17 +00:00
a9b3df537f
Applied changes from styleci
2021-10-08 22:23:17 +01:00
7224fbcc89
Added protections against path traversal in file system operations
...
- Files within the storage/ path could be accessed via path traversal
references in content, accessed upon HTML export.
- This addresses this via two layers:
- Scoped local flysystem filesystems down to the specific image &
file folders since flysystem has built-in checking against the
escaping of the root folder.
- Added path normalization before enforcement of uploads/{images,file}
prefix to prevent traversal at a path level.
Thanks to @Haxatron via huntr.dev for discovery and reporting.
Ref: https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a/
2021-10-08 17:47:14 +01:00
05d99a312d
Applied styleci changes
2021-09-26 15:48:22 +01:00
c32b315cd7
Standardised facade usage to use via their FQCN
...
Done via Laravel Shift Workbench
2021-09-26 15:37:55 +01:00
934a833818
Apply fixes from StyleCI
2021-06-26 15:23:15 +00:00
2c3523f6a1
Updated image permission setting logic
...
To ensure thhat the visibility is still set on local storage options
since the previous recent changes could cause problems where in
scenarios where the server user could not read images uploaded by the
php process user.
Closes #2758
2021-05-24 12:09:28 +01:00
c1f070a136
Handle acl set of images differently for s3 and s3-like
...
Related to #2739
2021-05-15 17:25:51 +01:00
f8cdd6e80d
Reduced calls for s3-based uploads
...
Combined the public ACL update into the put operation.
2021-04-27 20:36:42 +01:00
60ffe6a993
Updated packages and added better upload failure logging
...
To fix #2689
Updates all packages but mainly focused on aws-sdk
2021-04-19 20:16:49 +01:00
215c69acb2
Merge image name cleaning functions
...
Updated testing for changes and to check existing of new expected file
name.
Related to #2611
2021-03-14 23:20:21 +00:00
745d15d200
Allow uploads of files containing dots in filename. Closes BookStackApp/BookStack#2217
2021-03-04 22:27:20 +01:00
4e82d93350
Updated wording of image cleanup option
...
As per #2352
2020-12-18 22:59:47 +00:00
00308ad4ab
Cleaned up some user/image areas of the app
...
Further cleanup of docblocks and standardisation of repos.
2020-12-08 23:46:38 +00:00
884664bfe9
Ensured base64 images are read from image upload folder
...
Also removed unused storage systems and updated testing.
2020-12-06 15:34:18 +00:00
8911e3f441
Removed http fetching from image base64 generation
2020-12-06 14:24:22 +00:00
7d38c96a23
Removed generic "UploadService" which was doing very little
2020-12-06 12:58:40 +00:00
8213ea9a71
Fixed issue where URL params in image names would cause loading failure
...
Updated file name handling to route through str:slug to be cleaned up
a little.
Added testing to cover.
Fixes #2161
2020-07-25 11:18:40 +01:00
b6aa232205
Fixed issue where more images than expected could be deleted
...
When deleting images, images within the same directory, that have
a suffix of the delete image name, would also be deleted.
Added test to cover.
2020-07-24 23:41:59 +01:00
32e7f0a2e6
Made display thumbnail generation use original data if smaller
...
Thumbnail generation would sometimes create a file larger than the
original, if the original was already well optimized, therefore making
the thumbnail counter-productive. This change compares the sizes of the
original and the generated thumbnail, and uses the smaller of the two if
the thumbnail does not change the aspect ratio of the image.
Fixes #1751
2019-12-22 12:44:49 +00:00
140298bd96
Updated to Laravel 5.8
2019-09-13 23:58:40 +01:00
4b0c4e621a
Replaced use of custom 'baseUrl' helper with 'url'
...
Also changed up how base URL setting was being done
by manipulating incoming request URLs instead of
altering then on generation.
2019-08-04 14:26:39 +01:00
1e7df28238
Set export service to set correct svg image mimetype
...
For #1538
2019-07-17 22:37:19 +01:00
762d1d7595
Allowed different storage types for images and attachments
...
- Added new env and config vars to allow this.
- Also added tests for awkward config logic including fallback for new
env vars.
Closes #1302
2019-06-23 16:01:15 +01:00
3f83c548f8
Ran phpcbf
2019-05-05 14:54:37 +01:00
8c190324ac
Updated existing image tests to reflect changes
...
- Also added some new tests
2019-05-04 18:11:19 +01:00
79f6dc00a3
Change image-selector to not use manager
...
- Now changes the images directly for user, system & cover.
- Extra permission checks added to edit & delete actions.
2019-05-04 15:50:29 +01:00
68017e2553
Added testing for avatar fetching systems & config
...
Abstracts imageservice http interaction.
Closes #1193
2018-12-23 15:34:38 +00:00
b56fc21aaf
Abstracted user avatar fetching away from gravatar
...
Still uses gravatar as a default.
Updated URL placeholders to follow LDAP format.
Potential breaking config change: `GRAVATAR=false` replaced by `AVATAR_URL=false`
Builds upon #1111
2018-12-22 19:29:19 +00:00
5e6c039b08
Added config to change Gravatar URL
2018-11-10 16:11:11 +01:00
257a5a23ec
Fleshed out entity provided and optimized imports
2018-09-25 16:58:03 +01:00
919660678b
Re-structured the app code to be feature based rather than code type based
2018-09-25 12:30:50 +01:00
Dan Brown
Dan Brown
Timo Förster
Vinrobot