0704f1bd0d 
								
							 
						 
						
							
							
								
								Covered untested commands with testing  
							
							
							
						 
						
							2023-05-24 10:34:43 +01:00  
				
					
						
							
							
								 
						
							
								141eecb858 
								
							 
						 
						
							
							
								
								Cleaned up namespacing in routes  
							
							... 
							
							
							
							Also moved home controller and moved controllers up a level in http. 
							
						 
						
							2023-05-18 20:57:05 +01:00  
				
					
						
							
							
								 
						
							
								295cd01605 
								
							 
						 
						
							
							
								
								Played around with a new app structure  
							
							
							
						 
						
							2023-05-17 17:56:55 +01:00  
				
					
						
							
							
								 
						
							
								3a808fd768 
								
							 
						 
						
							
							
								
								Added phpunit tests to cover image API endpoints  
							
							
							
						 
						
							2023-03-14 19:29:08 +00:00  
				
					
						
							
							
								 
						
							
								d9eec6d82c 
								
							 
						 
						
							
							
								
								Started Image API build  
							
							
							
						 
						
							2023-03-14 12:19:19 +00:00  
				
					
						
							
							
								 
						
							
								c80396136f 
								
							 
						 
						
							
							
								
								Increased attachment link limit from 192 to 2k  
							
							... 
							
							
							
							Added test to cover.
Did attempt a 64k limit, but values over 2k significantly increase
chance of other issues since this URL may be used in redirect headers.
Would rather catch issues in-app.
For #4044  
							
						 
						
							2023-02-20 13:05:23 +00:00  
				
					
						
							
							
								 
						
							
								f333db8e4f 
								
							 
						 
						
							
							
								
								Added control-upon-access of the default favicon.ico file  
							
							
							
						 
						
							2023-02-09 21:16:27 +00:00  
				
					
						
							
							
								 
						
							
								da42fc7457 
								
							 
						 
						
							
							
								
								Added default favicon creation upon access.  
							
							
							
						 
						
							2023-02-09 20:57:35 +00:00  
				
					
						
							
							
								 
						
							
								48f1934387 
								
							 
						 
						
							
							
								
								Updated favicon gen to use png-based ICO  
							
							... 
							
							
							
							From testing, worked on Firefox, Chrome, Gnome Web 
							
						 
						
							2023-02-09 17:47:33 +00:00  
				
					
						
							
							
								 
						
							
								2845e0003e 
								
							 
						 
						
							
							
								
								Got favicons better supported, can't get transparency right  
							
							... 
							
							
							
							Digging deeper, I don't think PHPGD supports 32bit bmp output which
complicates matters. 
							
						 
						
							2023-02-09 15:14:41 +00:00  
				
					
						
							
							
								 
						
							
								1a189640f1 
								
							 
						 
						
							
							
								
								Integrated favicon handler with correct files & actions  
							
							... 
							
							
							
							Format does not look 100% correct though, won't show in Firefox/gimp. 
							
						 
						
							2023-02-09 13:24:43 +00:00  
				
					
						
							
							
								 
						
							
								420f89af99 
								
							 
						 
						
							
							
								
								Built custom favicon.ico file creator  
							
							... 
							
							
							
							Followed wikipedia-defined ICO file format info, and used with
Intervention's good bmp support, to create a working proof-of-concept. 
							
						 
						
							2023-02-08 23:06:42 +00:00  
				
					
						
							
							
								 
						
							
								da1a66abd3 
								
							 
						 
						
							
							
								
								Extracted test file handling to its own class  
							
							... 
							
							
							
							Closes  #3995  
						
							2023-02-08 14:39:13 +00:00  
				
					
						
							
							
								 
						
							
								5e8ec56196 
								
							 
						 
						
							
							
								
								Fixed issues found from tests  
							
							
							
						 
						
							2023-02-06 20:41:33 +00:00  
				
					
						
							
							
								 
						
							
								9ca088a4e2 
								
							 
						 
						
							
							
								
								Fixed static analysis issues  
							
							
							
						 
						
							2023-02-06 20:00:44 +00:00  
				
					
						
							
							
								 
						
							
								3c658e39ab 
								
							 
						 
						
							
							
								
								Extracted app icon text, fixed issues  
							
							... 
							
							
							
							Tweaked sizes and meta tags based unpon ipad testing.
Fixed reduced sizes not being cleaned up. 
							
						 
						
							2023-01-25 16:11:34 +00:00  
				
					
						
							
							
								 
						
							
								55b6a7842e 
								
							 
						 
						
							
							
								
								Added ability to control app icon (favicon) via settings  
							
							
							
						 
						
							2023-01-25 11:03:19 +00:00  
				
					
						
							
							
								 
						
							
								1660e72cc5 
								
							 
						 
						
							
							
								
								Migrated remaining relation permission usages  
							
							... 
							
							
							
							Now all tests are passing.
Some level of manual checks to do. 
							
						 
						
							2023-01-24 19:04:32 +00:00  
				
					
						
							
							
								 
						
							
								d2260b234c 
								
							 
						 
						
							
							
								
								Fixed app logo visibility with secure_restricted images  
							
							... 
							
							
							
							Includes test to cover.
For #3827  
							
						 
						
							2022-11-10 14:15:59 +00:00  
				
					
						
							
							
								 
						
							
								8a749c6acf 
								
							 
						 
						
							
							
								
								Added and ran PHPCS  
							
							
							
						 
						
							2022-09-18 01:25:20 +01:00  
				
					
						
							
							
								 
						
							
								7f8b3eff5a 
								
							 
						 
						
							
							
								
								Fixed failing tests due to shelf text changes, applied styleci changes  
							
							
							
						 
						
							2022-09-02 14:47:44 +01:00  
				
					
						
							
							
								 
						
							
								c76b5e2ec4 
								
							 
						 
						
							
							
								
								Fixed local_secure_restricted preventing attachment uploads  
							
							... 
							
							
							
							Due to option name change and therefore lack of handling.
Added test case to cover. 
							
						 
						
							2022-09-02 14:40:17 +01:00  
				
					
						
							
							
								 
						
							
								092b6d6378 
								
							 
						 
						
							
							
								
								Added test and handling for local_secure_restricted in exports  
							
							
							
						 
						
							2022-09-02 14:21:43 +01:00  
				
					
						
							
							
								 
						
							
								27ac122502 
								
							 
						 
						
							
							
								
								Started work on local_secure_restricted image option  
							
							
							
						 
						
							2022-09-01 16:17:14 +01:00  
				
					
						
							
							
								 
						
							
								d4a119b2aa 
								
							 
						 
						
							
							
								
								Fixed disabling of avatar urls, Removed id from gravatar image name  
							
							... 
							
							
							
							Included test to cover avatar url disabling.
Related to #1835  
							
						 
						
							2022-07-26 12:10:19 +01:00  
				
					
						
							
							
								 
						
							
								afe1a04239 
								
							 
						 
						
							
							
								
								Aligned permission applicator method names  
							
							... 
							
							
							
							Also removed lesser used function, that was mostly a duplicate of an
existing function, and only used for search. 
							
						 
						
							2022-07-16 19:54:25 +01:00  
				
					
						
							
							
								 
						
							
								b0a4d3d059 
								
							 
						 
						
							
							
								
								Renamed and cleaned up existing permission service classes use  
							
							
							
						 
						
							2022-07-12 20:15:41 +01:00  
				
					
						
							
							
								 
						
							
								abc283fc64 
								
							 
						 
						
							
							
								
								Extracted download response logic to its own class  
							
							... 
							
							
							
							Cleans up base controller and groups up download & streaming logic for
potential future easier addition of range request support. 
							
						 
						
							2022-06-08 23:50:42 +01:00  
				
					
						
							
							
								 
						
							
								2b0ae23da0 
								
							 
						 
						
							
							
								
								Updated composer deps, applied latest StyleCI changes  
							
							
							
						 
						
							2022-04-24 18:22:40 +01:00  
				
					
						
							
							
								 
						
							
								cb770c534d 
								
							 
						 
						
							
							
								
								Added streamed uploads for attachments  
							
							
							
						 
						
							2022-04-02 18:46:48 +01:00  
				
					
						
							
							
								 
						
							
								82e8b1577e 
								
							 
						 
						
							
							
								
								Updated attachment download responses to stream from filesystem  
							
							... 
							
							
							
							This allows download of attachments that are larger than current memory
limits, since we're not loading the entire file into memory any more.
For inline file responses, we take a 1kb portion of the file to sniff
before to check mime before we proceed. 
							
						 
						
							2022-04-02 18:07:43 +01:00  
				
					
						
							
							
								 
						
							
								b5281bc9ca 
								
							 
						 
						
							
							
								
								Fixed tests, applied StyleCI changes  
							
							
							
						 
						
							2022-03-26 20:38:03 +00:00  
				
					
						
							
							
								 
						
							
								55d61fceb2 
								
							 
						 
						
							
							
								
								Added manual image thumbnail exif orientation handling  
							
							... 
							
							
							
							Uses original image data to extract orientation exif to apply image
transformations before scaling and save. Manually done due to issues
with exif data loss during the existing Invervention image path.
For #1854  
							
						 
						
							2022-03-26 12:32:08 +00:00  
				
					
						
							
							
								 
						
							
								1a26b47782 
								
							 
						 
						
							
							
								
								Applied latest styleCI changes  
							
							
							
						 
						
							2022-01-06 12:18:11 +00:00  
				
					
						
							
							
								 
						
							
								31f1dca8a8 
								
							 
						 
						
							
							
								
								Added detection and thumbnail bypass for apng images  
							
							... 
							
							
							
							Adds apng sniffing when generating thumbnails with retained ratios to
serve the original image files, as we do for GIF images, to prevent
the image being resized to a static version.
Is more tricky than GIF since apng file mimes and extensions
are the same as png, we have to detect part of the file header
to sniff the type. Means we have to sniff at a later stage
than GIF since we have to load the image file data.
Made some changes to the image thubmnail caching while doing
this work to fit in with this handling.
Added test to cover.
For #3136 . 
							
						 
						
							2022-01-04 13:10:35 +00:00  
				
					
						
							
							
								 
						
							
								024924eef3 
								
							 
						 
						
							
							
								
								Applied another round of static analysis updates  
							
							
							
						 
						
							2021-11-22 23:33:55 +00:00  
				
					
						
							
							
								 
						
							
								85154fff69 
								
							 
						 
						
							
							
								
								Added an env configurable file upload size limit  
							
							... 
							
							
							
							Replaces the old suggestion of setting JS head 'window.uploadLimit'
variable. This new env option will be used by back-end validation and
front-end libs/logic too.
Limits already likely exist within prod environments at a PHP and
webserver level but this allows an app-level limit and centralises the
option on the BookStack side into the .env
Closes  #3033  
							
						 
						
							2021-11-14 22:03:22 +00:00  
				
					
						
							
							
								 
						
							
								8d7c8ac8bf 
								
							 
						 
						
							
							
								
								Done a round of phpstan fixes  
							
							
							
						 
						
							2021-11-06 00:32:01 +00:00  
				
					
						
							
							
								 
						
							
								bc291bee78 
								
							 
						 
						
							
							
								
								Added inital phpstan/larastan setup  
							
							
							
						 
						
							2021-11-05 16:18:06 +00:00  
				
					
						
							
							
								 
						
							
								c9c4dbcb5b 
								
							 
						 
						
							
							
								
								Merge branch 'laravel_upgrade'  
							
							
							
						 
						
							2021-11-04 22:42:35 +00:00  
				
					
						
							
							
								 
						
							
								a17be959d8 
								
							 
						 
						
							
							
								
								Applied latest styleci changes  
							
							
							
						 
						
							2021-11-01 13:26:02 +00:00  
				
					
						
							
							
								 
						
							
								bfbccbede1 
								
							 
						 
						
							
							
								
								Updated attachments to not be saved with a complete extension  
							
							... 
							
							
							
							Intended to limit impact in the event the storage path is potentially
exposed. 
							
						 
						
							2021-11-01 11:32:00 +00:00  
				
					
						
							
							
								 
						
							
								4360da03d4 
								
							 
						 
						
							
							
								
								Ran a pass through image and attachment routes  
							
							... 
							
							
							
							Added some stronger types, formatting changes and simplifications along
the way. 
							
						 
						
							2021-11-01 11:17:30 +00:00  
				
					
						
							
							
								 
						
							
								c7fea8fe08 
								
							 
						 
						
							
							
								
								Cleaned up logic within ImageRepo  
							
							... 
							
							
							
							- Moved out extension check to ImageService as that seems more relevant.
- Updated models to use static-style references instead of facade to align with common modern usage within the app.
- Updated custom image_extension validation rule to use shared logic in image service. 
							
						 
						
							2021-11-01 00:24:42 +00:00  
				
					
						
							
							
								 
						
							
								43830a372f 
								
							 
						 
						
							
							
								
								Updated showImage file serving to not be traversable  
							
							... 
							
							
							
							For #3030  
							
						 
						
							2021-10-31 23:53:17 +00:00  
				
					
						
							
							
								 
						
							
								f139cded78 
								
							 
						 
						
							
							
								
								Laravel 8 shift squash & merge ( #3029 )  
							
							... 
							
							
							
							* Temporarily moved back config path
* Apply Laravel coding style
* Shift exception handler
* Shift HTTP kernel and middleware
* Shift service providers
* Convert options array to fluent methods
* Shift to class based routes
* Shift console routes
* Ignore temporary framework files
* Shift to class based factories
* Namespace seeders
* Shift PSR-4 autoloading
* Shift config files
* Default config files
* Shift Laravel dependencies
* Shift return type of base TestCase methods
* Shift cleanup
* Applied stylci style changes
* Reverted config files location
* Applied manual changes to Laravel 8 shift
Co-authored-by: Shift <shift@laravelshift.com> 
							
						 
						
							2021-10-30 21:29:59 +01:00  
				
					
						
							
							
								 
						
							
								4f55fe2f8e 
								
							 
						 
						
							
							
								
								Made further changes to page image extraction validation  
							
							... 
							
							
							
							Fixes  #3019 
Increased testing to cover the failing case amoung others. 
						
							2021-10-28 15:54:00 +01:00  
				
					
						
							
							
								 
						
							
								f77236aa38 
								
							 
						 
						
							
							
								
								Laravel 7.x Shift ( #3011 )  
							
							... 
							
							
							
							* Apply Laravel coding style
* Shift bindings
* Shift core files
* Shift to Throwable
* Add laravel/ui dependency
* Shift Eloquent methods
* Shift config files
* Shift Laravel dependencies
* Shift cleanup
* Shift test config and references
* Applied styleci changes
* Applied fixes post shift to laravel 7
Co-authored-by: Shift <shift@laravelshift.com> 
							
						 
						
							2021-10-26 22:04:18 +01:00  
				
					
						
							
							
								 
						
							
								64937ab826 
								
							 
						 
						
							
							
								
								Update ImageRepo.php  
							
							... 
							
							
							
							fix image validation vulnerability 
							
						 
						
							2021-10-26 09:39:16 +08:00  
				
					
						
							
							
								 
						
							
								859934d6a3 
								
							 
						 
						
							
							
								
								Applied latest changes from styleCI  
							
							
							
						 
						
							2021-10-20 10:49:45 +01:00