f73b82ee57 
								
							 
						 
						
							
							
								
								Merge branch 'fix_sidebar_css' of  https://github.com/ffranchina/BookStack  into ffranchina-fix_sidebar_css  
							
							
							
						 
						
							2021-10-23 21:54:25 +01:00  
				
					
						
							
							
								 
						
							
								98072ba4a9 
								
							 
						 
						
							
							
								
								Reviewed SAML SLS changes for ADFS,  #2902  
							
							... 
							
							
							
							- Migrated env usages to config.
- Removed potentially unneeded config options or auto-set signed options
  based upon provision of certificate.
- Aligned SP certificate env option naming with similar IDP option.
Tested via AFDS on windows server 2019. To test on other providers. 
							
						 
						
							2021-10-23 17:26:01 +01:00  
				
					
						
							
							
								 
						
							
								0b15e2bf1c 
								
							 
						 
						
							
							
								
								Fixes padding issues of the sidebar's items  
							
							
							
						 
						
							2021-10-22 01:34:41 +02:00  
				
					
						
							
							
								 
						
							
								2e9ac21b38 
								
							 
						 
						
							
							
								
								Merge branch 'master' of  https://github.com/theodor-franke/BookStack  into theodor-franke-master  
							
							
							
						 
						
							2021-10-21 14:04:23 +01:00  
				
					
						
							
							
								 
						
							
								129f3286d9 
								
							 
						 
						
							
							
								
								Applied styleci changes  
							
							
							
						 
						
							2021-10-20 13:40:27 +01:00  
				
					
						
							
							
								 
						
							
								fe07cdaa06 
								
							 
						 
						
							
							
								
								Merge pull request  #2996  from BookStackApp/saml2_acs_session  
							
							... 
							
							
							
							Updated SAML ACS post to retain user session 
							
						 
						
							2021-10-20 13:38:35 +01:00  
				
					
						
							
							
								 
						
							
								cdef1b3ab0 
								
							 
						 
						
							
							
								
								Updated SAML ACS post to retain user session  
							
							... 
							
							
							
							Session was being lost due to the callback POST request cookies
not being provided due to samesite=lax. This instead adds an additional
hop in the flow to route the request via a GET request so the session is
retained. SAML POST data is stored encrypted in cache via a unique ID
then pulled out straight afterwards, and restored into POST for the SAML
toolkit to validate.
Updated testing to cover. 
							
						 
						
							2021-10-20 13:34:00 +01:00  
				
					
						
							
							
								 
						
							
								859934d6a3 
								
							 
						 
						
							
							
								
								Applied latest changes from styleCI  
							
							
							
						 
						
							2021-10-20 10:49:45 +01:00  
				
					
						
							
							
								 
						
							
								7bbcaa7cbc 
								
							 
						 
						
							
							
								
								Merge pull request  #2986  from BookStackApp/attachments_api  
							
							... 
							
							
							
							Attachments API 
							
						 
						
							2021-10-20 10:46:35 +01:00  
				
					
						
							
							
								 
						
							
								7e28c76e6f 
								
							 
						 
						
							
							
								
								Adjusted API docs table  
							
							
							
						 
						
							2021-10-20 10:46:06 +01:00  
				
					
						
							
							
								 
						
							
								60d4c5902b 
								
							 
						 
						
							
							
								
								Added attachment API examples during manual testing  
							
							
							
						 
						
							2021-10-20 10:43:03 +01:00  
				
					
						
							
							
								 
						
							
								2409d1850f 
								
							 
						 
						
							
							
								
								Added TestCase for attachments API methods  
							
							
							
						 
						
							2021-10-20 00:58:56 +01:00  
				
					
						
							
							
								 
						
							
								c699f176bc 
								
							 
						 
						
							
							
								
								Fixed bug report yaml formatting  
							
							
							
						 
						
							2021-10-19 15:15:35 +01:00  
				
					
						
							
							
								 
						
							
								72ad87b123 
								
							 
						 
						
							
							
								
								Update support_request.yml  
							
							
							
						 
						
							2021-10-19 14:52:00 +01:00  
				
					
						
							
							
								 
						
							
								5d6d7ef5a7 
								
							 
						 
						
							
							
								
								Converted issues templates to forms  
							
							... 
							
							
							
							Added support request template 
							
						 
						
							2021-10-19 14:49:49 +01:00  
				
					
						
							
							
								 
						
							
								7ad98fc3c3 
								
							 
						 
						
							
							
								
								Update language_request.yml  
							
							
							
						 
						
							2021-10-19 14:07:45 +01:00  
				
					
						
							
							
								 
						
							
								0d6f1638fe 
								
							 
						 
						
							
							
								
								Delete language_request.md  
							
							
							
						 
						
							2021-10-19 14:06:53 +01:00  
				
					
						
							
							
								 
						
							
								5a4b366e56 
								
							 
						 
						
							
							
								
								Create language_request.yml  
							
							
							
						 
						
							2021-10-19 14:05:34 +01:00  
				
					
						
							
							
								 
						
							
								32f6ea946f 
								
							 
						 
						
							
							
								
								Build out core attachments API controller  
							
							... 
							
							
							
							Related to #2942  
							
						 
						
							2021-10-18 17:46:55 +01:00  
				
					
						
							
							
								 
						
							
								1a8a6c609a 
								
							 
						 
						
							
							
								
								Added phpseclib to readme  
							
							
							
						 
						
							2021-10-18 11:43:54 +01:00  
				
					
						
							
							
								 
						
							
								cb45c53029 
								
							 
						 
						
							
							
								
								Added base64 image extraction to markdown page content  
							
							... 
							
							
							
							- Included tests to cover.
- Manually tested via API update and interface page update.
Closes  #2898  
							
						 
						
							2021-10-18 11:42:50 +01:00  
				
					
						
							
							
								 
						
							
								6e325de226 
								
							 
						 
						
							
							
								
								Applied latest styles changes from style CI  
							
							
							
						 
						
							2021-10-16 16:01:59 +01:00  
				
					
						
							
							
								 
						
							
								263384cf99 
								
							 
						 
						
							
							
								
								Merge branch 'oidc'  
							
							
							
						 
						
							2021-10-16 15:51:13 +01:00  
				
					
						
							
							
								 
						
							
								5ba964b677 
								
							 
						 
						
							
							
								
								Updated readme with latest version info  
							
							... 
							
							
							
							Also updated version file to be current 
							
						 
						
							2021-10-15 14:30:49 +01:00  
				
					
						
							
							
								 
						
							
								5647a8a091 
								
							 
						 
						
							
							
								
								New Crowdin updates ( #2980 )  
							
							... 
							
							
							
							* New translations entities.php (Spanish, Argentina)
* New translations activities.php (Spanish, Argentina)
* New translations auth.php (Spanish, Argentina)
* New translations settings.php (Spanish, Argentina)
* New translations validation.php (Spanish, Argentina)
* New translations auth.php (Spanish, Argentina) 
							
						 
						
							2021-10-15 14:17:32 +01:00  
				
					
						
							
							
								 
						
							
								f3c147d33b 
								
							 
						 
						
							
							
								
								Applied latest styleci changes  
							
							
							
						 
						
							2021-10-15 14:16:45 +01:00  
				
					
						
							
							
								 
						
							
								747f81d5d8 
								
							 
						 
						
							
							
								
								Updated php dependancies  
							
							
							
						 
						
							2021-10-15 13:15:32 +01:00  
				
					
						
							
							
								 
						
							
								c9c0e5e16f 
								
							 
						 
						
							
							
								
								Fixed guest user email showing in TOTP setup url  
							
							... 
							
							
							
							- Occured during enforced MFA setup upon login.
- Added test to cover.
Fixes  #2971  
							
						 
						
							2021-10-14 18:02:16 +01:00  
				
					
						
							
							
								 
						
							
								d21b60079c 
								
							 
						 
						
							
							
								
								Merge pull request  #2977  from BookStackApp/custom_debug_view  
							
							... 
							
							
							
							Added custom whoops-based debug view 
							
						 
						
							2021-10-14 17:41:06 +01:00  
				
					
						
							
							
								 
						
							
								ffa4377e65 
								
							 
						 
						
							
							
								
								Added testing to cover debug view  
							
							
							
						 
						
							2021-10-14 17:40:22 +01:00  
				
					
						
							
							
								 
						
							
								9b8bb49a33 
								
							 
						 
						
							
							
								
								Added custom whoops-based debug view  
							
							... 
							
							
							
							Provides a simple bookstack focused view that does not rely on JavaScript.
Contains links to BookStack specific resources in addition to commonly
desired debug details. 
							
						 
						
							2021-10-14 15:33:08 +01:00  
				
					
						
							
							
								 
						
							
								855409bc4f 
								
							 
						 
						
							
							
								
								Fixed lack of oidc discovery filtering during testing  
							
							... 
							
							
							
							Tested oidc system on okta, Keycloak & Auth0 
							
						 
						
							2021-10-14 13:37:55 +01:00  
				
					
						
							
							
								 
						
							
								a5d72aa458 
								
							 
						 
						
							
							
								
								Fleshed out testing for OIDC system  
							
							
							
						 
						
							2021-10-13 16:51:27 +01:00  
				
					
						
							
							
								 
						
							
								c167f40af3 
								
							 
						 
						
							
							
								
								Renamed OIDC files to all be aligned  
							
							
							
						 
						
							2021-10-12 23:04:28 +01:00  
				
					
						
							
							
								 
						
							
								06a0d829c8 
								
							 
						 
						
							
							
								
								Added OIDC basic autodiscovery support  
							
							
							
						 
						
							2021-10-12 23:00:52 +01:00  
				
					
						
							
							
								 
						
							
								790723dfc5 
								
							 
						 
						
							
							
								
								Added further OIDC core class testing  
							
							
							
						 
						
							2021-10-12 16:48:54 +01:00  
				
					
						
							
							
								 
						
							
								f3d54e4a2d 
								
							 
						 
						
							
							
								
								Added positive test case for OIDC implementation  
							
							... 
							
							
							
							- To continue coverage and spec cases next. 
							
						 
						
							2021-10-12 00:01:51 +01:00  
				
					
						
							
							
								 
						
							
								6b182a435a 
								
							 
						 
						
							
							
								
								Got OIDC custom solution to a functional state  
							
							... 
							
							
							
							- Validation of all key/token elements now in place.
- Signing key system updated to work with jwk-style array or with
  file:// path to pem key. 
							
						 
						
							2021-10-11 23:00:45 +01:00  
				
					
						
							
							
								 
						
							
								8c01c55684 
								
							 
						 
						
							
							
								
								Added token and key handling elements for oidc jwt  
							
							... 
							
							
							
							- Got basic signing support and structure checking done.
- Need to run through actual claim checking before providing details
  back to app. 
							
						 
						
							2021-10-11 19:05:16 +01:00  
				
					
						
							
							
								 
						
							
								69301f7575 
								
							 
						 
						
							
							
								
								Merge pull request  #2965  from Haxatron/master  
							
							... 
							
							
							
							Update DOMPDF chroot directory 
							
						 
						
							2021-10-11 10:25:28 +01:00  
				
					
						
							
							
								 
						
							
								8ce696dff6 
								
							 
						 
						
							
							
								
								Started on a custom oidc oauth provider  
							
							
							
						 
						
							2021-10-10 19:14:08 +01:00  
				
					
						
							
							
								 
						
							
								b043257d9a 
								
							 
						 
						
							
							
								
								Update dompdf.php  
							
							... 
							
							
							
							base_path => public_path 
							
						 
						
							2021-10-10 01:06:08 +08:00  
				
					
						
							
							
								 
						
							
								ca764caf2d 
								
							 
						 
						
							
							
								
								Added throttling to password reset requests  
							
							
							
						 
						
							2021-10-08 23:19:37 +01:00  
				
					
						
							
							
								 
						
							
								543ea6ef71 
								
							 
						 
						
							
							
								
								Updated translator attribution before release v21.08.5  
							
							
							
						 
						
							2021-10-08 22:24:32 +01:00  
				
					
						
							
							
								 
						
							
								a9b3df537f 
								
							 
						 
						
							
							
								
								Applied changes from styleci  
							
							
							
						 
						
							2021-10-08 22:23:17 +01:00  
				
					
						
							
							
								 
						
							
								c2339ac9db 
								
							 
						 
						
							
							
								
								New Crowdin updates ( #2953 )  
							
							... 
							
							
							
							* New translations settings.php (Chinese Simplified)
* New translations entities.php (Slovak)
* New translations entities.php (Portuguese, Brazilian)
* New translations entities.php (Slovenian)
* New translations entities.php (Swedish)
* New translations entities.php (Turkish)
* New translations entities.php (Ukrainian)
* New translations entities.php (Chinese Simplified)
* New translations entities.php (Chinese Traditional)
* New translations entities.php (Indonesian)
* New translations entities.php (Portuguese)
* New translations entities.php (Persian)
* New translations entities.php (Spanish, Argentina)
* New translations entities.php (Croatian)
* New translations entities.php (Latvian)
* New translations entities.php (Bosnian)
* New translations entities.php (Norwegian Bokmal)
* New translations entities.php (Russian)
* New translations entities.php (Polish)
* New translations entities.php (Vietnamese)
* New translations entities.php (Danish)
* New translations entities.php (French)
* New translations entities.php (Spanish)
* New translations entities.php (Arabic)
* New translations entities.php (Bulgarian)
* New translations entities.php (Catalan)
* New translations entities.php (Czech)
* New translations entities.php (German)
* New translations entities.php (Dutch)
* New translations entities.php (Hebrew)
* New translations entities.php (Hungarian)
* New translations entities.php (Italian)
* New translations entities.php (Japanese)
* New translations entities.php (Korean)
* New translations entities.php (Lithuanian)
* New translations entities.php (German Informal)
* New translations entities.php (French)
* New translations entities.php (Spanish)
* New translations settings.php (Czech)
* New translations entities.php (Czech)
* New translations activities.php (Czech)
* New translations auth.php (Czech)
* New translations common.php (Czech)
* New translations validation.php (Czech)
* New translations entities.php (Portuguese)
* New translations settings.php (Portuguese)
* New translations entities.php (Portuguese)
* New translations activities.php (Portuguese)
* New translations auth.php (Portuguese)
* New translations common.php (Portuguese)
* New translations validation.php (Portuguese)
* New translations entities.php (Chinese Simplified)
* New translations entities.php (Chinese Simplified)
* New translations activities.php (Ukrainian)
* New translations activities.php (Ukrainian) 
							
						 
						
							2021-10-08 22:22:01 +01:00  
				
					
						
							
							
								 
						
							
								41541df6ec 
								
							 
						 
						
							
							
								
								Added testing to cover work done in last commit  
							
							... 
							
							
							
							Relevant to comments in 7224fbcc89 
							
						 
						
							2021-10-08 21:47:59 +01:00  
				
					
						
							
							
								 
						
							
								7224fbcc89 
								
							 
						 
						
							
							
								
								Added protections against path traversal in file system operations  
							
							... 
							
							
							
							- Files within the storage/ path could be accessed via path traversal
  references in content, accessed upon HTML export.
- This addresses this via two layers:
  - Scoped local flysystem filesystems down to the specific image &
    file folders since flysystem has built-in checking against the
    escaping of the root folder.
  - Added path normalization before enforcement of uploads/{images,file}
    prefix to prevent traversal at a path level.
Thanks to @Haxatron via huntr.dev for discovery and reporting.
Ref: https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a/  
							
						 
						
							2021-10-08 17:47:14 +01:00  
				
					
						
							
							
								 
						
							
								81d6b1b016 
								
							 
						 
						
							
							
								
								Fixed search query issues when table prefixes are used  
							
							... 
							
							
							
							- Old raw select query was causing bad select clause in query
  when table prefixes were active. 
							
						 
						
							2021-10-08 15:25:12 +01:00  
				
					
						
							
							
								 
						
							
								41ac69adb1 
								
							 
						 
						
							
							
								
								Forced response cache revalidation on logged-in responses  
							
							... 
							
							
							
							- Prevents authenticated responses being visible when back button
  pressed in browser.
- Previously, 'no-cache, private' was added by default by Symfony which
  would have prevents proxy cache issues but this adds no-store and a
  max-age option to also invalidate all caching.
Thanks to @haxatron via huntr.dev
Ref: https://huntr.dev/bounties/6cda9df9-4987-4e1c-b48f-855b6901ef53/  
							
						 
						
							2021-10-08 15:22:09 +01:00