c732970f6e 
								
							 
						 
						
							
							
								
								Hardened page content script escaping  
							
							... 
							
							
							
							Increased range of tests to cover.
Fixes  #1531  
							
						 
						
							2019-07-10 20:17:22 +01:00  
				
					
						
							
							
								 
						
							
								3ad1b42a74 
								
							 
						 
						
							
							
								
								Updated page delete to handle inactive custom homepage correctly  
							
							... 
							
							
							
							Fixes  #1447  
						
							2019-05-27 12:40:19 +01:00  
				
					
						
							
							
								 
						
							
								35e6635379 
								
							 
						 
						
							
							
								
								Fixed chapter description not showing in book exports  
							
							... 
							
							
							
							Closes  #1465  
						
							2019-05-25 15:21:02 +01:00  
				
					
						
							
							
								 
						
							
								8ae35f645a 
								
							 
						 
						
							
							
								
								Fixed faulty baseUrl rewrites  
							
							... 
							
							
							
							Fixes  #1452 
May help #1377  
						
							2019-05-19 16:25:05 +01:00  
				
					
						
							
							
								 
						
							
								896f88174a 
								
							 
						 
						
							
							
								
								Updated page navigation logic to ignore empty headers  
							
							... 
							
							
							
							Fixes  #1429  
						
							2019-05-15 21:02:11 +01:00  
				
					
						
							
							
								 
						
							
								97ffbaa740 
								
							 
						 
						
							
							
								
								Fixed issue where books titles could be leaked via shelf home view  
							
							... 
							
							
							
							- Also added test to cover
Fixes  #1425  
							
						 
						
							2019-05-07 22:42:48 +01:00  
				
					
						
							
							
								 
						
							
								ad542f0407 
								
							 
						 
						
							
							
								
								Prevented potential inline JS event usage  
							
							... 
							
							
							
							- Removes 'on*' attributes from elements.
- Also updated script logic to remove scripts instead of escaping.
- All JS injection removal now uses DomDocument + xpath parsing. 
							
						 
						
							2019-05-05 13:53:37 +01:00  
				
					
						
							
							
								 
						
							
								8c190324ac 
								
							 
						 
						
							
							
								
								Updated existing image tests to reflect changes  
							
							... 
							
							
							
							- Also added some new tests 
							
						 
						
							2019-05-04 18:11:19 +01:00  
				
					
						
							
							
								 
						
							
								aeb1fc4d49 
								
							 
						 
						
							
							
								
								Started rewriting back-end image managment  
							
							
							
						 
						
							2019-04-21 15:52:29 +01:00  
				
					
						
							
							
								 
						
							
								4e49d06182 
								
							 
						 
						
							
							
								
								Merge branch 'fix/registraion-form-validation' of git://github.com/cw1998/BookStack into cw1998-fix/registraion-form-validation  
							
							
							
						 
						
							2019-04-21 12:24:39 +01:00  
				
					
						
							
							
								 
						
							
								2bb06463d5 
								
							 
						 
						
							
							
								
								Added deeper content id de-duplication  
							
							... 
							
							
							
							Closes  #1393  
						
							2019-04-21 12:22:41 +01:00  
				
					
						
							
							
								 
						
							
								0bc5ccba32 
								
							 
						 
						
							
							
								
								Add revision restore confirm and changed http method  
							
							... 
							
							
							
							Closes  #1321  
						
							2019-04-20 13:25:16 +01:00  
				
					
						
							
							
								 
						
							
								6c66a8935a 
								
							 
						 
						
							
							
								
								Added test to check page HTML id de-duplication  
							
							... 
							
							
							
							Relates to #1393  
							
						 
						
							2019-04-20 13:01:56 +01:00  
				
					
						
							
							
								 
						
							
								c24764018a 
								
							 
						 
						
							
							
								
								Updated ldap server option parsing to work with protocol and port  
							
							... 
							
							
							
							- Aligns with PHP behaviour where ports is ignore for full LDAP URI.
- Added tests to check format being passed to LDAP is as expected.
- May be related to #1220 
- Related to #1386  and #1278  
							
						 
						
							2019-04-16 22:47:53 +01:00  
				
					
						
							
							
								 
						
							
								c8cf6731e2 
								
							 
						 
						
							
							
								
								Add min length validation on name on register form & add sign up link  
							
							
							
						 
						
							2019-04-16 12:18:51 +01:00  
				
					
						
							
							
								 
						
							
								c380c10d54 
								
							 
						 
						
							
							
								
								Prevented bad duplicate IDs causing major exception  
							
							... 
							
							
							
							Related to #1393  
							
						 
						
							2019-04-15 21:20:32 +01:00  
				
					
						
							
							
								 
						
							
								7f3f6e65b9 
								
							 
						 
						
							
							
								
								Aligned item creation wording and updated shelf-book-add logic  
							
							
							
						 
						
							2019-04-15 20:45:04 +01:00  
				
					
						
							
							
								 
						
							
								50a9c71de0 
								
							 
						 
						
							
							
								
								Add tests for creating a book and adding directly to a shelf  
							
							
							
						 
						
							2019-04-15 09:27:17 +01:00  
				
					
						
							
							
								 
						
							
								faa3a8b842 
								
							 
						 
						
							
							
								
								Add button to add a book directly from a shelf view  
							
							
							
						 
						
							2019-04-15 09:27:17 +01:00  
				
					
						
							
							
								 
						
							
								9406b4d4c9 
								
							 
						 
						
							
							
								
								Updated view toggle to store date  
							
							... 
							
							
							
							Also added test for user list order preferences 
							
						 
						
							2019-04-14 13:01:51 +01:00  
				
					
						
							
							
								 
						
							
								b12ae6d11b 
								
							 
						 
						
							
							
								
								Added bookshelves to breadcrumbs  
							
							... 
							
							
							
							- Updated breadcrumb dropdown switchers and back-end sibling code to handle new breadcrumbs.
- Added breadcrumb view composer and EntityContext system to mangage
tracking if in the context of a bookshelf. 
							
						 
						
							2019-04-07 18:28:11 +01:00  
				
					
						
							
							
								 
						
							
								7cda9b026e 
								
							 
						 
						
							
							
								
								Updated tests to suit layout changes, Updated 404 page  
							
							... 
							
							
							
							- Also replaced 'or' usage in templates with null coalescing operator 
							
						 
						
							2019-04-06 18:36:17 +01:00  
				
					
						
							
							
								 
						
							
								193e2ffebe 
								
							 
						 
						
							
							
								
								Prevent dbl exts. on img upload, Randomized attachment upload names  
							
							
							
						 
						
							2019-03-24 19:08:21 +00:00  
				
					
						
							
							
								 
						
							
								f5fe524e6c 
								
							 
						 
						
							
							
								
								Added extension whitelist for image uploads  
							
							... 
							
							
							
							- A continuation of the security issues addressed in v0.25.3 
							
						 
						
							2019-03-21 19:43:15 +00:00  
				
					
						
							
							
								 
						
							
								37b91b6b0e 
								
							 
						 
						
							
							
								
								Hardened image file validation by removing custom validation  
							
							... 
							
							
							
							- Added test to check PHP files cannot be uploaded as an image. 
							
						 
						
							2019-03-20 23:59:55 +00:00  
				
					
						
							
							
								 
						
							
								44c537de1a 
								
							 
						 
						
							
							
								
								Performed some LDAP service/test cleanup  
							
							
							
						 
						
							2019-03-10 10:54:19 +00:00  
				
					
						
							
							
								 
						
							
								6bccf0e64a 
								
							 
						 
						
							
							
								
								Merge branch 'feature-ldap-attributes' of git://github.com/dfanara/BookStack into dfanara-feature-ldap-attributes  
							
							
							
						 
						
							2019-03-10 10:31:09 +00:00  
				
					
						
							
							
								 
						
							
								042a6f9760 
								
							 
						 
						
							
							
								
								Updated shelf menu item to show on custom permission  
							
							... 
							
							
							
							- Extended new 'userCanOnAny' helper to take a entity class for
filtering.
Closes  #1201  
							
						 
						
							2019-03-09 21:15:45 +00:00  
				
					
						
							
							
								 
						
							
								5c9b528517 
								
							 
						 
						
							
							
								
								Abstracted userCanCreatePage helper to work for any permisison  
							
							... 
							
							
							
							- Added test to cover scenario where someone with create-own permission
would want to copy a viewable item into a container entity that they
own. 
							
						 
						
							2019-03-09 16:50:22 +00:00  
				
					
						
							
							
								 
						
							
								6d20bdc1fb 
								
							 
						 
						
							
							
								
								Preserve original display_name_attribute configuration values.  
							
							
							
						 
						
							2019-03-09 01:13:30 -05:00  
				
					
						
							
							
								 
						
							
								502ea608bf 
								
							 
						 
						
							
							
								
								Issue  #1306  - Unit Tests for LdapService Changes  
							
							
							
						 
						
							2019-03-09 01:08:49 -05:00  
				
					
						
							
							
								 
						
							
								0e0a17cc30 
								
							 
						 
						
							
							
								
								Prevented page text content includes  
							
							... 
							
							
							
							Avoids possible permission issues where included content shown in search or preview
where the user would not normally have permission to view the included content.
Closes  #1178  
							
						 
						
							2019-01-05 17:18:40 +00:00  
				
					
						
							
							
								 
						
							
								50e5527483 
								
							 
						 
						
							
							
								
								Added test to cover "users" header link in correct permission conditions  
							
							
							
						 
						
							2019-01-05 15:22:47 +00:00  
				
					
						
							
							
								 
						
							
								70ad707c3c 
								
							 
						 
						
							
							
								
								Tweaked profile page anchor links and swapped register/login links  
							
							... 
							
							
							
							Also added test for login/register links on non-auth app view
Relates to #1146  
							
						 
						
							2019-01-05 15:01:16 +00:00  
				
					
						
							
							
								 
						
							
								a2087fe3ff 
								
							 
						 
						
							
							
								
								Made delete permissions a requirement for move operations  
							
							... 
							
							
							
							Closes  #1200  
						
							2019-01-05 14:39:40 +00:00  
				
					
						
							
							
								 
						
							
								2317bf2350 
								
							 
						 
						
							
							
								
								Added check for last admin on role change  
							
							... 
							
							
							
							Will show error message if last admin and admin role is removed.
Closes  #1124 
Also cleaned up user controller a little. 
							
						 
						
							2018-12-30 16:11:58 +00:00  
				
					
						
							
							
								 
						
							
								68017e2553 
								
							 
						 
						
							
							
								
								Added testing for avatar fetching systems & config  
							
							... 
							
							
							
							Abstracts imageservice http interaction.
Closes  #1193  
							
						 
						
							2018-12-23 15:34:38 +00:00  
				
					
						
							
							
								 
						
							
								f4ea5f1f55 
								
							 
						 
						
							
							
								
								Updated page exports to use absolute time format  
							
							... 
							
							
							
							For #1065  
							
						 
						
							2018-12-22 16:35:04 +00:00  
				
					
						
							
							
								 
						
							
								26ec1cc3dc 
								
							 
						 
						
							
							
								
								Added proper escaping to LDAP filter operations  
							
							... 
							
							
							
							To cover #1163  
							
						 
						
							2018-12-20 20:04:09 +00:00  
				
					
						
							
							
								 
						
							
								651ae2f3be 
								
							 
						 
						
							
							
								
								Fixed failing language test after addition of formatter  
							
							
							
						 
						
							2018-12-16 15:46:02 +00:00  
				
					
						
							
							
								 
						
							
								323bff7d6d 
								
							 
						 
						
							
							
								
								Extended translations system for arrays & extension  
							
							... 
							
							
							
							Extended the base Laravel translation system to
allow a locale to be based upon another.
Also adds functionality to take base & fallback locales into account when fetching
an array of translations.
Related to work done in #1159  
							
						 
						
							2018-12-12 20:46:27 +00:00  
				
					
						
							
							
								 
						
							
								178b5af83a 
								
							 
						 
						
							
							
								
								Added google select_account test  
							
							... 
							
							
							
							Also cleaned the function naming a little to be more descriptive of the
work they do. 
							
						 
						
							2018-11-10 14:52:43 +00:00  
				
					
						
							
							
								 
						
							
								ffc1aa873e 
								
							 
						 
						
							
							
								
								Merge branch 'v0.24-dev'  
							
							
							
						 
						
							2018-11-04 15:36:40 +00:00  
				
					
						
							
							
								 
						
							
								19b7093438 
								
							 
						 
						
							
							
								
								Fixed redirect issue when custom app url in use  
							
							... 
							
							
							
							Fixes  #956  & #1048 
Also added tests to cover this url logic.
Also removed debugbar during tests to maybe improve test speed. 
						
							2018-11-04 15:18:27 +00:00  
				
					
						
							
							
								 
						
							
								85f330c79a 
								
							 
						 
						
							
							
								
								Extracted many page-specific repo methods into page-specific repo  
							
							
							
						 
						
							2018-10-13 11:27:55 +01:00  
				
					
						
							
							
								 
						
							
								919660678b 
								
							 
						 
						
							
							
								
								Re-structured the app code to be feature based rather than code type based  
							
							
							
						 
						
							2018-09-25 12:30:50 +01:00  
				
					
						
							
							
								 
						
							
								9243c635f2 
								
							 
						 
						
							
							
								
								Made search test a little more consistent  
							
							
							
						 
						
							2018-09-23 15:15:44 +01:00  
				
					
						
							
							
								 
						
							
								7b32aa163f 
								
							 
						 
						
							
							
								
								Added Bookshelves to search system.  
							
							... 
							
							
							
							Also cleaned up and made search indexing system a little more efficient.
Closes  #1023  
							
						 
						
							2018-09-23 12:34:30 +01:00  
				
					
						
							
							
								 
						
							
								da58c41ab6 
								
							 
						 
						
							
							
								
								Prevented attachDefaultRole from trying to re-attach if already existing  
							
							... 
							
							
							
							Fixes  #1003 
Added test to cover 
						
							2018-09-22 22:09:34 +01:00  
				
					
						
							
							
								 
						
							
								3f58800ed1 
								
							 
						 
						
							
							
								
								Added ability to configure revision limit  
							
							
							
						 
						
							2018-09-22 17:30:42 +01:00