Commit Graph

3469 Commits

Author SHA1 Message Date
Dan Brown 0ddd052818
Added missing comments or types
Checked over latest changes for potential SQL injection, all variable
usages are either (from trusted sourced AND case) or using
parameters/bindings to ensure it's handled at driver/lib level.
2021-11-09 15:13:15 +00:00
Dan Brown da17004c3e
Added test to cover search frquency rank changes 2021-11-09 15:05:02 +00:00
Dan Brown bc472ca2d7
Improved relation loading during search
Relations now loaded during back-end query phase instead of being lazy
loaded one-by-one within views.

Reduced queries in testing from ~60 to ~20.

Need to check other areas list-item.php's "showPath" option is used to
ensure relations are properly loaded for those listings.
2021-11-08 15:24:49 +00:00
Dan Brown b3e1c7da73
Applied styleci fixes and pluck improvement as per larastan 2021-11-08 15:00:47 +00:00
Dan Brown 7405613f8d
Added search term score popularity adjustment
Adds adjustment of search term 'score' (Using in result ranking) so that
a relative 0.3 to 1.3 mulitplier is applied based upon relative
popularity within the whole database. At this point the term popularity
is still done via a prefix match against the search term.

Uses a SUM(IF(cond, a, IF(cond, a, ...))) chain to produce the scoring
result in the select query.
2021-11-08 14:23:48 +00:00
Dan Brown b0b6f466c1
Reduced data retreived from database on page search 2021-11-08 11:41:14 +00:00
Dan Brown 9e0164f4f4
Further search system refactorings
- Moved search term querying to its own method.
- Updated Large content seeder to be more performant
2021-11-08 11:29:25 +00:00
Dan Brown e1b8fe45b0
Refactored search runner a little to be neater 2021-11-08 11:04:27 +00:00
Dan Brown f2b1d2e1e7
Applied latest StyleCI changes 2021-11-06 22:00:33 +00:00
Dan Brown 921e25e7e1
Merge pull request #3042 from BookStackApp/tags_view
Tag view
2021-11-06 21:59:34 +00:00
Dan Brown 899349c4b4
Added testing coverage for tag index
Also:
- Extracted out index table row to its own view.
- Added empty state.
- Ensured query params are set on pagination links.
2021-11-06 21:54:02 +00:00
Dan Brown f8f9e74992
Added links to tag page
- Added from books/shelves listings and within the tag-edit view for all
  entities.
2021-11-06 20:21:11 +00:00
Dan Brown 929c8312bd
Started build of tag view
- Created listing
- Allows drilldown to tag name
- Shows totals

Not yet covered via testing
2021-11-06 16:30:20 +00:00
Dan Brown 8d7c8ac8bf
Done a round of phpstan fixes 2021-11-06 00:32:01 +00:00
Dan Brown 5c6a6b50a0
Applied StyleCI changes, added php/larastan to attribution 2021-11-05 16:27:59 +00:00
Dan Brown bc291bee78
Added inital phpstan/larastan setup 2021-11-05 16:18:06 +00:00
Dan Brown d0aa10a8c3
Applied styleci changes 2021-11-05 00:28:41 +00:00
Dan Brown 06b5009842
Standardised laravel validation to be array based
Converted from string-only-based validation.
Array based validation works nicer once you have validation classess or
advanced validation options.
2021-11-05 00:26:55 +00:00
Dan Brown 0ba8541370
Updated npm deps 2021-11-04 23:07:36 +00:00
Dan Brown 22024df508
Merge branch 'master' of github.com:BookStackApp/BookStack 2021-11-04 22:58:15 +00:00
Dan Brown de5322288c
Applied latest styleci changes 2021-11-04 22:57:49 +00:00
Dan Brown 9542509584
New Crowdin updates (#3038)
Just crowdin aligning string quote styles
2021-11-04 22:57:04 +00:00
Dan Brown 1eed8d6325
Removed style in discord logo to prevent clash with twitter logo
Both were using the same class names causing a quadrant of the slack logo
to be the discord brand color.

Related to #3032
2021-11-04 22:52:35 +00:00
Dan Brown b9a58859a4
Merge branch 'modernize-3rd-party-service-logos' of https://github.com/na3shkw/BookStack into na3shkw-modernize-3rd-party-service-logos 2021-11-04 22:45:57 +00:00
Dan Brown c9c4dbcb5b
Merge branch 'laravel_upgrade' 2021-11-04 22:42:35 +00:00
Dan Brown 6f75aa9cdc
Reverted shift change to old migration 2021-11-04 22:38:55 +00:00
Dan Brown 9c680efaad
Updated php packages, Added php8.1 to GH actions 2021-11-04 22:29:36 +00:00
Dan Brown cccee0808f
Updated API examples with date format changes
Updated to full ISO-8601 to reflect change in Laravel 7.
2021-11-04 22:02:21 +00:00
Dan Brown 01cdbdb7ae
Updated version and assets for release v21.10.3 2021-11-01 13:31:10 +00:00
Dan Brown fc8bbf3eab
Merge branch 'master' into release 2021-11-01 13:30:36 +00:00
Dan Brown a17be959d8
Applied latest styleci changes 2021-11-01 13:26:02 +00:00
Dan Brown ce3f489188
Merge branch '3027_attachment_vuln' 2021-11-01 13:25:12 +00:00
Dan Brown f4201e5740
New Crowdin updates (#3023)
* New translations errors.php (Polish)

* New translations activities.php (Dutch)

* New translations auth.php (Dutch)

* New translations common.php (Dutch)

* New translations entities.php (Dutch)

* New translations auth.php (Dutch)

* New translations auth.php (Dutch)

* New translations auth.php (Dutch)

* New translations settings.php (Latvian)
2021-11-01 13:16:15 +00:00
na3shkw 7e2c1b31a1 Modernize third party services' logos 2021-11-01 12:41:23 +00:00
Dan Brown bfbccbede1
Updated attachments to not be saved with a complete extension
Intended to limit impact in the event the storage path is potentially
exposed.
2021-11-01 11:32:00 +00:00
Dan Brown 4360da03d4
Ran a pass through image and attachment routes
Added some stronger types, formatting changes and simplifications along
the way.
2021-11-01 11:17:30 +00:00
Dan Brown c7fea8fe08
Cleaned up logic within ImageRepo
- Moved out extension check to ImageService as that seems more relevant.
- Updated models to use static-style references instead of facade to align with common modern usage within the app.
- Updated custom image_extension validation rule to use shared logic in image service.
2021-11-01 00:24:42 +00:00
Dan Brown 43830a372f
Updated showImage file serving to not be traversable
For #3030
2021-10-31 23:53:17 +00:00
Dan Brown ae155d6745
Added safe mime sniffing to prevent serving HTML
(Amoung other content types)
For #3027
2021-10-31 17:58:56 +00:00
Dan Brown 5c834f24a6
Updated AzureAD provider to use microsoft graph
Since AzureAD graph is going away.
Tested using old AzureAD graph usage for backwards-compatbility, did not
seem to break things. Could not test with conditional access though due
to azure never enforcing it no matter what I attempted.

Fpr #3028
2021-10-31 13:09:30 +00:00
Dan Brown 98b23fd7ab
Moved from debugbar to clockwork 2021-10-30 22:03:36 +01:00
Dan Brown f139cded78
Laravel 8 shift squash & merge (#3029)
* Temporarily moved back config path
* Apply Laravel coding style
* Shift exception handler
* Shift HTTP kernel and middleware
* Shift service providers
* Convert options array to fluent methods
* Shift to class based routes
* Shift console routes
* Ignore temporary framework files
* Shift to class based factories
* Namespace seeders
* Shift PSR-4 autoloading
* Shift config files
* Default config files
* Shift Laravel dependencies
* Shift return type of base TestCase methods
* Shift cleanup
* Applied stylci style changes
* Reverted config files location
* Applied manual changes to Laravel 8 shift

Co-authored-by: Shift <shift@laravelshift.com>
2021-10-30 21:29:59 +01:00
Dan Brown 85dc8d9791
Updated sponsor link 2021-10-30 11:51:49 +01:00
Dan Brown 5fd10e695a
Added sponsors to readme, updated license file 2021-10-29 21:37:10 +01:00
Dan Brown 3cdab19319
Updated version and assets for release v21.10.2 2021-10-28 15:57:04 +01:00
Dan Brown 5661d20e87
Merge branch 'master' into release 2021-10-28 15:56:49 +01:00
Dan Brown e7bec79f25
New Crowdin updates (#3014)
* New translations entities.php (Estonian)

* New translations entities.php (Estonian)
2021-10-28 15:55:13 +01:00
Dan Brown 4f55fe2f8e
Made further changes to page image extraction validation
Fixes #3019
Increased testing to cover the failing case amoung others.
2021-10-28 15:54:00 +01:00
Dan Brown 91f80123e8
Merge branch 'master' into release 2021-10-27 12:35:00 +01:00
Dan Brown 7a0636d0f8
Updated version and assets for release v21.10.1 2021-10-27 12:31:40 +01:00