193e2ffebe 
								
							 
						 
						
							
							
								
								Prevent dbl exts. on img upload, Randomized attachment upload names  
							
							
							
						 
						
							2019-03-24 19:08:21 +00:00  
				
					
						
							
							
								 
						
							
								f5fe524e6c 
								
							 
						 
						
							
							
								
								Added extension whitelist for image uploads  
							
							... 
							
							
							
							- A continuation of the security issues addressed in v0.25.3 
							
						 
						
							2019-03-21 19:43:15 +00:00  
				
					
						
							
							
								 
						
							
								37b91b6b0e 
								
							 
						 
						
							
							
								
								Hardened image file validation by removing custom validation  
							
							... 
							
							
							
							- Added test to check PHP files cannot be uploaded as an image. 
							
						 
						
							2019-03-20 23:59:55 +00:00  
				
					
						
							
							
								 
						
							
								44c537de1a 
								
							 
						 
						
							
							
								
								Performed some LDAP service/test cleanup  
							
							
							
						 
						
							2019-03-10 10:54:19 +00:00  
				
					
						
							
							
								 
						
							
								6bccf0e64a 
								
							 
						 
						
							
							
								
								Merge branch 'feature-ldap-attributes' of git://github.com/dfanara/BookStack into dfanara-feature-ldap-attributes  
							
							
							
						 
						
							2019-03-10 10:31:09 +00:00  
				
					
						
							
							
								 
						
							
								042a6f9760 
								
							 
						 
						
							
							
								
								Updated shelf menu item to show on custom permission  
							
							... 
							
							
							
							- Extended new 'userCanOnAny' helper to take a entity class for
filtering.
Closes  #1201  
							
						 
						
							2019-03-09 21:15:45 +00:00  
				
					
						
							
							
								 
						
							
								5c9b528517 
								
							 
						 
						
							
							
								
								Abstracted userCanCreatePage helper to work for any permisison  
							
							... 
							
							
							
							- Added test to cover scenario where someone with create-own permission
would want to copy a viewable item into a container entity that they
own. 
							
						 
						
							2019-03-09 16:50:22 +00:00  
				
					
						
							
							
								 
						
							
								6d20bdc1fb 
								
							 
						 
						
							
							
								
								Preserve original display_name_attribute configuration values.  
							
							
							
						 
						
							2019-03-09 01:13:30 -05:00  
				
					
						
							
							
								 
						
							
								502ea608bf 
								
							 
						 
						
							
							
								
								Issue  #1306  - Unit Tests for LdapService Changes  
							
							
							
						 
						
							2019-03-09 01:08:49 -05:00  
				
					
						
							
							
								 
						
							
								0e0a17cc30 
								
							 
						 
						
							
							
								
								Prevented page text content includes  
							
							... 
							
							
							
							Avoids possible permission issues where included content shown in search or preview
where the user would not normally have permission to view the included content.
Closes  #1178  
							
						 
						
							2019-01-05 17:18:40 +00:00  
				
					
						
							
							
								 
						
							
								50e5527483 
								
							 
						 
						
							
							
								
								Added test to cover "users" header link in correct permission conditions  
							
							
							
						 
						
							2019-01-05 15:22:47 +00:00  
				
					
						
							
							
								 
						
							
								70ad707c3c 
								
							 
						 
						
							
							
								
								Tweaked profile page anchor links and swapped register/login links  
							
							... 
							
							
							
							Also added test for login/register links on non-auth app view
Relates to #1146  
							
						 
						
							2019-01-05 15:01:16 +00:00  
				
					
						
							
							
								 
						
							
								a2087fe3ff 
								
							 
						 
						
							
							
								
								Made delete permissions a requirement for move operations  
							
							... 
							
							
							
							Closes  #1200  
						
							2019-01-05 14:39:40 +00:00  
				
					
						
							
							
								 
						
							
								2317bf2350 
								
							 
						 
						
							
							
								
								Added check for last admin on role change  
							
							... 
							
							
							
							Will show error message if last admin and admin role is removed.
Closes  #1124 
Also cleaned up user controller a little. 
							
						 
						
							2018-12-30 16:11:58 +00:00  
				
					
						
							
							
								 
						
							
								68017e2553 
								
							 
						 
						
							
							
								
								Added testing for avatar fetching systems & config  
							
							... 
							
							
							
							Abstracts imageservice http interaction.
Closes  #1193  
							
						 
						
							2018-12-23 15:34:38 +00:00  
				
					
						
							
							
								 
						
							
								f4ea5f1f55 
								
							 
						 
						
							
							
								
								Updated page exports to use absolute time format  
							
							... 
							
							
							
							For #1065  
							
						 
						
							2018-12-22 16:35:04 +00:00  
				
					
						
							
							
								 
						
							
								26ec1cc3dc 
								
							 
						 
						
							
							
								
								Added proper escaping to LDAP filter operations  
							
							... 
							
							
							
							To cover #1163  
							
						 
						
							2018-12-20 20:04:09 +00:00  
				
					
						
							
							
								 
						
							
								651ae2f3be 
								
							 
						 
						
							
							
								
								Fixed failing language test after addition of formatter  
							
							
							
						 
						
							2018-12-16 15:46:02 +00:00  
				
					
						
							
							
								 
						
							
								323bff7d6d 
								
							 
						 
						
							
							
								
								Extended translations system for arrays & extension  
							
							... 
							
							
							
							Extended the base Laravel translation system to
allow a locale to be based upon another.
Also adds functionality to take base & fallback locales into account when fetching
an array of translations.
Related to work done in #1159  
							
						 
						
							2018-12-12 20:46:27 +00:00  
				
					
						
							
							
								 
						
							
								178b5af83a 
								
							 
						 
						
							
							
								
								Added google select_account test  
							
							... 
							
							
							
							Also cleaned the function naming a little to be more descriptive of the
work they do. 
							
						 
						
							2018-11-10 14:52:43 +00:00  
				
					
						
							
							
								 
						
							
								ffc1aa873e 
								
							 
						 
						
							
							
								
								Merge branch 'v0.24-dev'  
							
							
							
						 
						
							2018-11-04 15:36:40 +00:00  
				
					
						
							
							
								 
						
							
								19b7093438 
								
							 
						 
						
							
							
								
								Fixed redirect issue when custom app url in use  
							
							... 
							
							
							
							Fixes  #956  & #1048 
Also added tests to cover this url logic.
Also removed debugbar during tests to maybe improve test speed. 
						
							2018-11-04 15:18:27 +00:00  
				
					
						
							
							
								 
						
							
								85f330c79a 
								
							 
						 
						
							
							
								
								Extracted many page-specific repo methods into page-specific repo  
							
							
							
						 
						
							2018-10-13 11:27:55 +01:00  
				
					
						
							
							
								 
						
							
								919660678b 
								
							 
						 
						
							
							
								
								Re-structured the app code to be feature based rather than code type based  
							
							
							
						 
						
							2018-09-25 12:30:50 +01:00  
				
					
						
							
							
								 
						
							
								9243c635f2 
								
							 
						 
						
							
							
								
								Made search test a little more consistent  
							
							
							
						 
						
							2018-09-23 15:15:44 +01:00  
				
					
						
							
							
								 
						
							
								7b32aa163f 
								
							 
						 
						
							
							
								
								Added Bookshelves to search system.  
							
							... 
							
							
							
							Also cleaned up and made search indexing system a little more efficient.
Closes  #1023  
							
						 
						
							2018-09-23 12:34:30 +01:00  
				
					
						
							
							
								 
						
							
								da58c41ab6 
								
							 
						 
						
							
							
								
								Prevented attachDefaultRole from trying to re-attach if already existing  
							
							... 
							
							
							
							Fixes  #1003 
Added test to cover 
						
							2018-09-22 22:09:34 +01:00  
				
					
						
							
							
								 
						
							
								3f58800ed1 
								
							 
						 
						
							
							
								
								Added ability to configure revision limit  
							
							
							
						 
						
							2018-09-22 17:30:42 +01:00  
				
					
						
							
							
								 
						
							
								1cb6ae39c8 
								
							 
						 
						
							
							
								
								Added base RTL support  
							
							... 
							
							
							
							For #939 
- Adds way to check if current language is RTL via config system.
- Made TinyMCE default direction be based on current language text
direction.
- Fixed bullet points to be RTL compatible.
- Set page content body to have direction based on content. 
							
						 
						
							2018-09-22 13:18:26 +01:00  
				
					
						
							
							
								 
						
							
								e3e484e561 
								
							 
						 
						
							
							
								
								Added custom head content to exports  
							
							... 
							
							
							
							Closes  #981 
Also fixed incorrect download tests. 
						
							2018-09-22 11:53:40 +01:00  
				
					
						
							
							
								 
						
							
								e60d11ee04 
								
							 
						 
						
							
							
								
								Altered social auto-reg to be configurable per service  
							
							... 
							
							
							
							- Added {$service}_AUTO_REGISTER and {$service}_AUTO_CONFIRM_EMAIL env
options for each social auth system.
- Auto-register will allow registration from login, even if registration
is disabled.
- Auto-confirm-email indicates trust and will mark new registrants as
'email_confirmed' and skip 'confirmation email' flow.
- Also added covering tests. 
							
						 
						
							2018-09-21 18:05:06 +01:00  
				
					
						
							
							
								 
						
							
								131fcae4c7 
								
							 
						 
						
							
							
								
								Merge pull request  #947  from BookStackApp/bookshelves  
							
							... 
							
							
							
							Bookshelves 
							
						 
						
							2018-09-21 15:29:52 +01:00  
				
					
						
							
							
								 
						
							
								c8d893fac7 
								
							 
						 
						
							
							
								
								Updated 404 test to not fail based on random long name  
							
							
							
						 
						
							2018-09-21 15:24:29 +01:00  
				
					
						
							
							
								 
						
							
								b59e5942c8 
								
							 
						 
						
							
							
								
								Added testing coverage for Bookshelves  
							
							... 
							
							
							
							Created modified TestResponse so we can use DOM operations in new
Testcases as we move away from the BrowserKit tests. 
							
						 
						
							2018-09-21 15:15:16 +01:00  
				
					
						
							
							
								 
						
							
								81eb642f75 
								
							 
						 
						
							
							
								
								Added bookshelves homepage options  
							
							... 
							
							
							
							- Updated homepage selection UI to be more scalable
- Cleaned homepage selection logic in code
- Added seed test data for bookshelves
- Added bookshelves to permission system 
							
						 
						
							2018-09-20 15:27:30 +01:00  
				
					
						
							
							
								 
						
							
								08b967607f 
								
							 
						 
						
							
							
								
								Changes as per code review, and fixes failing test cases.  
							
							... 
							
							
							
							Signed-off-by: Abijeet <abijeetpatro@gmail.com> 
							
						 
						
							2018-09-16 20:44:09 +05:30  
				
					
						
							
							
								 
						
							
								0c8b6b7324 
								
							 
						 
						
							
							
								
								Final tweaks after code review and fixing failing test cases.  
							
							
							
						 
						
							2018-09-16 01:12:36 +05:30  
				
					
						
							
							
								 
						
							
								54ca4487fa 
								
							 
						 
						
							
							
								
								Adds tests and few fixes.  
							
							... 
							
							
							
							Signed-off-by: Abijeet <abijeetpatro@gmail.com> 
							
						 
						
							2018-09-15 21:05:51 +05:30  
				
					
						
							
							
								 
						
							
								098128aafb 
								
							 
						 
						
							
							
								
								Added test to cover new language autodetect config option  
							
							
							
						 
						
							2018-08-12 13:34:14 +01:00  
				
					
						
							
							
								 
						
							
								f421d83627 
								
							 
						 
						
							
							
								
								Added ability to set custom ldap group -> role mapping  
							
							... 
							
							
							
							Added input in role form to allow matching against custom names.
Changed default mapping to use role display name instead of the hidden
DB name. 
							
						 
						
							2018-07-15 19:34:42 +01:00  
				
					
						
							
							
								 
						
							
								17bca662a7 
								
							 
						 
						
							
							
								
								Added tests to cover ldap group mapping  
							
							... 
							
							
							
							Also updated .env.example formatting.
Updated how LdapRepo uses Ldap so can be mocked by testing. 
							
						 
						
							2018-07-15 17:57:25 +01:00  
				
					
						
							
							
								 
						
							
								2bcc159fd6 
								
							 
						 
						
							
							
								
								Allowed creating pages in visible chapters in invisible books  
							
							... 
							
							
							
							Fixes permissions with test to cover in the event a page is created,
with permission, in a chapter but the user does not have permission to
see the parent book.
Fixes  #912  
							
						 
						
							2018-07-14 14:12:29 +01:00  
				
					
						
							
							
								 
						
							
								6b84a76af1 
								
							 
						 
						
							
							
								
								Merge branch 'drawing_updates'  
							
							
							
						 
						
							2018-05-27 19:42:25 +01:00  
				
					
						
							
							
								 
						
							
								2bd6ba9895 
								
							 
						 
						
							
							
								
								Added maintenance view with image-cleanup  
							
							
							
						 
						
							2018-05-27 19:40:07 +01:00  
				
					
						
							
							
								 
						
							
								61c9324229 
								
							 
						 
						
							
							
								
								Removed old image versions test  
							
							
							
						 
						
							2018-05-20 17:12:44 +01:00  
				
					
						
							
							
								 
						
							
								13ad0031d6 
								
							 
						 
						
							
							
								
								Drawings now generate revisions, not replace  
							
							... 
							
							
							
							Updated drawing update test to accomodate.
Image deletion system now takes revisions into account. 
							
						 
						
							2018-05-13 17:41:35 +01:00  
				
					
						
							
							
								 
						
							
								47cb99a2d6 
								
							 
						 
						
							
							
								
								Added test cases.  
							
							... 
							
							
							
							Signed-off-by: Abijeet <abijeetpatro@gmail.com> 
							
						 
						
							2018-05-12 13:07:28 +05:30  
				
					
						
							
							
								 
						
							
								eb5069ca66 
								
							 
						 
						
							
							
								
								Attempted to fix failing time-based test  
							
							
							
						 
						
							2018-04-22 20:06:46 +01:00  
				
					
						
							
							
								 
						
							
								67e0c3d2a5 
								
							 
						 
						
							
							
								
								Improved export base64 encoding of images  
							
							... 
							
							
							
							Now will use set storage mechanism to find image files.
Fixes  #786 
Added test to cover 
							
						 
						
							2018-04-22 12:23:43 +01:00  
				
					
						
							
							
								 
						
							
								cdb1c7ef88 
								
							 
						 
						
							
							
								
								Added destination permission checking to entity move  
							
							
							
						 
						
							2018-04-14 18:47:13 +01:00