f333db8e4f
Added control-upon-access of the default favicon.ico file
2023-02-09 21:16:27 +00:00
da42fc7457
Added default favicon creation upon access.
2023-02-09 20:57:35 +00:00
48f1934387
Updated favicon gen to use png-based ICO
...
From testing, worked on Firefox, Chrome, Gnome Web
2023-02-09 17:47:33 +00:00
2845e0003e
Got favicons better supported, can't get transparency right
...
Digging deeper, I don't think PHPGD supports 32bit bmp output which
complicates matters.
2023-02-09 15:14:41 +00:00
1a189640f1
Integrated favicon handler with correct files & actions
...
Format does not look 100% correct though, won't show in Firefox/gimp.
2023-02-09 13:24:43 +00:00
420f89af99
Built custom favicon.ico file creator
...
Followed wikipedia-defined ICO file format info, and used with
Intervention's good bmp support, to create a working proof-of-concept.
2023-02-08 23:06:42 +00:00
da1a66abd3
Extracted test file handling to its own class
...
Closes #3995
2023-02-08 14:39:13 +00:00
5e8ec56196
Fixed issues found from tests
2023-02-06 20:41:33 +00:00
9ca088a4e2
Fixed static analysis issues
2023-02-06 20:00:44 +00:00
3c658e39ab
Extracted app icon text, fixed issues
...
Tweaked sizes and meta tags based unpon ipad testing.
Fixed reduced sizes not being cleaned up.
2023-01-25 16:11:34 +00:00
55b6a7842e
Added ability to control app icon (favicon) via settings
2023-01-25 11:03:19 +00:00
1660e72cc5
Migrated remaining relation permission usages
...
Now all tests are passing.
Some level of manual checks to do.
2023-01-24 19:04:32 +00:00
d2260b234c
Fixed app logo visibility with secure_restricted images
...
Includes test to cover.
For #3827
2022-11-10 14:15:59 +00:00
8a749c6acf
Added and ran PHPCS
2022-09-18 01:25:20 +01:00
7f8b3eff5a
Fixed failing tests due to shelf text changes, applied styleci changes
2022-09-02 14:47:44 +01:00
c76b5e2ec4
Fixed local_secure_restricted preventing attachment uploads
...
Due to option name change and therefore lack of handling.
Added test case to cover.
2022-09-02 14:40:17 +01:00
092b6d6378
Added test and handling for local_secure_restricted in exports
2022-09-02 14:21:43 +01:00
27ac122502
Started work on local_secure_restricted image option
2022-09-01 16:17:14 +01:00
d4a119b2aa
Fixed disabling of avatar urls, Removed id from gravatar image name
...
Included test to cover avatar url disabling.
Related to #1835
2022-07-26 12:10:19 +01:00
afe1a04239
Aligned permission applicator method names
...
Also removed lesser used function, that was mostly a duplicate of an
existing function, and only used for search.
2022-07-16 19:54:25 +01:00
b0a4d3d059
Renamed and cleaned up existing permission service classes use
2022-07-12 20:15:41 +01:00
abc283fc64
Extracted download response logic to its own class
...
Cleans up base controller and groups up download & streaming logic for
potential future easier addition of range request support.
2022-06-08 23:50:42 +01:00
2b0ae23da0
Updated composer deps, applied latest StyleCI changes
2022-04-24 18:22:40 +01:00
cb770c534d
Added streamed uploads for attachments
2022-04-02 18:46:48 +01:00
82e8b1577e
Updated attachment download responses to stream from filesystem
...
This allows download of attachments that are larger than current memory
limits, since we're not loading the entire file into memory any more.
For inline file responses, we take a 1kb portion of the file to sniff
before to check mime before we proceed.
2022-04-02 18:07:43 +01:00
b5281bc9ca
Fixed tests, applied StyleCI changes
2022-03-26 20:38:03 +00:00
55d61fceb2
Added manual image thumbnail exif orientation handling
...
Uses original image data to extract orientation exif to apply image
transformations before scaling and save. Manually done due to issues
with exif data loss during the existing Invervention image path.
For #1854
2022-03-26 12:32:08 +00:00
1a26b47782
Applied latest styleCI changes
2022-01-06 12:18:11 +00:00
31f1dca8a8
Added detection and thumbnail bypass for apng images
...
Adds apng sniffing when generating thumbnails with retained ratios to
serve the original image files, as we do for GIF images, to prevent
the image being resized to a static version.
Is more tricky than GIF since apng file mimes and extensions
are the same as png, we have to detect part of the file header
to sniff the type. Means we have to sniff at a later stage
than GIF since we have to load the image file data.
Made some changes to the image thubmnail caching while doing
this work to fit in with this handling.
Added test to cover.
For #3136 .
2022-01-04 13:10:35 +00:00
024924eef3
Applied another round of static analysis updates
2021-11-22 23:33:55 +00:00
85154fff69
Added an env configurable file upload size limit
...
Replaces the old suggestion of setting JS head 'window.uploadLimit'
variable. This new env option will be used by back-end validation and
front-end libs/logic too.
Limits already likely exist within prod environments at a PHP and
webserver level but this allows an app-level limit and centralises the
option on the BookStack side into the .env
Closes #3033
2021-11-14 22:03:22 +00:00
8d7c8ac8bf
Done a round of phpstan fixes
2021-11-06 00:32:01 +00:00
bc291bee78
Added inital phpstan/larastan setup
2021-11-05 16:18:06 +00:00
c9c4dbcb5b
Merge branch 'laravel_upgrade'
2021-11-04 22:42:35 +00:00
a17be959d8
Applied latest styleci changes
2021-11-01 13:26:02 +00:00
bfbccbede1
Updated attachments to not be saved with a complete extension
...
Intended to limit impact in the event the storage path is potentially
exposed.
2021-11-01 11:32:00 +00:00
4360da03d4
Ran a pass through image and attachment routes
...
Added some stronger types, formatting changes and simplifications along
the way.
2021-11-01 11:17:30 +00:00
c7fea8fe08
Cleaned up logic within ImageRepo
...
- Moved out extension check to ImageService as that seems more relevant.
- Updated models to use static-style references instead of facade to align with common modern usage within the app.
- Updated custom image_extension validation rule to use shared logic in image service.
2021-11-01 00:24:42 +00:00
43830a372f
Updated showImage file serving to not be traversable
...
For #3030
2021-10-31 23:53:17 +00:00
f139cded78
Laravel 8 shift squash & merge ( #3029 )
...
* Temporarily moved back config path
* Apply Laravel coding style
* Shift exception handler
* Shift HTTP kernel and middleware
* Shift service providers
* Convert options array to fluent methods
* Shift to class based routes
* Shift console routes
* Ignore temporary framework files
* Shift to class based factories
* Namespace seeders
* Shift PSR-4 autoloading
* Shift config files
* Default config files
* Shift Laravel dependencies
* Shift return type of base TestCase methods
* Shift cleanup
* Applied stylci style changes
* Reverted config files location
* Applied manual changes to Laravel 8 shift
Co-authored-by: Shift <shift@laravelshift.com>
2021-10-30 21:29:59 +01:00
4f55fe2f8e
Made further changes to page image extraction validation
...
Fixes #3019
Increased testing to cover the failing case amoung others.
2021-10-28 15:54:00 +01:00
f77236aa38
Laravel 7.x Shift ( #3011 )
...
* Apply Laravel coding style
* Shift bindings
* Shift core files
* Shift to Throwable
* Add laravel/ui dependency
* Shift Eloquent methods
* Shift config files
* Shift Laravel dependencies
* Shift cleanup
* Shift test config and references
* Applied styleci changes
* Applied fixes post shift to laravel 7
Co-authored-by: Shift <shift@laravelshift.com>
2021-10-26 22:04:18 +01:00
64937ab826
Update ImageRepo.php
...
fix image validation vulnerability
2021-10-26 09:39:16 +08:00
859934d6a3
Applied latest changes from styleCI
2021-10-20 10:49:45 +01:00
60d4c5902b
Added attachment API examples during manual testing
2021-10-20 10:43:03 +01:00
2409d1850f
Added TestCase for attachments API methods
2021-10-20 00:58:56 +01:00
32f6ea946f
Build out core attachments API controller
...
Related to #2942
2021-10-18 17:46:55 +01:00
cb45c53029
Added base64 image extraction to markdown page content
...
- Included tests to cover.
- Manually tested via API update and interface page update.
Closes #2898
2021-10-18 11:42:50 +01:00
a9b3df537f
Applied changes from styleci
2021-10-08 22:23:17 +01:00
7224fbcc89
Added protections against path traversal in file system operations
...
- Files within the storage/ path could be accessed via path traversal
references in content, accessed upon HTML export.
- This addresses this via two layers:
- Scoped local flysystem filesystems down to the specific image &
file folders since flysystem has built-in checking against the
escaping of the root folder.
- Added path normalization before enforcement of uploads/{images,file}
prefix to prevent traversal at a path level.
Thanks to @Haxatron via huntr.dev for discovery and reporting.
Ref: https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a/
2021-10-08 17:47:14 +01:00
Dan Brown
Haxatron