colin
/
bookstack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,430 Commits 1 Branch 0 Tags 48 MiB
Commit Graph

11 Commits

Author SHA1 Message Date
Dan Brown 349162ea13
Prevented possible XSS via link attachments 
This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.
 2020-10-31 15:01:52 +00:00
Dan Brown 140298bd96
Updated to Laravel 5.8 2019-09-13 23:58:40 +01:00
Dan Brown 213e9d2941
Upgraded to Laravel 5.6 2019-09-06 22:14:39 +01:00
Dan Brown 79f6dc00a3
Change image-selector to not use manager 
- Now changes the images directly for user, system & cover.
- Extra permission checks added to edit & delete actions.
 2019-05-04 15:50:29 +01:00
Dan Brown 9879a0d12c
Added helper text for no_double_extension validation 2019-03-24 19:40:45 +00:00
Dan Brown f5fe524e6c
Added extension whitelist for image uploads 
- A continuation of the security issues addressed in v0.25.3
 2019-03-21 19:43:15 +00:00
Dan Brown 37b91b6b0e
Hardened image file validation by removing custom validation 
- Added test to check PHP files cannot be uploaded as an image.
 2019-03-20 23:59:55 +00:00
abijeet 9dba9ca178 Fixes tooltip on the image manager. 
Fixes #1186
 2019-01-27 19:43:31 +05:30
Dan Brown 86a00a59d4
Created sketchy translation formatter script 
Compares a translation file to a EN version to
place translations on matching line numbers and matches
up comments.
 2018-12-14 21:23:05 +00:00
Dan Brown 573357a08c
Extracted text from logic files 2016-12-04 16:51:39 +00:00
Dan Brown eaa1765c7a Initial commit 2015-07-12 20:01:42 +01:00