Added a central URLFilter class to check & clean URLs used for
attachments, which is also used for validation, and by the purifier to
standardise protocols (and to make protocol config easier in future).
Thanks to mfk25 for reporting.
Upstream libraries used did not specifically treat values in srcset as
URIs like other attributes, so this adds a simple filter for possible
bad values.
Updated tests to cover.
Thanks for Gurmandeep Deol for reporting.
- Fixed issues picked up by PHPStan updates.
- Not sure why it was flagging the BookSorter issue, but swapping if
statements made it go away.
- Updated BookSortMapItem with modern syntax.
- Attempted to fix CI issues by adding DOM extension.
- Attempted to make migration CI more efficient via tmpfs
This is to reduce the amount of content which will be logged, since
these messages don't really indicate an actual system error but advise
the user of something which went wrong with their request.
Avoids providing responses with potential sensitive attachment info
before permission checks.
Added tests to cover.
Thanks to Rafael Castilho for reporting.
Updated allow list/purifier system to only allow file protocol use on
anchor hrefs to avoid potential security concerns with, after export,
content being auto loaded via interactive elements like
embeds/objects/videos etc...
Updated tests to cover.
Thanks to Gurmandeep Deol at Seneca Polytechnic for reporting.
## Details
<!-- Write details of your pull request in here -->
<!-- Include references to any relevant issues/discussions -->
## Checklist
<!-- Put an 'x' in between the brackets below to confirm these elements -->
- [ ] I have read the [BookStack community rules](https://www.bookstackapp.com/about/community-rules/).
- [ ] This PR does not feature significant use of LLM/AI generation as per the community rules above.
Co-authored-by: Crowdin Bot <support+bot@crowdin.com>
Reviewed-on: https://codeberg.org/bookstack/bookstack/pulls/6139
- Removed unused import
- Added some trailing newlines to code files
- Prevented <hr>s confusing logic in MD editor
- Aligned logic to select end of header across editors
Think it would primariy use the created_at ordering based in the
relation which could cause trouble in CI test environment.
This better forces Id based ordering
- Removed extra non-needed docs in repo
- Tweaked some wording.
- Added extra test scenarios.
- Added options to phpunit default env.
- Added auto-quote-handling for unsafe-inline CSS rule.
For #6033
Adds validation that the related page exists, is visible, and that the
user has page edit permissions for the page.
Aligns with attachment permission model, and aligns across different
image endpoints.
Added tests to cover.
Closes#6126
Updates list handling so that you can break out of a list (or move down
a level) via enter on an existing empty list item at any point in the
list, not just the end.
Added test to cover.
Improved the ability to set/use block formats in lists.
Setting a format, will now attempt to create that, if just plain text to
start with, when in a list.
Added handling so that blocks split into new list elements instead of
new blocks within the list element.
Also fixed some issues with cyclic import references, and updated editor
event types to always include their type for easier debug.
- Set z-index so toolbars for deeper (more specific) content is bought
forward above more general toolbars.
- Added some basic overlap checking as an indicator to whether the
toolbar should sit above the target.