starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-02-23 19:07:16 +03:00
Code Issues 784 Packages Projects Releases 14 Wiki Activity
5,782 Commits 15 Branches 232 Tags
release
Commit Graph

5782 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dan Brown
1db1083064 Updated version and assets for release v25.12.7 v25.12.7 2026-02-19 23:34:11 +00:00
Dan Brown
664eb6d980 Merge branch 'v25-12' into release 2026-02-19 23:32:47 +00:00
Dan Brown
80204518a2 Page Content: Better handling for empty content filtering 
For #6028
 2026-02-19 23:25:00 +00:00
Dan Brown
7528bc19b7 Updated version and assets for release v25.12.6 v25.12.6 2026-02-18 19:50:09 +00:00
Dan Brown
6854687d7c Merge branch 'v25-12' into release 2026-02-18 19:49:03 +00:00
Dan Brown
a8d96fd389 Content filter: Allowed custom diagram attribute in allow-list 
For #6026
 2026-02-18 19:33:35 +00:00
Dan Brown
9d15c79fee Deps: Updated PHP package versions 2026-02-18 19:24:06 +00:00
Dan Brown
ad540a015f Updated version and assets for release v25.12.5 v25.12.5 2026-02-17 18:38:13 +00:00
Dan Brown
f54f507854 Merge branch 'v25-12' into release 2026-02-17 18:37:11 +00:00
Dan Brown
e1de1f0583 git: Added old purifier location to gitignore 2026-02-17 18:34:14 +00:00
Dan Brown
a2017ffa55 Caching: Altered purifier cache folder to be server-created 
Moved from a static folder to a dynamically created folder in the
framework/cache directory, to increase the chance that it's created with
server-writable permissions.
This is due to an issue where users had permission issues, since adding
a new folder means it's created by the git user and often
non-web-writable.
 2026-02-17 18:22:13 +00:00
Dan Brown
f484fbc110 Updated version and assets for release v25.12.4 v25.12.4 2026-02-17 11:40:21 +00:00
Dan Brown
299d3b3149 Merge branch 'v25-12' into release 2026-02-17 11:39:12 +00:00
Dan Brown
9646339933 Testing: Addressed failing tests and static checks 2026-02-17 11:31:47 +00:00
Dan Brown
e4383765e1 Meta: Updated licenses and config wording 2026-02-17 11:00:37 +00:00
Dan Brown
5d547fcf4c Deps: Updated PHP packages 
Also fixed test namespace
 2026-02-17 09:44:56 +00:00
Dan Brown
826b36c985 Editors: Added HTML filtering in certain loading conditions 
When loaded via ajax for draft revert live in editor, or when loaded
into the editor by a different user.
 2026-02-16 15:50:54 +00:00
Dan Brown
3fa1174e7a Content filtering: Updated config and readme attribution 2026-02-16 13:46:45 +00:00
Dan Brown
50e8501027 Content Filter: Added extra object filtering 
Was blocked by CSP anyway, but best to have an extra layer.
 2026-02-16 13:02:24 +00:00
Dan Brown
8a221f64e4 Content Filtering: Covered new config options and filters with tests 2026-02-16 10:11:48 +00:00
Dan Brown
035be66ebc Content: Updated tests and CSP usage of content script setting 
Updates CSP to use new content_filtering option.
Splits out content filtering tests to their own class.
Updated tests where needed to adapt to changes.
 2026-02-15 18:44:14 +00:00
Dan Brown
227027fc45 Content: Updated purifier and content caching 
- Updated page content cache to use app version in cache key
- Moved purifier cache into framework to better work with existing
  expected folders.
- Added app version check to purifier so that it will reset its own
  cache on app version change.
 2026-02-15 16:46:09 +00:00
Dan Brown
0f040fe8b1 Content: Tuned HTML purifier for our use 
Tested it with a range of supported, including uncommon, content types
and added support, or changed config, where needed.
Been through docs for all HTMLPurifier options to assess what's
relevant.
 2026-02-15 16:17:03 +00:00
Dan Brown
10ebe53bd9 Page Content: Added more complex & configurable content filtering 
- Added new option to control parts of the filter.
- Added whitelist filtering pass via HTMLPurifier.
 2026-02-13 14:14:28 +00:00
Dan Brown
7abc269316 Updated version and assets for release v25.12.3 v25.12.3 2026-01-29 15:19:46 +00:00
Dan Brown
f0cf4bd0f8 Merge branch 'development' into release 2026-01-29 15:18:47 +00:00
Dan Brown
46dcc30bf7 Updated translator & dependency attribution before release v25.12.3 2026-01-29 15:18:06 +00:00
Dan Brown
9f7d3b55dd Updated translations with latest Crowdin changes (#5997) 2026-01-29 15:11:40 +00:00
Dan Brown
3e5e88dc87 Deps: Updated PHP package versions via composer 2026-01-29 14:57:05 +00:00
Dan Brown
c77a0fdff3 Page Content: Added form elements to filtering 
Added and updated tests to cover.

Also updated API auth to a narrower focus of existing session instead of also existing user auth.
This is mainly for tests, to ensure they're following the session
process we'd see for activity in the UI.
 2026-01-29 14:54:08 +00:00
Dan Brown
6a63b38bb3 API: Prevented non-GET requests when using cookie-based auth 
Added test to cover.
 2026-01-29 03:37:16 +00:00
Dan Brown
ed4baed28c Updated version and assets for release v25.12.2 v25.12.2 2026-01-24 13:57:12 +00:00
Dan Brown
90d011fc15 Merge branch 'development' into release 2026-01-24 13:54:51 +00:00
Dan Brown
ff59bbdc07 Updated translator & dependency attribution before release v25.12.2 2026-01-24 13:53:55 +00:00
Dan Brown
4dc443b7df Updated translations with latest Crowdin changes (#5970) 2026-01-22 17:53:58 +00:00
Dan Brown
19f02d927e Deps: Updated PHP package versions 2026-01-22 17:39:26 +00:00
Dan Brown
da7bedd2e4 Sponsors: Added Onyx 2026-01-13 13:23:54 +00:00
Dan Brown
20db372596 Merge branch 'development' of github.com:BookStackApp/BookStack into development 2026-01-07 11:10:55 +00:00
Dan Brown
43eed1660c Meta: Updated dev version, license year, crowdin config 
Added Id to crowdin config for compatibility with upcoming change to
crowdin CLI process after switch to codeberg
 2026-01-07 11:09:39 +00:00
Dan Brown
e6b754fad0 Merge pull request #5969 from shaoliang123456/fix/git-safe-directory-in-docker 
Git 2.35+ may refuse to operate on bind-mounted repos with differing ownership ("dubious ownership"), Mark /app as safe within the container.
 2026-01-03 17:56:52 +00:00
leon
018de5def3 fix: Configure safe directory for git in dockerfile 2025-12-31 16:20:52 +08:00
leon
5c4fc3dc2c fix: Docker: Add 
git safe.directory config for bind-mounted repos.Mark
 /app as safe directory to handle Git 2.35+ ownership
 checks in Docker containers.
 2025-12-31 11:53:22 +08:00
Dan Brown
805fd98c0f Updated version and assets for release v25.12.1 v25.12.1 2025-12-30 17:19:10 +00:00
Dan Brown
fcbae16730 Merge branch 'development' into release 2025-12-30 17:18:06 +00:00
Dan Brown
07ec880e33 Testing: Updated search tests to consider new limits 2025-12-30 17:09:26 +00:00
Dan Brown
ab436ed5c3 Updated translations with latest Crowdin changes (#5962) 2025-12-30 16:32:21 +00:00
Dan Brown
082befb2fc Updated PHP packages and translators pre v25.12.1 2025-12-30 16:16:39 +00:00
Dan Brown
b0a8cb0c5d Merge pull request #5968 from BookStackApp/limits 
Add some additional resource-based limits
 2025-12-30 16:14:04 +00:00
Dan Brown
b08d1b36de Search: Set limits on the amount of search terms 
Sets some reasonable limits, which are higher when logged in since that
infers a little extra trust.
Helps prevent against large resource consuption attacks via super heavy
search queries.

Thanks to Gabriel Rodrigues AKA TEXUGO for reporting.
 2025-12-30 13:32:14 +00:00
Dan Brown
88d86df66f ZIP Exports: Added limit to ZIP file size before extraction 
Checks files within the ZIP again the app upload file limit
before using/streaming/extracting, to help ensure that they do no exceed
what might be expected on that instance, and to prevent disk exhaustion
via things like super high compression ratio files.

Thanks to Jeong Woo Lee (eclipse07077-ljw) for reporting.
 2025-12-29 23:08:18 +00:00