starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-05-04 18:08:46 +03:00
Code Issues 784 Packages Projects Releases 15 Wiki Activity
5,424 Commits 24 Branches 239 Tags
3ddfa9b94838a19840bee477e8cb017ff9804b34
Commit Graph

1211 Commits

Author SHA1 Message Date
Dan Brown
3ddfa9b948 Meta: Updated security info and fixed some tests/links 2026-04-30 00:32:27 +01:00
Dan Brown
55317039ac Meta: Converted GitHub references in codebase to Codeberg 2026-04-28 09:30:48 +01:00
Dan Brown
cc6e9e0546 CI: Attempt a more robust avif support check 2026-04-27 13:17:58 +01:00
Dan Brown
241563e8fc Exports: Added testing coverage for DOMPDF font usage 2026-04-22 13:12:34 +01:00
Dan Brown
426f9ac493 Permissions: Prevent export revision metadata view without permission 2026-04-19 16:23:16 +01:00
Dan Brown
e7e019d3d4 Permissions: Added testing coverage for revision-view-all 2026-04-19 15:56:54 +01:00
Dan Brown
18364d1e6e WYSIWYG: Added inline code support to minimal editor 
Used for comments and descriptions.
Also updated shortcut handling that we're not registering shortcuts for
edits which can't use the related formatting types.

For #6003
 2026-04-16 11:11:06 +01:00
Dan Brown
208629ee1f API: Some changes to tag API endpoints 
- Updated tag values endpoint to use query param instead of path
  argument, so a better range of values can be provided (including those
  with slashes).
- Updated image gallery example request to align with docs use changes.
 2026-04-14 12:03:29 +01:00
Dan Brown
346dc27979 API: Added testing to cover tags API endpoints 2026-04-14 11:31:34 +01:00
Dan Brown
93f84a81b2 Merge pull request #6083 from BookStackApp/better_plain_text 
New HTML to Plaintext handling
 2026-04-12 17:01:45 +01:00
Dan Brown
c7e2b487c1 Attachments: Aligned ZipExportAttachment link validation 
With controller routes.
Don't consider this as a security issue, since the filtered URLs
by that validation are very likely to be blocked by browser security
or CSP, and there's a level of assumed privilege to the users that
are able to create such attachments links already.

Closes #6093
 2026-04-12 15:17:31 +01:00
Dan Brown
4e3fa4822f Sort Rules: Added creation hints to sort rule selection 
To help direct/indicate how rules can be created.
For #5967
 2026-04-12 14:31:40 +01:00
Dan Brown
684a94c419 Theme Modules: Prevented zip-slip in new module extraction method 
Updated the new (development only) approach which could result in
zip-slip causing trouble. This adds path normalisation, and testing to
cover.
 2026-04-11 18:49:34 +01:00
Dan Brown
5fbaab4740 Theme modules: Allowed cross-origin redirects on download 
With a prompt to the user to confirm they trust the origin.
For #6066
Added tests to cover.
 2026-04-11 17:23:11 +01:00
Dan Brown
3d9d5fef51 Theme Modules: Updated install command to handle nested folder 
Theme module ZIPs will now support their files being in a single nested
directory within a ZIP, to support common ZIP structure approaches.
Added test to cover.
For #6066
 2026-04-11 15:04:53 +01:00
Dan Brown
5e78dc6ed5 Maintenance: Updated PHPStan to Level 4 (#6085) 2026-04-08 21:03:20 +01:00
Dan Brown
abed4eae0c Exports: Updated plaintext export to use new converter 2026-04-05 17:51:19 +01:00
Dan Brown
c7d3775bb9 Plain text: Created a new HTML to plain text converter 
To centralise logic to be more consistent, and to have smarter logic
which avoids just following newline format from input, preventing
smushing HTML elements (like list elements) next to eachother
 2026-04-05 00:05:10 +01:00
Dan Brown
5763d26b17 Updated registration to use validated input instead of all 2026-03-19 21:29:30 +00:00
Dan Brown
8a59895ba0 Merge branch 'sec_chapter_export' into development 2026-03-17 10:41:51 +00:00
Dan Brown
a9ffd3e0c7 Responses: Added extra sanitization for download names 
From testing, don't think this could exploited directly, as the response
would error instead of allowing control characters, but this adds an
extra layer of sanitization, and switches to encoded disposition
filenames for better UTF8 support.
 2026-03-16 18:28:44 +00:00
Dan Brown
49df47836e Merge pull request #6057 from BookStackApp/v25-12 
V25.12 changes v3
 2026-03-15 12:51:02 +00:00
Dan Brown
f4c9d2b049 Exports: Fixed scope of pages in chapter MD export 
Added tests to cover children of all MD exports
 2026-03-13 13:35:28 +00:00
Dan Brown
6e7cc169d1 Preferences: Updated return redirect with better origin checks 
As suggested by Alex Dan in their security report.
 2026-03-10 18:31:51 +00:00
Dan Brown
404e67afbc Page Revisions: Added testing coverage to basic diffing 2026-03-10 17:47:07 +00:00
Dan Brown
6d64262a61 Revision Diffs: Added filtering post-diff render 2026-03-10 15:03:43 +00:00
Dan Brown
151823b84e Theme Modules: Added easier way to insert HTML head content 2026-03-08 10:26:00 +00:00
Dan Brown
27240be499 Theme System: Added new page-content focused events 
Closes #6049
 2026-03-06 12:40:22 +00:00
Dan Brown
d0d1bb9829 Merge pull request #6035 from BookStackApp/v25-12 
Merge further v25-12 changes into development
 2026-03-06 10:26:41 +00:00
Dan Brown
f2f76a3c56 Modules: Improved install command based on testing 
- Updated output to be clearer
- Added warning and confirmation to local install flow
- Adjusted module folder name creation
 2026-03-06 09:28:46 +00:00
Dan Brown
ec3dd856db Mail: Set domain for EHLO based upon the APP_URL 
For #5990
 2026-02-28 18:46:05 +00:00
Dan Brown
10c46534e0 Logical Theme: Added OIDC_AUTH_PRE_REDIRECT event 
Allows customization of the auth URL before the user is redirected
to that URL.
Related to #6014
 2026-02-27 09:34:33 +00:00
Dan Brown
9a12e3a8b7 Book API: Added shelves list to show endpoint 
For #6006
Added test to cover.
 2026-02-24 10:25:17 +00:00
Dan Brown
7aef0a48b3 Content: Updated filters to allow some required attributes 
- Allows target attribute on links.
- Allows custom mention attribute on links.

Adds test case to cover these.
For #6034
 2026-02-23 08:08:44 +00:00
Dan Brown
1077a4efd0 Merge branch 'v25-12' into development 2026-02-21 13:59:29 +00:00
Dan Brown
229a99ba24 Descriptions: Improved empty field handling, reduces whitespace 
For #5724
 2026-02-20 14:22:54 +00:00
Dan Brown
8e99fc6783 Books: On delete, redirect to shelf if in context 
For #6029
Added tests to cover
 2026-02-20 11:23:26 +00:00
Dan Brown
80204518a2 Page Content: Better handling for empty content filtering 
For #6028
 2026-02-19 23:25:00 +00:00
Dan Brown
a8d96fd389 Content filter: Allowed custom diagram attribute in allow-list 
For #6026
 2026-02-18 19:33:35 +00:00
Dan Brown
9646339933 Testing: Addressed failing tests and static checks 2026-02-17 11:31:47 +00:00
Dan Brown
5d547fcf4c Deps: Updated PHP packages 
Also fixed test namespace
 2026-02-17 09:44:56 +00:00
Dan Brown
826b36c985 Editors: Added HTML filtering in certain loading conditions 
When loaded via ajax for draft revert live in editor, or when loaded
into the editor by a different user.
 2026-02-16 15:50:54 +00:00
Dan Brown
3fa1174e7a Content filtering: Updated config and readme attribution 2026-02-16 13:46:45 +00:00
Dan Brown
50e8501027 Content Filter: Added extra object filtering 
Was blocked by CSP anyway, but best to have an extra layer.
 2026-02-16 13:02:24 +00:00
Dan Brown
8a221f64e4 Content Filtering: Covered new config options and filters with tests 2026-02-16 10:11:48 +00:00
Dan Brown
035be66ebc Content: Updated tests and CSP usage of content script setting 
Updates CSP to use new content_filtering option.
Splits out content filtering tests to their own class.
Updated tests where needed to adapt to changes.
 2026-02-15 18:44:14 +00:00
Dan Brown
5e12b678c7 Merge pull request #5998 from BookStackApp/further_theme_development 
Further theme system developments
 2026-02-09 13:34:15 +00:00
Dan Brown
a20438b901 Theme System: Fixed theme view before/after issues 
- Updated the system to work with modules.
- Updated module docs to consider namespacing.
- Fixed view loading and registration event ordering.
- Fixed checking if views are registered.
 2026-02-07 23:01:13 +00:00
Dan Brown
9d3d0a4a07 Theme Modules: Added testing coverage for install command 2026-02-05 21:57:12 +00:00
Dan Brown
120ee38383 Theme Modules: Added testing coverage 2026-02-01 17:31:21 +00:00