starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-05-04 18:08:46 +03:00
Code Issues 784 Packages Projects Releases 15 Wiki Activity
5,388 Commits 24 Branches 239 Tags
c7e2b487c14133ef3fa62321fb226501a0f3fc88
Commit Graph

5388 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dan Brown
c7e2b487c1 Attachments: Aligned ZipExportAttachment link validation 
With controller routes.
Don't consider this as a security issue, since the filtered URLs
by that validation are very likely to be blocked by browser security
or CSP, and there's a level of assumed privilege to the users that
are able to create such attachments links already.

Closes #6093
 2026-04-12 15:17:31 +01:00
Dan Brown
4e3fa4822f Sort Rules: Added creation hints to sort rule selection 
To help direct/indicate how rules can be created.
For #5967
 2026-04-12 14:31:40 +01:00
Dan Brown
684a94c419 Theme Modules: Prevented zip-slip in new module extraction method 
Updated the new (development only) approach which could result in
zip-slip causing trouble. This adds path normalisation, and testing to
cover.
 2026-04-11 18:49:34 +01:00
Dan Brown
c3c8577f05 Merge pull request #6094 from BookStackApp/module_command_updates 
Install Module Command Updates
 2026-04-11 17:38:34 +01:00
Dan Brown
5fbaab4740 Theme modules: Allowed cross-origin redirects on download 
With a prompt to the user to confirm they trust the origin.
For #6066
Added tests to cover.
 2026-04-11 17:23:11 +01:00
Dan Brown
3d9d5fef51 Theme Modules: Updated install command to handle nested folder 
Theme module ZIPs will now support their files being in a single nested
directory within a ZIP, to support common ZIP structure approaches.
Added test to cover.
For #6066
 2026-04-11 15:04:53 +01:00
Dan Brown
5e78dc6ed5 Maintenance: Updated PHPStan to Level 4 (#6085) 2026-04-08 21:03:20 +01:00
Dan Brown
c33853ed84 Maintenance: Updated NPM packages (#6090) 
* Maintenance: Updated NPM packages

Includes typescript update to 6. Needed to update some typescript config
to align with actual module environment used and built by esbuild.

* Maintenance: Fixed testing issues after NPM dep version changes

* Maintenance: Updated JS test workflow step version

* Maintenance: Updated approach used for TS config in jest config
 2026-04-08 21:02:20 +01:00
Dan Brown
e033578fea Updated translator & dependency attribution before release v26.03.3 2026-04-05 22:43:15 +01:00
Dan Brown
a7dd998ac9 Updated translations with latest Crowdin changes (#6067) 2026-04-05 22:29:00 +01:00
Dan Brown
b9d650785a Deps: Updated PHP package versions 2026-04-05 22:28:27 +01:00
Dan Brown
25790fd024 Merge branch 'sec_26_03_2' into development 2026-03-23 11:24:07 +00:00
Dan Brown
1763ac550b Meta: Updated translators pre v26.03.2 release 2026-03-23 10:08:38 +00:00
Dan Brown
fd6867e577 Updated translations with latest Crowdin changes (#6064) 2026-03-23 10:05:51 +00:00
Dan Brown
5ebc1fe3b0 Deps: Updated PHP package versions pre v26.03.2 release 2026-03-22 17:22:13 +00:00
Dan Brown
a44756168d WYSIWYG: Aligned double click to set label for details functionality 
Aligned the behaviour across the WYSIWYG editors, and also for nested
details blocks (which wasn't working in the TinyMCE implementation).

Closes #6059
 2026-03-22 17:20:36 +00:00
Dan Brown
fa1dc162bd Update PHP_CodeSniffer repository link (#6060) 2026-03-21 17:13:43 +00:00
Dan Brown
5763d26b17 Updated registration to use validated input instead of all 2026-03-19 21:29:30 +00:00
Rodrigo Primo
04dd9f8e19 Update PHP_CodeSniffer repository link 2026-03-17 17:21:01 -03:00
Dan Brown
0120b475eb Deps: Updated PHP deps pre v26.03.1 2026-03-17 10:59:11 +00:00
Dan Brown
8a59895ba0 Merge branch 'sec_chapter_export' into development 2026-03-17 10:41:51 +00:00
Dan Brown
a9ffd3e0c7 Responses: Added extra sanitization for download names 
From testing, don't think this could exploited directly, as the response
would error instead of allowing control characters, but this adds an
extra layer of sanitization, and switches to encoded disposition
filenames for better UTF8 support.
 2026-03-16 18:28:44 +00:00
Dan Brown
4f18fea086 Deps: Updated PHP deps pre v26.03 release 2026-03-15 13:17:48 +00:00
Dan Brown
362859ac23 Updated translator & dependency attribution before release v26.03 2026-03-15 13:14:54 +00:00
Dan Brown
7cbfd72920 Merge pull request #6007 from BookStackApp/l10n_development 
Updated translations with latest Crowdin changes
 2026-03-15 12:58:05 +00:00
Dan Brown
49df47836e Merge pull request #6057 from BookStackApp/v25-12 
V25.12 changes v3
 2026-03-15 12:51:02 +00:00
Dan Brown
f4c9d2b049 Exports: Fixed scope of pages in chapter MD export 
Added tests to cover children of all MD exports
 2026-03-13 13:35:28 +00:00
Dan Brown
60a3b0c0ac API examples: Updated books-read to include shelf info 2026-03-12 17:04:36 +00:00
Dan Brown
5f5fea7c83 Deps: Bumped PHP packages before release 2026-03-12 10:52:12 +00:00
Dan Brown
6e7cc169d1 Preferences: Updated return redirect with better origin checks 
As suggested by Alex Dan in their security report.
 2026-03-10 18:31:51 +00:00
Dan Brown
6216c89f82 Packages: Updated PHP package versions 2026-03-10 17:48:12 +00:00
Dan Brown
404e67afbc Page Revisions: Added testing coverage to basic diffing 2026-03-10 17:47:07 +00:00
Dan Brown
6d64262a61 Revision Diffs: Added filtering post-diff render 2026-03-10 15:03:43 +00:00
Dan Brown
151823b84e Theme Modules: Added easier way to insert HTML head content 2026-03-08 10:26:00 +00:00
Dan Brown
27240be499 Theme System: Added new page-content focused events 
Closes #6049
 2026-03-06 12:40:22 +00:00
Dan Brown
d0d1bb9829 Merge pull request #6035 from BookStackApp/v25-12 
Merge further v25-12 changes into development
 2026-03-06 10:26:41 +00:00
Dan Brown
7d0237c798 NPM Deps: Updated package versions 
Fixed SCSS if deprecations
Fixed new eslint detected issues
 2026-03-06 10:25:27 +00:00
Dan Brown
f2f76a3c56 Modules: Improved install command based on testing 
- Updated output to be clearer
- Added warning and confirmation to local install flow
- Adjusted module folder name creation
 2026-03-06 09:28:46 +00:00
Dan Brown
ec3dd856db Mail: Set domain for EHLO based upon the APP_URL 
For #5990
 2026-02-28 18:46:05 +00:00
Dan Brown
25ed242f61 Deps: Updated PHP package versions 2026-02-27 10:09:41 +00:00
Dan Brown
10c46534e0 Logical Theme: Added OIDC_AUTH_PRE_REDIRECT event 
Allows customization of the auth URL before the user is redirected
to that URL.
Related to #6014
 2026-02-27 09:34:33 +00:00
Dan Brown
dd42b9b43f Text: Updated per-page display limits description 
To be more sensible & direct as per MtheBird's suggestion.
Closes #6005
 2026-02-27 08:54:12 +00:00
Dan Brown
9a12e3a8b7 Book API: Added shelves list to show endpoint 
For #6006
Added test to cover.
 2026-02-24 10:25:17 +00:00
Dan Brown
7aef0a48b3 Content: Updated filters to allow some required attributes 
- Allows target attribute on links.
- Allows custom mention attribute on links.

Adds test case to cover these.
For #6034
 2026-02-23 08:08:44 +00:00
Dan Brown
6808292c90 Editors: Made drawings appear clickiable via cursor 
During review of #5864
 2026-02-21 16:00:14 +00:00
Dan Brown
c10b0fd5b9 Merge branch 'patch-1' of github.com:lublak/BookStack into lublak-patch-1 2026-02-21 15:52:25 +00:00
Dan Brown
1077a4efd0 Merge branch 'v25-12' into development 2026-02-21 13:59:29 +00:00
Dan Brown
23f3f35f6b Readme: Updated sponsors 2026-02-21 13:56:50 +00:00
Dan Brown
229a99ba24 Descriptions: Improved empty field handling, reduces whitespace 
For #5724
 2026-02-20 14:22:54 +00:00
Dan Brown
8e99fc6783 Books: On delete, redirect to shelf if in context 
For #6029
Added tests to cover
 2026-02-20 11:23:26 +00:00