starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-05-04 18:08:46 +03:00
Code Issues 784 Packages Projects Releases 15 Wiki Activity
5,405 Commits 24 Branches 239 Tags
ec0b0384a20f10a5ec44197a3fd5ca8f9fc543aa
Commit Graph

5405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dan Brown
ec0b0384a2 Permissions: Tweaks/fixed during review of revision-view-all changes 2026-04-19 16:06:31 +01:00
Dan Brown
e7e019d3d4 Permissions: Added testing coverage for revision-view-all 2026-04-19 15:56:54 +01:00
Dan Brown
1339f668eb Permissions: Added revision-view-all addition migration 2026-04-19 15:32:10 +01:00
Dan Brown
befa3a8fbb Permissions: Started addition of revision-view permission 2026-04-19 12:41:11 +01:00
Dan Brown
083fb1a600 Maintenance: Updated $request->get instance to use input 2026-04-18 20:43:27 +01:00
Dan Brown
a2bb5bdf10 Meta: Updated COC, templates, PR template for community rules 
Added reference to new community rules page where sensible.
 2026-04-17 21:22:04 +01:00
Dan Brown
e274a5fa4e Merge pull request #6100 from BookStackApp/wysiwyg_minimal_inline_code 
WYSIWYG: Added inline code support to minimal editor
 2026-04-16 11:25:19 +01:00
Dan Brown
18364d1e6e WYSIWYG: Added inline code support to minimal editor 
Used for comments and descriptions.
Also updated shortcut handling that we're not registering shortcuts for
edits which can't use the related formatting types.

For #6003
 2026-04-16 11:11:06 +01:00
Dan Brown
0760e677b2 Merge pull request #6095 from BookStackApp/tags_api 
API:  New tag endpoints
 2026-04-14 12:22:56 +01:00
Dan Brown
208629ee1f API: Some changes to tag API endpoints 
- Updated tag values endpoint to use query param instead of path
  argument, so a better range of values can be provided (including those
  with slashes).
- Updated image gallery example request to align with docs use changes.
 2026-04-14 12:03:29 +01:00
Dan Brown
346dc27979 API: Added testing to cover tags API endpoints 2026-04-14 11:31:34 +01:00
Dan Brown
1c1ad1d1b7 Tags API: Reviewed docs and added examples 2026-04-12 20:45:18 +01:00
Dan Brown
f14fc68b66 API: Added new tags API endpoints 2026-04-12 18:26:00 +01:00
Dan Brown
93f84a81b2 Merge pull request #6083 from BookStackApp/better_plain_text 
New HTML to Plaintext handling
 2026-04-12 17:01:45 +01:00
Dan Brown
4feb50e7ee Attachments: Aligned attachment validation a little more 2026-04-12 15:29:00 +01:00
Dan Brown
c7e2b487c1 Attachments: Aligned ZipExportAttachment link validation 
With controller routes.
Don't consider this as a security issue, since the filtered URLs
by that validation are very likely to be blocked by browser security
or CSP, and there's a level of assumed privilege to the users that
are able to create such attachments links already.

Closes #6093
 2026-04-12 15:17:31 +01:00
Dan Brown
4e3fa4822f Sort Rules: Added creation hints to sort rule selection 
To help direct/indicate how rules can be created.
For #5967
 2026-04-12 14:31:40 +01:00
Dan Brown
684a94c419 Theme Modules: Prevented zip-slip in new module extraction method 
Updated the new (development only) approach which could result in
zip-slip causing trouble. This adds path normalisation, and testing to
cover.
 2026-04-11 18:49:34 +01:00
Dan Brown
c3c8577f05 Merge pull request #6094 from BookStackApp/module_command_updates 
Install Module Command Updates
 2026-04-11 17:38:34 +01:00
Dan Brown
5fbaab4740 Theme modules: Allowed cross-origin redirects on download 
With a prompt to the user to confirm they trust the origin.
For #6066
Added tests to cover.
 2026-04-11 17:23:11 +01:00
Dan Brown
3d9d5fef51 Theme Modules: Updated install command to handle nested folder 
Theme module ZIPs will now support their files being in a single nested
directory within a ZIP, to support common ZIP structure approaches.
Added test to cover.
For #6066
 2026-04-11 15:04:53 +01:00
Dan Brown
5e78dc6ed5 Maintenance: Updated PHPStan to Level 4 (#6085) 2026-04-08 21:03:20 +01:00
Dan Brown
c33853ed84 Maintenance: Updated NPM packages (#6090) 
* Maintenance: Updated NPM packages

Includes typescript update to 6. Needed to update some typescript config
to align with actual module environment used and built by esbuild.

* Maintenance: Fixed testing issues after NPM dep version changes

* Maintenance: Updated JS test workflow step version

* Maintenance: Updated approach used for TS config in jest config
 2026-04-08 21:02:20 +01:00
Dan Brown
e033578fea Updated translator & dependency attribution before release v26.03.3 2026-04-05 22:43:15 +01:00
Dan Brown
a7dd998ac9 Updated translations with latest Crowdin changes (#6067) 2026-04-05 22:29:00 +01:00
Dan Brown
b9d650785a Deps: Updated PHP package versions 2026-04-05 22:28:27 +01:00
Dan Brown
abed4eae0c Exports: Updated plaintext export to use new converter 2026-04-05 17:51:19 +01:00
Dan Brown
c7d3775bb9 Plain text: Created a new HTML to plain text converter 
To centralise logic to be more consistent, and to have smarter logic
which avoids just following newline format from input, preventing
smushing HTML elements (like list elements) next to eachother
 2026-04-05 00:05:10 +01:00
Dan Brown
25790fd024 Merge branch 'sec_26_03_2' into development 2026-03-23 11:24:07 +00:00
Dan Brown
1763ac550b Meta: Updated translators pre v26.03.2 release 2026-03-23 10:08:38 +00:00
Dan Brown
fd6867e577 Updated translations with latest Crowdin changes (#6064) 2026-03-23 10:05:51 +00:00
Dan Brown
5ebc1fe3b0 Deps: Updated PHP package versions pre v26.03.2 release 2026-03-22 17:22:13 +00:00
Dan Brown
a44756168d WYSIWYG: Aligned double click to set label for details functionality 
Aligned the behaviour across the WYSIWYG editors, and also for nested
details blocks (which wasn't working in the TinyMCE implementation).

Closes #6059
 2026-03-22 17:20:36 +00:00
Dan Brown
fa1dc162bd Update PHP_CodeSniffer repository link (#6060) 2026-03-21 17:13:43 +00:00
Dan Brown
5763d26b17 Updated registration to use validated input instead of all 2026-03-19 21:29:30 +00:00
Rodrigo Primo
04dd9f8e19 Update PHP_CodeSniffer repository link 2026-03-17 17:21:01 -03:00
Dan Brown
0120b475eb Deps: Updated PHP deps pre v26.03.1 2026-03-17 10:59:11 +00:00
Dan Brown
8a59895ba0 Merge branch 'sec_chapter_export' into development 2026-03-17 10:41:51 +00:00
Dan Brown
a9ffd3e0c7 Responses: Added extra sanitization for download names 
From testing, don't think this could exploited directly, as the response
would error instead of allowing control characters, but this adds an
extra layer of sanitization, and switches to encoded disposition
filenames for better UTF8 support.
 2026-03-16 18:28:44 +00:00
Dan Brown
4f18fea086 Deps: Updated PHP deps pre v26.03 release 2026-03-15 13:17:48 +00:00
Dan Brown
362859ac23 Updated translator & dependency attribution before release v26.03 2026-03-15 13:14:54 +00:00
Dan Brown
7cbfd72920 Merge pull request #6007 from BookStackApp/l10n_development 
Updated translations with latest Crowdin changes
 2026-03-15 12:58:05 +00:00
Dan Brown
49df47836e Merge pull request #6057 from BookStackApp/v25-12 
V25.12 changes v3
 2026-03-15 12:51:02 +00:00
Dan Brown
f4c9d2b049 Exports: Fixed scope of pages in chapter MD export 
Added tests to cover children of all MD exports
 2026-03-13 13:35:28 +00:00
Dan Brown
60a3b0c0ac API examples: Updated books-read to include shelf info 2026-03-12 17:04:36 +00:00
Dan Brown
5f5fea7c83 Deps: Bumped PHP packages before release 2026-03-12 10:52:12 +00:00
Dan Brown
6e7cc169d1 Preferences: Updated return redirect with better origin checks 
As suggested by Alex Dan in their security report.
 2026-03-10 18:31:51 +00:00
Dan Brown
6216c89f82 Packages: Updated PHP package versions 2026-03-10 17:48:12 +00:00
Dan Brown
404e67afbc Page Revisions: Added testing coverage to basic diffing 2026-03-10 17:47:07 +00:00
Dan Brown
6d64262a61 Revision Diffs: Added filtering post-diff render 2026-03-10 15:03:43 +00:00