Compare commits

...

87 Commits

Author SHA1 Message Date
Crowdin Bot
4769cc6be4 New Crowdin translations by GitHub Action 2026-07-15 04:31:30 +00:00
Dan Brown
6107161275 URLs: Fixed issue in comparisons when elements missing 2026-07-02 10:21:01 +01:00
Dan Brown
ad283ef0ed Updated packages, translators and licensing pre v26.05.2 2026-07-02 09:41:17 +01:00
Dan Brown
b87789dde6 Merge branch 'sec_jun26' into development 2026-07-02 09:38:17 +01:00
Dan Brown
a213175004 Merge pull request 'Updated translations with latest crowdin changes' (#6166) from l10n_development into development
Reviewed-on: https://codeberg.org/bookstack/bookstack/pulls/6166
2026-07-02 10:36:35 +02:00
Crowdin Bot
b6e3d304fe New Crowdin translations by GitHub Action 2026-07-02 08:34:05 +00:00
Dan Brown
6bba39196c Merge pull request 'Added Serbian language to language_select array' (#6153) from PolarniMeda/bookstack:development into development
Reviewed-on: https://codeberg.org/bookstack/bookstack/pulls/6153
2026-07-02 10:32:48 +02:00
Dan Brown
caeea658d1 Access: Hardened usage of referring URLs via login
Adds a more substantial URL check, via a new class which is shared and
used in other parts of the app for consistency.

Thanks to mfk25 for reporting.
2026-07-01 10:45:59 +01:00
Dan Brown
fe39b69c1f Comments: Added visibility check to comment delete
Aligns it with other actions/endpoints, and ensures an extra layer of
control against malicious use.

Thanks to mfk25 for reporting.
2026-07-01 10:20:32 +01:00
Dan Brown
01dc1e71c5 Attachments: Added more extensive URL filtering
Added a central URLFilter class to check & clean URLs used for
attachments, which is also used for validation, and by the purifier to
standardise protocols (and to make protocol config easier in future).

Thanks to mfk25 for reporting.
2026-07-01 00:41:19 +01:00
Dan Brown
59bbf504cf Content filtering: Added srcset protocol filter
Upstream libraries used did not specifically treat values in srcset as
URIs like other attributes, so this adds a simple filter for possible
bad values.
Updated tests to cover.

Thanks for Gurmandeep Deol for reporting.
2026-06-30 18:35:34 +01:00
Dan Brown
f7df78b91b CI: Attempted to fix snyk workflow 2026-06-24 13:58:20 +01:00
Dan Brown
c511f7d935 CI: Added workflow to sync with snyk 2026-06-24 13:48:20 +01:00
Dan Brown
79a2e017bb Maintenance: Fixed type and CI issues
- Fixed issues picked up by PHPStan updates.
  - Not sure why it was flagging the BookSorter issue, but swapping if
    statements made it go away.
- Updated BookSortMapItem with modern syntax.
- Attempted to fix CI issues by adding DOM extension.
- Attempted to make migration CI more efficient via tmpfs
2026-06-11 14:24:09 +01:00
PolarniMeda
dad83d473d Added Serbian language to language_select array 2026-06-11 10:32:03 +02:00
Dan Brown
c74df7e06b Updated translator & dependency attribution before release v26.05.1 2026-06-09 12:50:16 +01:00
Dan Brown
6b545d600c Merge branch 'v26051_sec' into development 2026-06-09 12:48:39 +01:00
Dan Brown
cc0b059fa4 Deps: Updated PHP package versions 2026-06-09 12:47:28 +01:00
Crowdin Bot
9fc46f76f6 New Crowdin translations by GitHub Action 2026-06-08 04:30:58 +00:00
Dan Brown
84a23fb23f Logs: Prevented NotifyExceptions for reporting to error logs
This is to reduce the amount of content which will be logged, since
these messages don't really indicate an actual system error but advise
the user of something which went wrong with their request.
2026-06-07 11:25:51 +01:00
Dan Brown
b7325fdf0e Attachments: Moved perm checks before validation
Avoids providing responses with potential sensitive attachment info
before permission checks.
Added tests to cover.

Thanks to Rafael Castilho for reporting.
2026-06-07 10:35:14 +01:00
Dan Brown
81f77a95de Content Filtering: Limited file protocol to just anchor hrefs
Updated allow list/purifier system to only allow file protocol use on
anchor hrefs to avoid potential security concerns with, after export,
content being auto loaded via interactive elements like
embeds/objects/videos etc...

Updated tests to cover.
Thanks to Gurmandeep Deol at Seneca Polytechnic for reporting.
2026-06-06 15:30:57 +01:00
Dan Brown
37f2d05118 Search: Prevented tag search using unusable numbers
These would trigger an error on use, and could be abused to fill logs.
Added test to cover.

Thanks to Stephen O. / Sakusen for reporting.
2026-06-06 10:37:06 +01:00
Dan Brown
f01bb749ab Workflows: Attempted fixing crowdin files
Currently causing extra files to be created alongside previous files in
crowdin
2026-05-30 13:45:25 +01:00
Dan Brown
d421a19193 Updated translator & dependency attribution before release v26.05 2026-05-28 12:32:17 +01:00
Dan Brown
67529dd883 Deps: Updated PHP packages, fixed some types for phpstan 2026-05-28 10:34:04 +01:00
Dan Brown
c26b66887f Updated translations with changes from Crowdin (#6139)
## Details

<!-- Write details of your pull request in here -->
<!-- Include references to any relevant issues/discussions -->

## Checklist

<!-- Put an 'x' in between the brackets below to confirm these elements -->

- [ ] I have read the [BookStack community rules](https://www.bookstackapp.com/about/community-rules/).
- [ ] This PR does not feature significant use of LLM/AI generation as per the community rules above.

Co-authored-by: Crowdin Bot <support+bot@crowdin.com>
Reviewed-on: https://codeberg.org/bookstack/bookstack/pulls/6139
2026-05-28 11:29:39 +02:00
Dan Brown
17b76bb876 Merge pull request 'Page Editor Contents List View' (#6131) from page_editor_contents into development
Reviewed-on: https://codeberg.org/bookstack/bookstack/pulls/6131
2026-05-26 14:54:13 +02:00
Dan Brown
0de1196b62 Page Editor: Minor fixes
- Removed unused import
- Added some trailing newlines to code files
- Prevented <hr>s confusing logic in MD editor
- Aligned logic to select end of header across editors
2026-05-26 13:28:40 +01:00
Dan Brown
99e405f80f Page Editor: Added contents click handling for TinyMCE editor 2026-05-26 12:58:48 +01:00
Dan Brown
d7ba0dc430 CSP: Renamed CSS CSP option 2026-05-26 12:50:19 +01:00
Dan Brown
2c49502345 Merge pull request 'Merge Further v26.03 changes' (#6133) from v26-03 into development
Reviewed-on: https://codeberg.org/bookstack/bookstack/pulls/6133
2026-05-25 17:26:29 +02:00
Dan Brown
ef82119226 MFA: Added verify attempt rate limiting 2026-05-21 13:25:57 +01:00
Dan Brown
1b9ec75903 Deps: Updated PHP package versions 2026-05-21 09:48:20 +01:00
Dan Brown
c58eb91893 Page Editor: Added contents view click logic
Added jump-to-header logic for lexical WYSIWYG, and both codemirror &
plaintext markdown editor windows.
2026-05-20 12:12:38 +01:00
Dan Brown
49aa025012 Page Editor: Started contents view in toolbox
Added visual system, not yet added on-click logic.
Related to #4218
2026-05-19 17:56:48 +01:00
Dan Brown
5ebfa65a46 Testing: Changed ordering in tests to help prevent flaky test
Think it would primariy use the created_at ordering based in the
relation which could cause trouble in CI test environment.
This better forces Id based ordering
2026-05-19 13:29:26 +01:00
Dan Brown
b5d3ba2726 Testing: Added extra page edit test
Added during investigation for #6062
Might as well leave in even though it does not trigger the cause for
that particuluar issue.
2026-05-18 17:39:00 +01:00
Dan Brown
0cd773a5d3 CSP Headers: Review of #6071
- Removed extra non-needed docs in repo
- Tweaked some wording.
- Added extra test scenarios.
- Added options to phpunit default env.
- Added auto-quote-handling for unsafe-inline CSS rule.

For #6033
2026-05-17 18:40:02 +01:00
Dan Brown
dfc91d533b Merge branch 'development' into Zhey-on/feature/csp-image-css-controls-6033 2026-05-17 17:57:54 +01:00
Dan Brown
39a14cff8f User MFA: Reviewed addition of reset, added tests
Review of #6056
Added test coverage.
2026-05-17 13:05:50 +01:00
Dan Brown
321271e7bd Merge branch 'development' into clauvaldez/mfaReset 2026-05-17 11:59:41 +01:00
Dan Brown
c87abbd23f Images: Increased validation against related page on upload
Adds validation that the related page exists, is visible, and that the
user has page edit permissions for the page.
Aligns with attachment permission model, and aligns across different
image endpoints.

Added tests to cover.
Closes #6126
2026-05-14 18:10:46 +01:00
Dan Brown
c5c066c3e7 Merge pull request 'Merge v26.03 branch changes' (#6122) from v26-03 into development
Reviewed-on: https://codeberg.org/bookstack/bookstack/pulls/6122
2026-05-14 16:08:26 +02:00
Dan Brown
ddb0a22504 Lexical: Made table cell up/down arrow nav smarter
Added logic to attempt to retain x position when navigating cells
up/down via arrow keys.
2026-05-13 17:09:32 +01:00
Dan Brown
9f4afac7bc Lexical: Improved ability to break out of lists
Updates list handling so that you can break out of a list (or move down
a level) via enter on an existing empty list item at any point in the
list, not just the end.
Added test to cover.
2026-05-12 18:49:35 +01:00
Dan Brown
5d429ea9bb Lexical: Added better support for block content in list items
Improved the ability to set/use block formats in lists.
Setting a format, will now attempt to create that, if just plain text to
start with, when in a list.
Added handling so that blocks split into new list elements instead of
new blocks within the list element.

Also fixed some issues with cyclic import references, and updated editor
event types to always include their type for easier debug.
2026-05-11 19:14:16 +01:00
Dan Brown
2aba39b176 Lexical: Updated toolbars to re-focus on editor on escape press 2026-05-10 17:37:56 +01:00
Dan Brown
6367f007c1 Lexical: Added fade to table resizers 2026-05-10 13:04:39 +01:00
Dan Brown
e982443988 Lexical: Made toolbar placement smarter
- Set z-index so toolbars for deeper (more specific) content is bought
  forward above more general toolbars.
- Added some basic overlap checking as an indicator to whether the
  toolbar should sit above the target.
2026-05-10 12:58:17 +01:00
Dan Brown
16a50b0ca9 Lexical: Fixed updating of TextNode text on export 2026-05-09 19:36:43 +01:00
Dan Brown
5f306801d7 Lexical: Used non-breaking spaces instead of text spans for whitespace
Leading/trailing text whitespace would use spans with css whitespace
rules so the spaces would be represented, but this would lead to a
messier output.
Instead, this attempts to smartly use non-breaking spaces, along with
normal spaces, to represent white space in a way that still allows
breaking. It attempts to reduce non-breaking spaces where not needed
(next to other inline content).

Also fixes duplicate <em> usage on italic content.
2026-05-09 19:29:21 +01:00
Dan Brown
b53499932b Lexical: Fixed actions not applying on empty state
Updated editor to always attempt to start from at least a paragraph
isntead of empty state.
Improved focus on HTML change.
2026-05-09 18:23:25 +01:00
Dan Brown
1ef9b7d48f Lexical: Added a little testing coverage for DiagramNode 2026-05-09 16:09:31 +01:00
Dan Brown
7254dc3ab5 Lexical: Fixed diagrams not updating on edit
Caused by lack of proper key use on clone
2026-05-09 15:38:44 +01:00
Dan Brown
dc8f80365c Lexical: Added missing table header row toggle button
Also updated DOM converstion, and CSS, to make lexical format (th inside
tbody) somewhat compatible/convertible with the tinymce format (td
inside thead).
2026-05-09 12:25:49 +01:00
Dan Brown
d6b114de74 Lexical: Added some test coverage for shortcut handling
Updates existing keydown test helper to accept other event options.
2026-05-08 16:05:48 +01:00
Dan Brown
b794f749dd Lexical: Updated core inline formats to instead custom built handler
Aligns logic used for shortcut handling, so enables these to work for
cyrillic equivilent keyboard keys.
2026-05-08 16:05:48 +01:00
Dan Brown
df831a0564 Lexical: Added RTL support for UI dropdown menus
They now show in the correct direction and do not overlap.
Added new helper for RTL bounding box handling.
2026-05-08 16:05:48 +01:00
Dan Brown
0eed869735 Lexical: Fixed in-editor content drag and drop
Now more reliable and aligned to expectations, instead of loosing
information and/or deleting elements, or inserting above/below blocks.
2026-05-08 16:05:48 +01:00
Dan Brown
f1452ebe2a Lexical: Improved content insert on drop handling
- Adds specific support for inline content handling.
- Adds attempting to use caret position at drop location for accurate
  placement.
2026-05-08 16:05:48 +01:00
Dan Brown
6917eaf7bd Lexical: Added support for keyCode-based fallback shortcut use
Helps in cases where languages like cyrillic may have the relevant key
to use but the actual text/.key value is the cyrillic key value instead
of the shorcut key we expect.
2026-05-08 16:05:47 +01:00
Dan Brown
50d3be4c95 CI: Made actions more efficient (#6124)
Updates our CI process to be more efficient by:

- Uses setupphp/node image for more direct access to desired PHP versions.
- Adds php extension caching via https://github.com/shivammathur/cache-extensions
- Reverted to using MySQL in-test-container to reduce syscalls across the container stack which seemed to be slowing things down.
- Update JS testing to only use one worker, to avoid exhausting all CPUs. I think it was attempting to use all threads on the host system before, causing the machine to lock up, since only a subset of cores were available to the environment.

Reviewed-on: https://codeberg.org/bookstack/bookstack/pulls/6124
2026-05-08 17:03:27 +02:00
Dan Brown
85baa6e9c8 Languages: Enabled Thai as a language option 2026-05-05 20:44:04 +01:00
Dan Brown
966bc3de8c Merge pull request 'Updated translations with latest Crowdin changes' (#6084) from l10n_development into development
Reviewed-on: https://codeberg.org/bookstack/bookstack/pulls/6084
2026-05-05 21:37:59 +02:00
Dan Brown
1532a99d4e Meta: Updated issue template labels, fixed minor issues 2026-05-05 20:35:45 +01:00
Crowdin Bot
ccbeefe674 New Crowdin translations by GitHub Action 2026-05-05 04:30:37 +00:00
Dan Brown
cf648906e9 SSR: Hardened URL validator against a range of workarounds
Added a more comprehensive range of tests to cover.
Thanks to naruhodoowl (https://github.com/kilhsrito-crypto) for
reporting.
2026-04-30 10:18:50 +01:00
Dan Brown
3ddfa9b948 Meta: Updated security info and fixed some tests/links 2026-04-30 00:32:27 +01:00
Dan Brown
fddeb9030b Attachments: Added page access check to attachment delete
Thanks to github.com/404-pkj for reporting.
2026-04-29 18:31:11 +01:00
Dan Brown
99a704698d Deps: Updated PHP package versions 2026-04-29 18:12:24 +01:00
Dan Brown
fc220dea39 Search: Fixed exact saerch term negation causing no results
Closes #6121
2026-04-29 18:07:32 +01:00
Dan Brown
55317039ac Meta: Converted GitHub references in codebase to Codeberg 2026-04-28 09:30:48 +01:00
Dan Brown
24e6087ef8 Meta: Updated readme shields and fixed workflow value 2026-04-27 21:13:05 +01:00
Dan Brown
7c1d30bc8f Translations: Added crowdin workflow action 2026-04-27 20:56:05 +01:00
Dan Brown
c1610c4532 Meta: Migrated repo content to forgejo
Kept some GitHub templates with warnings about the migration.
Made some initial updates to readme for the migration.
2026-04-27 17:48:27 +01:00
Dan Brown
2e2f59fa0f CI: Updated images to debian trixie 2026-04-27 13:36:47 +01:00
Dan Brown
cc6e9e0546 CI: Attempt a more robust avif support check 2026-04-27 13:17:58 +01:00
Dan Brown
0f59981932 CI: Updated tests using DB to set test DB URL 2026-04-27 12:52:05 +01:00
Dan Brown
a37f903dc7 CI: Migrated workflows to forgejo 2026-04-27 12:10:44 +01:00
Dan Brown
74aa897626 Readme: Updated netways sponsor link 2026-04-24 23:16:44 +01:00
Dan Brown
4b624596c8 Merge pull request #6109 from BookStackApp/dompdf_font_loading
PDF: Started building system to allow custom DOMPDF font loading
2026-04-22 13:30:48 +01:00
Dan Brown
00239bb6c8 Exports: Improved dompdf font loading permission errors 2026-04-22 13:22:20 +01:00
Dan Brown
241563e8fc Exports: Added testing coverage for DOMPDF font usage 2026-04-22 13:12:34 +01:00
Dan Brown
e91747785b PDF: Started building system to allow custom DOMPDF font loading 2026-04-20 15:42:28 +01:00
Zhey
e42fda893c Add CSP controls for image and CSS sources 2026-03-26 12:00:08 +01:00
Claudio Valdez
e3fcd26f12 Add mfa reset button for admin s on user profile edit 2026-03-11 12:30:59 -03:00
426 changed files with 7568 additions and 2679 deletions

View File

@@ -395,6 +395,19 @@ ALLOWED_IFRAME_HOSTS=null
# Current host and source for the "DRAWIO" setting will be auto-appended to the sources configured.
ALLOWED_IFRAME_SOURCES="https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com"
# A list of sources/hostnames that can be loaded as CSS styles within BookStack.
# Space separated if multiple. BookStack host domain is auto-inferred.
# Defaults to a permissive set if not provided.
# Example: ALLOWED_STYLE_SOURCES="https://fonts.googleapis.com"
ALLOWED_STYLE_SOURCES=null
# A list of sources/hostnames that can be loaded as image content within BookStack.
# Space separated if multiple. BookStack host domain is auto-inferred, in addition to
# data and blob images, due to their use for various functionality.
# Defaults to a permissive set if not provided.
# Example: ALLOWED_IMAGE_SOURCES="https://images.example.com"
ALLOWED_IMAGE_SOURCES=null
# A list of the sources/hostnames that can be reached by application SSR calls.
# This is used wherever users can provide URLs/hosts in-platform, like for webhooks.
# Host-specific functionality (usually controlled via other options) like auth

View File

@@ -0,0 +1,2 @@
Please find our community rules on our website here:
https://www.bookstackapp.com/about/community-rules/

4
.forgejo/FUNDING.yml Normal file
View File

@@ -0,0 +1,4 @@
# These are supported funding model platforms
github: [ssddanbrown]
ko_fi: ssddanbrown

View File

@@ -1,6 +1,6 @@
name: New API Endpoint or API Ability
description: Request a new endpoint or API feature be added
labels: [":nut_and_bolt: API Request"]
labels: ["Type/API Request"]
body:
- type: textarea
id: feature

View File

@@ -1,6 +1,6 @@
name: Bug Report
description: Create a report to help us fix bugs & issues in existing supported functionality
labels: [":bug: Bug"]
labels: ["Type/Bug Report"]
body:
- type: markdown
attributes:

View File

@@ -0,0 +1,13 @@
blank_issues_enabled: false
contact_links:
- name: Community Forum Support
url: https://community.bookstackapp.com
about: Get support by talking with the BookStack team & community.
- name: Debugging & Common Issues
url: https://www.bookstackapp.com/docs/admin/debugging/
about: Find details on how to debug issues and view common issues with their resolutions.
- name: Official Support Plans
url: https://www.bookstackapp.com/support/
about: View our official support plans that offer assured support for business.

View File

@@ -1,6 +1,6 @@
name: Feature Request
description: Request a new feature or idea to be added to BookStack
labels: [":hammer: Feature Request"]
labels: ["Type/Feature Request"]
body:
- type: textarea
id: description
@@ -33,7 +33,7 @@ body:
attributes:
label: Have you searched for an existing open/closed issue?
description: |
To help us keep these issues under control, please ensure you have first [searched our issue list](https://github.com/BookStackApp/BookStack/issues?q=is%3Aissue) for any existing issues that cover the fundamental benefit/goal of your request.
To help us keep these issues under control, please ensure you have first [searched our issue list](https://codeberg.org/bookstack/bookstack/issues) for any existing issues that cover the fundamental benefit/goal of your request.
options:
- label: I have searched for existing issues and none cover my fundamental request
required: true

View File

@@ -1,6 +1,6 @@
name: Language Request
description: Request a new language to be added to Crowdin for you to translate
labels: [":earth_africa: Translations"]
labels: ["Focus: Translations"]
assignees:
- ssddanbrown
body:

View File

@@ -1,6 +1,6 @@
name: Support Request
description: Request support for a specific problem you have not been able to solve yourself
labels: [":dog2: Support"]
labels: ["Type/Support"]
body:
- type: checkboxes
id: useddocs
@@ -15,11 +15,11 @@ body:
- type: checkboxes
id: searchissue
attributes:
label: Searched GitHub Issues
label: Searched Existing Issues
description: |
I have searched for the issue and potential resolutions within the [project's GitHub issue list](https://github.com/BookStackApp/BookStack/issues)
I have searched for the issue and potential resolutions within the [project's issue list](https://codeberg.org/bookstack/bookstack/issues)
options:
- label: I have searched GitHub for the issue.
- label: I have searched for the issue.
required: true
- type: textarea
id: scenario

View File

@@ -2,7 +2,7 @@
## Supported Versions
Only the [latest version](https://github.com/BookStackApp/BookStack/releases) of BookStack is supported.
Only the [latest version](https://codeberg.org/bookstack/bookstack/releases) of BookStack is supported.
We generally don't support older versions of BookStack due to maintenance effort and
since we aim to provide a fairly stable upgrade path for new versions.
@@ -12,16 +12,14 @@ If you'd like to be notified of new potential security concerns you can [sign-up
## Reporting a Vulnerability
If you've found an issue that likely has no impact to existing users (For example, in a development-only branch)
feel free to raise it via a standard GitHub bug report issue.
If you've found an issue that likely has no impact to existing users (For example, an issue only in the development branch)
feel free to raise it via a standard Codeberg bug report issue.
If the issue could have a security impact to BookStack instances,
please directly contact the lead maintainer [@ssddanbrown](https://github.com/ssddanbrown).
You will need to log in to be able to see the email address on the [GitHub profile page](https://github.com/ssddanbrown).
Alternatively you can send a DM via Mastodon to [@danb@fosstodon.org](https://fosstodon.org/@danb).
please directly contact the lead maintainer via email Dan Brown using the [details found here](https://www.bookstackapp.com/links/contact/).
Please be patient while the vulnerability is being reviewed. Deploying the fix to address the vulnerability
can often take a little time due to the amount of preparation required, to ensure the vulnerability has
been covered, and to create the content required to adequately notify the user-base.
Thank you for keeping BookStack instances safe!
Thank you for keeping BookStack instances safe!

View File

@@ -0,0 +1,11 @@
## Details
<!-- Write details of your pull request in here -->
<!-- Include references to any relevant issues/discussions -->
## Checklist
<!-- Put an 'x' in between the brackets below to confirm these elements -->
- [ ] I have read the [BookStack community rules](https://www.bookstackapp.com/about/community-rules/).
- [ ] This PR does not feature significant use of LLM/AI generation as per the community rules above.

View File

@@ -1,6 +1,7 @@
name: analyse-php
on:
workflow_dispatch:
push:
paths:
- '**.php'
@@ -11,15 +12,17 @@ on:
jobs:
build:
if: ${{ github.ref != 'refs/heads/l10n_development' }}
runs-on: ubuntu-24.04
runs-on: docker
container:
image: docker.io/library/node:24-trixie
steps:
- uses: actions/checkout@v4
- uses: https://code.forgejo.org/actions/checkout@v6
- name: Setup PHP
uses: shivammathur/setup-php@v2
uses: https://github.com/shivammathur/setup-php@v2
with:
php-version: 8.3
extensions: gd, mbstring, json, curl, xml, mysql, ldap
php-version: 8.5
extensions: gd, mbstring, json, curl, xml, dom, mysql, ldap
- name: Get Composer Cache Directory
id: composer-cache
@@ -27,14 +30,16 @@ jobs:
echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
- name: Cache composer packages
uses: actions/cache@v4
uses: https://code.forgejo.org/actions/cache@v5
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-8.3
key: ${{ runner.os }}-composer-8.5
restore-keys: ${{ runner.os }}-composer-
- name: Install composer dependencies
run: composer install --prefer-dist --no-interaction --ansi
env:
COMPOSER_AUTH: '{"github-oauth": {"github.com": "${{ secrets.GH_TOKEN }}"}}'
- name: Run static analysis check
run: composer check-static

View File

@@ -1,6 +1,7 @@
name: lint-js
on:
workflow_dispatch:
push:
paths:
- '**.js'
@@ -13,9 +14,11 @@ on:
jobs:
build:
if: ${{ github.ref != 'refs/heads/l10n_development' }}
runs-on: ubuntu-24.04
runs-on: docker
container:
image: docker.io/library/node:24-trixie
steps:
- uses: actions/checkout@v4
- uses: https://code.forgejo.org/actions/checkout@v6
- name: Install NPM deps
run: npm ci

View File

@@ -1,6 +1,7 @@
name: lint-php
on:
workflow_dispatch:
push:
paths:
- '**.php'
@@ -11,14 +12,16 @@ on:
jobs:
build:
if: ${{ github.ref != 'refs/heads/l10n_development' }}
runs-on: ubuntu-24.04
runs-on: docker
container:
image: docker.io/library/node:24-trixie
steps:
- uses: actions/checkout@v4
- uses: https://code.forgejo.org/actions/checkout@v6
- name: Setup PHP
uses: shivammathur/setup-php@v2
uses: https://github.com/shivammathur/setup-php@v2
with:
php-version: 8.3
php-version: 8.5
tools: phpcs
- name: Run formatting check

View File

@@ -0,0 +1,34 @@
name: Crowdin Action
on:
push:
branches: [ development ]
paths:
- 'lang/**.php'
schedule:
- cron: '30 4 * * *'
workflow_dispatch:
jobs:
synchronize-with-crowdin:
runs-on: docker
container:
image: docker.io/library/node:24-trixie
steps:
- name: Checkout
uses: https://code.forgejo.org/actions/checkout@v6
- name: crowdin action
uses: https://github.com/crowdin/github-action@v2
with:
crowdin_branch_name: development
upload_sources: true
upload_translations: false
download_translations: true
localization_branch_name: l10n_development
create_pull_request: false
github_base_url: codeberg.org
env:
CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }}
CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}

View File

@@ -1,6 +1,7 @@
name: test-js
on:
workflow_dispatch:
push:
paths:
- '**.js'
@@ -15,9 +16,11 @@ on:
jobs:
build:
if: ${{ github.ref != 'refs/heads/l10n_development' }}
runs-on: ubuntu-24.04
runs-on: docker
container:
image: docker.io/library/node:24-trixie
steps:
- uses: actions/checkout@v6
- uses: https://code.forgejo.org/actions/checkout@v6
- name: Install NPM deps
run: npm ci
@@ -26,4 +29,4 @@ jobs:
run: npm run ts:lint
- name: Run JavaScript tests
run: npm run test
run: npm run test:ci

View File

@@ -1,6 +1,7 @@
name: test-migrations
on:
workflow_dispatch:
push:
paths:
- '**.php'
@@ -13,18 +14,36 @@ on:
jobs:
build:
if: ${{ github.ref != 'refs/heads/l10n_development' }}
runs-on: ubuntu-24.04
runs-on: docker
container:
image: docker.io/library/node:24-trixie
strategy:
matrix:
php: ['8.2', '8.3', '8.4', '8.5']
services:
mysql:
image: docker.io/library/mariadb:12.2.2-noble
options: --tmpfs /var/lib/mysql:rw
cmd:
- --innodb-flush-log-at-trx-commit=0
- --innodb-flush-method=O_DIRECT
- --innodb-doublewrite=0
- --innodb-buffer-pool-size=256M
- --skip-log-bin
- --sync-binlog=0
env:
MARIADB_USER: bookstack-test
MARIADB_PASSWORD: bookstack-test
MARIADB_DATABASE: bookstack-test
MARIADB_ROOT_PASSWORD: password
steps:
- uses: actions/checkout@v4
- uses: https://code.forgejo.org/actions/checkout@v6
- name: Setup PHP
uses: shivammathur/setup-php@v2
uses: https://github.com/shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php }}
extensions: gd, mbstring, json, curl, xml, mysql, ldap
extensions: gd, mbstring, json, curl, xml, dom, mysql, ldap
- name: Get Composer Cache Directory
id: composer-cache
@@ -32,34 +51,31 @@ jobs:
echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
- name: Cache composer packages
uses: actions/cache@v4
uses: https://code.forgejo.org/actions/cache@v5
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ matrix.php }}
restore-keys: ${{ runner.os }}-composer-
- name: Start MySQL
run: |
sudo systemctl start mysql
- name: Create database & user
run: |
mysql -uroot -proot -e 'CREATE DATABASE IF NOT EXISTS `bookstack-test`;'
mysql -uroot -proot -e "CREATE USER 'bookstack-test'@'localhost' IDENTIFIED WITH mysql_native_password BY 'bookstack-test';"
mysql -uroot -proot -e "GRANT ALL ON \`bookstack-test\`.* TO 'bookstack-test'@'localhost';"
mysql -uroot -proot -e 'FLUSH PRIVILEGES;'
- name: Install composer dependencies
run: composer install --prefer-dist --no-interaction --ansi
env:
COMPOSER_AUTH: '{"github-oauth": {"github.com": "${{ secrets.GH_TOKEN }}"}}'
- name: Start migration test
env:
TEST_DATABASE_URL: 'mysql://bookstack-test:bookstack-test@mysql/bookstack-test'
run: |
php${{ matrix.php }} artisan migrate --force -n --database=mysql_testing
- name: Start migration:rollback test
env:
TEST_DATABASE_URL: 'mysql://bookstack-test:bookstack-test@mysql/bookstack-test'
run: |
php${{ matrix.php }} artisan migrate:rollback --force -n --database=mysql_testing
- name: Start migration rerun test
env:
TEST_DATABASE_URL: 'mysql://bookstack-test:bookstack-test@mysql/bookstack-test'
run: |
php${{ matrix.php }} artisan migrate --force -n --database=mysql_testing

View File

@@ -1,6 +1,7 @@
name: test-php
on:
workflow_dispatch:
push:
paths:
- '**.php'
@@ -13,18 +14,38 @@ on:
jobs:
build:
if: ${{ github.ref != 'refs/heads/l10n_development' }}
runs-on: ubuntu-24.04
runs-on: docker
container:
image: docker.io/setupphp/node:noble
strategy:
matrix:
php: ['8.2', '8.3', '8.4', '8.5']
env:
phpextensions: gd, mbstring, json, curl, xml, dom, mysql, ldap, gmp
phpextensioncachekey: cache-v1
steps:
- uses: actions/checkout@v4
- uses: https://code.forgejo.org/actions/checkout@v6
- name: Setup PHP
uses: shivammathur/setup-php@v2
- name: Setup cache environment
id: extcache
uses: https://github.com/shivammathur/cache-extensions@v1
with:
php-version: ${{ matrix.php }}
extensions: gd, mbstring, json, curl, xml, mysql, ldap, gmp
extensions: ${{ env.phpextensions }}
key: ${{ env.phpextensioncachekey }}
- name: Cache extensions
uses: https://code.forgejo.org/actions/cache@v5
with:
path: ${{ steps.extcache.outputs.dir }}
key: ${{ steps.extcache.outputs.key }}
restore-keys: ${{ steps.extcache.outputs.key }}
- name: Setup PHP
uses: https://github.com/shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php }}
extensions: ${{ env.phpextensions }}
- name: Get Composer Cache Directory
id: composer-cache
@@ -32,30 +53,36 @@ jobs:
echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
- name: Cache composer packages
uses: actions/cache@v4
uses: https://code.forgejo.org/actions/cache@v5
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ matrix.php }}
restore-keys: ${{ runner.os }}-composer-
- name: Start Database
- name: Install composer dependencies
run: composer install --prefer-dist --no-interaction --ansi
env:
COMPOSER_AUTH: '{"github-oauth": {"github.com": "${{ secrets.GH_TOKEN }}"}}'
- name: Start MySQL
run: |
sudo systemctl start mysql
- name: Setup Database
- name: Create database & user
run: |
mysql -uroot -proot -e 'CREATE DATABASE IF NOT EXISTS `bookstack-test`;'
mysql -uroot -proot -e "CREATE USER 'bookstack-test'@'localhost' IDENTIFIED WITH mysql_native_password BY 'bookstack-test';"
mysql -uroot -proot -e "GRANT ALL ON \`bookstack-test\`.* TO 'bookstack-test'@'localhost';"
mysql -uroot -proot -e 'FLUSH PRIVILEGES;'
- name: Install composer dependencies
run: composer install --prefer-dist --no-interaction --ansi
- name: Migrate and seed the database
env:
TEST_DATABASE_URL: 'mysql://bookstack-test:bookstack-test@localhost/bookstack-test'
run: |
php${{ matrix.php }} artisan migrate --force -n --database=mysql_testing
php${{ matrix.php }} artisan db:seed --force -n --class=DummyContentSeeder --database=mysql_testing
- name: Run PHP tests
env:
TEST_DATABASE_URL: 'mysql://bookstack-test:bookstack-test@localhost/bookstack-test'
run: php${{ matrix.php }} ./vendor/bin/phpunit

View File

@@ -0,0 +1,33 @@
name: update-snyk
on:
workflow_dispatch:
push:
paths:
- 'composer*'
- 'package*'
branches:
- 'development'
- 'release'
jobs:
update:
runs-on: docker
container:
image: docker.io/library/node:24-trixie
steps:
- uses: https://code.forgejo.org/actions/checkout@v6
- name: Update Snyk for monitoring - Composer
uses: https://github.com/snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: snyk monitor --file=composer.lock --project-name=bookstack-${{forgejo.ref_name}}-composer
- name: Update Snyk for monitoring - NPM
uses: https://github.com/snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: snyk monitor --file=package-lock.json --project-name=bookstack-${{forgejo.ref_name}}-npm

View File

@@ -1,8 +1,8 @@
blank_issues_enabled: false
contact_links:
- name: Discord Chat Support
url: https://discord.gg/ztkBqR2
about: Realtime support & chat with the BookStack community and the team.
- name: Open Issues Here Instead
url: https://codeberg.org/bookstack/bookstack/issues
about: This project has migrated to Codeberg, please open issues there instead.
- name: Debugging & Common Issues
url: https://www.bookstackapp.com/docs/admin/debugging/

View File

@@ -1,11 +1,10 @@
## Details
**Warning:**
<!-- Write details of your pull request in here -->
<!-- Include references to any relevant issues/discussions -->
This project has migrated to Codeberg:
https://codeberg.org/bookstack/bookstack
## Checklist
Please open pull requests here instead.
<!-- Put an 'x' in between the brackets below to confirm these elements -->
ANY PULL REQUESTS OPENED HERE WILL BE CLOSED WITHOUT COMMENT OR MERGE.
- [ ] I have read the [BookStack community rules](https://www.bookstackapp.com/about/community-rules/).
- [ ] This PR does not feature significant use of LLM/AI generation as per the community rules above.
---

View File

@@ -533,7 +533,18 @@ JanDziaslo :: Polish
Charllys Fernandes (CharllysFernandes) :: Portuguese, Brazilian
Ilgiz Zigangirov (inov8) :: Russian
Max Israelsson (Blezie) :: Swedish
Skiddybison5924 (chris-devel0per) :: German
Skiddybison5924 (chris-devel0per) :: German Informal; German
Veyilla Nightwhisper (Veyilla) :: German
João Barbosa (hypeedd) :: Portuguese
Abcdefg Hijklmn (collatek) :: Korean
Suthep Yonphimai (tomztt) :: Thai
MrClock (MrClock8163) :: Hungarian
Elena0875 :: Russian
FelixFrizzy :: German
Pedro de Mattia (pdmtt) :: Portuguese, Brazilian
lonestan :: Russian
Paul Kernstock (kernstock) :: German
brtbr :: German; German Informal
Ricardo Covelo (covelo12) :: Portuguese
Bojan Maksimovic (PolarniMeda) :: Serbian (Cyrillic)
Dian Prawira (wiradian84) :: Indonesian

View File

@@ -22,4 +22,10 @@ trait HandlesPartialLogins
return $user;
}
protected function clearLastAttemptedUser(): void
{
$loginService = app()->make(LoginService::class);
$loginService->clearLastLoginAttempted();
}
}

View File

@@ -8,6 +8,7 @@ use BookStack\Exceptions\LoginAttemptEmailNeededException;
use BookStack\Exceptions\LoginAttemptException;
use BookStack\Facades\Activity;
use BookStack\Http\Controller;
use BookStack\Util\UrlComparison;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Validation\ValidationException;
@@ -186,7 +187,8 @@ class LoginController extends Controller
{
// Store the previous location for redirect after login
$previous = url()->previous('');
$isPreviousFromInstance = str_starts_with($previous, url('/'));
$comparison = new UrlComparison($previous, url('/'));
$isPreviousFromInstance = $comparison->originsMatch() && $comparison->pathsOverlap();
if (!$previous || !setting('app-public') || !$isPreviousFromInstance) {
return;
}

View File

@@ -6,6 +6,7 @@ use BookStack\Access\LoginService;
use BookStack\Access\Mfa\BackupCodeService;
use BookStack\Access\Mfa\MfaSession;
use BookStack\Access\Mfa\MfaValue;
use BookStack\Access\Mfa\MfaVerificationLimiter;
use BookStack\Activity\ActivityType;
use BookStack\Exceptions\NotFoundException;
use BookStack\Http\Controller;
@@ -19,6 +20,11 @@ class MfaBackupCodesController extends Controller
protected const SETUP_SECRET_SESSION_KEY = 'mfa-setup-backup-codes';
public function __construct(
protected MfaVerificationLimiter $limiter,
) {
}
/**
* Show a view that generates and displays backup codes.
*/
@@ -71,6 +77,12 @@ class MfaBackupCodesController extends Controller
public function verify(Request $request, BackupCodeService $codeService, MfaSession $mfaSession, LoginService $loginService)
{
$user = $this->currentOrLastAttemptedUser();
$this->limiter->incrementAttempts($user, $request);
if ($this->limiter->hasHitLimit($user, $request)) {
$this->clearLastAttemptedUser();
$this->limiter->throwException();
}
$codes = MfaValue::getValueForUser($user, MfaValue::METHOD_BACKUP_CODES) ?? '[]';
$this->validate($request, [
@@ -89,6 +101,7 @@ class MfaBackupCodesController extends Controller
$mfaSession->markVerifiedForUser($user);
$loginService->reattemptLoginFor($user);
$this->limiter->decrementAttempts($user, $request);
if ($codeService->countCodesInSet($updatedCodes) < 5) {
$this->showWarningNotification(trans('auth.mfa_backup_codes_usage_limit_warning'));

View File

@@ -5,6 +5,7 @@ namespace BookStack\Access\Controllers;
use BookStack\Access\LoginService;
use BookStack\Access\Mfa\MfaSession;
use BookStack\Access\Mfa\MfaValue;
use BookStack\Access\Mfa\MfaVerificationLimiter;
use BookStack\Access\Mfa\TotpService;
use BookStack\Access\Mfa\TotpValidationRule;
use BookStack\Activity\ActivityType;
@@ -20,7 +21,8 @@ class MfaTotpController extends Controller
protected const SETUP_SECRET_SESSION_KEY = 'mfa-setup-totp-secret';
public function __construct(
protected TotpService $totp
protected TotpService $totp,
protected MfaVerificationLimiter $limiter,
) {
}
@@ -86,6 +88,12 @@ class MfaTotpController extends Controller
public function verify(Request $request, LoginService $loginService, MfaSession $mfaSession)
{
$user = $this->currentOrLastAttemptedUser();
$this->limiter->incrementAttempts($user, $request);
if ($this->limiter->hasHitLimit($user, $request)) {
$this->clearLastAttemptedUser();
$this->limiter->throwException();
}
$totpSecret = MfaValue::getValueForUser($user, MfaValue::METHOD_TOTP);
$this->validate($request, [
@@ -98,6 +106,7 @@ class MfaTotpController extends Controller
$mfaSession->markVerifiedForUser($user);
$loginService->reattemptLoginFor($user);
$this->limiter->decrementAttempts($user, $request);
return redirect()->intended();
}

View File

@@ -126,7 +126,7 @@ class LoginService
/**
* Clear the last login attempted session value.
*/
protected function clearLastLoginAttempted(): void
public function clearLastLoginAttempted(): void
{
session()->remove(self::LAST_LOGIN_ATTEMPTED_SESSION_KEY);
}

View File

@@ -0,0 +1,62 @@
<?php
namespace BookStack\Access\Mfa;
use BookStack\Exceptions\NotifyException;
use BookStack\Users\Models\User;
use Illuminate\Cache\RateLimiter;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
/**
* A rate limit specifically for MFA verification.
* Limits across both the attempted user (on a tight limit) and the
* request IP (on a less strict limit).
*/
class MfaVerificationLimiter
{
protected int $maxUserAttemptsPerMinute = 5;
protected int $maxIpAttemptsPerMinute = 60;
public function __construct(
protected RateLimiter $rateLimiter
) {
}
public function throwException(): never
{
throw new NotifyException(
trans('auth.mfa_throttle', ['seconds' => 60]),
'/login',
Response::HTTP_TOO_MANY_REQUESTS
);
}
public function incrementAttempts(User $user, Request $request): void
{
$this->rateLimiter->hit($this->getUserKey($user));
$this->rateLimiter->hit($this->getRequestKey($request));
}
public function decrementAttempts(User $user, Request $request): void
{
$this->rateLimiter->decrement($this->getUserKey($user));
$this->rateLimiter->decrement($this->getRequestKey($request));
}
public function hasHitLimit(User $user, Request $request): bool
{
return $this->rateLimiter->tooManyAttempts($this->getUserKey($user), $this->maxUserAttemptsPerMinute + 1)
|| $this->rateLimiter->tooManyAttempts($this->getRequestKey($request), $this->maxIpAttemptsPerMinute + 1);
}
protected function getUserKey(User $user): string
{
return "mfa-attempt::user::{$user->id}";
}
protected function getRequestKey(Request $request): string
{
return "mfa-attempt::request::{$request->ip()}";
}
}

View File

@@ -46,6 +46,7 @@ class ActivityType
const USER_CREATE = 'user_create';
const USER_UPDATE = 'user_update';
const USER_DELETE = 'user_delete';
const USER_MFA_RESET = 'user_mfa_reset';
const API_TOKEN_CREATE = 'api_token_create';
const API_TOKEN_UPDATE = 'api_token_update';

View File

@@ -59,8 +59,7 @@ class CommentController extends Controller
'html' => ['required', 'string'],
]);
$comment = $this->commentRepo->getById($commentId);
$this->checkOwnablePermission(Permission::PageView, $comment->entity);
$comment = $this->commentRepo->getVisibleById($commentId);
$this->checkOwnablePermission(Permission::CommentUpdate, $comment);
$comment = $this->commentRepo->update($comment, $input['html']);
@@ -76,8 +75,7 @@ class CommentController extends Controller
*/
public function archive(int $id)
{
$comment = $this->commentRepo->getById($id);
$this->checkOwnablePermission(Permission::PageView, $comment->entity);
$comment = $this->commentRepo->getVisibleById($id);
if (!userCan(Permission::CommentUpdate, $comment) && !userCan(Permission::CommentDelete, $comment)) {
$this->showPermissionError();
}
@@ -96,8 +94,7 @@ class CommentController extends Controller
*/
public function unarchive(int $id)
{
$comment = $this->commentRepo->getById($id);
$this->checkOwnablePermission(Permission::PageView, $comment->entity);
$comment = $this->commentRepo->getVisibleById($id);
if (!userCan(Permission::CommentUpdate, $comment) && !userCan(Permission::CommentDelete, $comment)) {
$this->showPermissionError();
}
@@ -116,7 +113,7 @@ class CommentController extends Controller
*/
public function destroy(int $id)
{
$comment = $this->commentRepo->getById($id);
$comment = $this->commentRepo->getVisibleById($id);
$this->checkOwnablePermission(Permission::CommentDelete, $comment);
$this->commentRepo->delete($comment);

View File

@@ -3,6 +3,7 @@
namespace BookStack\App\Providers;
use BookStack\Uploads\ImageService;
use BookStack\Util\UrlFilter;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\ServiceProvider;
@@ -21,10 +22,8 @@ class ValidationRuleServiceProvider extends ServiceProvider
Validator::extend('safe_url', function ($attribute, $value, $parameters, $validator) {
$cleanLinkName = strtolower(trim($value));
$isJs = str_starts_with($cleanLinkName, 'javascript:');
$isData = str_starts_with($cleanLinkName, 'data:');
return !$isJs && !$isData;
$filter = new UrlFilter($cleanLinkName);
return $filter->isAllowed();
});
}
}

View File

@@ -10,7 +10,7 @@ class PwaManifestBuilder
// does not start a session, so we won't have current user context.
// This was attempted but removed since manifest calls could affect user session
// history tracking and back redirection.
// Context: https://github.com/BookStackApp/BookStack/issues/4649
// Context: https://codeberg.org/bookstack/bookstack/issues/4649
$darkMode = (bool) setting()->getForCurrentUser('dark-mode-enabled');
$appName = setting('app-name');

View File

@@ -72,6 +72,17 @@ return [
// Current host and source for the "DRAWIO" setting will be auto-appended to the sources configured.
'iframe_sources' => env('ALLOWED_IFRAME_SOURCES', 'https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com'),
// A list of style sources/hostnames that can be loaded styles within BookStack.
// Space separated if multiple. BookStack host domain is auto-inferred.
// If not set, a permissive default set is used to reduce potential breakage.
'style_sources' => env('ALLOWED_STYLE_SOURCES', null),
// A list of sources/hostnames that can be loaded as image content within BookStack.
// Space separated if multiple. BookStack host domain is auto-inferred, in addition to
// data and blob images, due to their use for various functionality.
// If not set, a permissive default set is used to reduce potential breakage.
'image_sources' => env('ALLOWED_IMAGE_SOURCES', null),
// A list of the sources/hostnames that can be reached by application SSR calls.
// This is used wherever users can provide URLs/hosts in-platform, like for webhooks.
// Host-specific functionality (usually controlled via other options) like auth

View File

@@ -81,7 +81,6 @@ return [
'strict' => false,
'engine' => null,
'options' => extension_loaded('pdo_mysql') ? array_filter([
// @phpstan-ignore class.notFound
(PHP_VERSION_ID >= 80500 ? \Pdo\Mysql::ATTR_SSL_CA : \PDO::MYSQL_ATTR_SSL_CA) => env('MYSQL_ATTR_SSL_CA'),
]) : [],
],

View File

@@ -68,7 +68,7 @@ return [
* Times-Roman, Times-Bold, Times-BoldItalic, Times-Italic,
* Symbol, ZapfDingbats.
*/
'font_dir' => storage_path('fonts/'), // advised by dompdf (https://github.com/dompdf/dompdf/pull/782)
'font_dir' => storage_path('fonts/dompdf'), // advised by dompdf (https://github.com/dompdf/dompdf/pull/782)
/**
* The location of the DOMPDF font cache directory.
@@ -78,7 +78,7 @@ return [
*
* Note: This directory must exist and be writable by the webserver process.
*/
'font_cache' => storage_path('fonts/'),
'font_cache' => storage_path('fonts/dompdf/cache'),
/**
* The location of a temporary directory.

View File

@@ -7,6 +7,7 @@ use BookStack\Theming\ThemeModule;
use BookStack\Theming\ThemeModuleException;
use BookStack\Theming\ThemeModuleManager;
use BookStack\Theming\ThemeModuleZip;
use BookStack\Util\UrlComparison;
use GuzzleHttp\Psr7\Request;
use Illuminate\Console\Command;
use Illuminate\Support\Str;
@@ -199,7 +200,6 @@ class InstallModuleCommand extends Command
{
$httpRequests = app()->make(HttpRequestService::class);
$client = $httpRequests->buildClient(30, ['stream' => true]);
$originalUrl = parse_url($location);
$currentLocation = $location;
$maxRedirects = 3;
$redirectCount = 0;
@@ -212,12 +212,11 @@ class InstallModuleCommand extends Command
if ($statusCode >= 300 && $statusCode < 400 && $redirectCount < $maxRedirects) {
$redirectLocation = $resp->getHeaderLine('Location');
if ($redirectLocation) {
$redirectUrl = parse_url($redirectLocation);
$redirectOriginMatches = ($originalUrl['host'] ?? '') === ($redirectUrl['host'] ?? '')
&& ($originalUrl['scheme'] ?? '') === ($redirectUrl['scheme'] ?? '')
&& ($originalUrl['port'] ?? '') === ($redirectUrl['port'] ?? '');
$comparison = new UrlComparison($location, $redirectLocation);
$redirectOriginMatches = $comparison->originsMatch();
if (!$redirectOriginMatches) {
$redirectUrl = parse_url($redirectLocation);
$redirectOrigin = ($redirectUrl['scheme'] ?? '') . '://' . ($redirectUrl['host'] ?? '') . (isset($redirectUrl['port']) ? ':' . $redirectUrl['port'] : '');
$this->info("The download URL is redirecting to a different site: {$redirectOrigin}");
$shouldContinue = $this->confirm("Do you trust downloading the module from this site?");

View File

@@ -25,6 +25,7 @@ class Handler extends ExceptionHandler
protected $dontReport = [
NotFoundException::class,
StoppedAuthenticationException::class,
NotifyException::class,
];
/**

View File

@@ -6,18 +6,22 @@ use Exception;
use Illuminate\Contracts\Support\Responsable;
use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
/**
* An exception that is thrown to notify the user of something which went wrong.
* Typically these should be translated messages since they will be shown to the end user
* via a pop up notification error message in the UI.
*
* This exception is not intended to be used for internal system/application errors,
* and therefore will not be logged by the exception handler.
*/
class NotifyException extends Exception implements Responsable, HttpExceptionInterface
{
public $message;
public string $redirectLocation;
protected int $status;
public function __construct(string $message, string $redirectLocation = '/', int $status = 500)
{
public function __construct(
string $message,
public string $redirectLocation = '/',
protected int $status = 500
) {
$this->message = $message;
$this->redirectLocation = $redirectLocation;
$this->status = $status;
parent::__construct();
}

View File

@@ -4,6 +4,8 @@ namespace BookStack\Exports;
use BookStack\Exceptions\PdfExportException;
use Dompdf\Dompdf;
use FontLib\Font;
use Illuminate\Support\Str;
use Knp\Snappy\Pdf as SnappyPdf;
use Symfony\Component\Process\Exception\ProcessTimedOutException;
use Symfony\Component\Process\Process;
@@ -60,12 +62,65 @@ class PdfGenerator
$domPdf = new Dompdf($options);
$domPdf->setBasePath(base_path('public'));
$fontMetrics = $domPdf->getFontMetrics();
$userFontfamilies = $this->getUserDomPdfFontFamilies();
foreach ($userFontfamilies as $fontFamily => $fonts) {
try {
$fontMetrics->setFontFamily($fontFamily, $fonts);
} catch (\Exception $exception) {
$expectedPath = storage_path('fonts/dompdf');
throw new PdfExportException("Failed to create required font data in {$expectedPath}, Ensure all content in this location is writable by the web server");
}
}
$domPdf->loadHTML($this->convertEntities($html));
$domPdf->render();
return (string) $domPdf->output();
}
/**
* @return array<string, array<string, string>>
*/
protected function getUserDomPdfFontFamilies(): array
{
$fontStore = storage_path('fonts/dompdf');
if (!is_dir($fontStore)) {
return [];
}
$fontFamilies = [];
$fontFiles = glob($fontStore . DIRECTORY_SEPARATOR . '*.ttf');
foreach ($fontFiles as $fontFile) {
$fontFileName = basename($fontFile, '.ttf');
$expectedUfm = $fontStore . DIRECTORY_SEPARATOR . $fontFileName . '.ufm';
if (!file_exists($expectedUfm)) {
$font = Font::load($fontFile);
$font->parse();
try {
$font->saveAdobeFontMetrics($expectedUfm);
} catch (\Exception $exception) {
throw new PdfExportException("Failed to create required font data at $expectedUfm, Ensure this location is writable by the web server");
}
}
$nameParts = explode('-', $fontFileName);
if (count($nameParts) === 1 || $nameParts[1] === 'Regular') {
$nameParts[1] = 'Normal';
}
$family = trim(strtolower(preg_replace('/([A-Z])/', ' $1', $nameParts[0])));
$variation = Str::snake($nameParts[1]);
if (!isset($fontFamilies[$family])) {
$fontFamilies[$family] = [];
}
$fontFamilies[$family][$variation] = $fontStore . DIRECTORY_SEPARATOR . $fontFileName;
}
return $fontFamilies;
}
/**
* @throws PdfExportException
*/

View File

@@ -119,7 +119,7 @@ class SearchIndex
* Create a scored term array from the given text, where the keys are the terms
* and the values are their scores.
*
* @return array<string, int>
* @return array<string, float>
*/
protected function generateTermScoreMapFromText(string $text, float $scoreAdjustment = 1): array
{
@@ -136,7 +136,7 @@ class SearchIndex
* Create a scored term array from the given HTML, where the keys are the terms
* and the values are their scores.
*
* @return array<string, int>
* @return array<string, float>
*/
protected function generateTermScoreMapFromHtml(string $html): array
{
@@ -177,7 +177,7 @@ class SearchIndex
*
* @param Tag[] $tags
*
* @return array<string, int>
* @return array<string, float>
*/
protected function generateTermScoreMapFromTags(array $tags): array
{
@@ -277,9 +277,9 @@ class SearchIndex
* For the given term data arrays, Merge their contents by term
* while combining any scores.
*
* @param array<string, int>[] ...$scoreMaps
* @param array<string, float>[] ...$scoreMaps
*
* @return array<string, int>
* @return array<string, float>
*/
protected function mergeTermScoreMaps(...$scoreMaps): array
{

View File

@@ -120,8 +120,14 @@ class SearchRunner
$filter = function (EloquentBuilder $query) use ($exact) {
$inputTerm = str_replace('\\', '\\\\', $exact->value);
$query->where('name', 'like', '%' . $inputTerm . '%')
->orWhere('description', 'like', '%' . $inputTerm . '%')
->orWhere('text', 'like', '%' . $inputTerm . '%');
->orWhere(function (EloquentBuilder $query) use ($inputTerm) {
$query->whereNotNull('description')
->where('description', 'like', '%' . $inputTerm . '%');
})
->orWhere(function (EloquentBuilder $query) use ($inputTerm) {
$query->whereNotNull('text')
->where('text', 'like', '%' . $inputTerm . '%');
});
};
$exact->negated ? $entityQuery->whereNot($filter) : $entityQuery->where($filter);
@@ -284,7 +290,7 @@ class SearchRunner
$query->where('name', '=', $tagParts['name']);
}
if (is_numeric($tagParts['value']) && $tagParts['operator'] !== 'like') {
if (is_numeric($tagParts['value']) && is_finite($tagParts['value']) && $tagParts['operator'] !== 'like') {
// We have to do a raw sql query for this since otherwise PDO will quote the value and MySQL will
// search the value as a string which prevents being able to do number-based operations
// on the tag values. We ensure it has a numeric value and then cast it just to be sure.

View File

@@ -4,37 +4,12 @@ namespace BookStack\Sorting;
class BookSortMapItem
{
/**
* @var int
*/
public $id;
/**
* @var int
*/
public $sort;
/**
* @var ?int
*/
public $parentChapterId;
/**
* @var string
*/
public $type;
/**
* @var int
*/
public $parentBookId;
public function __construct(int $id, int $sort, ?int $parentChapterId, string $type, int $parentBookId)
{
$this->id = $id;
$this->sort = $sort;
$this->parentChapterId = $parentChapterId;
$this->type = $type;
$this->parentBookId = $parentBookId;
public function __construct(
public int $id,
public int $sort,
public int|null $parentChapterId,
public string $type,
public int $parentBookId,
) {
}
}

View File

@@ -168,7 +168,7 @@ class BookSorter
$model->priority = $sortMapItem->sort;
}
if ($chapterChanged || $priorityChanged) {
if ($priorityChanged || $chapterChanged) {
$model::withoutTimestamps(fn () => $model->save());
}
}

View File

@@ -64,6 +64,7 @@ class LocaleManager
'sq' => 'sq_AL',
'sr' => 'sr_RS',
'sv' => 'sv_SE',
'th' => 'th_TH',
'tk' => 'tk_TM',
'tr' => 'tr_TR',
'uk' => 'uk_UA',

View File

@@ -10,6 +10,7 @@ use BookStack\Permissions\PermissionApplicator;
use BookStack\Users\Models\HasCreatorAndUpdater;
use BookStack\Users\Models\OwnableInterface;
use BookStack\Users\Models\User;
use BookStack\Util\UrlFilter;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
@@ -71,7 +72,7 @@ class Attachment extends Model implements OwnableInterface
public function getUrl($openInline = false): string
{
if ($this->external && !str_starts_with($this->path, 'http')) {
return $this->path;
return (new UrlFilter($this->path))->clean();
}
return url('/attachments/' . $this->id . ($openInline ? '?open=true' : ''));

View File

@@ -11,6 +11,7 @@ use BookStack\Http\Controller;
use BookStack\Permissions\Permission;
use BookStack\Uploads\Attachment;
use BookStack\Uploads\AttachmentService;
use BookStack\Util\UrlFilter;
use Exception;
use Illuminate\Contracts\Filesystem\FileNotFoundException;
use Illuminate\Http\Request;
@@ -107,6 +108,9 @@ class AttachmentController extends Controller
{
/** @var Attachment $attachment */
$attachment = Attachment::query()->findOrFail($attachmentId);
$this->checkOwnablePermission(Permission::PageView, $attachment->page);
$this->checkOwnablePermission(Permission::PageUpdate, $attachment->page);
$this->checkOwnablePermission(Permission::AttachmentUpdate, $attachment);
try {
$this->validate($request, [
@@ -120,10 +124,6 @@ class AttachmentController extends Controller
]), 422);
}
$this->checkOwnablePermission(Permission::PageView, $attachment->page);
$this->checkOwnablePermission(Permission::PageUpdate, $attachment->page);
$this->checkOwnablePermission(Permission::AttachmentUpdate, $attachment);
$attachment = $this->attachmentService->updateFile($attachment, [
'name' => $request->input('attachment_edit_name'),
'link' => $request->input('attachment_edit_url'),
@@ -142,6 +142,10 @@ class AttachmentController extends Controller
public function attachLink(Request $request)
{
$pageId = $request->input('attachment_link_uploaded_to');
$page = $this->pageQueries->findVisibleByIdOrFail($pageId);
$this->checkPermission(Permission::AttachmentCreateAll);
$this->checkOwnablePermission(Permission::PageUpdate, $page);
try {
$this->validate($request, [
@@ -156,11 +160,6 @@ class AttachmentController extends Controller
]), 422);
}
$page = $this->pageQueries->findVisibleByIdOrFail($pageId);
$this->checkPermission(Permission::AttachmentCreateAll);
$this->checkOwnablePermission(Permission::PageUpdate, $page);
$attachmentName = $request->input('attachment_link_name');
$link = $request->input('attachment_link_url');
$this->attachmentService->saveNewFromLink($attachmentName, $link, intval($pageId));
@@ -195,6 +194,7 @@ class AttachmentController extends Controller
$this->validate($request, [
'order' => ['required', 'array'],
]);
$page = $this->pageQueries->findVisibleByIdOrFail($pageId);
$this->checkOwnablePermission(Permission::PageUpdate, $page);
@@ -221,10 +221,9 @@ class AttachmentController extends Controller
throw new NotFoundException(trans('errors.attachment_not_found'));
}
$this->checkOwnablePermission(Permission::PageView, $page);
if ($attachment->external) {
return redirect($attachment->path);
$url = (new UrlFilter($attachment->path))->clean();
return redirect($url);
}
$fileName = $attachment->getFileName();
@@ -247,6 +246,13 @@ class AttachmentController extends Controller
{
/** @var Attachment $attachment */
$attachment = Attachment::query()->findOrFail($attachmentId);
try {
$this->pageQueries->findVisibleByIdOrFail($attachment->uploaded_to);
} catch (NotFoundException $exception) {
throw new NotFoundException(trans('errors.attachment_not_found'));
}
$this->checkOwnablePermission(Permission::AttachmentDelete, $attachment);
$this->attachmentService->deleteFile($attachment);

View File

@@ -2,6 +2,7 @@
namespace BookStack\Uploads\Controllers;
use BookStack\Entities\Queries\PageQueries;
use BookStack\Exceptions\ImageUploadException;
use BookStack\Http\Controller;
use BookStack\Permissions\Permission;
@@ -14,7 +15,8 @@ use Illuminate\Http\Request;
class DrawioImageController extends Controller
{
public function __construct(
protected ImageRepo $imageRepo
protected ImageRepo $imageRepo,
protected PageQueries $pageQueries,
) {
}
@@ -53,16 +55,18 @@ class DrawioImageController extends Controller
*/
public function create(Request $request)
{
$this->validate($request, [
$this->checkPermission(Permission::ImageCreateAll);
$validated = $this->validate($request, [
'image' => ['required', 'string'],
'uploaded_to' => ['required', 'integer'],
]);
$this->checkPermission(Permission::ImageCreateAll);
$imageBase64Data = $request->input('image');
$imageBase64Data = $validated['image'];
$uploadedTo = $validated['uploaded_to'];
$targetPage = $this->pageQueries->findVisibleByIdOrFail($uploadedTo);
$this->checkOwnablePermission(Permission::PageUpdate, $targetPage);
try {
$uploadedTo = $request->input('uploaded_to', 0);
$image = $this->imageRepo->saveDrawing($imageBase64Data, $uploadedTo);
} catch (ImageUploadException $e) {
return response($e->getMessage(), 500);

View File

@@ -2,6 +2,7 @@
namespace BookStack\Uploads\Controllers;
use BookStack\Entities\Queries\PageQueries;
use BookStack\Exceptions\ImageUploadException;
use BookStack\Http\Controller;
use BookStack\Permissions\Permission;
@@ -14,7 +15,8 @@ use Illuminate\Validation\ValidationException;
class GalleryImageController extends Controller
{
public function __construct(
protected ImageRepo $imageRepo
protected ImageRepo $imageRepo,
protected PageQueries $pageQueries,
) {
}
@@ -56,20 +58,26 @@ class GalleryImageController extends Controller
$this->checkPermission(Permission::ImageCreateAll);
try {
$this->validate($request, [
$validated = $this->validate($request, [
'file' => $this->getImageValidationRules(),
'uploaded_to' => ['required', 'integer'],
]);
} catch (ValidationException $exception) {
return $this->jsonError(implode("\n", $exception->errors()['file']));
$errors = $exception->errors();
$messages = array_merge($errors['file'] ?? [], $errors['uploaded_to'] ?? []);
return $this->jsonError(implode("\n", $messages));
}
$uploadedTo = intval($validated['uploaded_to']);
$targetPage = $this->pageQueries->findVisibleByIdOrFail($uploadedTo);
$this->checkOwnablePermission(Permission::PageUpdate, $targetPage);
new OutOfMemoryHandler(function () {
return $this->jsonError(trans('errors.image_upload_memory_limit'));
});
try {
$imageUpload = $request->file('file');
$uploadedTo = $request->input('uploaded_to', 0);
$imageUpload = $validated['file'];
$image = $this->imageRepo->saveNew($imageUpload, 'gallery', $uploadedTo);
} catch (ImageUploadException $e) {
return response($e->getMessage(), 500);

View File

@@ -75,6 +75,7 @@ class ImageGalleryApiController extends ApiController
$this->checkPermission(Permission::ImageCreateAll);
$data = $this->validate($request, $this->rules()['create']);
$page = $this->pageQueries->findVisibleByIdOrFail($data['uploaded_to']);
$this->checkOwnablePermission(Permission::PageUpdate, $page);
$image = $this->imageRepo->saveNew($data['image'], $data['type'], $page->id);

View File

@@ -4,6 +4,7 @@ namespace BookStack\Users\Controllers;
use BookStack\Access\SocialDriverManager;
use BookStack\Access\UserInviteException;
use BookStack\Activity\ActivityType;
use BookStack\Exceptions\ImageUploadException;
use BookStack\Exceptions\UserUpdateException;
use BookStack\Http\Controller;
@@ -208,4 +209,20 @@ class UserController extends Controller
return redirect('/settings/users');
}
/**
* Reset MFA for the specified user.
*/
public function resetMfa(Request $request, int $id)
{
$this->preventAccessInDemoMode();
$this->checkPermission(Permission::UsersManage);
$user = $this->userRepo->getById($id);
$user->mfaValues()->delete();
$this->logActivity(ActivityType::USER_MFA_RESET, $user);
return redirect("/settings/users/{$user->id}");
}
}

View File

@@ -30,6 +30,8 @@ class CspService
$this->getFrameAncestors(),
$this->getFrameSrc(),
$this->getScriptSrc(),
$this->getStyleSrc(),
$this->getImgSrc(),
$this->getObjectSrc(),
$this->getBaseUri(),
];
@@ -45,6 +47,8 @@ class CspService
$headers = [
$this->getFrameSrc(),
$this->getScriptSrc(),
$this->getStyleSrc(),
$this->getImgSrc(),
$this->getObjectSrc(),
$this->getBaseUri(),
];
@@ -115,6 +119,22 @@ class CspService
return "object-src 'self'";
}
/**
* Creates CSP 'style-src' rule to restrict where styles can be loaded from.
*/
protected function getStyleSrc(): string
{
return 'style-src ' . implode(' ', $this->getAllowedStyleSources());
}
/**
* Creates CSP 'img-src' rule to restrict where images can be loaded from.
*/
protected function getImgSrc(): string
{
return 'img-src ' . implode(' ', $this->getAllowedImageSources());
}
/**
* Creates CSP 'base-uri' rule to restrict what base tags can be set on
* the page to prevent manipulation of relative links.
@@ -144,6 +164,59 @@ class CspService
return array_filter($sources);
}
/**
* Get allowed style sources for the style-src directive.
*/
protected function getAllowedStyleSources(): array
{
$configured = config('app.style_sources');
if (is_string($configured)) {
$sources = array_filter(explode(' ', $configured));
array_unshift($sources, "'self'");
// Ensure 'unsafe-inline' is quoted if present
// This is done as attempting to pass this in env values with quotes can either
// be awkward or cause issues.
$unsafeInlineIndex = array_search('unsafe-inline', $sources, true);
if ($unsafeInlineIndex !== false) {
$sources[$unsafeInlineIndex] = "'unsafe-inline'";
}
return array_values(array_unique($sources));
}
return [
"'self'",
"'unsafe-inline'",
'http:',
'https:',
];
}
/**
* Get allowed image sources for the img-src directive.
*/
protected function getAllowedImageSources(): array
{
$configured = config('app.image_sources');
if (is_string($configured)) {
$sources = array_filter(explode(' ', $configured));
array_unshift($sources, "'self'", 'blob:', 'data:');
return array_values(array_unique($sources));
}
return [
"'self'",
'data:',
'blob:',
'http:',
'https:',
];
}
/**
* Extract the host name of the configured drawio URL for use in CSP.
* Returns empty string if not in use.

View File

@@ -2,6 +2,7 @@
namespace BookStack\Util;
use BookStack\Util\HtmlPurifier\ConfiguredHtmlPurifier;
use DOMAttr;
use DOMElement;
use DOMNodeList;

View File

@@ -1,13 +1,16 @@
<?php
namespace BookStack\Util;
namespace BookStack\Util\HtmlPurifier;
use BookStack\App\AppVersion;
use BookStack\Util\HtmlPurifier\Filters\UriLimitFileProtocolToAnchors;
use BookStack\Util\UrlFilter;
use HTMLPurifier;
use HTMLPurifier_Config;
use HTMLPurifier_DefinitionCache_Serializer;
use HTMLPurifier_HTML5Config;
use HTMLPurifier_HTMLDefinition;
use HTMLPurifier_URIDefinition;
/**
* Provides a configured HTML Purifier instance.
@@ -33,7 +36,12 @@ class ConfiguredHtmlPurifier
$htmlDef = $config->getDefinition('HTML', true, true);
if ($htmlDef instanceof HTMLPurifier_HTMLDefinition) {
$this->configureDefinition($htmlDef);
$this->configureHtmlDefinition($htmlDef);
}
$uriDef = $config->getDefinition('URI', true, true);
if ($uriDef instanceof HTMLPurifier_URIDefinition) {
$this->configureUriDefinition($uriDef);
}
$this->purifier = new HTMLPurifier($config);
@@ -77,21 +85,18 @@ class ConfiguredHtmlPurifier
$config->set('Attr.ID.HTML5', true);
$config->set('Output.FixInnerHTML', false);
$config->set('URI.SafeIframeRegexp', '%^(http://|https://|//)%');
$config->set('URI.AllowedSchemes', [
'http' => true,
'https' => true,
'mailto' => true,
'ftp' => true,
'nntp' => true,
'news' => true,
'tel' => true,
'file' => true,
]);
$allowedSchemes = UrlFilter::getAllowedSchemes();
$allowedSchemesSetting = [];
foreach ($allowedSchemes as $scheme) {
$allowedSchemesSetting[$scheme] = true;
}
$config->set('URI.AllowedSchemes', $allowedSchemesSetting);
// $config->set('Cache.DefinitionImpl', null); // Disable cache during testing
}
public function configureDefinition(HTMLPurifier_HTMLDefinition $definition): void
protected function configureHtmlDefinition(HTMLPurifier_HTMLDefinition $definition): void
{
// Allow the object element
$definition->addElement(
@@ -149,6 +154,15 @@ class ConfiguredHtmlPurifier
// Allow mention-ids on links
$definition->addAttribute('a', 'data-mention-user-id', 'Number');
// Set up custom handler for srcset to limit accepted types
$definition->addAttribute('img', 'srcset', new SrcsetAttrDef());
$definition->addAttribute('source', 'srcset', new SrcsetAttrDef());
}
protected function configureUriDefinition(HTMLPurifier_URIDefinition $definition): void
{
$definition->registerFilter(new UriLimitFileProtocolToAnchors());
}
public function purify(string $html): string

View File

@@ -0,0 +1,53 @@
<?php
namespace BookStack\Util\HtmlPurifier\Filters;
use HTMLPurifier_Config;
use HTMLPurifier_Context;
use HTMLPurifier_URI;
use HTMLPurifier_URIFilter;
/**
* Limits file:// URIs to only be used on anchor tags href attributes.
* This prevents use on iframes/embeds/images where they can be used to load external
* content on the network, triggering calls which may include NTLM auth hashes when in
* certain windows based environments.
*/
class UriLimitFileProtocolToAnchors extends HTMLPurifier_URIFilter
{
/**
* @type string
*/
public $name = 'LimitFileProtocolToAnchors';
/**
* @type bool
*/
public $always_load = true;
/**
* @param HTMLPurifier_URI $uri
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function filter(&$uri, $config, $context)
{
// Ensure we're only filtering file:// URIs'
if ($uri->scheme !== 'file') {
return true;
}
$token = $context->get('CurrentToken', true);
$attr = $context->get('CurrentAttr', true);
// Only allow if used on hrefs on anchor tags
$isAnchor = $token && $token->name === 'a';
$isHref = $attr === 'href';
if ($isAnchor && $isHref) {
return true;
}
return false;
}
}

View File

@@ -0,0 +1,26 @@
<?php
namespace BookStack\Util\HtmlPurifier;
use HTMLPurifier_AttrDef;
/**
* Custom attribute definition to filter out potentially dangerous
* values from the srcset attribute.
*/
class SrcsetAttrDef extends HTMLPurifier_AttrDef
{
public function validate($string, $config, $context)
{
$lower = strtolower($string);
$nonAllowed = ['javascript:', 'vbscript:', 'data:', 'file:'];
foreach ($nonAllowed as $nonAllowedString) {
if (str_contains($lower, $nonAllowedString)) {
return false;
}
}
return $string;
}
}

View File

@@ -8,6 +8,10 @@ use BookStack\Exceptions\HttpFetchException;
* Validate the host we're connecting to when making a server-side-request.
* Will use the given hosts config if given during construction otherwise
* will look to the app configured config.
*
* The config format is a space-seperated list of URL prefixes which should contain the
* protocol and host. It can optionally define a path prefix as part of the URL.
* Wildcards, via a '*', can be used within these elements to match anything but a '/'.
*/
class SsrUrlValidator
{
@@ -48,15 +52,34 @@ class SsrUrlValidator
{
$pattern = rtrim(trim($pattern), '/');
$url = trim($url);
$urlParts = parse_url($url);
if (empty($pattern) || empty($url)) {
if (empty($pattern) || empty($url) || $urlParts === false) {
return false;
}
$quoted = preg_quote($pattern, '/');
$regexPattern = str_replace('\*', '.*', $quoted);
// Prevent potential tricks using percent encoded slashes
if (str_contains(strtolower($urlParts['host'] ?? ''), '%2f')) {
return false;
}
return preg_match('/^' . $regexPattern . '($|\/.*$|#.*$)/i', $url);
// Disregard query and fragment
$url = explode('?', $url, 2)[0];
$url = explode('#', $url, 2)[0];
// Disregard userinfo if existing
if (!empty($urlParts['user']) || !empty($urlParts['pass'])) {
[$start, $postUserinfo] = explode('@', $url, 2);
$preUserinfo = explode('//', $start, 2)[0];
$url = ($preUserinfo ? $preUserinfo . '//' : '') . $postUserinfo;
}
// Prepare pattern
$quoted = preg_quote($pattern, '/');
$regexPattern = str_replace('\*', '[^\/]*', $quoted);
// Check against our URL
return preg_match('/^' . $regexPattern . '($|\/.*$)/i', $url);
}
/**

View File

@@ -0,0 +1,36 @@
<?php
namespace BookStack\Util;
class UrlComparison
{
public function __construct(
protected readonly string $a,
protected readonly string $b,
) {
}
/**
* Check if the two URLs have the same origin.
*/
public function originsMatch(): bool
{
$aParts = parse_url($this->a);
$bParts = parse_url($this->b);
return ($aParts['host'] ?? '') === ($bParts['host'] ?? '')
&& ($aParts['scheme'] ?? '') === ($bParts['scheme'] ?? '')
&& ($aParts['port'] ?? '') === ($bParts['port'] ?? '');
}
/**
* Check if there's some overlap between the two URLs' paths.
*/
public function pathsOverlap(): bool
{
$aPath = parse_url($this->a, PHP_URL_PATH) ?? '';
$bPath = parse_url($this->b, PHP_URL_PATH) ?? '';
return str_starts_with($aPath, $bPath) || str_starts_with($bPath, $aPath);
}
}

103
app/Util/UrlFilter.php Normal file
View File

@@ -0,0 +1,103 @@
<?php
declare(strict_types=1);
namespace BookStack\Util;
/**
* Helps filter URLs to prevent use of undesired schemes.
* Also parses and rebuilds the URL to ensure it's valid.
*/
class UrlFilter
{
protected static array $allowedSchemes = ['http', 'https', 'mailto', 'tel', 'file', 'ftp', 'nntp', 'news'];
protected string $url;
public function __construct(string $url)
{
$this->url = trim($url);
}
/**
* Check if the URL is allowed to be generally used as a link
* in the application. This does not assure the original URL string
* provided is safe as-is. Ensure you use the clean method to produce
* a URL that is considered safe to use.
*/
public function isAllowed(): bool
{
$urlParts = parse_url($this->url);
if (!$urlParts) {
return false;
}
// Extra check to help avoid scenarios where non-standard characters are used in the scheme
// to work around parse_url handling with URLs which may be interpreted by the browser differently.
if (str_contains($this->url, ':') && !preg_match('/^[a-z]+:/i', $this->url)) {
return false;
}
if (isset($urlParts['scheme'])) {
return in_array(strtolower($urlParts['scheme']), self::$allowedSchemes);
}
return true;
}
/**
* Clean the URL to ensure it's valid and only uses the allowed schemes.
* If the URL is not allowed, return a placeholder.
*/
public function clean(): string
{
if (!$this->isAllowed()) {
return '#badlink';
}
$urlParts = parse_url($this->url);
if (!$urlParts) {
return '#badlink';
}
$url = '';
if (isset($urlParts['scheme']) || isset($urlParts['host'])) {
$scheme = strtolower($urlParts['scheme'] ?? 'https');
$url = $scheme . ':' . (isset($urlParts['host']) ? '//' : '');
}
if (isset($urlParts['user']) || isset($urlParts['pass'])) {
$url .= $urlParts['user'] ?? '';
if (isset($urlParts['pass'])) {
$url .= ':' . $urlParts['pass'];
}
$url .= '@';
}
if (isset($urlParts['host'])) {
$url .= $urlParts['host'];
}
if (isset($urlParts['port'])) {
$url .= ':' . $urlParts['port'];
}
if (isset($urlParts['path'])) {
$url .= $urlParts['path'];
}
if (isset($urlParts['query'])) {
$url .= '?' . $urlParts['query'];
}
if (isset($urlParts['fragment'])) {
$url .= '#' . $urlParts['fragment'];
}
return $url;
}
/**
* Get schemes that are allowed to be used in content links.
*/
public static function getAllowedSchemes(): array
{
return self::$allowedSchemes;
}
}

818
composer.lock generated

File diff suppressed because it is too large Load Diff

View File

@@ -1,10 +1,13 @@
project_id: "377219"
project_identifier: bookstack
api_token_env: CROWDIN_PERSONAL_TOKEN
base_path: .
preserve_hierarchy: false
pull_request_title: Updated translations with latest Crowdin changes
pull_request_labels:
- ":earth_africa: Translations"
- "Translations"
files:
- source: /lang/en/*.php
translation: /lang/%two_letters_code%/%original_file_name%

View File

@@ -18,7 +18,7 @@ ARG BRANCH=development
# Download BookStack & install PHP deps
RUN mkdir -p /var/www && \
git clone https://github.com/bookstackapp/bookstack.git --branch "$BRANCH" --single-branch /var/www/bookstack && \
git clone https://codeberg.org/bookstack/bookstack.git --branch "$BRANCH" --single-branch /var/www/bookstack && \
cd /var/www/bookstack && \
wget https://raw.githubusercontent.com/composer/getcomposer.org/f3108f64b4e1c1ce6eb462b159956461592b3e3e/web/installer -O - -q | php -- --quiet --filename=composer && \
php composer install

View File

@@ -74,7 +74,7 @@ Theme::registerCommand(new SayHelloCommand());
## Available Events
All available events dispatched by BookStack are exposed as static properties on the `\BookStack\Theming\ThemeEvents` class, which can be found within the file `app/Theming/ThemeEvents.php` relative to your root BookStack folder. Alternatively, the events for the latest release can be [seen on GitHub here](https://github.com/BookStackApp/BookStack/blob/release/app/Theming/ThemeEvents.php).
All available events dispatched by BookStack are exposed as static properties on the `\BookStack\Theming\ThemeEvents` class, which can be found within the file `app/Theming/ThemeEvents.php` relative to your root BookStack folder. Alternatively, the events for the latest release can be [seen on Codeberg here](https://codeberg.org/bookstack/bookstack/src/branch/release/app/Theming/ThemeEvents.php).
The comments above each constant with the `ThemeEvents.php` file describe the dispatch conditions of the event, in addition to the arguments the action will receive. The comments may also describe any ways the return value of the action may be used.

View File

@@ -12,13 +12,13 @@ Feature releases are generally larger, bringing new features in addition to fixe
### Release Planning Process
Each BookStack release will have a [milestone](https://github.com/BookStackApp/BookStack/milestones) created with issues & pull requests assigned to it to define what will be in that release. Milestones are built up then worked through until complete at which point, after some testing and documentation updates, the release will be deployed.
Each BookStack release will have a [milestone](https://codeberg.org/bookstack/bookstack/milestones) created with issues & pull requests assigned to it to define what will be in that release. Milestones are built up then worked through until complete at which point, after some testing and documentation updates, the release will be deployed.
### Release Announcements
Feature releases, and some patch releases, will be accompanied by a post on the [BookStack blog](https://www.bookstackapp.com/blog/) which will provide additional detail on features, changes & updates otherwise the [GitHub release page](https://github.com/BookStackApp/BookStack/releases) will show a list of changes. You can sign up to be alerted to new BookStack blog posts (once per week maximum) [at this link](https://updates.bookstackapp.com/signup/bookstack-news-and-updates).
Feature releases, and some patch releases, will be accompanied by a post on the [BookStack blog](https://www.bookstackapp.com/blog/) which will provide additional detail on features, changes & updates otherwise the [Codeberg release page](https://codeberg.org/bookstack/bookstack/releases) will show a list of changes. You can sign up to be alerted to new BookStack blog posts (once per week maximum) [at this link](https://updates.bookstackapp.com/signup/bookstack-news-and-updates).
### Release Technical Process
Deploying a release, at a high level, simply involves merging the development branch into the release branch before then building & committing any release-only assets.
A helper script [can be found in our](https://github.com/BookStackApp/devops/blob/main/meta-scripts/bookstack-release-steps) devops repo which provides the steps and commands for deploying a new release.
A helper script [can be found in our](https://codeberg.org/bookstack/devops/src/branch/main/meta-scripts/bookstack-release-steps) devops repo which provides the steps and commands for deploying a new release.

View File

@@ -2,7 +2,7 @@
**Warning: This API is currently in development and may change without notice.**
Feedback is very much welcomed via this issue: https://github.com/BookStackApp/BookStack/issues/5937
Feedback is very much welcomed via this issue: https://codeberg.org/bookstack/bookstack/issues/5937
This document covers the JavaScript API for the (newer Lexical-based) WYSIWYG editor.
This API is built and designed to abstract the internals of the editor away

View File

@@ -69,8 +69,9 @@ Source: zeit/arg
Link: zeit/arg
-----------
argparse
License: Python-2.0
License: MIT
License File: node_modules/argparse/LICENSE
Copyright: Copyright (C) 2012 by Vitaly Puzrin
Source: nodeca/argparse
Link: nodeca/argparse
-----------
@@ -81,34 +82,6 @@ Copyright: Copyright (c) 2023 Inspect JS
Source: git+https://github.com/inspect-js/array-buffer-byte-length.git
Link: https://github.com/inspect-js/array-buffer-byte-length#readme
-----------
array-includes
License: MIT
License File: node_modules/array-includes/LICENSE
Copyright: Copyright (C) 2015 Jordan Harband
Source: git://github.com/es-shims/array-includes.git
Link: git://github.com/es-shims/array-includes.git
-----------
array.prototype.findlastindex
License: MIT
License File: node_modules/array.prototype.findlastindex/LICENSE
Copyright: Copyright (c) 2021 ECMAScript Shims
Source: git+https://github.com/es-shims/Array.prototype.findLastIndex.git
Link: https://github.com/es-shims/Array.prototype.findLastIndex#readme
-----------
array.prototype.flat
License: MIT
License File: node_modules/array.prototype.flat/LICENSE
Copyright: Copyright (c) 2017 ECMAScript Shims
Source: git://github.com/es-shims/Array.prototype.flat.git
Link: git://github.com/es-shims/Array.prototype.flat.git
-----------
array.prototype.flatmap
License: MIT
License File: node_modules/array.prototype.flatmap/LICENSE
Copyright: Copyright (c) 2017 ECMAScript Shims
Source: git://github.com/es-shims/Array.prototype.flatMap.git
Link: git://github.com/es-shims/Array.prototype.flatMap.git
-----------
arraybuffer.prototype.slice
License: MIT
License File: node_modules/arraybuffer.prototype.slice/LICENSE
@@ -169,9 +142,14 @@ Link: https://github.com/jestjs/jest.git
balanced-match
License: MIT
License File: node_modules/balanced-match/LICENSE.md
Copyright: Copyright (c) 2013 Julian Gruber &lt;******@************.***&gt;
Source: git://github.com/juliangruber/balanced-match.git
Link: https://github.com/juliangruber/balanced-match
Link: git://github.com/juliangruber/balanced-match.git
-----------
baseline-browser-mapping
License: Apache-2.0
License File: node_modules/baseline-browser-mapping/LICENSE.txt
Source: git+https://github.com/web-platform-dx/baseline-browser-mapping.git
Link: git+https://github.com/web-platform-dx/baseline-browser-mapping.git
-----------
binary-extensions
License: MIT
@@ -184,9 +162,8 @@ Link: sindresorhus/binary-extensions
brace-expansion
License: MIT
License File: node_modules/brace-expansion/LICENSE
Copyright: Copyright (c) 2013 Julian Gruber <******@************.***>
Source: git://github.com/juliangruber/brace-expansion.git
Link: https://github.com/juliangruber/brace-expansion
Source: git+ssh://git@github.com/juliangruber/brace-expansion.git
Link: git+ssh://git@github.com/juliangruber/brace-expansion.git
-----------
braces
License: MIT
@@ -472,8 +449,8 @@ Link: git://github.com/ljharb/define-properties.git
detect-libc
License: Apache-2.0
License File: node_modules/detect-libc/LICENSE
Source: git://github.com/lovell/detect-libc
Link: git://github.com/lovell/detect-libc
Source: git://github.com/lovell/detect-libc.git
Link: git://github.com/lovell/detect-libc.git
-----------
detect-newline
License: MIT
@@ -489,12 +466,6 @@ Copyright: Copyright (c) 2009-2015, Kevin Decker <********@*****.***>
Source: git://github.com/kpdecker/jsdiff.git
Link: git://github.com/kpdecker/jsdiff.git
-----------
doctrine
License: Apache-2.0
License File: node_modules/doctrine/LICENSE
Source: eslint/doctrine
Link: https://github.com/eslint/doctrine
-----------
dunder-proto
License: MIT
License File: node_modules/dunder-proto/LICENSE
@@ -511,8 +482,8 @@ electron-to-chromium
License: ISC
License File: node_modules/electron-to-chromium/LICENSE
Copyright: Copyright 2018 Kilian Valkhof
Source: https://github.com/kilian/electron-to-chromium/
Link: https://github.com/kilian/electron-to-chromium/
Source: git+https://github.com/Kilian/electron-to-chromium.git
Link: git+https://github.com/Kilian/electron-to-chromium.git
-----------
emittery
License: MIT
@@ -577,13 +548,6 @@ Copyright: Copyright (c) 2022 ECMAScript Shims
Source: git+https://github.com/es-shims/es-set-tostringtag.git
Link: https://github.com/es-shims/es-set-tostringtag#readme
-----------
es-shim-unscopables
License: MIT
License File: node_modules/es-shim-unscopables/LICENSE
Copyright: Copyright (c) 2022 Jordan Harband
Source: git+https://github.com/ljharb/es-shim-unscopables.git
Link: https://github.com/ljharb/es-shim-unscopables#readme
-----------
es-to-primitive
License: MIT
License File: node_modules/es-to-primitive/LICENSE
@@ -612,27 +576,6 @@ Copyright: Copyright (c) Sindre Sorhus <************@*****.***> (https://sindres
Source: sindresorhus/escape-string-regexp
Link: sindresorhus/escape-string-regexp
-----------
eslint-import-resolver-node
License: MIT
License File: node_modules/eslint-import-resolver-node/LICENSE
Copyright: Copyright (c) 2015 Ben Mosher
Source: https://github.com/import-js/eslint-plugin-import
Link: https://github.com/import-js/eslint-plugin-import
-----------
eslint-module-utils
License: MIT
License File: node_modules/eslint-module-utils/LICENSE
Copyright: Copyright (c) 2015 Ben Mosher
Source: git+https://github.com/import-js/eslint-plugin-import.git
Link: https://github.com/import-js/eslint-plugin-import#readme
-----------
eslint-plugin-import
License: MIT
License File: node_modules/eslint-plugin-import/LICENSE
Copyright: Copyright (c) 2015 Ben Mosher
Source: https://github.com/import-js/eslint-plugin-import
Link: https://github.com/import-js/eslint-plugin-import
-----------
eslint-scope
License: BSD-2-Clause
License File: node_modules/eslint-scope/LICENSE
@@ -814,6 +757,13 @@ Copyright: Copyright (c) 2019 Jordan Harband
Source: git+https://github.com/inspect-js/functions-have-names.git
Link: https://github.com/inspect-js/functions-have-names#readme
-----------
generator-function
License: MIT
License File: node_modules/generator-function/LICENSE.md
Copyright: Copyright (c) 2015 Tiancheng “Timothy” Gu
Source: git+https://github.com/TimothyGu/generator-function.git
Link: https://github.com/TimothyGu/generator-function#readme
-----------
gensync
License: MIT
License File: node_modules/gensync/LICENSE
@@ -910,7 +860,7 @@ License: MIT
License File: node_modules/handlebars/LICENSE
Copyright: Copyright (C) 2011-2019 by Yehuda Katz
Source: https://github.com/handlebars-lang/handlebars.js.git
Link: https://www.handlebarsjs.com/
Link: https://handlebarsjs.com/
-----------
has-bigints
License: MIT
@@ -1026,13 +976,6 @@ Copyright: Copyright (c) 2014-present, Lee Byron and other contributors.
Source: git://github.com/immutable-js/immutable-js.git
Link: https://immutable-js.com
-----------
import-fresh
License: MIT
License File: node_modules/import-fresh/license
Copyright: Copyright (c) Sindre Sorhus <************@*****.***> (https://sindresorhus.com)
Source: sindresorhus/import-fresh
Link: sindresorhus/import-fresh
-----------
import-local
License: MIT
License File: node_modules/import-local/license
@@ -1529,7 +1472,7 @@ License: MIT
License File: node_modules/js-yaml/LICENSE
Copyright: Copyright (C) 2011-2015 by Vitaly Puzrin
Source: nodeca/js-yaml
Link: nodeca/js-yaml
Link: https://github.com/nodeca/js-yaml
-----------
jsdom
License: MIT
@@ -1645,12 +1588,6 @@ License File: node_modules/lodash.memoize/LICENSE
Source: lodash/lodash
Link: https://lodash.com/
-----------
lodash.merge
License: MIT
License File: node_modules/lodash.merge/LICENSE
Source: lodash/lodash
Link: https://lodash.com/
-----------
lodash.throttle
License: MIT
License File: node_modules/lodash.throttle/LICENSE
@@ -1726,13 +1663,6 @@ Copyright: Copyright (c) Stephen Sugden <**@*************.***> (stephensugden.co
Source: grncdr/merge-stream
Link: grncdr/merge-stream
-----------
micromatch
License: MIT
License File: node_modules/micromatch/LICENSE
Copyright: Copyright (c) 2014-present, Jon Schlinkert.
Source: micromatch/micromatch
Link: https://github.com/micromatch/micromatch
-----------
mimic-fn
License: MIT
License File: node_modules/mimic-fn/license
@@ -1741,11 +1671,10 @@ Source: sindresorhus/mimic-fn
Link: sindresorhus/mimic-fn
-----------
minimatch
License: ISC
License File: node_modules/minimatch/LICENSE
Copyright: Copyright (c) Isaac Z. Schlueter and Contributors
Source: git://github.com/isaacs/minimatch.git
Link: git://github.com/isaacs/minimatch.git
License: BlueOak-1.0.0
License File: node_modules/minimatch/LICENSE.md
Source: git@github.com:isaacs/minimatch
Link: git@github.com:isaacs/minimatch
-----------
minimist
License: MIT
@@ -1754,9 +1683,8 @@ Source: git://github.com/minimistjs/minimist.git
Link: https://github.com/minimistjs/minimist
-----------
minipass
License: ISC
License File: node_modules/minipass/LICENSE
Copyright: Copyright (c) 2017-2023 npm, Inc., Isaac Z. Schlueter, and Contributors
License: BlueOak-1.0.0
License File: node_modules/minipass/LICENSE.md
Source: https://github.com/isaacs/minipass
Link: https://github.com/isaacs/minipass
-----------
@@ -1872,27 +1800,6 @@ Copyright: Copyright (c) 2014 Jordan Harband
Source: git://github.com/ljharb/object.assign.git
Link: git://github.com/ljharb/object.assign.git
-----------
object.fromentries
License: MIT
License File: node_modules/object.fromentries/LICENSE
Copyright: Copyright (c) 2018 Jordan Harband
Source: git://github.com/es-shims/Object.fromEntries.git
Link: git://github.com/es-shims/Object.fromEntries.git
-----------
object.groupby
License: MIT
License File: node_modules/object.groupby/LICENSE
Copyright: Copyright (c) 2023 ECMAScript Shims
Source: git+https://github.com/es-shims/Object.groupBy.git
Link: https://github.com/es-shims/Object.groupBy#readme
-----------
object.values
License: MIT
License File: node_modules/object.values/LICENSE
Copyright: Copyright (c) 2015 Jordan Harband
Source: git://github.com/es-shims/Object.values.git
Link: git://github.com/es-shims/Object.values.git
-----------
once
License: ISC
License File: node_modules/once/LICENSE
@@ -1948,13 +1855,6 @@ License File: node_modules/package-json-from-dist/LICENSE.md
Source: git+https://github.com/isaacs/package-json-from-dist.git
Link: git+https://github.com/isaacs/package-json-from-dist.git
-----------
parent-module
License: MIT
License File: node_modules/parent-module/license
Copyright: Copyright (c) Sindre Sorhus <************@*****.***> (sindresorhus.com)
Source: sindresorhus/parent-module
Link: sindresorhus/parent-module
-----------
parse-json
License: MIT
License File: node_modules/parse-json/license
@@ -2159,8 +2059,8 @@ resolve
License: MIT
License File: node_modules/resolve/LICENSE
Copyright: Copyright (c) 2012 James Halliday
Source: git://github.com/browserify/resolve.git
Link: git://github.com/browserify/resolve.git
Source: ssh://github.com/browserify/resolve.git
Link: ssh://github.com/browserify/resolve.git
-----------
rrweb-cssom
License: MIT
@@ -2405,7 +2305,7 @@ Link: sindresorhus/string-width
string-width
License: MIT
License File: node_modules/string-width/license
Copyright: Copyright (c) Sindre Sorhus <************@*****.***> (sindresorhus.com)
Copyright: Copyright (c) Sindre Sorhus <************@*****.***> (https://sindresorhus.com)
Source: sindresorhus/string-width
Link: sindresorhus/string-width
-----------
@@ -2570,13 +2470,6 @@ Copyright: Copyright (c) 2014 Blake Embrey (*****@***********.***)
Source: git://github.com/TypeStrong/ts-node.git
Link: https://typestrong.org/ts-node
-----------
tsconfig-paths
License: MIT
License File: node_modules/tsconfig-paths/LICENSE
Copyright: Copyright (c) 2016 Jonas Kello
Source: https://github.com/dividab/tsconfig-paths
Link: https://github.com/dividab/tsconfig-paths
-----------
type-check
License: MIT
License File: node_modules/type-check/LICENSE
@@ -2810,7 +2703,7 @@ Link: chalk/wrap-ansi
wrap-ansi
License: MIT
License File: node_modules/wrap-ansi/license
Copyright: Copyright (c) Sindre Sorhus <************@*****.***> (sindresorhus.com)
Copyright: Copyright (c) Sindre Sorhus <************@*****.***> (https://sindresorhus.com)
Source: chalk/wrap-ansi
Link: chalk/wrap-ansi
-----------
@@ -2892,12 +2785,6 @@ Copyright: Copyright (c) Sindre Sorhus <************@*****.***> (https://sindres
Source: sindresorhus/yocto-queue
Link: sindresorhus/yocto-queue
-----------
@ampproject/remapping
License: Apache-2.0
License File: node_modules/@ampproject/remapping/LICENSE
Source: git+https://github.com/ampproject/remapping.git
Link: git+https://github.com/ampproject/remapping.git
-----------
@asamuzakjp/css-color
License: MIT
License File: node_modules/@asamuzakjp/css-color/LICENSE
@@ -3172,15 +3059,15 @@ Link: https://demurgos.github.io/v8-coverage
License: MIT
License File: node_modules/@codemirror/autocomplete/LICENSE
Copyright: Copyright (C) 2018-2021 by Marijn Haverbeke <******@*********.******> and others
Source: https://github.com/codemirror/autocomplete.git
Link: https://github.com/codemirror/autocomplete.git
Source: git+https://github.com/codemirror/autocomplete.git
Link: git+https://github.com/codemirror/autocomplete.git
-----------
@codemirror/commands
License: MIT
License File: node_modules/@codemirror/commands/LICENSE
Copyright: Copyright (C) 2018-2021 by Marijn Haverbeke <******@*********.******> and others
Source: https://github.com/codemirror/commands.git
Link: https://github.com/codemirror/commands.git
Source: git+https://github.com/codemirror/commands.git
Link: git+https://github.com/codemirror/commands.git
-----------
@codemirror/lang-css
License: MIT
@@ -3200,8 +3087,8 @@ Link: https://github.com/codemirror/lang-html.git
License: MIT
License File: node_modules/@codemirror/lang-javascript/LICENSE
Copyright: Copyright (C) 2018-2021 by Marijn Haverbeke <******@*********.******> and others
Source: https://github.com/codemirror/lang-javascript.git
Link: https://github.com/codemirror/lang-javascript.git
Source: git+https://github.com/codemirror/lang-javascript.git
Link: git+https://github.com/codemirror/lang-javascript.git
-----------
@codemirror/lang-json
License: MIT
@@ -3235,8 +3122,8 @@ Link: https://github.com/codemirror/lang-xml.git
License: MIT
License File: node_modules/@codemirror/language/LICENSE
Copyright: Copyright (C) 2018-2021 by Marijn Haverbeke <******@*********.******> and others
Source: https://github.com/codemirror/language.git
Link: https://github.com/codemirror/language.git
Source: git+https://github.com/codemirror/language.git
Link: git+https://github.com/codemirror/language.git
-----------
@codemirror/legacy-modes
License: MIT
@@ -3249,22 +3136,22 @@ Link: https://github.com/codemirror/legacy-modes.git
License: MIT
License File: node_modules/@codemirror/lint/LICENSE
Copyright: Copyright (C) 2018-2021 by Marijn Haverbeke <******@*********.******> and others
Source: https://github.com/codemirror/lint.git
Link: https://github.com/codemirror/lint.git
Source: git+https://github.com/codemirror/lint.git
Link: git+https://github.com/codemirror/lint.git
-----------
@codemirror/search
License: MIT
License File: node_modules/@codemirror/search/LICENSE
Copyright: Copyright (C) 2018-2021 by Marijn Haverbeke <******@*********.******> and others
Source: https://github.com/codemirror/search.git
Link: https://github.com/codemirror/search.git
Source: git+https://github.com/codemirror/search.git
Link: git+https://github.com/codemirror/search.git
-----------
@codemirror/state
License: MIT
License File: node_modules/@codemirror/state/LICENSE
Copyright: Copyright (C) 2018-2021 by Marijn Haverbeke <******@*********.******> and others
Source: https://github.com/codemirror/state.git
Link: https://github.com/codemirror/state.git
Source: git+https://github.com/codemirror/state.git
Link: git+https://github.com/codemirror/state.git
-----------
@codemirror/theme-one-dark
License: MIT
@@ -3277,8 +3164,8 @@ Link: https://github.com/codemirror/theme-one-dark.git
License: MIT
License File: node_modules/@codemirror/view/LICENSE
Copyright: Copyright (C) 2018-2021 by Marijn Haverbeke <******@*********.******> and others
Source: https://github.com/codemirror/view.git
Link: https://github.com/codemirror/view.git
Source: git+https://github.com/codemirror/view.git
Link: git+https://github.com/codemirror/view.git
-----------
@cspotcode/source-map-support
License: MIT
@@ -3358,12 +3245,6 @@ License File: node_modules/@eslint/core/LICENSE
Source: git+https://github.com/eslint/rewrite.git
Link: https://github.com/eslint/rewrite/tree/main/packages/core#readme
-----------
@eslint/eslintrc
License: MIT
License File: node_modules/@eslint/eslintrc/LICENSE
Source: eslint/eslintrc
Link: https://github.com/eslint/eslintrc#readme
-----------
@eslint/js
License: MIT
License File: node_modules/@eslint/js/LICENSE
@@ -3567,6 +3448,13 @@ Copyright: Copyright 2024 Justin Ridgewell <******@*********.****>
Source: git+https://github.com/jridgewell/sourcemaps.git
Link: https://github.com/jridgewell/sourcemaps/tree/main/packages/gen-mapping
-----------
@jridgewell/remapping
License: MIT
License File: node_modules/@jridgewell/remapping/LICENSE
Copyright: Copyright 2024 Justin Ridgewell <******@*********.****>
Source: git+https://github.com/jridgewell/sourcemaps.git
Link: https://github.com/jridgewell/sourcemaps/tree/main/packages/remapping
-----------
@jridgewell/resolve-uri
License: MIT
License File: node_modules/@jridgewell/resolve-uri/LICENSE
@@ -3679,13 +3567,6 @@ Copyright: Copyright (c) 2017-present Devon Govett
Source: https://github.com/parcel-bundler/watcher.git
Link: https://github.com/parcel-bundler/watcher.git
-----------
@parcel/watcher-linux-x64-musl
License: MIT
License File: node_modules/@parcel/watcher-linux-x64-musl/LICENSE
Copyright: Copyright (c) 2017-present Devon Govett
Source: https://github.com/parcel-bundler/watcher.git
Link: https://github.com/parcel-bundler/watcher.git
-----------
@parcel/watcher
License: MIT
License File: node_modules/@parcel/watcher/LICENSE
@@ -3704,18 +3585,12 @@ License: MIT
Source: git+https://github.com/un-ts/pkgr.git
Link: https://github.com/un-ts/pkgr/blob/master/packages/core
-----------
@rtsao/scc
License: MIT
License File: node_modules/@rtsao/scc/LICENSE
Copyright: Copyright (c) 2019 Ryan Tsao
Source: rtsao/scc
Link: rtsao/scc
-----------
@sinclair/typebox
License: MIT
License File: node_modules/@sinclair/typebox/license
Source: https://github.com/sinclairzx81/typebox
Link: https://github.com/sinclairzx81/typebox
Copyright: Copyright (c) 2017-2026 Haydn Paterson
Source: https://github.com/sinclairzx81/sinclair-typebox
Link: https://github.com/sinclairzx81/sinclair-typebox
-----------
@sinonjs/commons
License: BSD-3-Clause
@@ -3798,6 +3673,13 @@ Copyright: Copyright (c) Microsoft Corporation.
Source: https://github.com/DefinitelyTyped/DefinitelyTyped.git
Link: https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__traverse
-----------
@types/esrecurse
License: MIT
License File: node_modules/@types/esrecurse/LICENSE
Copyright: Copyright (c) Microsoft Corporation.
Source: https://github.com/DefinitelyTyped/DefinitelyTyped.git
Link: https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/esrecurse
-----------
@types/estree
License: MIT
License File: node_modules/@types/estree/LICENSE
@@ -3847,11 +3729,6 @@ Copyright: Copyright (c) Microsoft Corporation.
Source: https://github.com/DefinitelyTyped/DefinitelyTyped.git
Link: https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-schema
-----------
@types/json5
License: MIT
Source: https://www.github.com/DefinitelyTyped/DefinitelyTyped.git
Link: https://www.github.com/DefinitelyTyped/DefinitelyTyped.git
-----------
@types/linkify-it
License: MIT
License File: node_modules/@types/linkify-it/LICENSE
@@ -3926,8 +3803,3 @@ Link: https://github.com/ungap/structured-clone#readme
License: MIT
Source: git+https://github.com/unrs/unrs-resolver.git
Link: https://github.com/unrs/unrs-resolver#readme
-----------
@unrs/resolver-binding-linux-x64-musl
License: MIT
Source: git+https://github.com/unrs/unrs-resolver.git
Link: https://github.com/unrs/unrs-resolver#readme

View File

@@ -109,8 +109,8 @@ firebase/php-jwt
License: BSD-3-Clause
License File: vendor/firebase/php-jwt/LICENSE
Copyright: Copyright (c) 2011, Neuman Vong
Source: https://github.com/firebase/php-jwt.git
Link: https://github.com/firebase/php-jwt
Source: https://github.com/googleapis/php-jwt.git
Link: https://github.com/googleapis/php-jwt
-----------
fruitcake/php-cors
License: MIT

View File

@@ -99,6 +99,8 @@ return [
'user_update_notification' => 'تم تحديث المستخدم بنجاح',
'user_delete' => 'المستخدم المحذوف',
'user_delete_notification' => 'تم إزالة المستخدم بنجاح',
'user_mfa_reset' => 'reset MFA for user',
'user_mfa_reset_notification' => 'Multi-factor authentication methods reset',
// API Tokens
'api_token_create' => 'تم إنشاء رمز واجهة برمجة التطبيقات -API-',

View File

@@ -8,6 +8,7 @@ return [
'failed' => 'البيانات المعطاة لا توافق سجلاتنا.',
'throttle' => 'تجاوزت الحد الأقصى من المحاولات. الرجاء المحاولة مرة أخرى بعد :seconds ثانية/ثواني.',
'mfa_throttle' => 'Too many multi-factor verification attempts. Please try again in :seconds seconds.',
// Login & Register
'sign_up' => 'إنشاء حساب',

View File

@@ -173,6 +173,7 @@ return [
'books_sort_desc' => 'نقل الفصول والصفحات داخل الكتاب لإعادة تنظيم محتوياته. يمكن إضافة كتب أخرى مما يسمح بنقل الفصول والصفحات بسهولة بين الكتب. اختياريًا، يمكن تعيين قاعدة فرز تلقائي لفرز محتويات هذا الكتاب تلقائيًا عند حدوث تغييرات.',
'books_sort_auto_sort' => 'خِيار الفرز التلقائي',
'books_sort_auto_sort_active' => 'الفرز التلقائي الشَغَّال: :sortName',
'books_sort_auto_sort_creation_hint' => 'Auto sort option rules can be created in the "Lists & Sorting" settings area by a user with the relevant permissions.',
'books_sort_named' => 'فرز كتاب :bookName',
'books_sort_name' => 'ترتيب حسب الإسم',
'books_sort_created' => 'ترتيب حسب تاريخ الإنشاء',
@@ -330,6 +331,9 @@ return [
// Editor Sidebar
'toggle_sidebar' => 'تبديل الشريط الجانبي',
'page_contents' => 'Page Contents',
'page_contents_none' => 'No headings were found in the page content.',
'page_contents_info' => 'The contents menu is generated from any heading formats used in the page.',
'page_tags' => 'وسوم الصفحة',
'chapter_tags' => 'وسوم الفصل',
'book_tags' => 'وسوم الكتاب',

View File

@@ -207,6 +207,7 @@ return [
'role_all' => 'الكل',
'role_own' => 'ما يخص',
'role_controlled_by_asset' => 'يتحكم فيها الأصول التي يتم رفعها إلى',
'role_controlled_by_page_delete' => 'Controlled by page delete permissions',
'role_save' => 'حفظ الدور',
'role_users' => 'مستخدمون داخل هذا الدور',
'role_users_none' => 'لم يتم تعيين أي مستخدمين لهذا الدور',
@@ -263,6 +264,9 @@ return [
'users_mfa_desc' => 'إعداد المصادقة متعددة العوامل كطبقة إضافية من الأمان لحساب المستخدم الخاص بك.',
'users_mfa_x_methods' => ':count طريقة مُهيأة | :count طرق مُهيأة',
'users_mfa_configure' => 'إعداد الطرق',
'users_mfa_reset' => 'Reset Multi-Factor Authentication Methods',
'users_mfa_reset_desc' => 'This will reset and clear all configured multi-factor authentication methods for this user. If multi-factor authentication is required by any of their roles, they\'ll be prompted to configure new methods on their next login.',
'users_mfa_reset_confirm' => 'Are you sure you want to reset multi-factor authentication for this user?',
// API Tokens
'user_api_token_create' => 'قم بإنشاء رمز API',
@@ -362,7 +366,9 @@ return [
'ru' => 'Русский',
'sk' => 'Slovensky',
'sl' => 'Slovenščina',
'sr' => 'Српски',
'sv' => 'Svenska',
'th' => 'ภาษาไทย',
'tr' => 'Türkçe',
'uk' => 'Українська',
'uz' => 'Ozbekcha',

View File

@@ -99,6 +99,8 @@ return [
'user_update_notification' => 'Потребителят е обновен успешно',
'user_delete' => 'deleted user',
'user_delete_notification' => 'Потребителят е премахнат успешно',
'user_mfa_reset' => 'reset MFA for user',
'user_mfa_reset_notification' => 'Multi-factor authentication methods reset',
// API Tokens
'api_token_create' => 'created API token',

View File

@@ -8,6 +8,7 @@ return [
'failed' => 'Въведените данни не съвпадат с информацията в системата.',
'throttle' => 'Твърде много опити за влизане. Опитайте пак след :seconds секунди.',
'mfa_throttle' => 'Too many multi-factor verification attempts. Please try again in :seconds seconds.',
// Login & Register
'sign_up' => 'Регистриране',

View File

@@ -173,6 +173,7 @@ return [
'books_sort_desc' => 'Move chapters and pages within a book to reorganise its contents. Other books can be added which allows easy moving of chapters and pages between books. Optionally an auto sort rule can be set to automatically sort this book\'s contents upon changes.',
'books_sort_auto_sort' => 'Auto Sort Option',
'books_sort_auto_sort_active' => 'Auto Sort Active: :sortName',
'books_sort_auto_sort_creation_hint' => 'Auto sort option rules can be created in the "Lists & Sorting" settings area by a user with the relevant permissions.',
'books_sort_named' => 'Сортирай книга :bookName',
'books_sort_name' => 'Сортиране по име',
'books_sort_created' => 'Сортирай по дата на създаване',
@@ -330,6 +331,9 @@ return [
// Editor Sidebar
'toggle_sidebar' => 'Toggle Sidebar',
'page_contents' => 'Page Contents',
'page_contents_none' => 'No headings were found in the page content.',
'page_contents_info' => 'The contents menu is generated from any heading formats used in the page.',
'page_tags' => 'Тагове на страницата',
'chapter_tags' => 'Тагове на главата',
'book_tags' => 'Тагове на книгата',

View File

@@ -207,6 +207,7 @@ return [
'role_all' => 'Всички',
'role_own' => 'Собствени',
'role_controlled_by_asset' => 'Контролирани от актива, към който са качени',
'role_controlled_by_page_delete' => 'Controlled by page delete permissions',
'role_save' => 'Запази ролята',
'role_users' => 'Потребители в тази роля',
'role_users_none' => 'В момента няма потребители, назначени за тази роля',
@@ -263,6 +264,9 @@ return [
'users_mfa_desc' => 'Настрой многофакторно удостверяване като втори слой сигурност на твоя профил.',
'users_mfa_x_methods' => ':count метод е настроен|:count методи са настроени',
'users_mfa_configure' => 'Конфигурирай методи',
'users_mfa_reset' => 'Reset Multi-Factor Authentication Methods',
'users_mfa_reset_desc' => 'This will reset and clear all configured multi-factor authentication methods for this user. If multi-factor authentication is required by any of their roles, they\'ll be prompted to configure new methods on their next login.',
'users_mfa_reset_confirm' => 'Are you sure you want to reset multi-factor authentication for this user?',
// API Tokens
'user_api_token_create' => 'Създай API маркер',
@@ -362,7 +366,9 @@ return [
'ru' => 'Русский',
'sk' => 'Slovensky',
'sl' => 'Slovenščina',
'sr' => 'Српски',
'sv' => 'Svenska',
'th' => 'ภาษาไทย',
'tr' => 'Türkçe',
'uk' => 'Українська',
'uz' => 'Ozbekcha',

View File

@@ -99,6 +99,8 @@ return [
'user_update_notification' => 'ব্যবহারকারীটি সার্থকভাবে হালনাগাদ করা হয়েছে',
'user_delete' => 'ব্যবহারকারীটি মুছে ফেলেছেন',
'user_delete_notification' => 'ব্যবহারকারীটি সার্থকভাবে মুছে ফেলা হয়েছে',
'user_mfa_reset' => 'reset MFA for user',
'user_mfa_reset_notification' => 'Multi-factor authentication methods reset',
// API Tokens
'api_token_create' => 'এপিআই টোকেনটি তৈরী করেছেন',

View File

@@ -8,6 +8,7 @@ return [
'failed' => 'প্রদত্ত তথ্যনিরূপিত কোন রেকর্ড পাওয়া যায়নি।',
'throttle' => 'লগইন প্রচেষ্টার সীমা অতিক্রান্ত। দয়া করে :seconds সেকেন্ড পর আবার চেষ্টা করুন।',
'mfa_throttle' => 'Too many multi-factor verification attempts. Please try again in :seconds seconds.',
// Login & Register
'sign_up' => 'নিবন্ধিত হোন',

View File

@@ -173,6 +173,7 @@ return [
'books_sort_desc' => 'Move chapters and pages within a book to reorganise its contents. Other books can be added which allows easy moving of chapters and pages between books. Optionally an auto sort rule can be set to automatically sort this book\'s contents upon changes.',
'books_sort_auto_sort' => 'Auto Sort Option',
'books_sort_auto_sort_active' => 'Auto Sort Active: :sortName',
'books_sort_auto_sort_creation_hint' => 'Auto sort option rules can be created in the "Lists & Sorting" settings area by a user with the relevant permissions.',
'books_sort_named' => 'Sort Book :bookName',
'books_sort_name' => 'Sort by Name',
'books_sort_created' => 'Sort by Created Date',
@@ -330,6 +331,9 @@ return [
// Editor Sidebar
'toggle_sidebar' => 'Toggle Sidebar',
'page_contents' => 'Page Contents',
'page_contents_none' => 'No headings were found in the page content.',
'page_contents_info' => 'The contents menu is generated from any heading formats used in the page.',
'page_tags' => 'Page Tags',
'chapter_tags' => 'Chapter Tags',
'book_tags' => 'Book Tags',

View File

@@ -207,6 +207,7 @@ return [
'role_all' => 'All',
'role_own' => 'Own',
'role_controlled_by_asset' => 'Controlled by the asset they are uploaded to',
'role_controlled_by_page_delete' => 'Controlled by page delete permissions',
'role_save' => 'Save Role',
'role_users' => 'Users in this role',
'role_users_none' => 'No users are currently assigned to this role',
@@ -263,6 +264,9 @@ return [
'users_mfa_desc' => 'Setup multi-factor authentication as an extra layer of security for your user account.',
'users_mfa_x_methods' => ':count method configured|:count methods configured',
'users_mfa_configure' => 'Configure Methods',
'users_mfa_reset' => 'Reset Multi-Factor Authentication Methods',
'users_mfa_reset_desc' => 'This will reset and clear all configured multi-factor authentication methods for this user. If multi-factor authentication is required by any of their roles, they\'ll be prompted to configure new methods on their next login.',
'users_mfa_reset_confirm' => 'Are you sure you want to reset multi-factor authentication for this user?',
// API Tokens
'user_api_token_create' => 'Create API Token',
@@ -362,7 +366,9 @@ return [
'ru' => 'Русский',
'sk' => 'Slovensky',
'sl' => 'Slovenščina',
'sr' => 'Српски',
'sv' => 'Svenska',
'th' => 'ภาษาไทย',
'tr' => 'Türkçe',
'uk' => 'Українська',
'uz' => 'Ozbekcha',

View File

@@ -99,6 +99,8 @@ return [
'user_update_notification' => 'User successfully updated',
'user_delete' => 'deleted user',
'user_delete_notification' => 'User successfully removed',
'user_mfa_reset' => 'reset MFA for user',
'user_mfa_reset_notification' => 'Multi-factor authentication methods reset',
// API Tokens
'api_token_create' => 'created API token',

View File

@@ -8,6 +8,7 @@ return [
'failed' => 'Ovi pristupni podaci se ne slažu sa našom evidencijom.',
'throttle' => 'Preveliki broj pokušaja prijave. Molimo vas da pokušate ponovo za :seconds sekundi.',
'mfa_throttle' => 'Too many multi-factor verification attempts. Please try again in :seconds seconds.',
// Login & Register
'sign_up' => 'Registruj se',

View File

@@ -173,6 +173,7 @@ return [
'books_sort_desc' => 'Move chapters and pages within a book to reorganise its contents. Other books can be added which allows easy moving of chapters and pages between books. Optionally an auto sort rule can be set to automatically sort this book\'s contents upon changes.',
'books_sort_auto_sort' => 'Auto Sort Option',
'books_sort_auto_sort_active' => 'Auto Sort Active: :sortName',
'books_sort_auto_sort_creation_hint' => 'Auto sort option rules can be created in the "Lists & Sorting" settings area by a user with the relevant permissions.',
'books_sort_named' => 'Sortiraj knjigu :bookName',
'books_sort_name' => 'Sortiraj po imenu',
'books_sort_created' => 'Sortiraj po datumu kreiranja',
@@ -330,6 +331,9 @@ return [
// Editor Sidebar
'toggle_sidebar' => 'Toggle Sidebar',
'page_contents' => 'Page Contents',
'page_contents_none' => 'No headings were found in the page content.',
'page_contents_info' => 'The contents menu is generated from any heading formats used in the page.',
'page_tags' => 'Oznake stranice',
'chapter_tags' => 'Oznake poglavlja',
'book_tags' => 'Oznake knjige',

View File

@@ -207,6 +207,7 @@ return [
'role_all' => 'All',
'role_own' => 'Own',
'role_controlled_by_asset' => 'Controlled by the asset they are uploaded to',
'role_controlled_by_page_delete' => 'Controlled by page delete permissions',
'role_save' => 'Save Role',
'role_users' => 'Users in this role',
'role_users_none' => 'No users are currently assigned to this role',
@@ -263,6 +264,9 @@ return [
'users_mfa_desc' => 'Setup multi-factor authentication as an extra layer of security for your user account.',
'users_mfa_x_methods' => ':count method configured|:count methods configured',
'users_mfa_configure' => 'Configure Methods',
'users_mfa_reset' => 'Reset Multi-Factor Authentication Methods',
'users_mfa_reset_desc' => 'This will reset and clear all configured multi-factor authentication methods for this user. If multi-factor authentication is required by any of their roles, they\'ll be prompted to configure new methods on their next login.',
'users_mfa_reset_confirm' => 'Are you sure you want to reset multi-factor authentication for this user?',
// API Tokens
'user_api_token_create' => 'Create API Token',
@@ -362,7 +366,9 @@ return [
'ru' => 'Русский',
'sk' => 'Slovensky',
'sl' => 'Slovenščina',
'sr' => 'Српски',
'sv' => 'Svenska',
'th' => 'ภาษาไทย',
'tr' => 'Türkçe',
'uk' => 'Українська',
'uz' => 'Ozbekcha',

View File

@@ -99,6 +99,8 @@ return [
'user_update_notification' => 'Sha actualitzat lusuari',
'user_delete' => 'ha suprimit lusuari',
'user_delete_notification' => 'Sha suprimit lusuari',
'user_mfa_reset' => 'reset MFA for user',
'user_mfa_reset_notification' => 'Multi-factor authentication methods reset',
// API Tokens
'api_token_create' => 'ha creat el testimoni API',

View File

@@ -8,6 +8,7 @@ return [
'failed' => 'Aquestes credencials no existeixen al nostre registre.',
'throttle' => 'Massa intents dinici de sessió. Torneu-ho a provar daquí :seconds segons.',
'mfa_throttle' => 'Too many multi-factor verification attempts. Please try again in :seconds seconds.',
// Login & Register
'sign_up' => 'Registreu-vos',

View File

@@ -173,6 +173,7 @@ return [
'books_sort_desc' => 'Mou capítols i pàgines dins d\'un llibre per reorganitzar el seu contingut. Es poden afegir altres llibres que permetin moure fàcilment capítols i pàgines entre llibres. De manera opcional, es poden establir regles d\'ordenació automàtica per ordenar automàticament el contingut d\'aquest llibre quan hi hagi canvis.',
'books_sort_auto_sort' => 'Opció d\'ordenació automàtica',
'books_sort_auto_sort_active' => 'Opció d\'ordenació activa :sortName',
'books_sort_auto_sort_creation_hint' => 'Auto sort option rules can be created in the "Lists & Sorting" settings area by a user with the relevant permissions.',
'books_sort_named' => 'Ordena el llibre &laquo;:bookName&raquo;',
'books_sort_name' => 'Ordena pel nom',
'books_sort_created' => 'Ordena per la data de creació',
@@ -330,6 +331,9 @@ return [
// Editor Sidebar
'toggle_sidebar' => 'Commuta la barra lateral',
'page_contents' => 'Page Contents',
'page_contents_none' => 'No headings were found in the page content.',
'page_contents_info' => 'The contents menu is generated from any heading formats used in the page.',
'page_tags' => 'Etiquetes de la pàgina',
'chapter_tags' => 'Etiquetes del capítol',
'book_tags' => 'Etiquetes del llibre',

View File

@@ -207,6 +207,7 @@ return [
'role_all' => 'Tot',
'role_own' => 'Propi',
'role_controlled_by_asset' => 'Controlat pel recurs a què estan pujats',
'role_controlled_by_page_delete' => 'Controlled by page delete permissions',
'role_save' => 'Desa el rol',
'role_users' => 'Usuaris assignats en aquest rol',
'role_users_none' => 'No hi ha cap usuari assignat en aquest rol',
@@ -263,6 +264,9 @@ return [
'users_mfa_desc' => 'Configureu lautenticació multifactorial per a afegir una capa de seguretat extra al vostre compte dusuari.',
'users_mfa_x_methods' => 'Hi ha :count mètode configurat|Hi ha :count mètodes configurats',
'users_mfa_configure' => 'Configura un mètode',
'users_mfa_reset' => 'Reset Multi-Factor Authentication Methods',
'users_mfa_reset_desc' => 'This will reset and clear all configured multi-factor authentication methods for this user. If multi-factor authentication is required by any of their roles, they\'ll be prompted to configure new methods on their next login.',
'users_mfa_reset_confirm' => 'Are you sure you want to reset multi-factor authentication for this user?',
// API Tokens
'user_api_token_create' => 'Crea un testimoni API',
@@ -362,7 +366,9 @@ return [
'ru' => 'Русский',
'sk' => 'Slovensky',
'sl' => 'Slovenščina',
'sr' => 'Српски',
'sv' => 'Svenska',
'th' => 'ภาษาไทย',
'tr' => 'Türkçe',
'uk' => 'Українська',
'uz' => 'Ozbekcha',

View File

@@ -99,6 +99,8 @@ return [
'user_update_notification' => 'Uživatel byl úspěšně aktualizován',
'user_delete' => 'odstranil uživatele',
'user_delete_notification' => 'Uživatel byl úspěšně odstraněn',
'user_mfa_reset' => 'obnovit vícefaktorové ověření pro uživatele',
'user_mfa_reset_notification' => 'Obnovení metod vícefaktorového ověřování',
// API Tokens
'api_token_create' => 'API token byl vytvořen',

View File

@@ -8,6 +8,7 @@ return [
'failed' => 'Neplatné přihlašovací údaje.',
'throttle' => 'Příliš mnoho pokusů o přihlášení. Zkuste to prosím znovu za :seconds sekund.',
'mfa_throttle' => '{0}Příliš mnoho pokusů o vícefázové ověření. Zkuste to prosím znovu za :seconds sekund.|{1}Příliš mnoho pokusů o vícefázové ověření. Zkuste to prosím znovu za :seconds sekundu.|[2,4]Příliš mnoho pokusů o vícefázové ověření. Zkuste to prosím znovu za :seconds sekundy.|[5,*]Příliš mnoho pokusů o vícefázové ověření. Zkuste to prosím znovu za :seconds sekund.',
// Login & Register
'sign_up' => 'Registrace',

View File

@@ -173,6 +173,7 @@ return [
'books_sort_desc' => 'Pro přeuspořádání obsahu přesuňte kapitoly a stránky v knize. Mohou být přidány další knihy, které umožní snadný přesun kapitol a stránek mezi knihami. Volitelně lze nastavit pravidlo automatického řazení, aby se při změnách automaticky seřadil obsah této knihy.',
'books_sort_auto_sort' => 'Možnost automatického řazení',
'books_sort_auto_sort_active' => 'Aktivní automatické řazení: :sortName',
'books_sort_auto_sort_creation_hint' => 'Pravidla řazení mohou být vytvořena v nastavení "Seznamy a řazení" uživatelem s příslušnými oprávněními.',
'books_sort_named' => 'Seřadit knihu :bookName',
'books_sort_name' => 'Seřadit podle názvu',
'books_sort_created' => 'Seřadit podle data vytvoření',
@@ -330,6 +331,9 @@ return [
// Editor Sidebar
'toggle_sidebar' => 'Skrýt/Zobrazit postranní panel',
'page_contents' => 'Obsah stránky',
'page_contents_none' => 'Na stránce nejsou žádné nadpisy.',
'page_contents_info' => 'Obsah se generuje ze všech použitých nadpisů na stránce.',
'page_tags' => 'Štítky stránky',
'chapter_tags' => 'Štítky kapitoly',
'book_tags' => 'Štítky knihy',

View File

@@ -207,6 +207,7 @@ return [
'role_all' => 'Vše',
'role_own' => 'Vlastní',
'role_controlled_by_asset' => 'Řídí se obsahem, do kterého jsou nahrávány',
'role_controlled_by_page_delete' => 'Řídí se právem k odstranění stránky',
'role_save' => 'Uložit roli',
'role_users' => 'Uživatelé mající tuto roli',
'role_users_none' => 'Žádný uživatel nemá tuto roli',
@@ -259,10 +260,13 @@ return [
'users_api_tokens_create' => 'Vytvořit Token',
'users_api_tokens_expires' => 'Vyprší',
'users_api_tokens_docs' => 'Dokumentace API',
'users_mfa' => 'Vícefázové ověření',
'users_mfa' => 'Vícefaktorové ověření',
'users_mfa_desc' => 'Nastavit vícefaktorové ověřování jako další vrstvu zabezpečení vašeho uživatelského účtu.',
'users_mfa_x_methods' => ':count nastavená metoda|:count nastavených metod',
'users_mfa_configure' => 'Konfigurovat metody',
'users_mfa_reset' => 'Obnova metod vícefaktorového ověření',
'users_mfa_reset_desc' => 'Tímto se obnoví a vymažou všechny nakonfigurované metody vícefaktorového ověřování pro tohoto uživatele. Pokud některá z jeho rolí vyžaduje vícefaktorové ověřování, bude při příštím přihlášení vyzván k nastavení nových metod.',
'users_mfa_reset_confirm' => 'Opravdu chcete obnovit vícefaktorové ověřování pro tohoto uživatele?',
// API Tokens
'user_api_token_create' => 'Vytvořit API Token',
@@ -362,7 +366,9 @@ return [
'ru' => 'Русский',
'sk' => 'Slovensky',
'sl' => 'Slovenščina',
'sr' => 'Српски',
'sv' => 'Svenska',
'th' => 'ภาษาไทย',
'tr' => 'Türkçe',
'uk' => 'Українська',
'uz' => 'Ozbekcha',

View File

@@ -99,6 +99,8 @@ return [
'user_update_notification' => 'Diweddarwyd y defnyddiwr yn llwyddiannus',
'user_delete' => 'dileodd ddefnyddiwr',
'user_delete_notification' => 'Tynnwyd y defnyddiwr yn llwyddiannus',
'user_mfa_reset' => 'reset MFA for user',
'user_mfa_reset_notification' => 'Multi-factor authentication methods reset',
// API Tokens
'api_token_create' => 'creodd docyn API',

View File

@@ -8,6 +8,7 @@ return [
'failed' => 'Nid yw\'r manylion hyn yn cyfateb i\'n cofnodion.',
'throttle' => 'Gormod o ymdrechion mewngofnodi. Rhowch gynnig arall arni o gwmpas :seconds eiliadau.',
'mfa_throttle' => 'Too many multi-factor verification attempts. Please try again in :seconds seconds.',
// Login & Register
'sign_up' => 'Cofrestru',

View File

@@ -173,6 +173,7 @@ return [
'books_sort_desc' => 'Move chapters and pages within a book to reorganise its contents. Other books can be added which allows easy moving of chapters and pages between books. Optionally an auto sort rule can be set to automatically sort this book\'s contents upon changes.',
'books_sort_auto_sort' => 'Auto Sort Option',
'books_sort_auto_sort_active' => 'Auto Sort Active: :sortName',
'books_sort_auto_sort_creation_hint' => 'Auto sort option rules can be created in the "Lists & Sorting" settings area by a user with the relevant permissions.',
'books_sort_named' => 'Trefnu Llyfr :bookName',
'books_sort_name' => 'Trefnu yn ôl Enw',
'books_sort_created' => 'Trefnu yn ôl Dyddiad Creu',
@@ -330,6 +331,9 @@ return [
// Editor Sidebar
'toggle_sidebar' => 'Toglo Bar ochr',
'page_contents' => 'Page Contents',
'page_contents_none' => 'No headings were found in the page content.',
'page_contents_info' => 'The contents menu is generated from any heading formats used in the page.',
'page_tags' => 'Tagiau Tudalennau',
'chapter_tags' => 'Tagiau Penodau',
'book_tags' => 'Tagiau Llyfrau',

View File

@@ -207,6 +207,7 @@ return [
'role_all' => 'Popeth',
'role_own' => 'Meddu',
'role_controlled_by_asset' => 'Wedi\'u rheoli gan yr ased y maent yn cael eu huwchlwytho iddo',
'role_controlled_by_page_delete' => 'Controlled by page delete permissions',
'role_save' => 'Cadw Rôl',
'role_users' => 'Defnyddwyr yn y rôl hon',
'role_users_none' => 'Nid oes unrhyw ddefnyddwyr wediu neilltuo i\'r rôl hon ar hyn o bryd',
@@ -263,6 +264,9 @@ return [
'users_mfa_desc' => 'Gosod dilysu aml-ffactor fel haen ychwanegol o ddiogelwch ar gyfer eich cyfrif defnyddiwr.',
'users_mfa_x_methods' => ':count dull wedi\'i ffurfweddu|:count dull wedi\'u ffurfweddu',
'users_mfa_configure' => 'Ffurfweddu Dulliau',
'users_mfa_reset' => 'Reset Multi-Factor Authentication Methods',
'users_mfa_reset_desc' => 'This will reset and clear all configured multi-factor authentication methods for this user. If multi-factor authentication is required by any of their roles, they\'ll be prompted to configure new methods on their next login.',
'users_mfa_reset_confirm' => 'Are you sure you want to reset multi-factor authentication for this user?',
// API Tokens
'user_api_token_create' => 'Creu Tocyn API',
@@ -362,7 +366,9 @@ return [
'ru' => 'Русский',
'sk' => 'Slovensky',
'sl' => 'Slovenščina',
'sr' => 'Српски',
'sv' => 'Svenska',
'th' => 'ภาษาไทย',
'tr' => 'Türkçe',
'uk' => 'Українська',
'uz' => 'Ozbekcha',

View File

@@ -99,6 +99,8 @@ return [
'user_update_notification' => 'Brugeren blev opdateret',
'user_delete' => 'slettet bruger',
'user_delete_notification' => 'Brugeren blev fjernet',
'user_mfa_reset' => 'nulstil MFA for brugeren',
'user_mfa_reset_notification' => 'Nulstilling af metoder til multifaktor-godkendelse',
// API Tokens
'api_token_create' => 'oprettet API token',

View File

@@ -8,6 +8,7 @@ return [
'failed' => 'De indtastede brugeroplysninger stemmer ikke overens med vores registreringer.',
'throttle' => 'For mange mislykkede loginforsøg. Prøv igen om :seconds sekunder.',
'mfa_throttle' => 'For mange mislykkede loginforsøg. Prøv igen om :seconds sekunder.',
// Login & Register
'sign_up' => 'Registrer',

View File

@@ -173,6 +173,7 @@ return [
'books_sort_desc' => 'Flyt kapitler og sider i en bog for at omorganisere dens indhold. Der kan tilføjes andre bøger, som gør det nemt at flytte kapitler og sider mellem bøgerne. Man kan indstille en automatisk sorteringsregel, så bogens indhold automatisk sorteres efter ændringer.',
'books_sort_auto_sort' => 'Mulighed for automatisk sortering',
'books_sort_auto_sort_active' => 'Automatisk sortering Aktiv: :sortName',
'books_sort_auto_sort_creation_hint' => 'En bruger med de nødvendige rettigheder kan oprette regler for automatisk sortering i indstillingsområdet »Lister og sortering«.',
'books_sort_named' => 'Sorter bog :bookName',
'books_sort_name' => 'Sortér efter navn',
'books_sort_created' => 'Sortér efter oprettelsesdato',
@@ -330,6 +331,9 @@ return [
// Editor Sidebar
'toggle_sidebar' => 'Sidebjælke til/fra',
'page_contents' => 'Sideindhold',
'page_contents_none' => 'Ingen overskrifter blev fundet i sidens indhold.',
'page_contents_info' => 'Indholdsmenuen er genereret fra alle kursformater, der bruges på siden.',
'page_tags' => 'Sidetags',
'chapter_tags' => 'Kapiteltags',
'book_tags' => 'Bogtags',

View File

@@ -207,6 +207,7 @@ return [
'role_all' => 'Alle',
'role_own' => 'Eget',
'role_controlled_by_asset' => 'Styres af det medie/"asset", de uploades til',
'role_controlled_by_page_delete' => 'Styres af tilladelser til sletning af sider',
'role_save' => 'Gem rolle',
'role_users' => 'Brugere med denne rolle',
'role_users_none' => 'Ingen brugere er i øjeblikket tildelt denne rolle',
@@ -263,6 +264,9 @@ return [
'users_mfa_desc' => 'Opsæt multi-faktor godkendelse som et ekstra lag af sikkerhed for din brugerkonto.',
'users_mfa_x_methods' => ':count metode konfigureret|:count metoder konfigureret',
'users_mfa_configure' => 'Konfigurer metoder',
'users_mfa_reset' => 'Nulstil metoder til multifaktor-godkendelse',
'users_mfa_reset_desc' => 'Dette vil nulstille og slette alle konfigurerede metoder til multifaktor-godkendelse for denne bruger. Hvis multifaktor-godkendelse er påkrævet for en af brugerens roller, vil vedkommende blive bedt om at konfigurere nye metoder ved næste login.',
'users_mfa_reset_confirm' => 'Er du sikker på, at du vil nulstille multifaktorautentificering for denne bruger?',
// API Tokens
'user_api_token_create' => 'Opret API-token',
@@ -362,7 +366,9 @@ return [
'ru' => 'Русский',
'sk' => 'Slovensky',
'sl' => 'Slovenščina',
'sr' => 'Српски',
'sv' => 'Svenska',
'th' => 'Thailandsk',
'tr' => 'Türkçe',
'uk' => 'Українська',
'uz' => 'Ozbekcha',

View File

@@ -99,6 +99,8 @@ return [
'user_update_notification' => 'Benutzer erfolgreich aktualisiert',
'user_delete' => 'hat Benutzer gelöscht: ',
'user_delete_notification' => 'Benutzer erfolgreich entfernt',
'user_mfa_reset' => 'Setze MFA für Nutzer zurück',
'user_mfa_reset_notification' => 'Multifaktor-Authenifizierungsmethoden zurücksetzen',
// API Tokens
'api_token_create' => 'API-Token erstellt',

Some files were not shown because too many files have changed in this diff Show More