starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-02-24 11:19:38 +03:00
Code Issues 784 Packages Projects Releases 14 Wiki Activity

Compare commits

base: starred:l10n_development
Branches Tags
starred:development starred:v25-12 starred:l10n_development starred:release starred:llm_only starred:vectors starred:v25-11 starred:docker_env starred:drawio_rendering starred:user_permissions starred:ldap_host_failover starred:svg_image starred:prosemirror starred:captcha_example starred:fix/video-export
starred:v25.12.7 starred:v25.12.6 starred:v25.12.5 starred:v25.12.4 starred:v25.12.3 starred:v25.12.2 starred:v25.12.1 starred:v25.12 starred:v25.11.6 starred:v25.11.5 starred:v25.11.4 starred:v24.11.4 starred:v25.11.3 starred:v25.11.2 starred:v25.11.1 starred:v25.11 starred:v25.07.3 starred:v25.07.2 starred:v25.07.1 starred:v25.07 starred:v25.05.2 starred:v25.05.1 starred:v25.05 starred:v25.02.5 starred:v25.02.4 starred:v25.02.3 starred:v25.02.2 starred:v25.02.1 starred:v25.02 starred:v24.12.1 starred:v24.12 starred:v24.10.3 starred:v24.10.2 starred:v24.10.1 starred:v24.10 starred:v24.05.4 starred:v24.05.3 starred:v24.05.2 starred:v24.05.1 starred:v24.05 starred:v24.02.3 starred:v24.02.2 starred:v24.02.1 starred:v24.02 starred:v23.12.3 starred:v23.12.2 starred:v23.12.1 starred:v23.12 starred:v23.10.4 starred:v23.10.3 starred:v23.10.2 starred:v23.10.1 starred:v23.10 starred:v23.08.3 starred:v23.08.2 starred:v23.08.1 starred:v23.08 starred:v23.06.2 starred:v23.06.1 starred:v23.06 starred:v23.05.2 starred:v23.05.1 starred:v23.05 starred:v23.02.3 starred:v23.02.2 starred:v23.02.1 starred:v23.02 starred:v23.01.1 starred:v23.01 starred:v22.11.1 starred:v22.11 starred:v22.10.2 starred:v22.10.1 starred:v22.10 starred:v22.09.1 starred:v22.09 starred:v22.07.3 starred:v22.07.2 starred:v22.07.1 starred:v22.07 starred:v22.06.2 starred:v22.06.1 starred:v22.06 starred:v22.04.2 starred:v22.04.1 starred:v22.04 starred:v22.03.1 starred:v22.03 starred:v22.02.3 starred:v22.02.2 starred:v22.02.1 starred:v22.02 starred:v21.12.5 starred:v21.12.4 starred:v21.12.3 starred:v21.12.2 starred:v21.12.1 starred:v21.12 starred:v21.11.3 starred:v21.11.2 starred:v21.11.1 starred:v21.11 starred:v21.10.3 starred:v21.10.2 starred:v21.10.1 starred:v21.10 starred:v21.08.6 starred:v21.08.5 starred:v21.08.4 starred:v21.08.3 starred:v21.08.2 starred:v21.08.1 starred:v21.08 starred:v21.05.4 starred:v21.05.3 starred:v21.05.2 starred:v21.05.1 starred:v21.05 starred:v21.04.6 starred:v21.04.5 starred:v21.04.4 starred:v21.04.3 starred:v21.04.2 starred:v21.04.1 starred:v21.04 starred:v0.31.8 starred:v0.31.7 starred:v0.31.6 starred:v0.31.5 starred:v0.31.4 starred:v0.31.3 starred:v0.31.2 starred:v0.31.1 starred:v0.31.0 starred:v0.30.7 starred:v0.30.6 starred:v0.30.5 starred:v0.30.4 starred:v0.30.3 starred:v0.30.2 starred:v0.30.1 starred:v0.30.0 starred:v0.29.3 starred:v0.29.2 starred:v0.29.1 starred:v0.29.0 starred:v0.28.3 starred:v0.28.2 starred:v0.28.1 starred:v0.28.0 starred:v0.27.5 starred:v0.27.4 starred:v0.27.3 starred:v0.27.2 starred:v0.27.1 starred:v0.27 starred:v0.26.4 starred:v0.26.3 starred:v0.26.2 starred:v0.26.1 starred:v0.26.0 starred:v0.25.5 starred:v0.25.4 starred:v0.25.3 starred:v0.25.2 starred:v0.25.1 starred:v0.25.0 starred:v0.24.3 starred:v0.24.2 starred:v0.24.1 starred:v0.24.0 starred:v0.23.2 starred:v0.23.1 starred:v0.23.0 starred:v0.22.0 starred:v0.21.0 starred:v0.20.3 starred:v0.20.2 starred:v0.20.1 starred:v0.20.0 starred:v0.19.0 starred:v0.18.5 starred:v0.18.4 starred:v0.18.3 starred:v0.18.2 starred:v0.18.1 starred:v0.18.0 starred:v0.17.4 starred:v0.17.3 starred:v0.17.2 starred:v0.17.1 starred:v0.17.0 starred:v0.16.3 starred:v0.16.2 starred:v0.16.1 starred:v0.16.0 starred:v0.15.3 starred:v0.15.2 starred:v0.15.1 starred:v0.15.0 starred:v0.14.3 starred:v0.14.2 starred:v0.14.1 starred:v0.14.0 starred:v0.13.1 starred:v0.13.0 starred:v0.12.2 starred:v0.12.1 starred:v0.12.0 starred:v0.11.2 starred:v0.11.1 starred:v0.11.0 starred:v0.10.0 starred:v0.9.3 starred:v0.9.2 starred:v0.9.1 starred:v0.9.0 starred:v0.8.2 starred:v0.8.1 starred:v0.8.0 starred:v0.7.6 starred:v0.7.5 starred:v0.7.4 starred:v0.7.3 starred:0.7.2 starred:v.0.7.1 starred:v0.7.0 starred:v0.6.3 starred:v0.6.2 starred:v0.6.1 starred:v0.6.0 starred:v0.5.0
..
compare: starred:development
Branches Tags
starred:v25-12 starred:development starred:l10n_development starred:release starred:llm_only starred:vectors starred:v25-11 starred:docker_env starred:drawio_rendering starred:user_permissions starred:ldap_host_failover starred:svg_image starred:prosemirror starred:captcha_example starred:fix/video-export
starred:v25.12.7 starred:v25.12.6 starred:v25.12.5 starred:v25.12.4 starred:v25.12.3 starred:v25.12.2 starred:v25.12.1 starred:v25.12 starred:v25.11.6 starred:v25.11.5 starred:v25.11.4 starred:v24.11.4 starred:v25.11.3 starred:v25.11.2 starred:v25.11.1 starred:v25.11 starred:v25.07.3 starred:v25.07.2 starred:v25.07.1 starred:v25.07 starred:v25.05.2 starred:v25.05.1 starred:v25.05 starred:v25.02.5 starred:v25.02.4 starred:v25.02.3 starred:v25.02.2 starred:v25.02.1 starred:v25.02 starred:v24.12.1 starred:v24.12 starred:v24.10.3 starred:v24.10.2 starred:v24.10.1 starred:v24.10 starred:v24.05.4 starred:v24.05.3 starred:v24.05.2 starred:v24.05.1 starred:v24.05 starred:v24.02.3 starred:v24.02.2 starred:v24.02.1 starred:v24.02 starred:v23.12.3 starred:v23.12.2 starred:v23.12.1 starred:v23.12 starred:v23.10.4 starred:v23.10.3 starred:v23.10.2 starred:v23.10.1 starred:v23.10 starred:v23.08.3 starred:v23.08.2 starred:v23.08.1 starred:v23.08 starred:v23.06.2 starred:v23.06.1 starred:v23.06 starred:v23.05.2 starred:v23.05.1 starred:v23.05 starred:v23.02.3 starred:v23.02.2 starred:v23.02.1 starred:v23.02 starred:v23.01.1 starred:v23.01 starred:v22.11.1 starred:v22.11 starred:v22.10.2 starred:v22.10.1 starred:v22.10 starred:v22.09.1 starred:v22.09 starred:v22.07.3 starred:v22.07.2 starred:v22.07.1 starred:v22.07 starred:v22.06.2 starred:v22.06.1 starred:v22.06 starred:v22.04.2 starred:v22.04.1 starred:v22.04 starred:v22.03.1 starred:v22.03 starred:v22.02.3 starred:v22.02.2 starred:v22.02.1 starred:v22.02 starred:v21.12.5 starred:v21.12.4 starred:v21.12.3 starred:v21.12.2 starred:v21.12.1 starred:v21.12 starred:v21.11.3 starred:v21.11.2 starred:v21.11.1 starred:v21.11 starred:v21.10.3 starred:v21.10.2 starred:v21.10.1 starred:v21.10 starred:v21.08.6 starred:v21.08.5 starred:v21.08.4 starred:v21.08.3 starred:v21.08.2 starred:v21.08.1 starred:v21.08 starred:v21.05.4 starred:v21.05.3 starred:v21.05.2 starred:v21.05.1 starred:v21.05 starred:v21.04.6 starred:v21.04.5 starred:v21.04.4 starred:v21.04.3 starred:v21.04.2 starred:v21.04.1 starred:v21.04 starred:v0.31.8 starred:v0.31.7 starred:v0.31.6 starred:v0.31.5 starred:v0.31.4 starred:v0.31.3 starred:v0.31.2 starred:v0.31.1 starred:v0.31.0 starred:v0.30.7 starred:v0.30.6 starred:v0.30.5 starred:v0.30.4 starred:v0.30.3 starred:v0.30.2 starred:v0.30.1 starred:v0.30.0 starred:v0.29.3 starred:v0.29.2 starred:v0.29.1 starred:v0.29.0 starred:v0.28.3 starred:v0.28.2 starred:v0.28.1 starred:v0.28.0 starred:v0.27.5 starred:v0.27.4 starred:v0.27.3 starred:v0.27.2 starred:v0.27.1 starred:v0.27 starred:v0.26.4 starred:v0.26.3 starred:v0.26.2 starred:v0.26.1 starred:v0.26.0 starred:v0.25.5 starred:v0.25.4 starred:v0.25.3 starred:v0.25.2 starred:v0.25.1 starred:v0.25.0 starred:v0.24.3 starred:v0.24.2 starred:v0.24.1 starred:v0.24.0 starred:v0.23.2 starred:v0.23.1 starred:v0.23.0 starred:v0.22.0 starred:v0.21.0 starred:v0.20.3 starred:v0.20.2 starred:v0.20.1 starred:v0.20.0 starred:v0.19.0 starred:v0.18.5 starred:v0.18.4 starred:v0.18.3 starred:v0.18.2 starred:v0.18.1 starred:v0.18.0 starred:v0.17.4 starred:v0.17.3 starred:v0.17.2 starred:v0.17.1 starred:v0.17.0 starred:v0.16.3 starred:v0.16.2 starred:v0.16.1 starred:v0.16.0 starred:v0.15.3 starred:v0.15.2 starred:v0.15.1 starred:v0.15.0 starred:v0.14.3 starred:v0.14.2 starred:v0.14.1 starred:v0.14.0 starred:v0.13.1 starred:v0.13.0 starred:v0.12.2 starred:v0.12.1 starred:v0.12.0 starred:v0.11.2 starred:v0.11.1 starred:v0.11.0 starred:v0.10.0 starred:v0.9.3 starred:v0.9.2 starred:v0.9.1 starred:v0.9.0 starred:v0.8.2 starred:v0.8.1 starred:v0.8.0 starred:v0.7.6 starred:v0.7.5 starred:v0.7.4 starred:v0.7.3 starred:0.7.2 starred:v.0.7.1 starred:v0.7.0 starred:v0.6.3 starred:v0.6.2 starred:v0.6.1 starred:v0.6.0 starred:v0.5.0

39 Commits
l10n_devel ... developmen

Author SHA1 Message Date
Dan Brown
6808292c90 Editors: Made drawings appear clickiable via cursor 
During review of #5864
 2026-02-21 16:00:14 +00:00
Dan Brown
c10b0fd5b9 Merge branch 'patch-1' of github.com:lublak/BookStack into lublak-patch-1 2026-02-21 15:52:25 +00:00
Dan Brown
1077a4efd0 Merge branch 'v25-12' into development 2026-02-21 13:59:29 +00:00
Dan Brown
23f3f35f6b Readme: Updated sponsors 2026-02-21 13:56:50 +00:00
Dan Brown
229a99ba24 Descriptions: Improved empty field handling, reduces whitespace 
For #5724
 2026-02-20 14:22:54 +00:00
Dan Brown
8e99fc6783 Books: On delete, redirect to shelf if in context 
For #6029
Added tests to cover
 2026-02-20 11:23:26 +00:00
Dan Brown
80204518a2 Page Content: Better handling for empty content filtering 
For #6028
 2026-02-19 23:25:00 +00:00
Dan Brown
a8d96fd389 Content filter: Allowed custom diagram attribute in allow-list 
For #6026
 2026-02-18 19:33:35 +00:00
Dan Brown
9d15c79fee Deps: Updated PHP package versions 2026-02-18 19:24:06 +00:00
Dan Brown
e1de1f0583 git: Added old purifier location to gitignore 2026-02-17 18:34:14 +00:00
Dan Brown
a2017ffa55 Caching: Altered purifier cache folder to be server-created 
Moved from a static folder to a dynamically created folder in the
framework/cache directory, to increase the chance that it's created with
server-writable permissions.
This is due to an issue where users had permission issues, since adding
a new folder means it's created by the git user and often
non-web-writable.
 2026-02-17 18:22:13 +00:00
Dan Brown
9646339933 Testing: Addressed failing tests and static checks 2026-02-17 11:31:47 +00:00
Dan Brown
e4383765e1 Meta: Updated licenses and config wording 2026-02-17 11:00:37 +00:00
Dan Brown
5d547fcf4c Deps: Updated PHP packages 
Also fixed test namespace
 2026-02-17 09:44:56 +00:00
Dan Brown
826b36c985 Editors: Added HTML filtering in certain loading conditions 
When loaded via ajax for draft revert live in editor, or when loaded
into the editor by a different user.
 2026-02-16 15:50:54 +00:00
Dan Brown
3fa1174e7a Content filtering: Updated config and readme attribution 2026-02-16 13:46:45 +00:00
Dan Brown
50e8501027 Content Filter: Added extra object filtering 
Was blocked by CSP anyway, but best to have an extra layer.
 2026-02-16 13:02:24 +00:00
Dan Brown
8a221f64e4 Content Filtering: Covered new config options and filters with tests 2026-02-16 10:11:48 +00:00
Dan Brown
035be66ebc Content: Updated tests and CSP usage of content script setting 
Updates CSP to use new content_filtering option.
Splits out content filtering tests to their own class.
Updated tests where needed to adapt to changes.
 2026-02-15 18:44:14 +00:00
Dan Brown
227027fc45 Content: Updated purifier and content caching 
- Updated page content cache to use app version in cache key
- Moved purifier cache into framework to better work with existing
  expected folders.
- Added app version check to purifier so that it will reset its own
  cache on app version change.
 2026-02-15 16:46:09 +00:00
Dan Brown
0f040fe8b1 Content: Tuned HTML purifier for our use 
Tested it with a range of supported, including uncommon, content types
and added support, or changed config, where needed.
Been through docs for all HTMLPurifier options to assess what's
relevant.
 2026-02-15 16:17:03 +00:00
Dan Brown
10ebe53bd9 Page Content: Added more complex & configurable content filtering 
- Added new option to control parts of the filter.
- Added whitelist filtering pass via HTMLPurifier.
 2026-02-13 14:14:28 +00:00
Dan Brown
5e12b678c7 Merge pull request #5998 from BookStackApp/further_theme_development 
Further theme system developments
 2026-02-09 13:34:15 +00:00
Dan Brown
057d7be0bc Views: Made index/show sidebars a lot more modular 
Split out each sidebar block into their own template for easier
customization of those elements, and less code to manage when overriding
the parent show/index views.
 2026-02-08 17:03:48 +00:00
Dan Brown
984a73159f Theme modules: Updated view includes to prevent caching conflicts 2026-02-08 13:39:34 +00:00
Dan Brown
a20438b901 Theme System: Fixed theme view before/after issues 
- Updated the system to work with modules.
- Updated module docs to consider namespacing.
- Fixed view loading and registration event ordering.
- Fixed checking if views are registered.
 2026-02-07 23:01:13 +00:00
Dan Brown
9d3d0a4a07 Theme Modules: Added testing coverage for install command 2026-02-05 21:57:12 +00:00
Dan Brown
5038d124e1 Theme modules: Updated docs to cover ZIP format 2026-02-05 18:01:17 +00:00
Dan Brown
f7890c2dd9 Theme Modules: Fixes and improvements after manual testing 
- Added (limited) redirect handling to module downloads.
- Adjusted wording/text for consistency and clarity.
- Fixed scenarios where process was not stopped on error.
- Fixed module folder creation check/logic.
- Added better failed request handling to module downloads.
- Updated download response streaming to monitor/limit download size.
 2026-02-05 17:49:35 +00:00
Dan Brown
45ae03ceac Theme Modules: Added install helper command 
Not yet tested at all, either manually or via PHPUnit
 2026-02-03 20:43:01 +00:00
Dan Brown
aa0a8dda11 Theme Modules: Added dev documentation 2026-02-02 18:29:35 +00:00
Dan Brown
120ee38383 Theme Modules: Added testing coverage 2026-02-01 17:31:21 +00:00
Dan Brown
cd84074cdf Theme System: Split & organised tests, changed module version to string 2026-02-01 16:27:52 +00:00
Dan Brown
4949520194 Theme System: Added initial module implementations 2026-02-01 11:53:46 +00:00
Dan Brown
1b17bb3929 Theme: Changed how before/after views are registered 
Changed the system out to be a theme event instead of method, to align
with other registration events, and so that the theme view work can
better be contained in its own class.
 2026-01-27 16:50:50 +00:00
Dan Brown
9fcfc762ec Theme: Added testing of registerViewToRender* functions 
Updated function name also.
 2026-01-27 00:36:35 +00:00
Dan Brown
c32b1686a9 Theme: Added the ability to add views before/after existing ones 
Adds a registration system via the logical theme system, to tell
BookStack about views to render before or after a specific template
is included in the system.
 2026-01-26 17:16:14 +00:00
Dan Brown
36649a6188 Theme: Updated view registration to be dynamic 
Within the responsibility of the theme service instead
of being part of the app configuration.
 2026-01-26 11:55:39 +00:00
lublak
570ded10fa Set cursor to pointer for drawio diagrams 
Add cursor style for drawio diagrams in TinyMCE.
 2025-10-31 12:51:04 +01:00
110 changed files with 3937 additions and 1742 deletions
Expand all files Collapse all files

17
.env.example.complete
View File

@@ -351,10 +351,25 @@ EXPORT_PDF_COMMAND_TIMEOUT=15
# Only used if 'ALLOW_UNTRUSTED_SERVER_FETCHING=true' which disables security protections.
WKHTMLTOPDF=false
# Allow <script> tags in page content
# Allow JavaScript, and other potentiall dangerous content in page content.
# This also removes CSP-level JavaScript control.
# Note, if set to 'true' the page editor may still escape scripts.
# DEPRECATED: Use 'APP_CONTENT_FILTERING' instead as detailed below. Activiting this option
# effectively sets APP_CONTENT_FILTERING='' (No filtering)
ALLOW_CONTENT_SCRIPTS=false
# Control the behaviour of content filtering, primarily used for page content.
# This setting is a string of characters which represent different available filters:
# - j - Filter out JavaScript and unknown binary data based content
# - h - Filter out unexpected, and potentially dangerous, HTML elements
# - f - Filter out unexpected form elements
# - a - Run content through a more complex allowlist filter
# This defaults to using all filters, unless ALLOW_CONTENT_SCRIPTS is set to true in which case no filters are used.
# Note: These filters are a best-attempt and may not be 100% effective. They are typically a layer used in addition to other security measures.
# Note: The default value will always be the most-strict, so it's advised to leave this unset in your own configuration
# to ensure you are always using the full range of filters.
APP_CONTENT_FILTERING="jfha"
# Indicate if robots/crawlers should crawl your instance.
# Can be 'true', 'false' or 'null'.
# The behaviour of the default 'null' option will depend on the 'app-public' admin setting.

4
app/Activity/Models/Comment.php
View File

@@ -8,6 +8,7 @@ use BookStack\Permissions\PermissionApplicator;
use BookStack\Users\Models\HasCreatorAndUpdater;
use BookStack\Users\Models\OwnableInterface;
use BookStack\Util\HtmlContentFilter;
use BookStack\Util\HtmlContentFilterConfig;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
@@ -82,7 +83,8 @@ class Comment extends Model implements Loggable, OwnableInterface
public function safeHtml(): string
{
return HtmlContentFilter::removeActiveContentFromHtmlString($this->html ?? '');
$filter = new HtmlContentFilter(new HtmlContentFilterConfig());
return $filter->filterString($this->html ?? '');
}
public function jointPermissions(): HasMany

21
app/App/Providers/ThemeServiceProvider.php
View File

@@ -4,6 +4,8 @@ namespace BookStack\App\Providers;
use BookStack\Theming\ThemeEvents;
use BookStack\Theming\ThemeService;
use BookStack\Theming\ThemeViews;
use Illuminate\Support\Facades\Blade;
use Illuminate\Support\ServiceProvider;
class ThemeServiceProvider extends ServiceProvider
@@ -24,7 +26,26 @@ class ThemeServiceProvider extends ServiceProvider
{
// Boot up the theme system
$themeService = $this->app->make(ThemeService::class);
$viewFactory = $this->app->make('view');
$themeViews = new ThemeViews($viewFactory->getFinder());
// Use a custom include so that we can insert theme views before/after includes.
// This is done, even if no theme is active, so that view caching does not create problems
// when switching between themes or when switching a theme on/off.
$viewFactory->share('__themeViews', $themeViews);
Blade::directive('include', function ($expression) {
return "<?php echo \$__themeViews->handleViewInclude({$expression}, array_diff_key(get_defined_vars(), ['__data' => 1, '__path' => 1])); ?>";
});
if (!$themeService->getTheme()) {
return;
}
$themeService->loadModules();
$themeService->readThemeActions();
$themeService->dispatch(ThemeEvents::APP_BOOT, $this->app);
$themeViews->registerViewPathsForTheme($themeService->getModules());
$themeService->dispatch(ThemeEvents::THEME_REGISTER_VIEWS, $themeViews);
}
}

3
app/App/helpers.php
View File

@@ -81,8 +81,7 @@ function setting(?string $key = null, mixed $default = null): mixed
/**
* Get a path to a theme resource.
* Returns null if a theme is not configured and
* therefore a full path is not available for use.
* Returns null if a theme is not configured, and therefore a full path is not available for use.
*/
function theme_path(string $path = ''): ?string
{

17
app/Config/app.php
View File

@@ -37,10 +37,15 @@ return [
// The limit for all uploaded files, including images and attachments in MB.
'upload_limit' => env('FILE_UPLOAD_SIZE_LIMIT', 50),
// Allow <script> tags to entered within page content.
// <script> tags are escaped by default.
// Even when overridden the WYSIWYG editor may still escape script content.
'allow_content_scripts' => env('ALLOW_CONTENT_SCRIPTS', false),
// Control the behaviour of content filtering, primarily used for page content.
// This setting is a string of characters which represent different available filters:
// - j - Filter out JavaScript and unknown binary data based content
// - h - Filter out unexpected, and potentially dangerous, HTML elements
// - f - Filter out unexpected form elements
// - a - Run content through a more complex allowlist filter
// This defaults to using all filters, unless ALLOW_CONTENT_SCRIPTS is set to true in which case no filters are used.
// Note: These filters are a best-attempt and may not be 100% effective. They are typically a layer used in addition to other security measures.
'content_filtering' => env('APP_CONTENT_FILTERING', env('ALLOW_CONTENT_SCRIPTS', false) === true ? '' : 'jhfa'),
// Allow server-side fetches to be performed to potentially unknown
// and user-provided locations. Primarily used in exports when loading
@@ -48,8 +53,8 @@ return [
'allow_untrusted_server_fetching' => env('ALLOW_UNTRUSTED_SERVER_FETCHING', false),
// Override the default behaviour for allowing crawlers to crawl the instance.
// May be ignored if view has be overridden or modified.
// Defaults to null since, if not set, 'app-public' status used instead.
// May be ignored if the underlying view has been overridden or modified.
// Defaults to null in which case the 'app-public' status is used instead.
'allow_robots' => env('ALLOW_ROBOTS', null),
// Application Base URL, Used by laravel in development commands

8
app/Config/view.php
View File

@@ -8,12 +8,6 @@
* Do not edit this file unless you're happy to maintain any changes yourself.
*/
// Join up possible view locations
$viewPaths = [realpath(base_path('resources/views'))];
if ($theme = env('APP_THEME', false)) {
array_unshift($viewPaths, base_path('themes/' . $theme));
}
return [
// App theme
@@ -26,7 +20,7 @@ return [
// Most templating systems load templates from disk. Here you may specify
// an array of paths that should be checked for your views. Of course
// the usual Laravel view path has already been registered for you.
'paths' => $viewPaths,
'paths' => [realpath(base_path('resources/views'))],
// Compiled View Path
// This option determines where all the compiled Blade templates will be

305
app/Console/Commands/InstallModuleCommand.php Normal file
View File

@@ -0,0 +1,305 @@
<?php
namespace BookStack\Console\Commands;
use BookStack\Http\HttpRequestService;
use BookStack\Theming\ThemeModule;
use BookStack\Theming\ThemeModuleException;
use BookStack\Theming\ThemeModuleManager;
use BookStack\Theming\ThemeModuleZip;
use GuzzleHttp\Psr7\Request;
use Illuminate\Console\Command;
use Illuminate\Support\Str;
class InstallModuleCommand extends Command
{
/**
* The name and signature of the console command.
*
* @var string
*/
protected $signature = 'bookstack:install-module
{location : The URL or path of the module file}';
/**
* The console command description.
*
* @var string
*/
protected $description = 'Install a module to the currently configured theme';
protected array $cleanupActions = [];
/**
* Execute the console command.
*/
public function handle(): int
{
$location = $this->argument('location');
// Get the ZIP file containing the module files
$zipPath = $this->getPathToZip($location);
if (!$zipPath) {
$this->cleanup();
return 1;
}
// Validate module zip file (metadata, size, etc...) and get module instance
$zip = new ThemeModuleZip($zipPath);
$themeModule = $this->validateAndGetModuleInfoFromZip($zip);
if (!$themeModule) {
$this->cleanup();
return 1;
}
// Get the theme folder in use, attempting to create one if no active theme in use
$themeFolder = $this->getThemeFolder();
if (!$themeFolder) {
$this->cleanup();
return 1;
}
// Get the modules folder of the theme, attempting to create it if not existing,
// and create a new module manager instance.
$moduleFolder = $this->getModuleFolder($themeFolder);
if (!$moduleFolder) {
$this->cleanup();
return 1;
}
$manager = new ThemeModuleManager($moduleFolder);
// Handle existing modules with the same name
$exitingModulesWithName = $manager->getByName($themeModule->name);
$shouldContinue = $this->handleExistingModulesWithSameName($exitingModulesWithName, $manager);
if (!$shouldContinue) {
$this->cleanup();
return 1;
}
// Extract module ZIP into the theme modules folder
try {
$newModule = $manager->addFromZip($themeModule->name, $zip);
} catch (ThemeModuleException $exception) {
$this->error("ERROR: Failed to install module with error: {$exception->getMessage()}");
$this->cleanup();
return 1;
}
$this->info("Module \"{$newModule->name}\" ({$newModule->getVersion()}) successfully installed!");
$this->info("Install location: {$moduleFolder}/{$newModule->folderName}");
$this->cleanup();
return 0;
}
/**
* @param ThemeModule[] $existingModules
*/
protected function handleExistingModulesWithSameName(array $existingModules, ThemeModuleManager $manager): bool
{
if (count($existingModules) === 0) {
return true;
}
$this->warn("The following modules already exist with the same name:");
foreach ($existingModules as $folder => $module) {
$this->line("{$module->name} ({$folder}:{$module->getVersion()}) - {$module->description}");
}
$this->line('');
$choices = ['Cancel module install', 'Add alongside existing module'];
if (count($existingModules) === 1) {
$choices[] = 'Replace existing module';
}
$choice = $this->choice("What would you like to do?", $choices, 0, null, false);
if ($choice === 'Cancel module install') {
return false;
}
if ($choice === 'Replace existing module') {
$existingModuleFolder = array_key_first($existingModules);
$this->info("Replacing existing module in {$existingModuleFolder} folder");
$manager->deleteModuleFolder($existingModuleFolder);
}
return true;
}
protected function getModuleFolder(string $themeFolder): string|null
{
$path = $themeFolder . DIRECTORY_SEPARATOR . 'modules';
if (file_exists($path) && !is_dir($path)) {
$this->error("ERROR: Cannot create a modules folder, file already exists at {$path}");
return null;
}
if (!file_exists($path)) {
$created = mkdir($path, 0755, true);
if (!$created) {
$this->error("ERROR: Failed to create a modules folder at {$path}");
return null;
}
}
return $path;
}
protected function getThemeFolder(): string|null
{
$path = theme_path('');
if (!$path || !is_dir($path)) {
$shouldCreate = $this->confirm('No active theme folder found, would you like to create one?');
if (!$shouldCreate) {
return null;
}
$folder = 'custom';
while (file_exists(base_path("themes" . DIRECTORY_SEPARATOR . $folder))) {
$folder = 'custom-' . Str::random(4);
}
$path = base_path("themes/{$folder}");
$created = mkdir($path, 0755, true);
if (!$created) {
$this->error('Failed to create a theme folder to use. This may be a permissions issue. Try manually configuring an active theme');
return null;
}
$this->info("Created theme folder at {$path}");
$this->warn("You will need to set APP_THEME={$folder} in your BookStack env configuration to enable this theme!");
}
return $path;
}
protected function validateAndGetModuleInfoFromZip(ThemeModuleZip $zip): ThemeModule|null
{
if (!$zip->exists()) {
$this->error("ERROR: Cannot open ZIP file at {$zip->getPath()}");
return null;
}
if ($zip->getContentsSize() > (50 * 1024 * 1024)) {
$this->error("ERROR: Module ZIP file contents are too large. Maximum size is 50MB");
return null;
}
try {
$themeModule = $zip->getModuleInstance();
} catch (ThemeModuleException $exception) {
$this->error("ERROR: Failed to read module metadata with error: {$exception->getMessage()}");
return null;
}
return $themeModule;
}
protected function downloadModuleFile(string $location): string|null
{
$httpRequests = app()->make(HttpRequestService::class);
$client = $httpRequests->buildClient(30, ['stream' => true]);
$originalUrl = parse_url($location);
$currentLocation = $location;
$maxRedirects = 3;
$redirectCount = 0;
// Follow redirects up to 3 times for the same hostname
do {
$resp = $client->sendRequest(new Request('GET', $currentLocation));
$statusCode = $resp->getStatusCode();
if ($statusCode >= 300 && $statusCode < 400 && $redirectCount < $maxRedirects) {
$redirectLocation = $resp->getHeaderLine('Location');
if ($redirectLocation) {
$redirectUrl = parse_url($redirectLocation);
if (
($originalUrl['host'] ?? '') === ($redirectUrl['host'] ?? '')
&& ($originalUrl['scheme'] ?? '') === ($redirectUrl['scheme'] ?? '')
&& ($originalUrl['port'] ?? '') === ($redirectUrl['port'] ?? '')
) {
$currentLocation = $redirectLocation;
$redirectCount++;
continue;
}
}
}
break;
} while (true);
if ($resp->getStatusCode() >= 300) {
$this->error("ERROR: Failed to download module from {$location}");
$this->error("Download failed with status code {$resp->getStatusCode()}");
return null;
}
$tempFile = tempnam(sys_get_temp_dir(), 'bookstack_module_');
$fileHandle = fopen($tempFile, 'w');
$respBody = $resp->getBody();
$size = 0;
$maxSize = 50 * 1024 * 1024;
while (!$respBody->eof()) {
fwrite($fileHandle, $respBody->read(1024));
$size += 1024;
if ($size > $maxSize) {
fclose($fileHandle);
unlink($tempFile);
$this->error("ERROR: Module ZIP file is too large. Maximum size is 50MB");
return '';
}
}
fclose($fileHandle);
$this->cleanupActions[] = function () use ($tempFile) {
unlink($tempFile);
};
return $tempFile;
}
protected function getPathToZip(string $location): string|null
{
$lowerLocation = strtolower($location);
$isRemote = str_starts_with($lowerLocation, 'http://') || str_starts_with($lowerLocation, 'https://');
if ($isRemote) {
// Warning about fetching from source
$host = parse_url($location, PHP_URL_HOST);
$this->warn("This will download a module from {$host}. Modules can contain code which would have the ability to do anything on the BookStack host server.\nYou should only install modules from trusted sources.");
$trustHost = $this->confirm('Are you sure you trust this source?');
if (!$trustHost) {
return null;
}
// Check if the connection is http. If so, warn the user.
if (str_starts_with($lowerLocation, 'http://')) {
$this->warn("You are downloading a module from an insecure HTTP source.\nWe recommend only using HTTPS sources to avoid various security risks.");
if (!$this->confirm('Are you sure you want to continue without HTTPS?')) {
return null;
}
}
// Download ZIP and get its location
return $this->downloadModuleFile($location);
}
// Validate file and get full location
$zipPath = realpath($location);
if (!$zipPath || !is_file($zipPath)) {
$this->error("ERROR: Module file not found at {$location}");
return null;
}
return $zipPath;
}
protected function cleanup(): void
{
foreach ($this->cleanupActions as $action) {
$action();
}
}
}

5
app/Entities/Controllers/BookController.php
View File

@@ -224,9 +224,14 @@ class BookController extends Controller
{
$book = $this->queries->findVisibleBySlugOrFail($bookSlug);
$this->checkOwnablePermission(Permission::BookDelete, $book);
$contextShelf = $this->shelfContext->getContextualShelfForBook($book);
$this->bookRepo->destroy($book);
if ($contextShelf) {
return redirect($contextShelf->getUrl());
}
return redirect('/books');
}

8
app/Entities/Controllers/PageController.php
View File

@@ -21,6 +21,8 @@ use BookStack\Exceptions\PermissionsException;
use BookStack\Http\Controller;
use BookStack\Permissions\Permission;
use BookStack\References\ReferenceFetcher;
use BookStack\Util\HtmlContentFilter;
use BookStack\Util\HtmlContentFilterConfig;
use Exception;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Http\Request;
@@ -173,7 +175,7 @@ class PageController extends Controller
}
/**
* Get page from an ajax request.
* Get a page from an ajax request.
*
* @throws NotFoundException
*/
@@ -183,6 +185,10 @@ class PageController extends Controller
$page->setHidden(array_diff($page->getHidden(), ['html', 'markdown']));
$page->makeHidden(['book']);
$filterConfig = HtmlContentFilterConfig::fromConfigString(config('app.content_filtering'));
$filter = new HtmlContentFilter($filterConfig);
$page->html = $filter->filterString($page->html);
return response()->json($page);
}

9
app/Entities/Tools/EntityHtmlDescription.php
View File

@@ -6,6 +6,7 @@ use BookStack\Entities\Models\Book;
use BookStack\Entities\Models\Bookshelf;
use BookStack\Entities\Models\Chapter;
use BookStack\Util\HtmlContentFilter;
use BookStack\Util\HtmlContentFilterConfig;
class EntityHtmlDescription
{
@@ -50,7 +51,13 @@ class EntityHtmlDescription
return $html;
}
return HtmlContentFilter::removeActiveContentFromHtmlString($html);
$isEmpty = empty(trim(strip_tags($html)));
if ($isEmpty) {
return '<p></p>';
}
$filter = new HtmlContentFilter(new HtmlContentFilterConfig());
return $filter->filterString($html);
}
public function getPlain(): string

27
app/Entities/Tools/PageContent.php
View File

@@ -2,6 +2,7 @@
namespace BookStack\Entities\Tools;
use BookStack\App\AppVersion;
use BookStack\Entities\Models\Page;
use BookStack\Entities\Queries\PageQueries;
use BookStack\Entities\Tools\Markdown\MarkdownToHtml;
@@ -13,6 +14,7 @@ use BookStack\Uploads\ImageRepo;
use BookStack\Uploads\ImageService;
use BookStack\Users\Models\User;
use BookStack\Util\HtmlContentFilter;
use BookStack\Util\HtmlContentFilterConfig;
use BookStack\Util\HtmlDocument;
use BookStack\Util\WebSafeMimeSniffer;
use Closure;
@@ -317,11 +319,30 @@ class PageContent
$this->updateIdsRecursively($doc->getBody(), 0, $idMap, $changeMap);
}
if (!config('app.allow_content_scripts')) {
HtmlContentFilter::removeActiveContentFromDocument($doc);
$cacheKey = $this->getContentCacheKey($doc->getBodyInnerHtml());
$cached = cache()->get($cacheKey, null);
if ($cached !== null) {
return $cached;
}
return $doc->getBodyInnerHtml();
$filterConfig = HtmlContentFilterConfig::fromConfigString(config('app.content_filtering'));
$filter = new HtmlContentFilter($filterConfig);
$filtered = $filter->filterDocument($doc);
$cacheTime = 86400 * 7; // 1 week
cache()->put($cacheKey, $filtered, $cacheTime);
return $filtered;
}
protected function getContentCacheKey(string $html): string
{
$contentHash = md5($html);
$contentId = $this->page->id;
$contentTime = $this->page->updated_at?->timestamp ?? time();
$appVersion = AppVersion::get();
$filterConfig = config('app.content_filtering') ?? '';
return "page-content-cache::{$filterConfig}::{$appVersion}::{$contentId}::{$contentTime}::{$contentHash}";
}
/**

12
app/Entities/Tools/PageEditorData.php
View File

@@ -8,6 +8,8 @@ use BookStack\Entities\Queries\EntityQueries;
use BookStack\Entities\Tools\Markdown\HtmlToMarkdown;
use BookStack\Entities\Tools\Markdown\MarkdownToHtml;
use BookStack\Permissions\Permission;
use BookStack\Util\HtmlContentFilter;
use BookStack\Util\HtmlContentFilterConfig;
class PageEditorData
{
@@ -47,6 +49,7 @@ class PageEditorData
$isDraftRevision = false;
$this->warnings = [];
$editActivity = new PageEditActivity($page);
$lastEditorId = $page->updated_by ?? user()->id;
if ($editActivity->hasActiveEditing()) {
$this->warnings[] = $editActivity->activeEditingMessage();
@@ -58,11 +61,20 @@ class PageEditorData
$page->forceFill($userDraft->only(['name', 'html', 'markdown']));
$isDraftRevision = true;
$this->warnings[] = $editActivity->getEditingActiveDraftMessage($userDraft);
$lastEditorId = $userDraft->created_by;
}
// Get editor type and handle changes
$editorType = $this->getEditorType($page);
$this->updateContentForEditor($page, $editorType);
// Filter HTML content if required
if ($editorType->isHtmlBased() && !old('html') && $lastEditorId !== user()->id) {
$filterConfig = HtmlContentFilterConfig::fromConfigString(config('app.content_filtering'));
$filter = new HtmlContentFilter($filterConfig);
$page->html = $filter->filterString($page->html);
}
return [
'page' => $page,
'book' => $page->book,

22
app/Theming/CustomHtmlHeadContentProvider.php
View File

@@ -4,25 +4,16 @@ namespace BookStack\Theming;
use BookStack\Util\CspService;
use BookStack\Util\HtmlContentFilter;
use BookStack\Util\HtmlContentFilterConfig;
use BookStack\Util\HtmlNonceApplicator;
use Illuminate\Contracts\Cache\Repository as Cache;
class CustomHtmlHeadContentProvider
{
/**
* @var CspService
*/
protected $cspService;
/**
* @var Cache
*/
protected $cache;
public function __construct(CspService $cspService, Cache $cache)
{
$this->cspService = $cspService;
$this->cache = $cache;
public function __construct(
protected CspService $cspService,
protected Cache $cache
) {
}
/**
@@ -50,7 +41,8 @@ class CustomHtmlHeadContentProvider
$hash = md5($content);
return $this->cache->remember('custom-head-export:' . $hash, 86400, function () use ($content) {
return HtmlContentFilter::removeActiveContentFromHtmlString($content);
$config = new HtmlContentFilterConfig(filterOutNonContentElements: false, useAllowListFilter: false);
return (new HtmlContentFilter($config))->filterString($content);
});
}

7
app/Theming/ThemeController.php
View File

@@ -5,21 +5,22 @@ namespace BookStack\Theming;
use BookStack\Facades\Theme;
use BookStack\Http\Controller;
use BookStack\Util\FilePathNormalizer;
use Symfony\Component\HttpFoundation\StreamedResponse;
class ThemeController extends Controller
{
/**
* Serve a public file from the configured theme.
*/
public function publicFile(string $theme, string $path)
public function publicFile(string $theme, string $path): StreamedResponse
{
$cleanPath = FilePathNormalizer::normalize($path);
if ($theme !== Theme::getTheme() || !$cleanPath) {
abort(404);
}
$filePath = theme_path("public/{$cleanPath}");
if (!file_exists($filePath)) {
$filePath = Theme::findFirstFile("public/{$cleanPath}");
if (!$filePath) {
abort(404);
}

10
app/Theming/ThemeEvents.php
View File

@@ -134,6 +134,16 @@ class ThemeEvents
*/
const ROUTES_REGISTER_WEB_AUTH = 'routes_register_web_auth';
/**
* Theme register views event.
* Called by the theme system when a theme is active, so that custom view templates can be registered
* to be rendered in addition to existing app views.
*
* @param \BookStack\Theming\ThemeViews $themeViews
*/
const THEME_REGISTER_VIEWS = 'theme_register_views';
/**
* Web before middleware action.
* Runs before the request is handled but after all other middleware apart from those

59
app/Theming/ThemeModule.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
namespace BookStack\Theming;
readonly class ThemeModule
{
public function __construct(
public string $name,
public string $description,
public string $version,
public string $folderName,
) {
}
/**
* Create a ThemeModule instance from JSON data.
*
* @throws ThemeModuleException
*/
public static function fromJson(array $data, string $folderName): self
{
if (empty($data['name']) || !is_string($data['name'])) {
throw new ThemeModuleException("Module in folder \"{$folderName}\" is missing a valid 'name' property");
}
if (!isset($data['description']) || !is_string($data['description'])) {
throw new ThemeModuleException("Module in folder \"{$folderName}\" is missing a valid 'description' property");
}
if (!isset($data['version']) || !is_string($data['version'])) {
throw new ThemeModuleException("Module in folder \"{$folderName}\" is missing a valid 'version' property");
}
if (!preg_match('/^v?\d+\.\d+\.\d+(-.*)?$/', $data['version'])) {
throw new ThemeModuleException("Module in folder \"{$folderName}\" has an invalid 'version' format. Expected semantic version format like '1.0.0' or 'v1.0.0'");
}
return new self(
name: $data['name'],
description: $data['description'],
version: $data['version'],
folderName: $folderName,
);
}
/**
* Get a path for a file within this module.
*/
public function path($path = ''): string
{
$component = trim($path, '/');
return theme_path("modules/{$this->folderName}/{$component}");
}
public function getVersion(): string
{
return str_starts_with($this->version, 'v') ? $this->version : 'v' . $this->version;
}
}

7
app/Theming/ThemeModuleException.php Normal file
View File

@@ -0,0 +1,7 @@
<?php
namespace BookStack\Theming;
class ThemeModuleException extends \Exception
{
}

133
app/Theming/ThemeModuleManager.php Normal file
View File

@@ -0,0 +1,133 @@
<?php
namespace BookStack\Theming;
use Illuminate\Support\Str;
class ThemeModuleManager
{
/** @var array<string, ThemeModule>|null */
protected array|null $loadedModules = null;
public function __construct(
protected string $modulesFolderPath
) {
}
/**
* @return array<string, ThemeModule>
*/
public function getByName(string $name): array
{
return array_filter($this->load(), fn(ThemeModule $module) => $module->name === $name);
}
public function deleteModuleFolder(string $moduleFolderName): void
{
$modules = $this->load();
$module = $modules[$moduleFolderName] ?? null;
if (!$module) {
return;
}
$moduleFolderPath = $module->path('');
if (!file_exists($moduleFolderPath)) {
return;
}
$this->deleteDirectoryRecursively($moduleFolderPath);
unset($this->loadedModules[$moduleFolderName]);
}
/**
* @throws ThemeModuleException
*/
public function addFromZip(string $name, ThemeModuleZip $zip): ThemeModule
{
$baseFolderName = Str::limit(Str::slug($name), 20);
$folderName = $baseFolderName;
while (!$baseFolderName || file_exists($this->modulesFolderPath . DIRECTORY_SEPARATOR . $folderName)) {
$folderName = ($baseFolderName ?: 'mod') . '-' . Str::random(4);
}
$folderPath = $this->modulesFolderPath . DIRECTORY_SEPARATOR . $folderName;
$zip->extractTo($folderPath);
$module = $this->loadFromFolder($folderName);
if (!$module) {
throw new ThemeModuleException("Failed to load module from zip file after extraction");
}
return $module;
}
protected function deleteDirectoryRecursively(string $path): void
{
$items = array_diff(scandir($path), ['.', '..']);
foreach ($items as $item) {
$itemPath = $path . DIRECTORY_SEPARATOR . $item;
if (is_dir($itemPath)) {
$this->deleteDirectoryRecursively($itemPath);
} else {
$deleted = unlink($itemPath);
if (!$deleted) {
throw new ThemeModuleException("Failed to delete file at \"{$itemPath}\"");
}
}
}
rmdir($path);
}
public function load(): array
{
if ($this->loadedModules !== null) {
return $this->loadedModules;
}
if (!is_dir($this->modulesFolderPath)) {
return [];
}
$subFolders = array_filter(scandir($this->modulesFolderPath), function ($item) {
return $item !== '.' && $item !== '..' && is_dir($this->modulesFolderPath . DIRECTORY_SEPARATOR . $item);
});
$modules = [];
foreach ($subFolders as $folderName) {
$module = $this->loadFromFolder($folderName);
if ($module) {
$modules[$folderName] = $module;
}
}
$this->loadedModules = $modules;
return $modules;
}
protected function loadFromFolder(string $folderName): ThemeModule|null
{
$moduleJsonFile = $this->modulesFolderPath . DIRECTORY_SEPARATOR . $folderName . DIRECTORY_SEPARATOR . 'bookstack-module.json';
if (!file_exists($moduleJsonFile)) {
return null;
}
try {
$jsonContent = file_get_contents($moduleJsonFile);
$jsonData = json_decode($jsonContent, true);
if (json_last_error() !== JSON_ERROR_NONE) {
throw new ThemeModuleException("Invalid JSON in module file at \"{$moduleJsonFile}\": " . json_last_error_msg());
}
$module = ThemeModule::fromJson($jsonData, $folderName);
} catch (ThemeModuleException $exception) {
throw $exception;
} catch (\Exception $exception) {
throw new ThemeModuleException("Failed loading module from \"{$moduleJsonFile}\" with error: {$exception->getMessage()}");
}
return $module;
}
}

98
app/Theming/ThemeModuleZip.php Normal file
View File

@@ -0,0 +1,98 @@
<?php
namespace BookStack\Theming;
use ZipArchive;
readonly class ThemeModuleZip
{
public function __construct(
protected string $path
) {
}
public function extractTo(string $destinationPath): void
{
$zip = new ZipArchive();
$zip->open($this->path);
$zip->extractTo($destinationPath);
$zip->close();
}
/**
* Read the module's JSON metadata to read it into a ThemeModule instance.
* @throws ThemeModuleException
*/
public function getModuleInstance(): ThemeModule
{
$zip = new ZipArchive();
$open = $zip->open($this->path);
if ($open !== true) {
throw new ThemeModuleException("Unable to open zip file at {$this->path}");
}
$moduleJsonText = $zip->getFromName('bookstack-module.json');
$zip->close();
if ($moduleJsonText === false) {
throw new ThemeModuleException("bookstack-module.json not found within module ZIP at {$this->path}");
}
$moduleJson = json_decode($moduleJsonText, true);
if ($moduleJson === null) {
throw new ThemeModuleException("Could not read JSON from bookstack-module.json within module ZIP at {$this->path}");
}
return ThemeModule::fromJson($moduleJson, '_temp');
}
/**
* Get the path to the zip file.
*/
public function getPath(): string
{
return $this->path;
}
/**
* Check if the zip file exists and that it appears to be a valid zip file.
*/
public function exists(): bool
{
if (!file_exists($this->path)) {
return false;
}
$zip = new ZipArchive();
$open = $zip->open($this->path, ZipArchive::RDONLY);
if ($open === true) {
$zip->close();
return true;
}
return false;
}
/**
* Get the total size of the zip file contents when uncompressed.
*/
public function getContentsSize(): int
{
$zip = new ZipArchive();
if ($zip->open($this->path) !== true) {
return 0;
}
$totalSize = 0;
for ($i = 0; $i < $zip->numFiles; $i++) {
$stat = $zip->statIndex($i);
if ($stat !== false) {
$totalSize += $stat['size'];
}
}
$zip->close();
return $totalSize;
}
}

67
app/Theming/ThemeService.php
View File

@@ -6,6 +6,7 @@ use BookStack\Access\SocialDriverManager;
use BookStack\Exceptions\ThemeException;
use Illuminate\Console\Application;
use Illuminate\Console\Application as Artisan;
use Illuminate\View\FileViewFinder;
use Symfony\Component\Console\Command\Command;
class ThemeService
@@ -15,6 +16,11 @@ class ThemeService
*/
protected array $listeners = [];
/**
* @var array<string, ThemeModule>
*/
protected array $modules = [];
/**
* Get the currently configured theme.
* Returns an empty string if not configured.
@@ -76,20 +82,71 @@ class ThemeService
}
/**
* Read any actions from the set theme path if the 'functions.php' file exists.
* Read any actions from the 'functions.php' file of the active theme or its modules.
*/
public function readThemeActions(): void
{
$themeActionsFile = theme_path('functions.php');
if ($themeActionsFile && file_exists($themeActionsFile)) {
$moduleFunctionFiles = array_map(function (ThemeModule $module): string {
return $module->path('functions.php');
}, $this->modules);
$allFunctionFiles = array_merge(array_values($moduleFunctionFiles), [theme_path('functions.php')]);
$filteredFunctionFiles = array_filter($allFunctionFiles, function (string $file): bool {
return $file && file_exists($file);
});
foreach ($filteredFunctionFiles as $functionFile) {
try {
require $themeActionsFile;
require $functionFile;
} catch (\Error $exception) {
throw new ThemeException("Failed loading theme functions file at \"{$themeActionsFile}\" with error: {$exception->getMessage()}");
throw new ThemeException("Failed loading theme functions file at \"{$functionFile}\" with error: {$exception->getMessage()}");
}
}
}
/**
* Read the modules folder and load in any valid theme modules.
* @throws ThemeModuleException
*/
public function loadModules(): void
{
$modulesFolder = theme_path('modules');
if (!$modulesFolder) {
return;
}
$this->modules = (new ThemeModuleManager($modulesFolder))->load();
}
/**
* Get all loaded theme modules.
* @return array<string, ThemeModule>
*/
public function getModules(): array
{
return $this->modules;
}
/**
* Look for a specific file within the theme or its modules.
* Returns the first file found or null if not found.
*/
public function findFirstFile(string $path): ?string
{
$themePath = theme_path($path);
if (file_exists($themePath)) {
return $themePath;
}
foreach ($this->modules as $module) {
$customizedFile = $module->path($path);
if (file_exists($customizedFile)) {
return $customizedFile;
}
}
return null;
}
/**
* @see SocialDriverManager::addSocialDriver
*/

115
app/Theming/ThemeViews.php Normal file
View File

@@ -0,0 +1,115 @@
<?php
namespace BookStack\Theming;
use BookStack\Exceptions\ThemeException;
use Illuminate\View\FileViewFinder;
class ThemeViews
{
/**
* @var array<string, array<string, int>>
*/
protected array $beforeViews = [];
/**
* @var array<string, array<string, int>>
*/
protected array $afterViews = [];
public function __construct(
protected FileViewFinder $finder
) {
}
/**
* Register any extra paths for where we may expect views to be located
* with the FileViewFinder, to make custom views available for use.
* @param ThemeModule[] $modules
*/
public function registerViewPathsForTheme(array $modules): void
{
foreach ($modules as $module) {
$moduleViewsPath = $module->path('views');
if (file_exists($moduleViewsPath) && is_dir($moduleViewsPath)) {
$this->finder->prependLocation($moduleViewsPath);
}
}
$this->finder->prependLocation(theme_path());
}
/**
* Provide the response for a blade template view include.
*/
public function handleViewInclude(string $viewPath, array $data = [], array $mergeData = []): string
{
if (!$this->hasRegisteredViews()) {
return view()->make($viewPath, $data, $mergeData)->render();
}
if (str_contains('book-tree', $viewPath)) {
dd($viewPath, $data);
}
$viewsContent = [
...$this->renderViewSets($this->beforeViews[$viewPath] ?? [], $data, $mergeData),
view()->make($viewPath, $data, $mergeData)->render(),
...$this->renderViewSets($this->afterViews[$viewPath] ?? [], $data, $mergeData),
];
return implode("\n", $viewsContent);
}
/**
* Register a custom view to be rendered before the given target view is included in the template system.
*/
public function renderBefore(string $targetView, string $localView, int $priority = 50): void
{
$this->registerAdjacentView($this->beforeViews, $targetView, $localView, $priority);
}
/**
* Register a custom view to be rendered after the given target view is included in the template system.
*/
public function renderAfter(string $targetView, string $localView, int $priority = 50): void
{
$this->registerAdjacentView($this->afterViews, $targetView, $localView, $priority);
}
public function hasRegisteredViews(): bool
{
return !empty($this->beforeViews) || !empty($this->afterViews);
}
protected function registerAdjacentView(array &$location, string $targetView, string $localView, int $priority = 50): void
{
try {
$viewPath = $this->finder->find($localView);
} catch (\InvalidArgumentException $exception) {
throw new ThemeException("Expected registered view file with name \"{$localView}\" could not be found.");
}
if (!isset($location[$targetView])) {
$location[$targetView] = [];
}
$location[$targetView][$viewPath] = $priority;
}
/**
* @param array<string, int> $viewSet
* @return string[]
*/
protected function renderViewSets(array $viewSet, array $data, array $mergeData): array
{
$paths = array_keys($viewSet);
usort($paths, function (string $a, string $b) use ($viewSet) {
return $viewSet[$a] <=> $viewSet[$b];
});
return array_map(function (string $viewPath) use ($data, $mergeData) {
return view()->file($viewPath, $data, $mergeData)->render();
}, $paths);
}
}

19
app/Translation/FileLoader.php
View File

@@ -2,6 +2,7 @@
namespace BookStack\Translation;
use BookStack\Facades\Theme;
use Illuminate\Translation\FileLoader as BaseLoader;
class FileLoader extends BaseLoader
@@ -12,11 +13,6 @@ class FileLoader extends BaseLoader
* Extends Laravel's translation FileLoader to look in multiple directories
* so that we can load in translation overrides from the theme file if wanted.
*
* Note: As of using Laravel 10, this may now be redundant since Laravel's
* file loader supports multiple paths. This needs further testing though
* to confirm if Laravel works how we expect, since we specifically need
* the theme folder to be able to partially override core lang files.
*
* @param string $locale
* @param string $group
* @param string|null $namespace
@@ -32,9 +28,18 @@ class FileLoader extends BaseLoader
if (is_null($namespace) || $namespace === '*') {
$themePath = theme_path('lang');
$themeTranslations = $themePath ? $this->loadPaths([$themePath], $locale, $group) : [];
$originalTranslations = $this->loadPaths($this->paths, $locale, $group);
return array_merge($originalTranslations, $themeTranslations);
$modules = Theme::getModules();
$moduleTranslations = [];
foreach ($modules as $module) {
$modulePath = $module->path('lang');
if (file_exists($modulePath)) {
$moduleTranslations = array_merge($moduleTranslations, $this->loadPaths([$modulePath], $locale, $group));
}
}
$originalTranslations = $this->loadPaths($this->paths, $locale, $group);
return array_merge($originalTranslations, $moduleTranslations, $themeTranslations);
}
return $this->loadNamespaced($locale, $group, $namespace);

150
app/Util/ConfiguredHtmlPurifier.php Normal file
View File

@@ -0,0 +1,150 @@
<?php
namespace BookStack\Util;
use BookStack\App\AppVersion;
use HTMLPurifier;
use HTMLPurifier_Config;
use HTMLPurifier_DefinitionCache_Serializer;
use HTMLPurifier_HTML5Config;
use HTMLPurifier_HTMLDefinition;
/**
* Provides a configured HTML Purifier instance.
* https://github.com/ezyang/htmlpurifier
* Also uses this to extend support to HTML5 elements:
* https://github.com/xemlock/htmlpurifier-html5
*/
class ConfiguredHtmlPurifier
{
protected HTMLPurifier $purifier;
protected static bool $cachedChecked = false;
public function __construct()
{
// This is done by the web-server at run-time, with the existing
// storage/framework/cache folder to ensure we're using a server-writable folder.
$cachePath = storage_path('framework/cache/purifier');
$this->createCacheFolderIfNeeded($cachePath);
$config = HTMLPurifier_HTML5Config::createDefault();
$this->setConfig($config, $cachePath);
$this->resetCacheIfNeeded($config);
$htmlDef = $config->getDefinition('HTML', true, true);
if ($htmlDef instanceof HTMLPurifier_HTMLDefinition) {
$this->configureDefinition($htmlDef);
}
$this->purifier = new HTMLPurifier($config);
}
protected function createCacheFolderIfNeeded(string $cachePath): void
{
if (!file_exists($cachePath)) {
mkdir($cachePath, 0777, true);
}
}
protected function resetCacheIfNeeded(HTMLPurifier_Config $config): void
{
if (self::$cachedChecked) {
return;
}
$cachedForVersion = cache('htmlpurifier::cache-version');
$appVersion = AppVersion::get();
if ($cachedForVersion !== $appVersion) {
foreach (['HTML', 'CSS', 'URI'] as $name) {
$cache = new HTMLPurifier_DefinitionCache_Serializer($name);
$cache->flush($config);
}
cache()->set('htmlpurifier::cache-version', $appVersion);
}
self::$cachedChecked = true;
}
protected function setConfig(HTMLPurifier_Config $config, string $cachePath): void
{
$config->set('Cache.SerializerPath', $cachePath);
$config->set('Core.AllowHostnameUnderscore', true);
$config->set('CSS.AllowTricky', true);
$config->set('HTML.SafeIframe', true);
$config->set('Attr.EnableID', true);
$config->set('Attr.ID.HTML5', true);
$config->set('Output.FixInnerHTML', false);
$config->set('URI.SafeIframeRegexp', '%^(http://|https://|//)%');
$config->set('URI.AllowedSchemes', [
'http' => true,
'https' => true,
'mailto' => true,
'ftp' => true,
'nntp' => true,
'news' => true,
'tel' => true,
'file' => true,
]);
// $config->set('Cache.DefinitionImpl', null); // Disable cache during testing
}
public function configureDefinition(HTMLPurifier_HTMLDefinition $definition): void
{
// Allow the object element
$definition->addElement(
'object',
'Inline',
'Flow',
'Common',
[
'data' => 'URI',
'type' => 'Text',
'width' => 'Length',
'height' => 'Length',
]
);
// Allow the embed element
$definition->addElement(
'embed',
'Inline',
'Empty',
'Common',
[
'src' => 'URI',
'type' => 'Text',
'width' => 'Length',
'height' => 'Length',
]
);
// Allow checkbox inputs
$definition->addElement(
'input',
'Formctrl',
'Empty',
'Common',
[
'checked' => 'Bool#checked',
'disabled' => 'Bool#disabled',
'name' => 'Text',
'readonly' => 'Bool#readonly',
'type' => 'Enum#checkbox',
'value' => 'Text',
]
);
// Allow the drawio-diagram attribute on div elements
$definition->addAttribute(
'div',
'drawio-diagram',
'Number',
);
}
public function purify(string $html): string
{
return $this->purifier->purify($html);
}
}

9
app/Util/CspService.php
View File

@@ -65,7 +65,7 @@ class CspService
*/
protected function getScriptSrc(): string
{
if (config('app.allow_content_scripts')) {
if ($this->scriptFilteringDisabled()) {
return '';
}
@@ -108,7 +108,7 @@ class CspService
*/
protected function getObjectSrc(): string
{
if (config('app.allow_content_scripts')) {
if ($this->scriptFilteringDisabled()) {
return '';
}
@@ -124,6 +124,11 @@ class CspService
return "base-uri 'self'";
}
protected function scriptFilteringDisabled(): bool
{
return !HtmlContentFilterConfig::fromConfigString(config('app.content_filtering'))->filterOutJavaScript;
}
protected function getAllowedIframeHosts(): array
{
$hosts = config('app.iframe_hosts') ?? '';

137
app/Util/HtmlContentFilter.php
View File

@@ -8,12 +8,46 @@ use DOMNodeList;
class HtmlContentFilter
{
/**
* Remove all active content from the given HTML document.
* This aims to cover anything which can dynamically deal with, or send, data
* like any JavaScript actions or form content.
*/
public static function removeActiveContentFromDocument(HtmlDocument $doc): void
public function __construct(
protected HtmlContentFilterConfig $config
) {
}
public function filterDocument(HtmlDocument $doc): string
{
if ($this->config->filterOutJavaScript) {
$this->filterOutScriptsFromDocument($doc);
}
if ($this->config->filterOutFormElements) {
$this->filterOutFormElementsFromDocument($doc);
}
if ($this->config->filterOutBadHtmlElements) {
$this->filterOutBadHtmlElementsFromDocument($doc);
}
if ($this->config->filterOutNonContentElements) {
$this->filterOutNonContentElementsFromDocument($doc);
}
$filtered = $doc->getBodyInnerHtml();
if ($this->config->useAllowListFilter) {
$filtered = $this->applyAllowListFiltering($filtered);
}
return $filtered;
}
public function filterString(string $html): string
{
return $this->filterDocument(new HtmlDocument($html));
}
protected function applyAllowListFiltering(string $html): string
{
$purifier = new ConfiguredHtmlPurifier();
return $purifier->purify($html);
}
protected function filterOutScriptsFromDocument(HtmlDocument $doc): void
{
// Remove standard script tags
$scriptElems = $doc->queryXPath('//script');
@@ -27,17 +61,17 @@ class HtmlContentFilter
$badForms = $doc->queryXPath('//*[' . static::xpathContains('@action', 'javascript:') . '] | //*[' . static::xpathContains('@formaction', 'javascript:') . ']');
static::removeNodes($badForms);
// Remove meta tag to prevent external redirects
$metaTags = $doc->queryXPath('//meta[' . static::xpathContains('@content', 'url') . ']');
static::removeNodes($metaTags);
// Remove data or JavaScript iFrames
// Remove data or JavaScript iFrames & embeds
$badIframes = $doc->queryXPath('//*[' . static::xpathContains('@src', 'data:') . '] | //*[' . static::xpathContains('@src', 'javascript:') . '] | //*[@srcdoc]');
static::removeNodes($badIframes);
// Remove data or JavaScript objects
$badObjects = $doc->queryXPath('//*[' . static::xpathContains('@data', 'data:') . '] | //*[' . static::xpathContains('@data', 'javascript:') . ']');
static::removeNodes($badObjects);
// Remove attributes, within svg children, hiding JavaScript or data uris.
// A bunch of svg element and attribute combinations expose xss possibilities.
// For example, SVG animate tag can exploit javascript in values.
// For example, SVG animate tag can exploit JavaScript in values.
$badValuesAttrs = $doc->queryXPath('//svg//@*[' . static::xpathContains('.', 'data:') . '] | //svg//@*[' . static::xpathContains('.', 'javascript:') . ']');
static::removeAttributes($badValuesAttrs);
@@ -49,7 +83,10 @@ class HtmlContentFilter
// Remove 'on*' attributes
$onAttributes = $doc->queryXPath('//@*[starts-with(name(), \'on\')]');
static::removeAttributes($onAttributes);
}
protected function filterOutFormElementsFromDocument(HtmlDocument $doc): void
{
// Remove form elements
$formElements = ['form', 'fieldset', 'button', 'textarea', 'select'];
foreach ($formElements as $formElement) {
@@ -75,41 +112,21 @@ class HtmlContentFilter
}
}
/**
* Remove active content from the given HTML string.
* This aims to cover anything which can dynamically deal with, or send, data
* like any JavaScript actions or form content.
*/
public static function removeActiveContentFromHtmlString(string $html): string
protected function filterOutBadHtmlElementsFromDocument(HtmlDocument $doc): void
{
if (empty($html)) {
return $html;
// Remove meta tag to prevent external redirects
$metaTags = $doc->queryXPath('//meta[' . static::xpathContains('@content', 'url') . ']');
static::removeNodes($metaTags);
}
protected function filterOutNonContentElementsFromDocument(HtmlDocument $doc): void
{
// Remove non-content elements
$formElements = ['link', 'style', 'meta', 'title', 'template'];
foreach ($formElements as $formElement) {
$matchingFormElements = $doc->queryXPath('//' . $formElement);
static::removeNodes($matchingFormElements);
}
$doc = new HtmlDocument($html);
static::removeActiveContentFromDocument($doc);
return $doc->getBodyInnerHtml();
}
/**
* Alias using the old method name to avoid potential compatibility breaks during patch release.
* To remove in future feature release.
* @deprecated Use removeActiveContentFromDocument instead.
*/
public static function removeScriptsFromDocument(HtmlDocument $doc): void
{
static::removeActiveContentFromDocument($doc);
}
/**
* Alias using the old method name to avoid potential compatibility breaks during patch release.
* To remove in future feature release.
* @deprecated Use removeActiveContentFromHtmlString instead.
*/
public static function removeScriptsFromHtmlString(string $html): string
{
return static::removeActiveContentFromHtmlString($html);
}
/**
@@ -147,4 +164,34 @@ class HtmlContentFilter
$parentNode->removeAttribute($attrName);
}
}
/**
* Alias using the old method name to avoid potential compatibility breaks during patch release.
* To remove in future feature release.
* @deprecated Use filterDocument instead.
*/
public static function removeScriptsFromDocument(HtmlDocument $doc): void
{
$config = new HtmlContentFilterConfig(
filterOutNonContentElements: false,
useAllowListFilter: false,
);
$filter = new self($config);
$filter->filterDocument($doc);
}
/**
* Alias using the old method name to avoid potential compatibility breaks during patch release.
* To remove in future feature release.
* @deprecated Use filterString instead.
*/
public static function removeScriptsFromHtmlString(string $html): string
{
$config = new HtmlContentFilterConfig(
filterOutNonContentElements: false,
useAllowListFilter: false,
);
$filter = new self($config);
return $filter->filterString($html);
}
}

31
app/Util/HtmlContentFilterConfig.php Normal file
View File

@@ -0,0 +1,31 @@
<?php
namespace BookStack\Util;
readonly class HtmlContentFilterConfig
{
public function __construct(
public bool $filterOutJavaScript = true,
public bool $filterOutBadHtmlElements = true,
public bool $filterOutFormElements = true,
public bool $filterOutNonContentElements = true,
public bool $useAllowListFilter = true,
) {
}
/**
* Create an instance from a config string, where the string
* is a combination of characters to enable filters.
*/
public static function fromConfigString(string $config): self
{
$config = strtolower($config);
return new self(
filterOutJavaScript: str_contains($config, 'j'),
filterOutBadHtmlElements: str_contains($config, 'h'),
filterOutFormElements: str_contains($config, 'f'),
filterOutNonContentElements: str_contains($config, 'h'),
useAllowListFilter: str_contains($config, 'a'),
);
}
}

8
app/Util/HtmlDocument.php
View File

@@ -103,7 +103,13 @@ class HtmlDocument
*/
public function getBody(): DOMNode
{
return $this->document->getElementsByTagName('body')[0];
$bodies = $this->document->getElementsByTagName('body');
if ($bodies->length === 0) {
return new DOMElement('body', '');
}
return $bodies[0];
}
/**

11
app/Util/SvgIcon.php
View File

@@ -2,6 +2,8 @@
namespace BookStack\Util;
use BookStack\Facades\Theme;
class SvgIcon
{
public function __construct(
@@ -23,12 +25,9 @@ class SvgIcon
$attrString .= $attrName . '="' . $attr . '" ';
}
$iconPath = resource_path('icons/' . $this->name . '.svg');
$themeIconPath = theme_path('icons/' . $this->name . '.svg');
if ($themeIconPath && file_exists($themeIconPath)) {
$iconPath = $themeIconPath;
} elseif (!file_exists($iconPath)) {
$defaultIconPath = resource_path('icons/' . $this->name . '.svg');
$iconPath = Theme::findFirstFile("icons/{$this->name}.svg") ?? $defaultIconPath;
if (!file_exists($iconPath)) {
return '';
}

4
composer.json
View File

@@ -19,6 +19,7 @@
"ext-zip": "*",
"bacon/bacon-qr-code": "^3.0",
"dompdf/dompdf": "^3.1",
"ezyang/htmlpurifier": "^4.19",
"guzzlehttp/guzzle": "^7.4",
"intervention/image": "^3.5",
"knplabs/knp-snappy": "^1.5",
@@ -38,7 +39,8 @@
"socialiteproviders/microsoft-azure": "^5.1",
"socialiteproviders/okta": "^4.2",
"socialiteproviders/twitch": "^5.3",
"ssddanbrown/htmldiff": "^2.0.0"
"ssddanbrown/htmldiff": "^2.0.0",
"xemlock/htmlpurifier-html5": "^0.1.12"
},
"require-dev": {
"fakerphp/faker": "^1.21",

425
composer.lock generated
View File

@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "556613432c8fb7d8f96bcf637c8c07a9",
"content-hash": "8dc695e5ecb6cea01e282394da136713",
"packages": [
{
"name": "aws/aws-crt-php",
@@ -62,16 +62,16 @@
},
{
"name": "aws/aws-sdk-php",
"version": "3.369.22",
"version": "3.369.36",
"source": {
"type": "git",
"url": "https://github.com/aws/aws-sdk-php.git",
"reference": "fe83cbc3adb5ed384179ac6d63531aadde0198e3"
"reference": "2a69e7df5e03be9e08f9f73fb6a8cc9dd63b59c0"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/fe83cbc3adb5ed384179ac6d63531aadde0198e3",
"reference": "fe83cbc3adb5ed384179ac6d63531aadde0198e3",
"url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/2a69e7df5e03be9e08f9f73fb6a8cc9dd63b59c0",
"reference": "2a69e7df5e03be9e08f9f73fb6a8cc9dd63b59c0",
"shasum": ""
},
"require": {
@@ -153,9 +153,9 @@
"support": {
"forum": "https://github.com/aws/aws-sdk-php/discussions",
"issues": "https://github.com/aws/aws-sdk-php/issues",
"source": "https://github.com/aws/aws-sdk-php/tree/3.369.22"
"source": "https://github.com/aws/aws-sdk-php/tree/3.369.36"
},
"time": "2026-01-28T19:19:00+00:00"
"time": "2026-02-17T19:45:01+00:00"
},
{
"name": "bacon/bacon-qr-code",
@@ -214,16 +214,16 @@
},
{
"name": "brick/math",
"version": "0.14.1",
"version": "0.14.8",
"source": {
"type": "git",
"url": "https://github.com/brick/math.git",
"reference": "f05858549e5f9d7bb45875a75583240a38a281d0"
"reference": "63422359a44b7f06cae63c3b429b59e8efcc0629"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/brick/math/zipball/f05858549e5f9d7bb45875a75583240a38a281d0",
"reference": "f05858549e5f9d7bb45875a75583240a38a281d0",
"url": "https://api.github.com/repos/brick/math/zipball/63422359a44b7f06cae63c3b429b59e8efcc0629",
"reference": "63422359a44b7f06cae63c3b429b59e8efcc0629",
"shasum": ""
},
"require": {
@@ -262,7 +262,7 @@
],
"support": {
"issues": "https://github.com/brick/math/issues",
"source": "https://github.com/brick/math/tree/0.14.1"
"source": "https://github.com/brick/math/tree/0.14.8"
},
"funding": [
{
@@ -270,7 +270,7 @@
"type": "github"
}
],
"time": "2025-11-24T14:40:29+00:00"
"time": "2026-02-10T14:33:43+00:00"
},
{
"name": "carbonphp/carbon-doctrine-types",
@@ -919,6 +919,67 @@
],
"time": "2025-03-06T22:45:56+00:00"
},
{
"name": "ezyang/htmlpurifier",
"version": "v4.19.0",
"source": {
"type": "git",
"url": "https://github.com/ezyang/htmlpurifier.git",
"reference": "b287d2a16aceffbf6e0295559b39662612b77fcf"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/b287d2a16aceffbf6e0295559b39662612b77fcf",
"reference": "b287d2a16aceffbf6e0295559b39662612b77fcf",
"shasum": ""
},
"require": {
"php": "~5.6.0 || ~7.0.0 || ~7.1.0 || ~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0 || ~8.5.0"
},
"require-dev": {
"cerdic/css-tidy": "^1.7 || ^2.0",
"simpletest/simpletest": "dev-master"
},
"suggest": {
"cerdic/css-tidy": "If you want to use the filter 'Filter.ExtractStyleBlocks'.",
"ext-bcmath": "Used for unit conversion and imagecrash protection",
"ext-iconv": "Converts text to and from non-UTF-8 encodings",
"ext-tidy": "Used for pretty-printing HTML"
},
"type": "library",
"autoload": {
"files": [
"library/HTMLPurifier.composer.php"
],
"psr-0": {
"HTMLPurifier": "library/"
},
"exclude-from-classmap": [
"/library/HTMLPurifier/Language/"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"LGPL-2.1-or-later"
],
"authors": [
{
"name": "Edward Z. Yang",
"email": "admin@htmlpurifier.org",
"homepage": "http://ezyang.com"
}
],
"description": "Standards compliant HTML filter written in PHP",
"homepage": "http://htmlpurifier.org/",
"keywords": [
"html"
],
"support": {
"issues": "https://github.com/ezyang/htmlpurifier/issues",
"source": "https://github.com/ezyang/htmlpurifier/tree/v4.19.0"
},
"time": "2025-10-17T16:34:55+00:00"
},
{
"name": "firebase/php-jwt",
"version": "v7.0.2",
@@ -1672,29 +1733,29 @@
},
{
"name": "knplabs/knp-snappy",
"version": "v1.5.1",
"version": "v1.6.0",
"source": {
"type": "git",
"url": "https://github.com/KnpLabs/snappy.git",
"reference": "3dd138e9e47de91cd2e056c5e6e1a0dd72547ee7"
"reference": "af73003db677563fa982b50c1aec4d1e2b2f30b2"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/KnpLabs/snappy/zipball/3dd138e9e47de91cd2e056c5e6e1a0dd72547ee7",
"reference": "3dd138e9e47de91cd2e056c5e6e1a0dd72547ee7",
"url": "https://api.github.com/repos/KnpLabs/snappy/zipball/af73003db677563fa982b50c1aec4d1e2b2f30b2",
"reference": "af73003db677563fa982b50c1aec4d1e2b2f30b2",
"shasum": ""
},
"require": {
"php": ">=8.1",
"psr/log": "^2.0||^3.0",
"symfony/process": "^5.0||^6.0||^7.0"
"symfony/process": "^5.0||^6.0||^7.0||^8.0"
},
"require-dev": {
"friendsofphp/php-cs-fixer": "^3.0",
"pedrotroller/php-cs-custom-fixer": "^2.19",
"phpstan/phpstan": "^1.0.0",
"phpstan/phpstan-phpunit": "^1.0.0",
"phpunit/phpunit": "^8.5"
"phpunit/phpunit": "^9.6.29"
},
"type": "library",
"extra": {
@@ -1733,22 +1794,22 @@
],
"support": {
"issues": "https://github.com/KnpLabs/snappy/issues",
"source": "https://github.com/KnpLabs/snappy/tree/v1.5.1"
"source": "https://github.com/KnpLabs/snappy/tree/v1.6.0"
},
"time": "2025-01-06T16:53:26+00:00"
"time": "2026-02-13T12:50:40+00:00"
},
{
"name": "laravel/framework",
"version": "v12.49.0",
"version": "v12.52.0",
"source": {
"type": "git",
"url": "https://github.com/laravel/framework.git",
"reference": "4bde4530545111d8bdd1de6f545fa8824039fcb5"
"reference": "d5511fa74f4608dbb99864198b1954042aa8d5a7"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/laravel/framework/zipball/4bde4530545111d8bdd1de6f545fa8824039fcb5",
"reference": "4bde4530545111d8bdd1de6f545fa8824039fcb5",
"url": "https://api.github.com/repos/laravel/framework/zipball/d5511fa74f4608dbb99864198b1954042aa8d5a7",
"reference": "d5511fa74f4608dbb99864198b1954042aa8d5a7",
"shasum": ""
},
"require": {
@@ -1957,34 +2018,34 @@
"issues": "https://github.com/laravel/framework/issues",
"source": "https://github.com/laravel/framework"
},
"time": "2026-01-28T03:40:49+00:00"
"time": "2026-02-17T17:07:04+00:00"
},
{
"name": "laravel/prompts",
"version": "v0.3.11",
"version": "v0.3.13",
"source": {
"type": "git",
"url": "https://github.com/laravel/prompts.git",
"reference": "dd2a2ed95acacbcccd32fd98dee4c946ae7a7217"
"reference": "ed8c466571b37e977532fb2fd3c272c784d7050d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/laravel/prompts/zipball/dd2a2ed95acacbcccd32fd98dee4c946ae7a7217",
"reference": "dd2a2ed95acacbcccd32fd98dee4c946ae7a7217",
"url": "https://api.github.com/repos/laravel/prompts/zipball/ed8c466571b37e977532fb2fd3c272c784d7050d",
"reference": "ed8c466571b37e977532fb2fd3c272c784d7050d",
"shasum": ""
},
"require": {
"composer-runtime-api": "^2.2",
"ext-mbstring": "*",
"php": "^8.1",
"symfony/console": "^6.2|^7.0"
"symfony/console": "^6.2|^7.0|^8.0"
},
"conflict": {
"illuminate/console": ">=10.17.0 <10.25.0",
"laravel/framework": ">=10.17.0 <10.25.0"
},
"require-dev": {
"illuminate/collections": "^10.0|^11.0|^12.0",
"illuminate/collections": "^10.0|^11.0|^12.0|^13.0",
"mockery/mockery": "^1.5",
"pestphp/pest": "^2.3|^3.4|^4.0",
"phpstan/phpstan": "^1.12.28",
@@ -2014,33 +2075,33 @@
"description": "Add beautiful and user-friendly forms to your command-line applications.",
"support": {
"issues": "https://github.com/laravel/prompts/issues",
"source": "https://github.com/laravel/prompts/tree/v0.3.11"
"source": "https://github.com/laravel/prompts/tree/v0.3.13"
},
"time": "2026-01-27T02:55:06+00:00"
"time": "2026-02-06T12:17:10+00:00"
},
{
"name": "laravel/serializable-closure",
"version": "v2.0.8",
"version": "v2.0.9",
"source": {
"type": "git",
"url": "https://github.com/laravel/serializable-closure.git",
"reference": "7581a4407012f5f53365e11bafc520fd7f36bc9b"
"reference": "8f631589ab07b7b52fead814965f5a800459cb3e"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/laravel/serializable-closure/zipball/7581a4407012f5f53365e11bafc520fd7f36bc9b",
"reference": "7581a4407012f5f53365e11bafc520fd7f36bc9b",
"url": "https://api.github.com/repos/laravel/serializable-closure/zipball/8f631589ab07b7b52fead814965f5a800459cb3e",
"reference": "8f631589ab07b7b52fead814965f5a800459cb3e",
"shasum": ""
},
"require": {
"php": "^8.1"
},
"require-dev": {
"illuminate/support": "^10.0|^11.0|^12.0",
"illuminate/support": "^10.0|^11.0|^12.0|^13.0",
"nesbot/carbon": "^2.67|^3.0",
"pestphp/pest": "^2.36|^3.0|^4.0",
"phpstan/phpstan": "^2.0",
"symfony/var-dumper": "^6.2.0|^7.0.0"
"symfony/var-dumper": "^6.2.0|^7.0.0|^8.0.0"
},
"type": "library",
"extra": {
@@ -2077,7 +2138,7 @@
"issues": "https://github.com/laravel/serializable-closure/issues",
"source": "https://github.com/laravel/serializable-closure"
},
"time": "2026-01-08T16:22:46+00:00"
"time": "2026-02-03T06:55:34+00:00"
},
{
"name": "laravel/socialite",
@@ -2153,16 +2214,16 @@
},
{
"name": "laravel/tinker",
"version": "v2.11.0",
"version": "v2.11.1",
"source": {
"type": "git",
"url": "https://github.com/laravel/tinker.git",
"reference": "3d34b97c9a1747a81a3fde90482c092bd8b66468"
"reference": "c9f80cc835649b5c1842898fb043f8cc098dd741"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/laravel/tinker/zipball/3d34b97c9a1747a81a3fde90482c092bd8b66468",
"reference": "3d34b97c9a1747a81a3fde90482c092bd8b66468",
"url": "https://api.github.com/repos/laravel/tinker/zipball/c9f80cc835649b5c1842898fb043f8cc098dd741",
"reference": "c9f80cc835649b5c1842898fb043f8cc098dd741",
"shasum": ""
},
"require": {
@@ -2213,9 +2274,9 @@
],
"support": {
"issues": "https://github.com/laravel/tinker/issues",
"source": "https://github.com/laravel/tinker/tree/v2.11.0"
"source": "https://github.com/laravel/tinker/tree/v2.11.1"
},
"time": "2025-12-19T19:16:45+00:00"
"time": "2026-02-06T14:12:35+00:00"
},
{
"name": "league/commonmark",
@@ -3404,16 +3465,16 @@
},
{
"name": "nette/schema",
"version": "v1.3.3",
"version": "v1.3.4",
"source": {
"type": "git",
"url": "https://github.com/nette/schema.git",
"reference": "2befc2f42d7c715fd9d95efc31b1081e5d765004"
"reference": "086497a2f34b82fede9b5a41cc8e131d087cd8f7"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/nette/schema/zipball/2befc2f42d7c715fd9d95efc31b1081e5d765004",
"reference": "2befc2f42d7c715fd9d95efc31b1081e5d765004",
"url": "https://api.github.com/repos/nette/schema/zipball/086497a2f34b82fede9b5a41cc8e131d087cd8f7",
"reference": "086497a2f34b82fede9b5a41cc8e131d087cd8f7",
"shasum": ""
},
"require": {
@@ -3421,8 +3482,8 @@
"php": "8.1 - 8.5"
},
"require-dev": {
"nette/tester": "^2.5.2",
"phpstan/phpstan-nette": "^2.0@stable",
"nette/tester": "^2.6",
"phpstan/phpstan": "^2.0@stable",
"tracy/tracy": "^2.8"
},
"type": "library",
@@ -3463,22 +3524,22 @@
],
"support": {
"issues": "https://github.com/nette/schema/issues",
"source": "https://github.com/nette/schema/tree/v1.3.3"
"source": "https://github.com/nette/schema/tree/v1.3.4"
},
"time": "2025-10-30T22:57:59+00:00"
"time": "2026-02-08T02:54:00+00:00"
},
{
"name": "nette/utils",
"version": "v4.1.1",
"version": "v4.1.3",
"source": {
"type": "git",
"url": "https://github.com/nette/utils.git",
"reference": "c99059c0315591f1a0db7ad6002000288ab8dc72"
"reference": "bb3ea637e3d131d72acc033cfc2746ee893349fe"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/nette/utils/zipball/c99059c0315591f1a0db7ad6002000288ab8dc72",
"reference": "c99059c0315591f1a0db7ad6002000288ab8dc72",
"url": "https://api.github.com/repos/nette/utils/zipball/bb3ea637e3d131d72acc033cfc2746ee893349fe",
"reference": "bb3ea637e3d131d72acc033cfc2746ee893349fe",
"shasum": ""
},
"require": {
@@ -3490,8 +3551,10 @@
},
"require-dev": {
"jetbrains/phpstorm-attributes": "^1.2",
"nette/phpstan-rules": "^1.0",
"nette/tester": "^2.5",
"phpstan/phpstan-nette": "^2.0@stable",
"phpstan/extension-installer": "^1.4@stable",
"phpstan/phpstan": "^2.1@stable",
"tracy/tracy": "^2.9"
},
"suggest": {
@@ -3552,9 +3615,9 @@
],
"support": {
"issues": "https://github.com/nette/utils/issues",
"source": "https://github.com/nette/utils/tree/v4.1.1"
"source": "https://github.com/nette/utils/tree/v4.1.3"
},
"time": "2025-12-22T12:14:32+00:00"
"time": "2026-02-13T03:05:33+00:00"
},
{
"name": "nikic/php-parser",
@@ -3616,31 +3679,31 @@
},
{
"name": "nunomaduro/termwind",
"version": "v2.3.3",
"version": "v2.4.0",
"source": {
"type": "git",
"url": "https://github.com/nunomaduro/termwind.git",
"reference": "6fb2a640ff502caace8e05fd7be3b503a7e1c017"
"reference": "712a31b768f5daea284c2169a7d227031001b9a8"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/nunomaduro/termwind/zipball/6fb2a640ff502caace8e05fd7be3b503a7e1c017",
"reference": "6fb2a640ff502caace8e05fd7be3b503a7e1c017",
"url": "https://api.github.com/repos/nunomaduro/termwind/zipball/712a31b768f5daea284c2169a7d227031001b9a8",
"reference": "712a31b768f5daea284c2169a7d227031001b9a8",
"shasum": ""
},
"require": {
"ext-mbstring": "*",
"php": "^8.2",
"symfony/console": "^7.3.6"
"symfony/console": "^7.4.4 || ^8.0.4"
},
"require-dev": {
"illuminate/console": "^11.46.1",
"laravel/pint": "^1.25.1",
"illuminate/console": "^11.47.0",
"laravel/pint": "^1.27.1",
"mockery/mockery": "^1.6.12",
"pestphp/pest": "^2.36.0 || ^3.8.4 || ^4.1.3",
"pestphp/pest": "^2.36.0 || ^3.8.4 || ^4.3.2",
"phpstan/phpstan": "^1.12.32",
"phpstan/phpstan-strict-rules": "^1.6.2",
"symfony/var-dumper": "^7.3.5",
"symfony/var-dumper": "^7.3.5 || ^8.0.4",
"thecodingmachine/phpstan-strict-rules": "^1.0.0"
},
"type": "library",
@@ -3672,7 +3735,7 @@
"email": "enunomaduro@gmail.com"
}
],
"description": "Its like Tailwind CSS, but for the console.",
"description": "It's like Tailwind CSS, but for the console.",
"keywords": [
"cli",
"console",
@@ -3683,7 +3746,7 @@
],
"support": {
"issues": "https://github.com/nunomaduro/termwind/issues",
"source": "https://github.com/nunomaduro/termwind/tree/v2.3.3"
"source": "https://github.com/nunomaduro/termwind/tree/v2.4.0"
},
"funding": [
{
@@ -3699,7 +3762,7 @@
"type": "github"
}
],
"time": "2025-11-20T02:34:59+00:00"
"time": "2026-02-16T23:10:27+00:00"
},
{
"name": "onelogin/php-saml",
@@ -4123,16 +4186,16 @@
},
{
"name": "predis/predis",
"version": "v3.3.0",
"version": "v3.4.0",
"source": {
"type": "git",
"url": "https://github.com/predis/predis.git",
"reference": "153097374b39a2f737fe700ebcd725642526cdec"
"reference": "1183f5732e6b10efd33f64984a96726eaecb59aa"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/predis/predis/zipball/153097374b39a2f737fe700ebcd725642526cdec",
"reference": "153097374b39a2f737fe700ebcd725642526cdec",
"url": "https://api.github.com/repos/predis/predis/zipball/1183f5732e6b10efd33f64984a96726eaecb59aa",
"reference": "1183f5732e6b10efd33f64984a96726eaecb59aa",
"shasum": ""
},
"require": {
@@ -4174,7 +4237,7 @@
],
"support": {
"issues": "https://github.com/predis/predis/issues",
"source": "https://github.com/predis/predis/tree/v3.3.0"
"source": "https://github.com/predis/predis/tree/v3.4.0"
},
"funding": [
{
@@ -4182,7 +4245,7 @@
"type": "github"
}
],
"time": "2025-11-24T17:48:50+00:00"
"time": "2026-02-11T17:30:28+00:00"
},
{
"name": "psr/clock",
@@ -4598,16 +4661,16 @@
},
{
"name": "psy/psysh",
"version": "v0.12.18",
"version": "v0.12.20",
"source": {
"type": "git",
"url": "https://github.com/bobthecow/psysh.git",
"reference": "ddff0ac01beddc251786fe70367cd8bbdb258196"
"reference": "19678eb6b952a03b8a1d96ecee9edba518bb0373"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/bobthecow/psysh/zipball/ddff0ac01beddc251786fe70367cd8bbdb258196",
"reference": "ddff0ac01beddc251786fe70367cd8bbdb258196",
"url": "https://api.github.com/repos/bobthecow/psysh/zipball/19678eb6b952a03b8a1d96ecee9edba518bb0373",
"reference": "19678eb6b952a03b8a1d96ecee9edba518bb0373",
"shasum": ""
},
"require": {
@@ -4671,9 +4734,9 @@
],
"support": {
"issues": "https://github.com/bobthecow/psysh/issues",
"source": "https://github.com/bobthecow/psysh/tree/v0.12.18"
"source": "https://github.com/bobthecow/psysh/tree/v0.12.20"
},
"time": "2025-12-17T14:35:46+00:00"
"time": "2026-02-11T15:05:28+00:00"
},
{
"name": "ralouphie/getallheaders",
@@ -7930,16 +7993,16 @@
},
{
"name": "thecodingmachine/safe",
"version": "v3.3.0",
"version": "v3.4.0",
"source": {
"type": "git",
"url": "https://github.com/thecodingmachine/safe.git",
"reference": "2cdd579eeaa2e78e51c7509b50cc9fb89a956236"
"reference": "705683a25bacf0d4860c7dea4d7947bfd09eea19"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/thecodingmachine/safe/zipball/2cdd579eeaa2e78e51c7509b50cc9fb89a956236",
"reference": "2cdd579eeaa2e78e51c7509b50cc9fb89a956236",
"url": "https://api.github.com/repos/thecodingmachine/safe/zipball/705683a25bacf0d4860c7dea4d7947bfd09eea19",
"reference": "705683a25bacf0d4860c7dea4d7947bfd09eea19",
"shasum": ""
},
"require": {
@@ -8049,7 +8112,7 @@
"description": "PHP core functions that throw exceptions instead of returning FALSE on error",
"support": {
"issues": "https://github.com/thecodingmachine/safe/issues",
"source": "https://github.com/thecodingmachine/safe/tree/v3.3.0"
"source": "https://github.com/thecodingmachine/safe/tree/v3.4.0"
},
"funding": [
{
@@ -8060,12 +8123,16 @@
"url": "https://github.com/shish",
"type": "github"
},
{
"url": "https://github.com/silasjoisten",
"type": "github"
},
{
"url": "https://github.com/staabm",
"type": "github"
}
],
"time": "2025-05-14T06:15:44+00:00"
"time": "2026-02-04T18:08:13+00:00"
},
{
"name": "tijsverkoyen/css-to-inline-styles",
@@ -8279,6 +8346,66 @@
}
],
"time": "2024-11-21T01:49:47+00:00"
},
{
"name": "xemlock/htmlpurifier-html5",
"version": "v0.1.12",
"source": {
"type": "git",
"url": "https://github.com/xemlock/htmlpurifier-html5.git",
"reference": "535349cb160bf79752920e1e83c4a94c3e7d2b21"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/xemlock/htmlpurifier-html5/zipball/535349cb160bf79752920e1e83c4a94c3e7d2b21",
"reference": "535349cb160bf79752920e1e83c4a94c3e7d2b21",
"shasum": ""
},
"require": {
"ezyang/htmlpurifier": "^4.8",
"php": ">=5.3"
},
"require-dev": {
"masterminds/html5": "^2.7",
"php-coveralls/php-coveralls": "^1.1|^2.1",
"phpunit/phpunit": ">=4.7 <10.0"
},
"suggest": {
"masterminds/html5": "Required to use HTMLPurifier_Lexer_HTML5"
},
"type": "library",
"autoload": {
"classmap": [
"library/HTMLPurifier/"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "xemlock",
"email": "xemlock@gmail.com"
}
],
"description": "HTML5 support for HTML Purifier",
"homepage": "https://github.com/xemlock/htmlpurifier-html5",
"keywords": [
"HTML5",
"Purifier",
"html",
"htmlpurifier",
"security",
"tidy",
"validator",
"xss"
],
"support": {
"issues": "https://github.com/xemlock/htmlpurifier-html5/issues",
"source": "https://github.com/xemlock/htmlpurifier-html5/tree/v0.1.12"
},
"time": "2026-02-09T21:03:14+00:00"
}
],
"packages-dev": [
@@ -8469,16 +8596,16 @@
},
{
"name": "iamcal/sql-parser",
"version": "v0.6",
"version": "v0.7",
"source": {
"type": "git",
"url": "https://github.com/iamcal/SQLParser.git",
"reference": "947083e2dca211a6f12fb1beb67a01e387de9b62"
"reference": "610392f38de49a44dab08dc1659960a29874c4b8"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/iamcal/SQLParser/zipball/947083e2dca211a6f12fb1beb67a01e387de9b62",
"reference": "947083e2dca211a6f12fb1beb67a01e387de9b62",
"url": "https://api.github.com/repos/iamcal/SQLParser/zipball/610392f38de49a44dab08dc1659960a29874c4b8",
"reference": "610392f38de49a44dab08dc1659960a29874c4b8",
"shasum": ""
},
"require-dev": {
@@ -8504,9 +8631,9 @@
"description": "MySQL schema parser",
"support": {
"issues": "https://github.com/iamcal/SQLParser/issues",
"source": "https://github.com/iamcal/SQLParser/tree/v0.6"
"source": "https://github.com/iamcal/SQLParser/tree/v0.7"
},
"time": "2025-03-17T16:59:46+00:00"
"time": "2026-01-28T22:20:33+00:00"
},
{
"name": "itsgoingd/clockwork",
@@ -8586,21 +8713,21 @@
},
{
"name": "larastan/larastan",
"version": "v3.9.1",
"version": "v3.9.2",
"source": {
"type": "git",
"url": "https://github.com/larastan/larastan.git",
"reference": "4b92d9627f779fd32bdc16f53f8ce88c50446ff5"
"reference": "2e9ed291bdc1969e7f270fb33c9cdf3c912daeb2"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/larastan/larastan/zipball/4b92d9627f779fd32bdc16f53f8ce88c50446ff5",
"reference": "4b92d9627f779fd32bdc16f53f8ce88c50446ff5",
"url": "https://api.github.com/repos/larastan/larastan/zipball/2e9ed291bdc1969e7f270fb33c9cdf3c912daeb2",
"reference": "2e9ed291bdc1969e7f270fb33c9cdf3c912daeb2",
"shasum": ""
},
"require": {
"ext-json": "*",
"iamcal/sql-parser": "^0.6.0",
"iamcal/sql-parser": "^0.7.0",
"illuminate/console": "^11.44.2 || ^12.4.1",
"illuminate/container": "^11.44.2 || ^12.4.1",
"illuminate/contracts": "^11.44.2 || ^12.4.1",
@@ -8664,7 +8791,7 @@
],
"support": {
"issues": "https://github.com/larastan/larastan/issues",
"source": "https://github.com/larastan/larastan/tree/v3.9.1"
"source": "https://github.com/larastan/larastan/tree/v3.9.2"
},
"funding": [
{
@@ -8672,7 +8799,7 @@
"type": "github"
}
],
"time": "2026-01-21T09:15:17+00:00"
"time": "2026-01-30T15:16:32+00:00"
},
{
"name": "mockery/mockery",
@@ -8819,39 +8946,36 @@
},
{
"name": "nunomaduro/collision",
"version": "v8.8.3",
"version": "v8.9.1",
"source": {
"type": "git",
"url": "https://github.com/nunomaduro/collision.git",
"reference": "1dc9e88d105699d0fee8bb18890f41b274f6b4c4"
"reference": "a1ed3fa530fd60bc515f9303e8520fcb7d4bd935"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/nunomaduro/collision/zipball/1dc9e88d105699d0fee8bb18890f41b274f6b4c4",
"reference": "1dc9e88d105699d0fee8bb18890f41b274f6b4c4",
"url": "https://api.github.com/repos/nunomaduro/collision/zipball/a1ed3fa530fd60bc515f9303e8520fcb7d4bd935",
"reference": "a1ed3fa530fd60bc515f9303e8520fcb7d4bd935",
"shasum": ""
},
"require": {
"filp/whoops": "^2.18.1",
"nunomaduro/termwind": "^2.3.1",
"filp/whoops": "^2.18.4",
"nunomaduro/termwind": "^2.4.0",
"php": "^8.2.0",
"symfony/console": "^7.3.0"
"symfony/console": "^7.4.4 || ^8.0.4"
},
"conflict": {
"laravel/framework": "<11.44.2 || >=13.0.0",
"phpunit/phpunit": "<11.5.15 || >=13.0.0"
"laravel/framework": "<11.48.0 || >=14.0.0",
"phpunit/phpunit": "<11.5.50 || >=14.0.0"
},
"require-dev": {
"brianium/paratest": "^7.8.3",
"larastan/larastan": "^3.4.2",
"laravel/framework": "^11.44.2 || ^12.18",
"laravel/pint": "^1.22.1",
"laravel/sail": "^1.43.1",
"laravel/sanctum": "^4.1.1",
"laravel/tinker": "^2.10.1",
"orchestra/testbench-core": "^9.12.0 || ^10.4",
"pestphp/pest": "^3.8.2 || ^4.0.0",
"sebastian/environment": "^7.2.1 || ^8.0"
"brianium/paratest": "^7.8.5",
"larastan/larastan": "^3.9.2",
"laravel/framework": "^11.48.0 || ^12.52.0",
"laravel/pint": "^1.27.1",
"orchestra/testbench-core": "^9.12.0 || ^10.9.0",
"pestphp/pest": "^3.8.5 || ^4.4.1 || ^5.0.0",
"sebastian/environment": "^7.2.1 || ^8.0.3 || ^9.0.0"
},
"type": "library",
"extra": {
@@ -8914,7 +9038,7 @@
"type": "patreon"
}
],
"time": "2025-11-20T02:55:25+00:00"
"time": "2026-02-17T17:33:08+00:00"
},
{
"name": "phar-io/manifest",
@@ -9036,11 +9160,11 @@
},
{
"name": "phpstan/phpstan",
"version": "2.1.37",
"version": "2.1.39",
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/28cd424c5ea984128c95cfa7ea658808e8954e49",
"reference": "28cd424c5ea984128c95cfa7ea658808e8954e49",
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/c6f73a2af4cbcd99c931d0fb8f08548cc0fa8224",
"reference": "c6f73a2af4cbcd99c931d0fb8f08548cc0fa8224",
"shasum": ""
},
"require": {
@@ -9085,7 +9209,7 @@
"type": "github"
}
],
"time": "2026-01-24T08:21:55+00:00"
"time": "2026-02-11T14:48:56+00:00"
},
{
"name": "phpunit/php-code-coverage",
@@ -9179,28 +9303,28 @@
},
{
"name": "phpunit/php-file-iterator",
"version": "5.1.0",
"version": "5.1.1",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/php-file-iterator.git",
"reference": "118cfaaa8bc5aef3287bf315b6060b1174754af6"
"reference": "2f3a64888c814fc235386b7387dd5b5ed92ad903"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/118cfaaa8bc5aef3287bf315b6060b1174754af6",
"reference": "118cfaaa8bc5aef3287bf315b6060b1174754af6",
"url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/2f3a64888c814fc235386b7387dd5b5ed92ad903",
"reference": "2f3a64888c814fc235386b7387dd5b5ed92ad903",
"shasum": ""
},
"require": {
"php": ">=8.2"
},
"require-dev": {
"phpunit/phpunit": "^11.0"
"phpunit/phpunit": "^11.3"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-main": "5.0-dev"
"dev-main": "5.1-dev"
}
},
"autoload": {
@@ -9228,15 +9352,27 @@
"support": {
"issues": "https://github.com/sebastianbergmann/php-file-iterator/issues",
"security": "https://github.com/sebastianbergmann/php-file-iterator/security/policy",
"source": "https://github.com/sebastianbergmann/php-file-iterator/tree/5.1.0"
"source": "https://github.com/sebastianbergmann/php-file-iterator/tree/5.1.1"
},
"funding": [
{
"url": "https://github.com/sebastianbergmann",
"type": "github"
},
{
"url": "https://liberapay.com/sebastianbergmann",
"type": "liberapay"
},
{
"url": "https://thanks.dev/u/gh/sebastianbergmann",
"type": "thanks_dev"
},
{
"url": "https://tidelift.com/funding/github/packagist/phpunit/php-file-iterator",
"type": "tidelift"
}
],
"time": "2024-08-27T05:02:59+00:00"
"time": "2026-02-02T13:52:54+00:00"
},
{
"name": "phpunit/php-invoker",
@@ -9424,16 +9560,16 @@
},
{
"name": "phpunit/phpunit",
"version": "11.5.50",
"version": "11.5.55",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/phpunit.git",
"reference": "fdfc727f0fcacfeb8fcb30c7e5da173125b58be3"
"reference": "adc7262fccc12de2b30f12a8aa0b33775d814f00"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/fdfc727f0fcacfeb8fcb30c7e5da173125b58be3",
"reference": "fdfc727f0fcacfeb8fcb30c7e5da173125b58be3",
"url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/adc7262fccc12de2b30f12a8aa0b33775d814f00",
"reference": "adc7262fccc12de2b30f12a8aa0b33775d814f00",
"shasum": ""
},
"require": {
@@ -9448,7 +9584,7 @@
"phar-io/version": "^3.2.1",
"php": ">=8.2",
"phpunit/php-code-coverage": "^11.0.12",
"phpunit/php-file-iterator": "^5.1.0",
"phpunit/php-file-iterator": "^5.1.1",
"phpunit/php-invoker": "^5.0.1",
"phpunit/php-text-template": "^4.0.1",
"phpunit/php-timer": "^7.0.1",
@@ -9460,6 +9596,7 @@
"sebastian/exporter": "^6.3.2",
"sebastian/global-state": "^7.0.2",
"sebastian/object-enumerator": "^6.0.1",
"sebastian/recursion-context": "^6.0.3",
"sebastian/type": "^5.1.3",
"sebastian/version": "^5.0.2",
"staabm/side-effects-detector": "^1.0.5"
@@ -9505,7 +9642,7 @@
"support": {
"issues": "https://github.com/sebastianbergmann/phpunit/issues",
"security": "https://github.com/sebastianbergmann/phpunit/security/policy",
"source": "https://github.com/sebastianbergmann/phpunit/tree/11.5.50"
"source": "https://github.com/sebastianbergmann/phpunit/tree/11.5.55"
},
"funding": [
{
@@ -9529,7 +9666,7 @@
"type": "tidelift"
}
],
"time": "2026-01-27T05:59:18+00:00"
"time": "2026-02-18T12:37:06+00:00"
},
{
"name": "sebastian/cli-parser",

35
dev/docs/logical-theme-system.md
View File

@@ -99,6 +99,41 @@ Theme::listen(ThemeEvents::APP_BOOT, function($app) {
});
```
## Custom View Registration Example
Using the logical theme system, you can register custom views to be rendered before/after other existing views, providing a flexible way to add content without needing to override and/or replicate existing content. This is done by listening to the `THEME_REGISTER_VIEWS`.
**Note:** You don't need to use this to override existing views, or register whole new main views to use, since that's done automatically based on their existence. This is just for advanced capabilities like inserting before/after existing views.
This event provides a `ThemeViews` instance which has the following methods made available:
- `renderBefore(string $targetView, string $localView, int $priority)`
- `renderAfter(string $targetView, string $localView, int $priority)`
The target view is the name of that which we want to insert our custom view relative to.
The local view is the name of the view we want to add and render.
The priority provides a suggestion to the ordering of view display, with lower numbers being shown first. This defaults to 50 if not provided.
Here's an example of this in use:
```php
<?php
use BookStack\Facades\Theme;
use BookStack\Theming\ThemeEvents;
use BookStack\Theming\ThemeViews;
Theme::listen(ThemeEvents::THEME_REGISTER_VIEWS, function (ThemeViews $themeViews) {
$themeViews->renderBefore('layouts.parts.header', 'welcome-banner', 4);
$themeViews->renderAfter('layouts.parts.header', 'information-alert');
$themeViews->renderAfter('layouts.parts.header', 'additions.password-notice', 20);
});
```
In this example, we're inserting custom views before and after the main header bar.
BookStack will look for a `welcome-banner.blade.php` file within our theme folder (or a theme module view folder) to render before the header. It'll look for the `information-alert.blade.php` and `additions/password-notice.blade.php` views to render afterwards.
The password notice will be shown above the information alert view, since it has a specified priority of 20, whereas the information alert view would default to a priority of 50.
## Custom Command Registration Example
The logical theme system supports adding custom [artisan commands](https://laravel.com/docs/8.x/artisan) to BookStack.

71
dev/docs/theme-system-modules.md Normal file
View File

@@ -0,0 +1,71 @@
# Theme System Modules
A theme system module is a collection of customizations using the [visual](visual-theme-system.md) and [logical](logical-theme-system.md) theme systems, provided along with some metadata, that can be installed alongside other modules within a theme. They can effectively be thought of as "plugins" or "extensions" that can be applied in addition to any customizations in the active theme.
### Module Location
Modules are contained within a folder themselves, which should be located inside a `modules` folder within a [BookStack theme folder](visual-theme-system.md#getting-started).
As an example, starting from the `themes/` top-level folder of a BookStack instance:
```txt
themes
└── my-theme
└── modules
├── module-a
│ └── bookstack-module.json
└── module-b
└── bookstack-module.json
```
### Module Format
A module exists as a folder in the location [as detailed above](#module-location).
The content within the module folder should then follow this format:
- `bookstack-module.json` - REQUIRED - A JSON file containing [the metadata](#module-json-metadata) for the module.
- `functions.php` - OPTIONAL - A PHP file containing code for the [logical theme system](logical-theme-system.md).
- `icons/` - OPTIONAL - A folder containing any icons to use as per [the visual theme system](visual-theme-system.md#customizing-icons).
- `lang/` - OPTIONAL - A folder containing any language files to use as per [the visual theme system](visual-theme-system.md#customizing-text-content).
- `public/` - OPTIONAL - A folder containing any files to expose into public web-space as per [the visual theme system](visual-theme-system.md#publicly-accessible-files).
- `views/` - OPTIONAL - A folder containing any view additions or overrides as per [the visual theme system](visual-theme-system.md#customizing-view-files).
You can create additional directories/files for your own needs within the module, but ideally name them something unique to prevent conflicts with the above structure.
### Module JSON Metadata
Modules are required to have a `bookstack-module.json` file in the top level directory of the module.
This must be a JSON file with the following properties:
- `name` - string - An (ideally unique) name for the module.
- `description` - string - A short description of the module.
- `version` - string - A string version number generally following [semantic versioning](https://semver.org/).
- Examples: `v0.4.0`, `4.3.12`, `v0.1.0-beta4`.
### Customization Order/Precedence
It's possible that multiple modules may override/customize the same content.
Right now, there's no assurance in regard to the order in which modules may be loaded.
Generally they will be used/searched in order of their module folder name, but this is not assured and should not be relied upon.
It's also possible that modules customize the same content as the configured theme.
In this scenario, the theme takes precedence. Modules are designed to be more portable and instance abstract, whereas the theme folder would typically be specific to the instance.
This allows the theme to be used to customize or override module content for the BookStack instance, without altering the module code itself.
### Module Best Practices
Here are some general best practices when it comes to creating modules:
- Use a unique name and clear description so the user can understand the purpose of the module.
- Increment the metadata version on change, keeping to [semver](https://semver.org/) to indicate compatibility of new versions.
- Where possible, prefer to [insert views before/after](logical-theme-system.md#custom-view-registration-example) instead of overriding existing views, to reduce likelihood of conflicts or update troubles.
- When using/registering custom views, use some level of unique namespacing within the view path to prevent potential conflicts with other customizations.
- For example, I may store a view within my module as `views/my-module-name-welcome.blade.php`, to be registered as 'my-module-name-welcome'.
- This is important since views may be resolved from other modules or the active theme, which may/will override your module level view.
### Distribution Format
Modules are expected to be distributed as a compressed ZIP file, where the ZIP contents follow that of a module folder.
BookStack provides a `php artisan bookstack:install-module` command which allows modules to be installed from these ZIP files, either from a local path or from a web URL.
Currently, there's a hardcoded total filesize limit of 50MB for module contents installed via this method.
There is not yet any direct update mechanism for modules, although this is something we may introduce in the future.

7
dev/docs/visual-theme-system.md
View File

@@ -4,7 +4,7 @@ BookStack allows visual customization via the theme system which enables you to
This is part of the theme system alongside the [logical theme system](./logical-theme-system.md).
**Note:** This theme system itself is maintained and supported but usages of this system, including the files you are able to override, are not considered stable and may change upon any update. You should test any customizations made after updates.
**Note:** This theme system itself is maintained and supported, but usages of this system, including the files you are able to override, are not considered stable and may change upon any update. You should test any customizations made after updates.
## Getting Started
@@ -18,6 +18,9 @@ You'll need to tell BookStack to use your theme via the `APP_THEME` option in yo
Content placed in your `themes/<theme_name>/` folder will override the original view files found in the `resources/views` folder. These files are typically [Laravel Blade](https://laravel.com/docs/10.x/blade) files.
As an example, I could override the `resources/views/books/parts/list-item.blade.php` file with my own template at the path `themes/<theme_name>/books/parts/list-item.blade.php`.
In addition to overriding original views, this could be used to add new views for use via the [logical theme system](logical-theme-system.md).
By using the `THEME_REGISTER_VIEWS` logical event, you can also register your views to be rendered before/after existing views. An example of this can be found in our [logical theme guidance](logical-theme-system.md#custom-view-registration-example).
## Customizing Icons
SVG files placed in a `themes/<theme_name>/icons` folder will override any icons of the same name within `resources/icons`. You'd typically want to follow the format convention of the existing icons, where no XML deceleration is included and no width & height attributes are set, to ensure optimal compatibility.
@@ -50,7 +53,7 @@ configured application theme.
There are some considerations to these publicly served files:
- Only a predetermined range "web safe" content-types are currently served.
- Only a predetermined range of "web safe" content-types are currently served.
- This limits running into potential insecure scenarios in serving problematic file types.
- A static 1-day cache time it set on files served from this folder.
- You can use alternative cache-breaking techniques (change of query string) upon changes if needed.

16
dev/licensing/php-library-licenses.txt
View File

@@ -98,6 +98,13 @@ Copyright: Copyright (c) 2013-2023 Eduardo Gulias Davis
Source: https://github.com/egulias/EmailValidator.git
Link: https://github.com/egulias/EmailValidator
-----------
ezyang/htmlpurifier
License: LGPL-2.1-or-later
License File: vendor/ezyang/htmlpurifier/LICENSE
Copyright: Copyright (C) 1991, 1999 Free Software Foundation, Inc.
Source: https://github.com/ezyang/htmlpurifier.git
Link: http://htmlpurifier.org/
-----------
firebase/php-jwt
License: BSD-3-Clause
License File: vendor/firebase/php-jwt/LICENSE
@@ -465,7 +472,7 @@ Link: https://github.com/php-fig/simple-cache.git
psy/psysh
License: MIT
License File: vendor/psy/psysh/LICENSE
Copyright: Copyright (c) 2012-2025 Justin Hileman
Copyright: Copyright (c) 2012-2026 Justin Hileman
Source: https://github.com/bobthecow/psysh.git
Link: https://psysh.org
-----------
@@ -787,3 +794,10 @@ License File: vendor/voku/portable-ascii/LICENSE.txt
Copyright: Copyright (C) 2019 Lars Moelleken
Source: https://github.com/voku/portable-ascii.git
Link: https://github.com/voku/portable-ascii
-----------
xemlock/htmlpurifier-html5
License: MIT
License File: vendor/xemlock/htmlpurifier-html5/LICENSE
Copyright: Copyright (c) 2015 Xemlock
Source: https://github.com/xemlock/htmlpurifier-html5.git
Link: https://github.com/xemlock/htmlpurifier-html5

2
lang/cs/errors.php
View File

@@ -125,7 +125,7 @@ return [
'api_incorrect_token_secret' => 'Poskytnutý Token Secret neodpovídá použitému API tokenu',
'api_user_no_api_permission' => 'Vlastník použitého API tokenu nemá oprávnění provádět API volání',
'api_user_token_expired' => 'Platnost autorizačního tokenu vypršela',
'api_cookie_auth_only_get' => 'Při používání API s ověřováním pomocí souborů cookie jsou povoleny pouze požadavky GET',
'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
// Settings & Maintenance
'maintenance_test_email_failure' => 'Při posílání testovacího e-mailu nastala chyba:',

2
lang/es/errors.php
View File

@@ -125,7 +125,7 @@ return [
'api_incorrect_token_secret' => 'El secreto proporcionado para el token API usado es incorrecto',
'api_user_no_api_permission' => 'El propietario del token API usado no tiene permiso para hacer llamadas API',
'api_user_token_expired' => 'El token de autorización usado ha caducado',
'api_cookie_auth_only_get' => 'Sólo se permiten peticiones GET cuando se utiliza el API con autenticación basada en cookies',
'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
// Settings & Maintenance
'maintenance_test_email_failure' => 'Error al enviar un email de prueba:',

2
lang/et/errors.php
View File

@@ -125,7 +125,7 @@ return [
'api_incorrect_token_secret' => 'API tunnusele lisatud salajane võti ei ole korrektne',
'api_user_no_api_permission' => 'Selle API tunnuse omanikul ei ole õigust API päringuid teha',
'api_user_token_expired' => 'Volitustunnus on aegunud',
'api_cookie_auth_only_get' => 'Küpsistega autentimisel on API kasutamisel lubatud ainult GET päringud',
'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
// Settings & Maintenance
'maintenance_test_email_failure' => 'Test e-kirja saatmisel tekkis viga:',

4
lang/fr/errors.php
View File

@@ -13,7 +13,7 @@ return [
'auth_pre_register_theme_prevention' => 'Le compte utilisateur n\'a pas pu être enregistré avec les informations fournies',
'email_already_confirmed' => 'Cet e-mail a déjà été validé, vous pouvez vous connecter.',
'email_confirmation_invalid' => 'Cette confirmation est invalide. Veuillez essayer de vous inscrire à nouveau.',
'email_confirmation_expired' => 'Le jeton de confirmation a expiré. Un nouvel e-mail vous a été envoyé.',
'email_confirmation_expired' => 'Le jeton de confirmation est périmé. Un nouvel e-mail vous a été envoyé.',
'email_confirmation_awaiting' => 'L\'adresse e-mail du compte utilisé doit être confirmée',
'ldap_fail_anonymous' => 'L\'accès LDAP anonyme n\'a pas abouti',
'ldap_fail_authed' => 'L\'accès LDAP n\'a pas abouti avec cet utilisateur et ce mot de passe',
@@ -125,7 +125,7 @@ return [
'api_incorrect_token_secret' => 'Le secret fourni pour le jeton d\'API utilisé est incorrect',
'api_user_no_api_permission' => 'Le propriétaire du jeton API utilisé n\'a pas la permission de passer des requêtes API',
'api_user_token_expired' => 'Le jeton d\'autorisation utilisé a expiré',
'api_cookie_auth_only_get' => 'Seules les requêtes GET sont autorisées lors de lutilisation de lAPI avec une authentification basée sur les cookies',
'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
// Settings & Maintenance
'maintenance_test_email_failure' => 'Erreur émise lors de l\'envoi d\'un e-mail de test :',

2
lang/it/errors.php
View File

@@ -125,7 +125,7 @@ return [
'api_incorrect_token_secret' => 'Il token segreto fornito per il token API utilizzato non è corretto',
'api_user_no_api_permission' => 'Il proprietario del token API utilizzato non ha il permesso di effettuare chiamate API',
'api_user_token_expired' => 'Il token di autorizzazione utilizzato è scaduto',
'api_cookie_auth_only_get' => 'Solo le richieste GET sono consentite quando si utilizza l\'API con autenticazione basata sui cookie',
'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
// Settings & Maintenance
'maintenance_test_email_failure' => 'Si è verificato un errore durante l\'invio di una e-mail di prova:',

2
lang/ja/errors.php
View File

@@ -125,7 +125,7 @@ return [
'api_incorrect_token_secret' => '利用されたAPIトークンに対して提供されたシークレットが正しくありません',
'api_user_no_api_permission' => '使用されているAPIトークンの所有者には、API呼び出しを行う権限がありません',
'api_user_token_expired' => '認証トークンが期限切れです。',
'api_cookie_auth_only_get' => 'Cookie ベースの認証で API を使用する場合、GET リクエストのみが許可されます',
'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
// Settings & Maintenance
'maintenance_test_email_failure' => 'テストメール送信時にエラーが発生しました:',

4
lang/pt_BR/errors.php
View File

@@ -110,7 +110,7 @@ return [
'import_zip_cant_read' => 'Não foi possível ler o arquivo ZIP.',
'import_zip_cant_decode_data' => 'Não foi possível encontrar e decodificar o conteúdo ZIP data.json.',
'import_zip_no_data' => 'Os dados do arquivo ZIP não têm o conteúdo esperado livro, capítulo ou página.',
'import_zip_data_too_large' => 'O conteúdo ZIP data.json excede o tamanho máximo de upload configurado para a aplicação.',
'import_zip_data_too_large' => 'ZIP data.json content exceeds the configured application maximum upload size.',
'import_validation_failed' => 'Falhou na validação da importação do ZIP com erros:',
'import_zip_failed_notification' => 'Falhou ao importar arquivo ZIP.',
'import_perms_books' => 'Você não tem as permissões necessárias para criar livros.',
@@ -126,7 +126,7 @@ return [
'api_incorrect_token_secret' => 'O segredo fornecido para o código de API usado está incorreto',
'api_user_no_api_permission' => 'O proprietário do código de API utilizado não tem permissão para fazer requisições de API',
'api_user_token_expired' => 'O código de autenticação expirou',
'api_cookie_auth_only_get' => 'Somente solicitações GET são permitidas ao usar a API com autenticação baseada em cookies',
'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
// Settings & Maintenance
'maintenance_test_email_failure' => 'Erro encontrado ao enviar uma mensagem eletrônica de teste:',

4
lang/pt_BR/notifications.php
View File

@@ -11,8 +11,8 @@ return [
'updated_page_subject' => 'Página atualizada: :pageName',
'updated_page_intro' => 'Uma página foi atualizada em :appName:',
'updated_page_debounce' => 'Para prevenir notificações em massa, por enquanto notificações não serão enviadas para você para próximas edições nessa página pelo mesmo editor.',
'comment_mention_subject' => 'Você foi mencionado em um comentário na página: :pageName',
'comment_mention_intro' => 'Você foi mencionado em um comentário sobre :appName:',
'comment_mention_subject' => 'You have been mentioned in a comment on page: :pageName',
'comment_mention_intro' => 'You were mentioned in a comment on :appName:',
'detail_page_name' => 'Nome da Página:',
'detail_page_path' => 'Caminho da Página:',

2
lang/pt_BR/preferences.php
View File

@@ -23,7 +23,7 @@ return [
'notifications_desc' => 'Controle as notificações por e-mail que você recebe quando uma determinada atividade é executada no sistema.',
'notifications_opt_own_page_changes' => 'Notificar quando houver alterações em páginas que eu possuo',
'notifications_opt_own_page_comments' => 'Notificar comentários nas páginas que eu possuo',
'notifications_opt_comment_mentions' => 'Notificar quando eu for mencionado em um comentário',
'notifications_opt_comment_mentions' => 'Notify when I\'m mentioned in a comment',
'notifications_opt_comment_replies' => 'Notificar ao responder aos meus comentários',
'notifications_save' => 'Salvar Preferências',
'notifications_update_success' => 'Preferências de notificação foram atualizadas!',

4
lang/pt_BR/settings.php
View File

@@ -197,13 +197,13 @@ return [
'role_import_content' => 'Importar conteúdo',
'role_editor_change' => 'Alterar página de edição',
'role_notifications' => 'Receber e gerenciar notificações',
'role_permission_note_users_and_roles' => 'Essas permissões tecnicamente também fornecerão visibilidade e busca de usuários e perfis no sistema.',
'role_permission_note_users_and_roles' => 'These permissions will technically also provide visibility & searching of users & roles in the system.',
'role_asset' => 'Permissões de Ativos',
'roles_system_warning' => 'Esteja ciente de que o acesso a qualquer uma das três permissões acima pode permitir que um usuário altere seus próprios privilégios ou privilégios de outros usuários no sistema. Apenas atribua perfis com essas permissões para usuários confiáveis.',
'role_asset_desc' => 'Essas permissões controlam o acesso padrão para os ativos dentro do sistema. Permissões em Livros, Capítulos e Páginas serão sobrescritas por essas permissões.',
'role_asset_admins' => 'Administradores recebem automaticamente acesso a todo o conteúdo, mas essas opções podem mostrar ou ocultar as opções da Interface de Usuário.',
'role_asset_image_view_note' => 'Isso está relacionado à visibilidade no gerenciador de imagens. O acesso real dos arquivos de imagem carregados dependerá da opção de armazenamento de imagem do sistema.',
'role_asset_users_note' => 'Essas permissões tecnicamente também fornecerão visibilidade e busca de usuários do sistema.',
'role_asset_users_note' => 'These permissions will technically also provide visibility & searching of users in the system.',
'role_all' => 'Todos',
'role_own' => 'Próprio',
'role_controlled_by_asset' => 'Controlado pelos ativos nos quais o upload foi realizado',

2
lang/pt_BR/validation.php
View File

@@ -106,7 +106,7 @@ return [
'uploaded' => 'O arquivo não pôde ser carregado. O servidor pode não aceitar arquivos deste tamanho.',
'zip_file' => 'O :attribute precisa fazer referência a um arquivo do ZIP.',
'zip_file_size' => 'O arquivo :attribute não deve exceder :size MB.',
'zip_file_size' => 'The file :attribute must not exceed :size MB.',
'zip_file_mime' => 'O :attribute precisa fazer referência a um arquivo do tipo :validTypes, encontrado :foundType.',
'zip_model_expected' => 'Objeto de dados esperado, mas ":type" encontrado.',
'zip_unique' => 'O :attribute deve ser único para o tipo de objeto dentro do ZIP.',

38
lang/ru/entities.php
View File

@@ -39,21 +39,21 @@ return [
'export_pdf' => 'PDF файл',
'export_text' => 'Текстовый файл',
'export_md' => 'Файл Markdown',
'export_zip' => 'Портативный ZIP',
'export_zip' => 'Portable ZIP',
'default_template' => 'Шаблон страницы по умолчанию',
'default_template_explain' => 'Назначить шаблон страницы, который будет использоваться в качестве содержимого по умолчанию для всех страниц, созданных в этом элементе. Имейте в виду, что это будет работать, только если создатель страницы имеет доступ к выбранной странице шаблона.',
'default_template_select' => 'Выберите страницу шаблона',
'import' => 'Импорт',
'import_validate' => 'Проверка импорта',
'import_validate' => 'Validate Import',
'import_desc' => 'Импортировать книги, главы и страницы с помощью ZIP-файла, экспортированного из этого или другого источника. Выберите ZIP-файл, чтобы продолжить. После загрузки и проверки файла вы сможете настроить и подтвердить импорт в следующем окне.',
'import_zip_select' => 'Выберите ZIP файл для загрузки',
'import_zip_validation_errors' => 'Были обнаружены ошибки при проверке предоставленного ZIP файла:',
'import_pending' => 'Ожидается импорт',
'import_pending_none' => 'Импорт не был запущен.',
'import_continue' => 'Продолжить импорт',
'import_zip_select' => 'Select ZIP file to upload',
'import_zip_validation_errors' => 'Errors were detected while validating the provided ZIP file:',
'import_pending' => 'Pending Imports',
'import_pending_none' => 'No imports have been started.',
'import_continue' => 'Continue Import',
'import_continue_desc' => 'Review the content due to be imported from the uploaded ZIP file. When ready, run the import to add its contents to this system. The uploaded ZIP import file will be automatically removed on successful import.',
'import_details' => 'Import Details',
'import_run' => 'Запустить импорт',
'import_run' => 'Run Import',
'import_size' => ':size Import ZIP Size',
'import_uploaded_at' => 'Uploaded :relativeTime',
'import_uploaded_by' => 'Uploaded by',
@@ -61,7 +61,7 @@ return [
'import_location_desc' => 'Select a target location for your imported content. You\'ll need the relevant permissions to create within the location you choose.',
'import_delete_confirm' => 'Are you sure you want to delete this import?',
'import_delete_desc' => 'This will delete the uploaded import ZIP file, and cannot be undone.',
'import_errors' => 'Ошибки импорта',
'import_errors' => 'Import Errors',
'import_errors_desc' => 'The follow errors occurred during the import attempt:',
'breadcrumb_siblings_for_page' => 'Navigate siblings for page',
'breadcrumb_siblings_for_chapter' => 'Navigate siblings for chapter',
@@ -252,7 +252,7 @@ return [
'pages_edit_switch_to_markdown_stable' => 'Полное сохранение форматирования (HTML)',
'pages_edit_switch_to_wysiwyg' => 'Переключиться в WYSIWYG',
'pages_edit_switch_to_new_wysiwyg' => 'Switch to new WYSIWYG',
'pages_edit_switch_to_new_wysiwyg_desc' => '(В бета-тестировании)',
'pages_edit_switch_to_new_wysiwyg_desc' => '(In Beta Testing)',
'pages_edit_set_changelog' => 'Задать список изменений',
'pages_edit_enter_changelog_desc' => 'Введите краткое описание внесенных изменений',
'pages_edit_enter_changelog' => 'Введите список изменений',
@@ -397,11 +397,11 @@ return [
'comment' => 'Комментарий',
'comments' => 'Комментарии',
'comment_add' => 'Комментировать',
'comment_none' => 'Нет комментариев для отображения',
'comment_none' => 'No comments to display',
'comment_placeholder' => 'Оставить комментарий здесь',
'comment_thread_count' => ':count Comment Thread|:count Comment Threads',
'comment_archived_count' => ':count архивировано',
'comment_archived_threads' => 'Архивированные темы',
'comment_archived_count' => ':count Archived',
'comment_archived_threads' => 'Archived Threads',
'comment_save' => 'Сохранить комментарий',
'comment_new' => 'Новый комментарий',
'comment_created' => 'прокомментировал :createDiff',
@@ -410,14 +410,14 @@ return [
'comment_deleted_success' => 'Комментарий удален',
'comment_created_success' => 'Комментарий добавлен',
'comment_updated_success' => 'Комментарий обновлен',
'comment_archive_success' => 'Комментарий заархивирован',
'comment_unarchive_success' => 'Комментарий разархивирован',
'comment_view' => 'Просмотреть комментарий',
'comment_jump_to_thread' => 'Перейти к теме',
'comment_archive_success' => 'Comment archived',
'comment_unarchive_success' => 'Comment un-archived',
'comment_view' => 'View comment',
'comment_jump_to_thread' => 'Jump to thread',
'comment_delete_confirm' => 'Удалить этот комментарий?',
'comment_in_reply_to' => 'В ответ на :commentId',
'comment_reference' => 'Ссылка',
'comment_reference_outdated' => '(Устаревшее)',
'comment_reference' => 'Reference',
'comment_reference_outdated' => '(Outdated)',
'comment_editor_explain' => 'Вот комментарии, которые были оставлены на этой странице. Комментарии могут быть добавлены и управляться при просмотре сохраненной страницы.',
// Revision

2
lang/ru/notifications.php
View File

@@ -11,7 +11,7 @@ return [
'updated_page_subject' => 'Обновлена страница: :pageName',
'updated_page_intro' => 'Страница была обновлена в :appName:',
'updated_page_debounce' => 'Чтобы предотвратить массовые уведомления, в течение некоторого времени вы не будете получать уведомления о дальнейших правках этой страницы этим же редактором.',
'comment_mention_subject' => 'Вы были упомянуты в комментарии на странице: :pageName',
'comment_mention_subject' => 'You have been mentioned in a comment on page: :pageName',
'comment_mention_intro' => 'You were mentioned in a comment on :appName:',
'detail_page_name' => 'Имя страницы:',

4
lang/ru/settings.php
View File

@@ -75,7 +75,7 @@ return [
'reg_confirm_restrict_domain_placeholder' => 'Без ограничений',
// Sorting Settings
'sorting' => 'Списки и сортировка',
'sorting' => 'Lists & Sorting',
'sorting_book_default' => 'Default Book Sort Rule',
'sorting_book_default_desc' => 'Выберите правило сортировки по умолчанию для новых книг. Это не повлияет на существующие книги, и может быть изменено для каждой книги отдельно.',
'sorting_rules' => 'Правила сортировки',
@@ -101,7 +101,7 @@ return [
'sort_rule_op_name_numeric' => 'По нумерации',
'sort_rule_op_created_date' => 'Created Date',
'sort_rule_op_updated_date' => 'Updated Date',
'sort_rule_op_chapters_first' => 'Главы в начале',
'sort_rule_op_chapters_first' => 'Chapters First',
'sort_rule_op_chapters_last' => 'Главы в конце',
'sorting_page_limits' => 'Per-Page Display Limits',
'sorting_page_limits_desc' => 'Set how many items to show per-page in various lists within the system. Typically a lower amount will be more performant, while a higher amount avoids the need to click through multiple pages. Using an even multiple of 3 (18, 24, 30, etc...) is recommended.',

2
lang/sv/entities.php
View File

@@ -397,7 +397,7 @@ return [
'comment' => 'Kommentar',
'comments' => 'Kommentarer',
'comment_add' => 'Lägg till kommentar',
'comment_none' => 'Inga kommentarer att visa',
'comment_none' => 'No comments to display',
'comment_placeholder' => 'Lämna en kommentar här',
'comment_thread_count' => ':count Comment Thread|:count Comment Threads',
'comment_archived_count' => ':count Archived',

2
lang/sv/preferences.php
View File

@@ -5,7 +5,7 @@
*/
return [
'my_account' => 'Mitt Konto',
'my_account' => 'My Account',
'shortcuts' => 'Genvägar',
'shortcuts_interface' => 'UI Shortcut Preferences',

2
lang/zh_CN/editor.php
View File

@@ -48,7 +48,7 @@ return [
'superscript' => '上标',
'subscript' => '下标',
'text_color' => '文本颜色',
'highlight_color' => '高亮颜色',
'highlight_color' => 'Highlight color',
'custom_color' => '自定义颜色',
'remove_color' => '移除颜色',
'background_color' => '背景色',

10
lang/zh_CN/entities.php
View File

@@ -63,10 +63,10 @@ return [
'import_delete_desc' => '这将删除上传的ZIP文件不能撤消。',
'import_errors' => '导入错误',
'import_errors_desc' => '在尝试导入过程中出现了以下错误:',
'breadcrumb_siblings_for_page' => '导航页面',
'breadcrumb_siblings_for_chapter' => '导航章节',
'breadcrumb_siblings_for_book' => '导航书籍',
'breadcrumb_siblings_for_bookshelf' => '导航书架',
'breadcrumb_siblings_for_page' => 'Navigate siblings for page',
'breadcrumb_siblings_for_chapter' => 'Navigate siblings for chapter',
'breadcrumb_siblings_for_book' => 'Navigate siblings for book',
'breadcrumb_siblings_for_bookshelf' => 'Navigate siblings for shelf',
// Permissions and restrictions
'permissions' => '权限',
@@ -399,7 +399,7 @@ return [
'comment_add' => '添加评论',
'comment_none' => '没有要显示的评论',
'comment_placeholder' => '在这里评论',
'comment_thread_count' => ':count ',
'comment_thread_count' => ':count Comment Thread|:count Comment Threads',
'comment_archived_count' => ':count 条评论已存档',
'comment_archived_threads' => '已存档的贴子',
'comment_save' => '保存评论',

4
lang/zh_CN/errors.php
View File

@@ -109,7 +109,7 @@ return [
'import_zip_cant_read' => '无法读取 ZIP 文件。',
'import_zip_cant_decode_data' => '无法找到并解码 ZIP data.json 内容。',
'import_zip_no_data' => 'ZIP 文件数据没有预期的书籍、章节或页面内容。',
'import_zip_data_too_large' => '超出最大上传大小。',
'import_zip_data_too_large' => 'ZIP data.json content exceeds the configured application maximum upload size.',
'import_validation_failed' => '导入 ZIP 验证失败,出现错误:',
'import_zip_failed_notification' => 'ZIP 文件导入失败。',
'import_perms_books' => '您缺少创建书籍所需的权限。',
@@ -125,7 +125,7 @@ return [
'api_incorrect_token_secret' => '给已给出的API所提供的密钥不正确',
'api_user_no_api_permission' => '使用过的 API 令牌的所有者没有进行API 调用的权限',
'api_user_token_expired' => '所使用的身份令牌已过期',
'api_cookie_auth_only_get' => '使用基于 Cookie 的身份验证 API 时,仅允许 GET 请求。',
'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
// Settings & Maintenance
'maintenance_test_email_failure' => '发送测试电子邮件时出现错误:',

4
lang/zh_CN/notifications.php
View File

@@ -11,8 +11,8 @@ return [
'updated_page_subject' => '页面更新::pageName',
'updated_page_intro' => ':appName: 中的一个页面已被更新',
'updated_page_debounce' => '为了防止出现大量通知,一段时间内您不会收到同一编辑者再次编辑本页面的通知。',
'comment_mention_subject' => '在页面中被提及::pageName',
'comment_mention_intro' => ' :appName 中被提及:',
'comment_mention_subject' => 'You have been mentioned in a comment on page: :pageName',
'comment_mention_intro' => 'You were mentioned in a comment on :appName:',
'detail_page_name' => '页面名称:',
'detail_page_path' => '页面路径:',

2
lang/zh_CN/preferences.php
View File

@@ -23,7 +23,7 @@ return [
'notifications_desc' => '控制在系统内发生某些活动时您会收到的电子邮件通知。',
'notifications_opt_own_page_changes' => '在我拥有的页面被修改时通知我',
'notifications_opt_own_page_comments' => '在我拥有的页面上有新评论时通知我',
'notifications_opt_comment_mentions' => '当我在评论中被提及时通知我',
'notifications_opt_comment_mentions' => 'Notify when I\'m mentioned in a comment',
'notifications_opt_comment_replies' => '在有人回复我的频率时通知我',
'notifications_save' => '保存偏好设置',
'notifications_update_success' => '通知偏好设置已更新!',

12
lang/zh_CN/settings.php
View File

@@ -75,8 +75,8 @@ return [
'reg_confirm_restrict_domain_placeholder' => '尚未设置限制',
// Sorting Settings
'sorting' => '列表和排序',
'sorting_book_default' => '默认排序规则',
'sorting' => 'Lists & Sorting',
'sorting_book_default' => 'Default Book Sort Rule',
'sorting_book_default_desc' => '选择要应用于新书的默认排序规则。这不会影响现有书,并且可以每本书覆盖。',
'sorting_rules' => '排序规则',
'sorting_rules_desc' => '这些是预定义的排序操作,可应用于系统中的内容。',
@@ -103,8 +103,8 @@ return [
'sort_rule_op_updated_date' => '更新时间',
'sort_rule_op_chapters_first' => '章节正序',
'sort_rule_op_chapters_last' => '章节倒序',
'sorting_page_limits' => '每页显示限制',
'sorting_page_limits_desc' => '设置系统中各种列表每页显示的项目数。通常,项目数越少性能越好,而项目数越多可以避免用户点击多个页面。建议使用 3 的整数倍(例如 18、24、30 等)。',
'sorting_page_limits' => 'Per-Page Display Limits',
'sorting_page_limits_desc' => 'Set how many items to show per-page in various lists within the system. Typically a lower amount will be more performant, while a higher amount avoids the need to click through multiple pages. Using an even multiple of 3 (18, 24, 30, etc...) is recommended.',
// Maintenance settings
'maint' => '维护',
@@ -197,13 +197,13 @@ return [
'role_import_content' => '导入内容',
'role_editor_change' => '更改页面编辑器',
'role_notifications' => '管理和接收通知',
'role_permission_note_users_and_roles' => '从技术上讲,这些权限还将提供对系统中用户和角色的可见性和搜索功能。',
'role_permission_note_users_and_roles' => 'These permissions will technically also provide visibility & searching of users & roles in the system.',
'role_asset' => '资源许可',
'roles_system_warning' => '请注意,拥有以上三个权限中的任何一个都会允许用户更改自己的权限或系统中其他人的权限。 请只将拥有这些权限的角色分配给你信任的用户。',
'role_asset_desc' => '对系统内资源的默认访问许可将由这些权限控制。单独设置在书籍、章节和页面上的权限将覆盖这里的权限设定。',
'role_asset_admins' => '管理员可自动获得对所有内容的访问权限但这些选项可能会显示或隐藏UI选项。',
'role_asset_image_view_note' => '这与图像管理器中的可见性有关。已经上传的图片的实际访问取决于系统图像存储选项。',
'role_asset_users_note' => '从技术上讲,这些权限还将提供对系统中用户和角色的可见性和搜索功能。',
'role_asset_users_note' => 'These permissions will technically also provide visibility & searching of users in the system.',
'role_all' => '全部的',
'role_own' => '拥有的',
'role_controlled_by_asset' => '由其所在的资源来控制',

2
lang/zh_CN/validation.php
View File

@@ -106,7 +106,7 @@ return [
'uploaded' => '无法上传文件。 服务器可能不接受此大小的文件。',
'zip_file' => ':attribute 需要引用 ZIP 内的文件。',
'zip_file_size' => ':attribute 不能超过 :size MB',
'zip_file_size' => 'The file :attribute must not exceed :size MB.',
'zip_file_mime' => ':attribute 需要引用类型为 :validTypes 的文件,找到 :foundType 。',
'zip_model_expected' => '预期的数据对象,但找到了 ":type" 。',
'zip_unique' => '对于 ZIP 中的对象类型来说,:attribute 必须是唯一的。',

1
phpunit.xml
View File

@@ -34,6 +34,7 @@
<server name="AUTH_AUTO_INITIATE" value="false"/>
<server name="DISABLE_EXTERNAL_SERVICES" value="true"/>
<server name="ALLOW_UNTRUSTED_SERVER_FETCHING" value="false"/>
<server name="CONTENT_FILTERING" value="jhfa"/>
<server name="ALLOW_CONTENT_SCRIPTS" value="false"/>
<server name="AVATAR_URL" value=""/>
<server name="LDAP_START_TLS" value="false"/>

24
readme.md
View File

@@ -48,17 +48,13 @@ Big thanks to these companies for supporting the project.
#### Gold Sponsor
<table><tbody><tr>
<td align="center"><a href="https://www.federated.computer/bookstack" target="_blank">
<img width="480" src="https://www.bookstackapp.com/images/sponsors/federated-computer.png" alt="Federated.computer">
</a></td>
</tr><tr>
<td align="center"><a href="https://www.diagrams.net/" target="_blank">
<img width="480" src="https://www.bookstackapp.com/images/sponsors/diagramsnet.png" alt="Diagrams.net">
</a></td>
</tr>
<tr>
<td align="center"><a href="https://www.onyx.app/?utm_source=bookstack" target="_blank">
<img width="420" src="https://www.bookstackapp.com/images/sponsors/onyx.png" alt="onyx.app">
<img width="400" src="https://www.bookstackapp.com/images/sponsors/onyx.png" alt="onyx.app">
</a></td>
</tr>
</tbody></table>
@@ -81,26 +77,23 @@ Big thanks to these companies for supporting the project.
</a></td>
</tr>
<tr>
<td align="center" style="text-align: center"><a href="https://www.schroeck-consulting.de/" target="_blank">
<img width="200" src="https://www.bookstackapp.com/images/sponsors/schroeck-consulting.png" alt="Schroeck IT Consulting">
</a></td>
<td align="center"><a href="https://practinet.be/" target="_blank">
<img width="240" src="https://www.bookstackapp.com/images/sponsors/practinet.png" alt="Practinet">
</a></td>
</tr>
<tr>
<td align="center"><a href="https://route4me.com/" target="_blank">
<img width="240" src="https://www.bookstackapp.com/images/sponsors/route4me.png" alt="Route4Me - Route Optimizer and Route Planner Software">
</a></td>
</tr>
<tr>
<td align="center"><a href="https://phamos.eu" target="_blank">
<img width="132" src="https://www.bookstackapp.com/images/sponsors/phamos.png" alt="phamos">
</a></td>
</tr>
<tr>
<td align="center"><a href="https://sitespeak.ai/bookstack" target="_blank">
<img width="240" src="https://www.bookstackapp.com/images/sponsors/sitespeak.png" alt="SiteSpeakAI">
</a></td>
<td align="center"><a href="https://www.admin-intelligence.de/bookstack/" target="_blank">
</tr>
<tr>
<td align="center" colspan="2"><a href="https://www.admin-intelligence.de/bookstack/" target="_blank">
<img width="210" src="https://www.bookstackapp.com/images/sponsors/admin-intelligence.png" alt="Admin Intelligence">
</a></td>
</tr>
@@ -155,7 +148,7 @@ The website which contains the project docs & blog can be found in the [BookStac
The BookStack source is provided under the [MIT License](https://github.com/BookStackApp/BookStack/blob/development/LICENSE).
The libraries used by, and included with, BookStack are provided under their own licenses and copyright.
The licenses for many of our core dependencies can be found in the attribution list below but this is not an exhaustive list of all projects used within BookStack.
The licenses for many of our core dependencies can be found in the attribution list below, but this is not an exhaustive list of all projects used within BookStack.
## 👪 Attribution
@@ -187,5 +180,6 @@ Note: This is not an exhaustive list of all libraries and projects that would be
* [PHPStan](https://phpstan.org/) & [Larastan](https://github.com/nunomaduro/larastan) - _[MIT](https://github.com/phpstan/phpstan/blob/master/LICENSE) and [MIT](https://github.com/nunomaduro/larastan/blob/master/LICENSE.md)_
* [PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer) - _[BSD 3-Clause](https://github.com/squizlabs/PHP_CodeSniffer/blob/master/licence.txt)_
* [JakeArchibald/IDB-Keyval](https://github.com/jakearchibald/idb-keyval) - _[Apache-2.0](https://github.com/jakearchibald/idb-keyval/blob/main/LICENCE)_
* [HTML Purifier](https://github.com/ezyang/htmlpurifier) and [htmlpurifier-html5](https://github.com/xemlock/htmlpurifier-html5) - _[LGPL-2.1](https://github.com/ezyang/htmlpurifier/blob/master/LICENSE) and [MIT](https://github.com/xemlock/htmlpurifier-html5/blob/master/LICENSE)_
For a detailed breakdown of the JavaScript & PHP projects imported & used via NPM & composer package managers, along with their licenses, please see the [dev/licensing/js-library-licenses.txt](dev/licensing/js-library-licenses.txt) and [dev/licensing/php-library-licenses.txt](dev/licensing/php-library-licenses.txt) files.
For a detailed breakdown of the JavaScript & PHP projects imported and used via NPM & composer package managers, along with their licenses, please see the [dev/licensing/js-library-licenses.txt](dev/licensing/js-library-licenses.txt) and [dev/licensing/php-library-licenses.txt](dev/licensing/php-library-licenses.txt) files.

3
resources/sass/_editor.scss
View File

@@ -451,6 +451,9 @@ body.editor-is-fullscreen {
outline: 1px dashed var(--editor-color-primary);
outline-offset: 1px;
}
.editor-content-area [drawio-diagram] {
cursor: pointer;
}
.editor-table-marker {
position: fixed;

3
resources/sass/_forms.scss
View File

@@ -142,6 +142,9 @@
padding-inline-end: 12px;
max-width: 864px;
}
[drawio-diagram] {
cursor: pointer;
}
[drawio-diagram]:hover {
outline: 2px solid var(--color-primary);
}

9
resources/sass/_tinymce.scss
View File

@@ -202,4 +202,11 @@ body.page-content.mce-content-body {
background-image: url('data:image/svg+xml;utf8,<svg fill="%23FFFFFF" version="1.1" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><path d="m8.4856 20.274-6.736-6.736 2.9287-2.7823 3.8073 3.8073 10.836-10.836 2.9287 2.9287z" stroke-width="1.4644"/></svg>');
background-position: 50% 50%;
background-size: 100% 100%;
}
}
/**
* Ensure cursor indicates that drawings are clickable
*/
.page-content.mce-content-body [drawio-diagram] {
cursor: pointer;
}

55
resources/views/books/index.blade.php
View File

@@ -5,58 +5,11 @@
@stop
@section('left')
@if($recents)
<div id="recents" class="mb-xl">
<h5>{{ trans('entities.recently_viewed') }}</h5>
@include('entities.list', ['entities' => $recents, 'style' => 'compact'])
</div>
@endif
<div id="popular" class="mb-xl">
<h5>{{ trans('entities.books_popular') }}</h5>
@if(count($popular) > 0)
@include('entities.list', ['entities' => $popular, 'style' => 'compact'])
@else
<p class="text-muted pb-l mb-none">{{ trans('entities.books_popular_empty') }}</p>
@endif
</div>
<div id="new" class="mb-xl">
<h5>{{ trans('entities.books_new') }}</h5>
@if(count($new) > 0)
@include('entities.list', ['entities' => $new, 'style' => 'compact'])
@else
<p class="text-muted pb-l mb-none">{{ trans('entities.books_new_empty') }}</p>
@endif
</div>
@include('books.parts.index-sidebar-section-recents', ['recents' => $recents])
@include('books.parts.index-sidebar-section-popular', ['popular' => $popular])
@include('books.parts.index-sidebar-section-new', ['new' => $new])
@stop
@section('right')
<div class="actions mb-xl">
<h5>{{ trans('common.actions') }}</h5>
<div class="icon-list text-link">
@if(userCan(\BookStack\Permissions\Permission::BookCreateAll))
<a href="{{ url("/create-book") }}" data-shortcut="new" class="icon-list-item">
<span>@icon('add')</span>
<span>{{ trans('entities.books_create') }}</span>
</a>
@endif
@include('entities.view-toggle', ['view' => $view, 'type' => 'books'])
<a href="{{ url('/tags') }}" class="icon-list-item">
<span>@icon('tag')</span>
<span>{{ trans('entities.tags_view_tags') }}</span>
</a>
@if(userCan(\BookStack\Permissions\Permission::ContentImport))
<a href="{{ url('/import') }}" class="icon-list-item">
<span>@icon('upload')</span>
<span>{{ trans('entities.import') }}</span>
</a>
@endif
</div>
</div>
@include('books.parts.index-sidebar-section-actions', ['view' => $view])
@stop

25
resources/views/books/parts/index-sidebar-section-actions.blade.php Normal file
View File

@@ -0,0 +1,25 @@
<div id="actions" class="actions mb-xl">
<h5>{{ trans('common.actions') }}</h5>
<div class="icon-list text-link">
@if(userCan(\BookStack\Permissions\Permission::BookCreateAll))
<a href="{{ url("/create-book") }}" data-shortcut="new" class="icon-list-item">
<span>@icon('add')</span>
<span>{{ trans('entities.books_create') }}</span>
</a>
@endif
@include('entities.view-toggle', ['view' => $view, 'type' => 'books'])
<a href="{{ url('/tags') }}" class="icon-list-item">
<span>@icon('tag')</span>
<span>{{ trans('entities.tags_view_tags') }}</span>
</a>
@if(userCan(\BookStack\Permissions\Permission::ContentImport))
<a href="{{ url('/import') }}" class="icon-list-item">
<span>@icon('upload')</span>
<span>{{ trans('entities.import') }}</span>
</a>
@endif
</div>
</div>

8
resources/views/books/parts/index-sidebar-section-new.blade.php Normal file
View File

@@ -0,0 +1,8 @@
<div id="new" class="mb-xl">
<h5>{{ trans('entities.books_new') }}</h5>
@if(count($new) > 0)
@include('entities.list', ['entities' => $new, 'style' => 'compact'])
@else
<p class="text-muted pb-l mb-none">{{ trans('entities.books_new_empty') }}</p>
@endif
</div>

8
resources/views/books/parts/index-sidebar-section-popular.blade.php Normal file
View File

@@ -0,0 +1,8 @@
<div id="popular" class="mb-xl">
<h5>{{ trans('entities.books_popular') }}</h5>
@if(count($popular) > 0)
@include('entities.list', ['entities' => $popular, 'style' => 'compact'])
@else
<p class="text-muted pb-l mb-none">{{ trans('entities.books_popular_empty') }}</p>
@endif
</div>

6
resources/views/books/parts/index-sidebar-section-recents.blade.php Normal file
View File

@@ -0,0 +1,6 @@
@if($recents)
<div id="recents" class="mb-xl">
<h5>{{ trans('entities.recently_viewed') }}</h5>
@include('entities.list', ['entities' => $recents, 'style' => 'compact'])
</div>
@endif

61
resources/views/books/parts/show-sidebar-section-actions.blade.php Normal file
View File

@@ -0,0 +1,61 @@
<div class="actions mb-xl">
<h5>{{ trans('common.actions') }}</h5>
<div class="icon-list text-link">
@if(userCan(\BookStack\Permissions\Permission::PageCreate, $book))
<a href="{{ $book->getUrl('/create-page') }}" data-shortcut="new" class="icon-list-item">
<span>@icon('add')</span>
<span>{{ trans('entities.pages_new') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::ChapterCreate, $book))
<a href="{{ $book->getUrl('/create-chapter') }}" data-shortcut="new" class="icon-list-item">
<span>@icon('add')</span>
<span>{{ trans('entities.chapters_new') }}</span>
</a>
@endif
<hr class="primary-background">
@if(userCan(\BookStack\Permissions\Permission::BookUpdate, $book))
<a href="{{ $book->getUrl('/edit') }}" data-shortcut="edit" class="icon-list-item">
<span>@icon('edit')</span>
<span>{{ trans('common.edit') }}</span>
</a>
<a href="{{ $book->getUrl('/sort') }}" data-shortcut="sort" class="icon-list-item">
<span>@icon('sort')</span>
<span>{{ trans('common.sort') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::BookCreateAll))
<a href="{{ $book->getUrl('/copy') }}" data-shortcut="copy" class="icon-list-item">
<span>@icon('copy')</span>
<span>{{ trans('common.copy') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book))
<a href="{{ $book->getUrl('/permissions') }}" data-shortcut="permissions" class="icon-list-item">
<span>@icon('lock')</span>
<span>{{ trans('entities.permissions') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::BookDelete, $book))
<a href="{{ $book->getUrl('/delete') }}" data-shortcut="delete" class="icon-list-item">
<span>@icon('delete')</span>
<span>{{ trans('common.delete') }}</span>
</a>
@endif
<hr class="primary-background">
@if($watchOptions->canWatch() && !$watchOptions->isWatching())
@include('entities.watch-action', ['entity' => $book])
@endif
@if(!user()->isGuest())
@include('entities.favourite-action', ['entity' => $book])
@endif
@if(userCan(\BookStack\Permissions\Permission::ContentExport))
@include('entities.export-menu', ['entity' => $book])
@endif
</div>
</div>

6
resources/views/books/parts/show-sidebar-section-activity.blade.php Normal file
View File

@@ -0,0 +1,6 @@
@if(count($activity) > 0)
<div id="recent-activity" class="mb-xl">
<h5>{{ trans('entities.recent_activity') }}</h5>
@include('common.activity-list', ['activity' => $activity])
</div>
@endif

21
resources/views/books/parts/show-sidebar-section-details.blade.php Normal file
View File

@@ -0,0 +1,21 @@
<div class="mb-xl">
<h5>{{ trans('common.details') }}</h5>
<div class="blended-links">
@include('entities.meta', ['entity' => $book, 'watchOptions' => $watchOptions])
@if($book->hasPermissions())
<div class="active-restriction">
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book))
<a href="{{ $book->getUrl('/permissions') }}" class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.books_permissions_active') }}</div>
</a>
@else
<div class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.books_permissions_active') }}</div>
</div>
@endif
</div>
@endif
</div>
</div>

6
resources/views/books/parts/show-sidebar-section-shelves.blade.php Normal file
View File

@@ -0,0 +1,6 @@
@if(count($bookParentShelves) > 0)
<div class="actions mb-xl">
<h5>{{ trans('entities.shelves') }}</h5>
@include('entities.list', ['entities' => $bookParentShelves, 'style' => 'compact'])
</div>
@endif

5
resources/views/books/parts/show-sidebar-section-tags.blade.php Normal file
View File

@@ -0,0 +1,5 @@
@if($book->tags->count() > 0)
<div class="mb-xl">
@include('entities.tag-list', ['entity' => $book])
</div>
@endif

110
resources/views/books/show.blade.php
View File

@@ -67,114 +67,14 @@
@stop
@section('right')
<div class="mb-xl">
<h5>{{ trans('common.details') }}</h5>
<div class="blended-links">
@include('entities.meta', ['entity' => $book, 'watchOptions' => $watchOptions])
@if($book->hasPermissions())
<div class="active-restriction">
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book))
<a href="{{ $book->getUrl('/permissions') }}" class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.books_permissions_active') }}</div>
</a>
@else
<div class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.books_permissions_active') }}</div>
</div>
@endif
</div>
@endif
</div>
</div>
<div class="actions mb-xl">
<h5>{{ trans('common.actions') }}</h5>
<div class="icon-list text-link">
@if(userCan(\BookStack\Permissions\Permission::PageCreate, $book))
<a href="{{ $book->getUrl('/create-page') }}" data-shortcut="new" class="icon-list-item">
<span>@icon('add')</span>
<span>{{ trans('entities.pages_new') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::ChapterCreate, $book))
<a href="{{ $book->getUrl('/create-chapter') }}" data-shortcut="new" class="icon-list-item">
<span>@icon('add')</span>
<span>{{ trans('entities.chapters_new') }}</span>
</a>
@endif
<hr class="primary-background">
@if(userCan(\BookStack\Permissions\Permission::BookUpdate, $book))
<a href="{{ $book->getUrl('/edit') }}" data-shortcut="edit" class="icon-list-item">
<span>@icon('edit')</span>
<span>{{ trans('common.edit') }}</span>
</a>
<a href="{{ $book->getUrl('/sort') }}" data-shortcut="sort" class="icon-list-item">
<span>@icon('sort')</span>
<span>{{ trans('common.sort') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::BookCreateAll))
<a href="{{ $book->getUrl('/copy') }}" data-shortcut="copy" class="icon-list-item">
<span>@icon('copy')</span>
<span>{{ trans('common.copy') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book))
<a href="{{ $book->getUrl('/permissions') }}" data-shortcut="permissions" class="icon-list-item">
<span>@icon('lock')</span>
<span>{{ trans('entities.permissions') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::BookDelete, $book))
<a href="{{ $book->getUrl('/delete') }}" data-shortcut="delete" class="icon-list-item">
<span>@icon('delete')</span>
<span>{{ trans('common.delete') }}</span>
</a>
@endif
<hr class="primary-background">
@if($watchOptions->canWatch() && !$watchOptions->isWatching())
@include('entities.watch-action', ['entity' => $book])
@endif
@if(!user()->isGuest())
@include('entities.favourite-action', ['entity' => $book])
@endif
@if(userCan(\BookStack\Permissions\Permission::ContentExport))
@include('entities.export-menu', ['entity' => $book])
@endif
</div>
</div>
@include('books.parts.show-sidebar-section-details', ['book' => $book, 'watchOptions' => $watchOptions])
@include('books.parts.show-sidebar-section-actions', ['book' => $book, 'watchOptions' => $watchOptions])
@stop
@section('left')
@include('entities.search-form', ['label' => trans('entities.books_search_this')])
@if($book->tags->count() > 0)
<div class="mb-xl">
@include('entities.tag-list', ['entity' => $book])
</div>
@endif
@if(count($bookParentShelves) > 0)
<div class="actions mb-xl">
<h5>{{ trans('entities.shelves') }}</h5>
@include('entities.list', ['entities' => $bookParentShelves, 'style' => 'compact'])
</div>
@endif
@if(count($activity) > 0)
<div id="recent-activity" class="mb-xl">
<h5>{{ trans('entities.recent_activity') }}</h5>
@include('common.activity-list', ['activity' => $activity])
</div>
@endif
@include('books.parts.show-sidebar-section-tags', ['book' => $book])
@include('books.parts.show-sidebar-section-shelves', ['bookParentShelves' => $bookParentShelves])
@include('books.parts.show-sidebar-section-activity', ['activity' => $activity])
@stop

65
resources/views/chapters/parts/show-sidebar-section-actions.blade.php Normal file
View File

@@ -0,0 +1,65 @@
<div class="actions mb-xl">
<h5>{{ trans('common.actions') }}</h5>
<div class="icon-list text-link">
@if(userCan(\BookStack\Permissions\Permission::PageCreate, $chapter))
<a href="{{ $chapter->getUrl('/create-page') }}" data-shortcut="new" class="icon-list-item">
<span>@icon('add')</span>
<span>{{ trans('entities.pages_new') }}</span>
</a>
@endif
<hr class="primary-background"/>
@if(userCan(\BookStack\Permissions\Permission::ChapterUpdate, $chapter))
<a href="{{ $chapter->getUrl('/edit') }}" data-shortcut="edit" class="icon-list-item">
<span>@icon('edit')</span>
<span>{{ trans('common.edit') }}</span>
</a>
@endif
@if(userCanOnAny(\BookStack\Permissions\Permission::Create, \BookStack\Entities\Models\Book::class) || userCan(\BookStack\Permissions\Permission::ChapterCreateAll) || userCan(\BookStack\Permissions\Permission::ChapterCreateOwn))
<a href="{{ $chapter->getUrl('/copy') }}" data-shortcut="copy" class="icon-list-item">
<span>@icon('copy')</span>
<span>{{ trans('common.copy') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::ChapterUpdate, $chapter) && userCan(\BookStack\Permissions\Permission::ChapterDelete, $chapter))
<a href="{{ $chapter->getUrl('/move') }}" data-shortcut="move" class="icon-list-item">
<span>@icon('folder')</span>
<span>{{ trans('common.move') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $chapter))
<a href="{{ $chapter->getUrl('/permissions') }}" data-shortcut="permissions" class="icon-list-item">
<span>@icon('lock')</span>
<span>{{ trans('entities.permissions') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::ChapterDelete, $chapter))
<a href="{{ $chapter->getUrl('/delete') }}" data-shortcut="delete" class="icon-list-item">
<span>@icon('delete')</span>
<span>{{ trans('common.delete') }}</span>
</a>
@endif
@if($chapter->book && userCan(\BookStack\Permissions\Permission::BookUpdate, $chapter->book))
<hr class="primary-background"/>
<a href="{{ $chapter->book->getUrl('/sort') }}" data-shortcut="sort" class="icon-list-item">
<span>@icon('sort')</span>
<span>{{ trans('entities.chapter_sort_book') }}</span>
</a>
@endif
<hr class="primary-background"/>
@if($watchOptions->canWatch() && !$watchOptions->isWatching())
@include('entities.watch-action', ['entity' => $chapter])
@endif
@if(!user()->isGuest())
@include('entities.favourite-action', ['entity' => $chapter])
@endif
@if(userCan(\BookStack\Permissions\Permission::ContentExport))
@include('entities.export-menu', ['entity' => $chapter])
@endif
</div>
</div>

38
resources/views/chapters/parts/show-sidebar-section-details.blade.php Normal file
View File

@@ -0,0 +1,38 @@
<div class="mb-xl">
<h5>{{ trans('common.details') }}</h5>
<div class="blended-links">
@include('entities.meta', ['entity' => $chapter, 'watchOptions' => $watchOptions])
@if($book->hasPermissions())
<div class="active-restriction">
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book))
<a href="{{ $book->getUrl('/permissions') }}" class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.books_permissions_active') }}</div>
</a>
@else
<div class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.books_permissions_active') }}</div>
</div>
@endif
</div>
@endif
@if($chapter->hasPermissions())
<div class="active-restriction">
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $chapter))
<a href="{{ $chapter->getUrl('/permissions') }}" class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.chapters_permissions_active') }}</div>
</a>
@else
<div class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.chapters_permissions_active') }}</div>
</div>
@endif
</div>
@endif
</div>
</div>

5
resources/views/chapters/parts/show-sidebar-section-tags.blade.php Normal file
View File

@@ -0,0 +1,5 @@
@if($chapter->tags->count() > 0)
<div class="mb-xl">
@include('entities.tag-list', ['entity' => $chapter])
</div>
@endif

116
resources/views/chapters/show.blade.php
View File

@@ -63,123 +63,13 @@
@stop
@section('right')
<div class="mb-xl">
<h5>{{ trans('common.details') }}</h5>
<div class="blended-links">
@include('entities.meta', ['entity' => $chapter, 'watchOptions' => $watchOptions])
@if($book->hasPermissions())
<div class="active-restriction">
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book))
<a href="{{ $book->getUrl('/permissions') }}" class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.books_permissions_active') }}</div>
</a>
@else
<div class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.books_permissions_active') }}</div>
</div>
@endif
</div>
@endif
@if($chapter->hasPermissions())
<div class="active-restriction">
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $chapter))
<a href="{{ $chapter->getUrl('/permissions') }}" class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.chapters_permissions_active') }}</div>
</a>
@else
<div class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.chapters_permissions_active') }}</div>
</div>
@endif
</div>
@endif
</div>
</div>
<div class="actions mb-xl">
<h5>{{ trans('common.actions') }}</h5>
<div class="icon-list text-link">
@if(userCan(\BookStack\Permissions\Permission::PageCreate, $chapter))
<a href="{{ $chapter->getUrl('/create-page') }}" data-shortcut="new" class="icon-list-item">
<span>@icon('add')</span>
<span>{{ trans('entities.pages_new') }}</span>
</a>
@endif
<hr class="primary-background"/>
@if(userCan(\BookStack\Permissions\Permission::ChapterUpdate, $chapter))
<a href="{{ $chapter->getUrl('/edit') }}" data-shortcut="edit" class="icon-list-item">
<span>@icon('edit')</span>
<span>{{ trans('common.edit') }}</span>
</a>
@endif
@if(userCanOnAny(\BookStack\Permissions\Permission::Create, \BookStack\Entities\Models\Book::class) || userCan(\BookStack\Permissions\Permission::ChapterCreateAll) || userCan(\BookStack\Permissions\Permission::ChapterCreateOwn))
<a href="{{ $chapter->getUrl('/copy') }}" data-shortcut="copy" class="icon-list-item">
<span>@icon('copy')</span>
<span>{{ trans('common.copy') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::ChapterUpdate, $chapter) && userCan(\BookStack\Permissions\Permission::ChapterDelete, $chapter))
<a href="{{ $chapter->getUrl('/move') }}" data-shortcut="move" class="icon-list-item">
<span>@icon('folder')</span>
<span>{{ trans('common.move') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $chapter))
<a href="{{ $chapter->getUrl('/permissions') }}" data-shortcut="permissions" class="icon-list-item">
<span>@icon('lock')</span>
<span>{{ trans('entities.permissions') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::ChapterDelete, $chapter))
<a href="{{ $chapter->getUrl('/delete') }}" data-shortcut="delete" class="icon-list-item">
<span>@icon('delete')</span>
<span>{{ trans('common.delete') }}</span>
</a>
@endif
@if($chapter->book && userCan(\BookStack\Permissions\Permission::BookUpdate, $chapter->book))
<hr class="primary-background"/>
<a href="{{ $chapter->book->getUrl('/sort') }}" data-shortcut="sort" class="icon-list-item">
<span>@icon('sort')</span>
<span>{{ trans('entities.chapter_sort_book') }}</span>
</a>
@endif
<hr class="primary-background"/>
@if($watchOptions->canWatch() && !$watchOptions->isWatching())
@include('entities.watch-action', ['entity' => $chapter])
@endif
@if(!user()->isGuest())
@include('entities.favourite-action', ['entity' => $chapter])
@endif
@if(userCan(\BookStack\Permissions\Permission::ContentExport))
@include('entities.export-menu', ['entity' => $chapter])
@endif
</div>
</div>
@include('chapters.parts.show-sidebar-section-details', ['chapter' => $chapter, 'book' => $book, 'watchOptions' => $watchOptions])
@include('chapters.parts.show-sidebar-section-actions', ['chapter' => $chapter, 'watchOptions' => $watchOptions])
@stop
@section('left')
@include('entities.search-form', ['label' => trans('entities.chapters_search_this')])
@if($chapter->tags->count() > 0)
<div class="mb-xl">
@include('entities.tag-list', ['entity' => $chapter])
</div>
@endif
@include('chapters.parts.show-sidebar-section-tags', ['chapter' => $chapter])
@include('entities.book-tree', ['book' => $book, 'sidebarTree' => $sidebarTree])
@stop

2
resources/views/form/description-html-input.blade.php
View File

@@ -1,7 +1,7 @@
<textarea component="wysiwyg-input"
option:wysiwyg-input:text-direction="{{ $locale->htmlDirection() }}"
id="description_html" name="description_html" rows="5"
@if($errors->has('description_html')) class="text-neg" @endif>@if(isset($model) || old('description_html')){{ old('description_html') ?? $model->descriptionInfo()->getHtml() }}@endif</textarea>
@if($errors->has('description_html')) class="text-neg" @endif>@if(isset($model) || old('description_html')){{ old('description_html') ?? $model->descriptionInfo()->getHtml() }}@else{{ '<p></p>' }}@endif</textarea>
@if($errors->has('description_html'))
<div class="text-neg text-small">{{ $errors->first('description_html') }}</div>
@endif

57
resources/views/pages/parts/show-sidebar-section-actions.blade.php Normal file
View File

@@ -0,0 +1,57 @@
<div id="actions" class="actions mb-xl">
<h5>{{ trans('common.actions') }}</h5>
<div class="icon-list text-link">
{{--User Actions--}}
@if(userCan(\BookStack\Permissions\Permission::PageUpdate, $page))
<a href="{{ $page->getUrl('/edit') }}" data-shortcut="edit" class="icon-list-item">
<span>@icon('edit')</span>
<span>{{ trans('common.edit') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::PageCreateAll) || userCan(\BookStack\Permissions\Permission::PageCreateOwn) || userCanOnAny(\BookStack\Permissions\Permission::Create, \BookStack\Entities\Models\Book::class) || userCanOnAny(\BookStack\Permissions\Permission::Create, \BookStack\Entities\Models\Chapter::class))
<a href="{{ $page->getUrl('/copy') }}" data-shortcut="copy" class="icon-list-item">
<span>@icon('copy')</span>
<span>{{ trans('common.copy') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::PageUpdate, $page))
@if(userCan(\BookStack\Permissions\Permission::PageDelete, $page))
<a href="{{ $page->getUrl('/move') }}" data-shortcut="move" class="icon-list-item">
<span>@icon('folder')</span>
<span>{{ trans('common.move') }}</span>
</a>
@endif
@endif
<a href="{{ $page->getUrl('/revisions') }}" data-shortcut="revisions" class="icon-list-item">
<span>@icon('history')</span>
<span>{{ trans('entities.revisions') }}</span>
</a>
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $page))
<a href="{{ $page->getUrl('/permissions') }}" data-shortcut="permissions" class="icon-list-item">
<span>@icon('lock')</span>
<span>{{ trans('entities.permissions') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::PageDelete, $page))
<a href="{{ $page->getUrl('/delete') }}" data-shortcut="delete" class="icon-list-item">
<span>@icon('delete')</span>
<span>{{ trans('common.delete') }}</span>
</a>
@endif
<hr class="primary-background"/>
@if($watchOptions->canWatch() && !$watchOptions->isWatching())
@include('entities.watch-action', ['entity' => $page])
@endif
@if(!user()->isGuest())
@include('entities.favourite-action', ['entity' => $page])
@endif
@if(userCan(\BookStack\Permissions\Permission::ContentExport))
@include('entities.export-menu', ['entity' => $page])
@endif
</div>
</div>

8
resources/views/pages/parts/show-sidebar-section-attachments.blade.php Normal file
View File

@@ -0,0 +1,8 @@
@if($page->attachments->count() > 0)
<div id="page-attachments" class="mb-l">
<h5>{{ trans('entities.pages_attachments') }}</h5>
<div class="body">
@include('attachments.list', ['attachments' => $page->attachments])
</div>
</div>
@endif

61
resources/views/pages/parts/show-sidebar-section-details.blade.php Normal file
View File

@@ -0,0 +1,61 @@
<div id="page-details" class="entity-details mb-xl">
<h5>{{ trans('common.details') }}</h5>
<div class="blended-links">
@include('entities.meta', ['entity' => $page, 'watchOptions' => $watchOptions])
@if($book->hasPermissions())
<div class="active-restriction">
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book))
<a href="{{ $book->getUrl('/permissions') }}" class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.books_permissions_active') }}</div>
</a>
@else
<div class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.books_permissions_active') }}</div>
</div>
@endif
</div>
@endif
@if($page->chapter && $page->chapter->hasPermissions())
<div class="active-restriction">
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $page->chapter))
<a href="{{ $page->chapter->getUrl('/permissions') }}" class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.chapters_permissions_active') }}</div>
</a>
@else
<div class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.chapters_permissions_active') }}</div>
</div>
@endif
</div>
@endif
@if($page->hasPermissions())
<div class="active-restriction">
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $page))
<a href="{{ $page->getUrl('/permissions') }}" class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.pages_permissions_active') }}</div>
</a>
@else
<div class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.pages_permissions_active') }}</div>
</div>
@endif
</div>
@endif
@if($page->template)
<div class="entity-meta-item">
@icon('template')
<div>{{ trans('entities.pages_is_template') }}</div>
</div>
@endif
</div>
</div>

15
resources/views/pages/parts/show-sidebar-section-page-nav.blade.php Normal file
View File

@@ -0,0 +1,15 @@
@if(isset($pageNav) && count($pageNav))
<nav id="page-navigation" class="mb-xl" aria-label="{{ trans('entities.pages_navigation') }}">
<h5>{{ trans('entities.pages_navigation') }}</h5>
<div class="body">
<div class="sidebar-page-nav menu">
@foreach($pageNav as $navItem)
<li class="page-nav-item h{{ $navItem['level'] }}">
<a href="{{ $navItem['link'] }}" class="text-limit-lines-1 block">{{ $navItem['text'] }}</a>
<div class="link-background sidebar-page-nav-bullet"></div>
</li>
@endforeach
</div>
</div>
</nav>
@endif

5
resources/views/pages/parts/show-sidebar-section-tags.blade.php Normal file
View File

@@ -0,0 +1,5 @@
@if($page->tags->count() > 0)
<section>
@include('entities.tag-list', ['entity' => $page])
</section>
@endif

158
resources/views/pages/show.blade.php
View File

@@ -22,7 +22,7 @@
class="page-content clearfix">
@include('pages.parts.page-display')
</div>
@include('pages.parts.pointer', ['page' => $page])
@include('pages.parts.pointer', ['page' => $page, 'commentTree' => $commentTree])
</main>
@include('entities.sibling-navigation', ['next' => $next, 'previous' => $previous])
@@ -36,159 +36,13 @@
@stop
@section('left')
@if($page->tags->count() > 0)
<section>
@include('entities.tag-list', ['entity' => $page])
</section>
@endif
@if ($page->attachments->count() > 0)
<div id="page-attachments" class="mb-l">
<h5>{{ trans('entities.pages_attachments') }}</h5>
<div class="body">
@include('attachments.list', ['attachments' => $page->attachments])
</div>
</div>
@endif
@if (isset($pageNav) && count($pageNav))
<nav id="page-navigation" class="mb-xl" aria-label="{{ trans('entities.pages_navigation') }}">
<h5>{{ trans('entities.pages_navigation') }}</h5>
<div class="body">
<div class="sidebar-page-nav menu">
@foreach($pageNav as $navItem)
<li class="page-nav-item h{{ $navItem['level'] }}">
<a href="{{ $navItem['link'] }}" class="text-limit-lines-1 block">{{ $navItem['text'] }}</a>
<div class="link-background sidebar-page-nav-bullet"></div>
</li>
@endforeach
</div>
</div>
</nav>
@endif
@include('pages.parts.show-sidebar-section-tags', ['page' => $page])
@include('pages.parts.show-sidebar-section-attachments', ['page' => $page])
@include('pages.parts.show-sidebar-section-page-nav', ['pageNav' => $pageNav])
@include('entities.book-tree', ['book' => $book, 'sidebarTree' => $sidebarTree])
@stop
@section('right')
<div id="page-details" class="entity-details mb-xl">
<h5>{{ trans('common.details') }}</h5>
<div class="blended-links">
@include('entities.meta', ['entity' => $page, 'watchOptions' => $watchOptions])
@if($book->hasPermissions())
<div class="active-restriction">
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $book))
<a href="{{ $book->getUrl('/permissions') }}" class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.books_permissions_active') }}</div>
</a>
@else
<div class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.books_permissions_active') }}</div>
</div>
@endif
</div>
@endif
@if($page->chapter && $page->chapter->hasPermissions())
<div class="active-restriction">
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $page->chapter))
<a href="{{ $page->chapter->getUrl('/permissions') }}" class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.chapters_permissions_active') }}</div>
</a>
@else
<div class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.chapters_permissions_active') }}</div>
</div>
@endif
</div>
@endif
@if($page->hasPermissions())
<div class="active-restriction">
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $page))
<a href="{{ $page->getUrl('/permissions') }}" class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.pages_permissions_active') }}</div>
</a>
@else
<div class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.pages_permissions_active') }}</div>
</div>
@endif
</div>
@endif
@if($page->template)
<div class="entity-meta-item">
@icon('template')
<div>{{ trans('entities.pages_is_template') }}</div>
</div>
@endif
</div>
</div>
<div class="actions mb-xl">
<h5>{{ trans('common.actions') }}</h5>
<div class="icon-list text-link">
{{--User Actions--}}
@if(userCan(\BookStack\Permissions\Permission::PageUpdate, $page))
<a href="{{ $page->getUrl('/edit') }}" data-shortcut="edit" class="icon-list-item">
<span>@icon('edit')</span>
<span>{{ trans('common.edit') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::PageCreateAll) || userCan(\BookStack\Permissions\Permission::PageCreateOwn) || userCanOnAny(\BookStack\Permissions\Permission::Create, \BookStack\Entities\Models\Book::class) || userCanOnAny(\BookStack\Permissions\Permission::Create, \BookStack\Entities\Models\Chapter::class))
<a href="{{ $page->getUrl('/copy') }}" data-shortcut="copy" class="icon-list-item">
<span>@icon('copy')</span>
<span>{{ trans('common.copy') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::PageUpdate, $page))
@if(userCan(\BookStack\Permissions\Permission::PageDelete, $page))
<a href="{{ $page->getUrl('/move') }}" data-shortcut="move" class="icon-list-item">
<span>@icon('folder')</span>
<span>{{ trans('common.move') }}</span>
</a>
@endif
@endif
<a href="{{ $page->getUrl('/revisions') }}" data-shortcut="revisions" class="icon-list-item">
<span>@icon('history')</span>
<span>{{ trans('entities.revisions') }}</span>
</a>
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $page))
<a href="{{ $page->getUrl('/permissions') }}" data-shortcut="permissions" class="icon-list-item">
<span>@icon('lock')</span>
<span>{{ trans('entities.permissions') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::PageDelete, $page))
<a href="{{ $page->getUrl('/delete') }}" data-shortcut="delete" class="icon-list-item">
<span>@icon('delete')</span>
<span>{{ trans('common.delete') }}</span>
</a>
@endif
<hr class="primary-background"/>
@if($watchOptions->canWatch() && !$watchOptions->isWatching())
@include('entities.watch-action', ['entity' => $page])
@endif
@if(!user()->isGuest())
@include('entities.favourite-action', ['entity' => $page])
@endif
@if(userCan(\BookStack\Permissions\Permission::ContentExport))
@include('entities.export-menu', ['entity' => $page])
@endif
</div>
</div>
@include('pages.parts.show-sidebar-section-details', ['page' => $page, 'watchOptions' => $watchOptions, 'book' => $book])
@include('pages.parts.show-sidebar-section-actions', ['page' => $page, 'watchOptions' => $watchOptions])
@stop

48
resources/views/shelves/index.blade.php
View File

@@ -5,51 +5,11 @@
@stop
@section('right')
<div class="actions mb-xl">
<h5>{{ trans('common.actions') }}</h5>
<div class="icon-list text-link">
@if(userCan(\BookStack\Permissions\Permission::BookshelfCreateAll))
<a href="{{ url("/create-shelf") }}" data-shortcut="new" class="icon-list-item">
<span>@icon('add')</span>
<span>{{ trans('entities.shelves_new_action') }}</span>
</a>
@endif
@include('entities.view-toggle', ['view' => $view, 'type' => 'bookshelves'])
<a href="{{ url('/tags') }}" class="icon-list-item">
<span>@icon('tag')</span>
<span>{{ trans('entities.tags_view_tags') }}</span>
</a>
</div>
</div>
@include('shelves.parts.index-sidebar-section-actions', ['view' => $view])
@stop
@section('left')
@if($recents)
<div id="recents" class="mb-xl">
<h5>{{ trans('entities.recently_viewed') }}</h5>
@include('entities.list', ['entities' => $recents, 'style' => 'compact'])
</div>
@endif
<div id="popular" class="mb-xl">
<h5>{{ trans('entities.shelves_popular') }}</h5>
@if(count($popular) > 0)
@include('entities.list', ['entities' => $popular, 'style' => 'compact'])
@else
<p class="text-muted pb-l mb-none">{{ trans('entities.shelves_popular_empty') }}</p>
@endif
</div>
<div id="new" class="mb-xl">
<h5>{{ trans('entities.shelves_new') }}</h5>
@if(count($new) > 0)
@include('entities.list', ['entities' => $new, 'style' => 'compact'])
@else
<p class="text-muted pb-l mb-none">{{ trans('entities.shelves_new_empty') }}</p>
@endif
</div>
@include('shelves.parts.index-sidebar-section-recents', ['recents' => $recents])
@include('shelves.parts.index-sidebar-section-popular', ['popular' => $popular])
@include('shelves.parts.index-sidebar-section-new', ['new' => $new])
@stop

18
resources/views/shelves/parts/index-sidebar-section-actions.blade.php Normal file
View File

@@ -0,0 +1,18 @@
<div id="actions" class="actions mb-xl">
<h5>{{ trans('common.actions') }}</h5>
<div class="icon-list text-link">
@if(userCan(\BookStack\Permissions\Permission::BookshelfCreateAll))
<a href="{{ url("/create-shelf") }}" data-shortcut="new" class="icon-list-item">
<span>@icon('add')</span>
<span>{{ trans('entities.shelves_new_action') }}</span>
</a>
@endif
@include('entities.view-toggle', ['view' => $view, 'type' => 'bookshelves'])
<a href="{{ url('/tags') }}" class="icon-list-item">
<span>@icon('tag')</span>
<span>{{ trans('entities.tags_view_tags') }}</span>
</a>
</div>
</div>

8
resources/views/shelves/parts/index-sidebar-section-new.blade.php Normal file
View File

@@ -0,0 +1,8 @@
<div id="new" class="mb-xl">
<h5>{{ trans('entities.shelves_new') }}</h5>
@if(count($new) > 0)
@include('entities.list', ['entities' => $new, 'style' => 'compact'])
@else
<p class="text-muted pb-l mb-none">{{ trans('entities.shelves_new_empty') }}</p>
@endif
</div>

8
resources/views/shelves/parts/index-sidebar-section-popular.blade.php Normal file
View File

@@ -0,0 +1,8 @@
<div id="popular" class="mb-xl">
<h5>{{ trans('entities.shelves_popular') }}</h5>
@if(count($popular) > 0)
@include('entities.list', ['entities' => $popular, 'style' => 'compact'])
@else
<p class="text-muted pb-l mb-none">{{ trans('entities.shelves_popular_empty') }}</p>
@endif
</div>

6
resources/views/shelves/parts/index-sidebar-section-recents.blade.php Normal file
View File

@@ -0,0 +1,6 @@
@if($recents)
<div id="recents" class="mb-xl">
<h5>{{ trans('entities.recently_viewed') }}</h5>
@include('entities.list', ['entities' => $recents, 'style' => 'compact'])
</div>
@endif

43
resources/views/shelves/parts/show-sidebar-section-actions.blade.php Normal file
View File

@@ -0,0 +1,43 @@
<div id="actions" class="actions mb-xl">
<h5>{{ trans('common.actions') }}</h5>
<div class="icon-list text-link">
@if(userCan(\BookStack\Permissions\Permission::BookCreateAll) && userCan(\BookStack\Permissions\Permission::BookshelfUpdate, $shelf))
<a href="{{ $shelf->getUrl('/create-book') }}" data-shortcut="new" class="icon-list-item">
<span class="icon">@icon('add')</span>
<span>{{ trans('entities.books_new_action') }}</span>
</a>
@endif
@include('entities.view-toggle', ['view' => $view, 'type' => 'bookshelf'])
<hr class="primary-background">
@if(userCan(\BookStack\Permissions\Permission::BookshelfUpdate, $shelf))
<a href="{{ $shelf->getUrl('/edit') }}" data-shortcut="edit" class="icon-list-item">
<span>@icon('edit')</span>
<span>{{ trans('common.edit') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $shelf))
<a href="{{ $shelf->getUrl('/permissions') }}" data-shortcut="permissions" class="icon-list-item">
<span>@icon('lock')</span>
<span>{{ trans('entities.permissions') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::BookshelfDelete, $shelf))
<a href="{{ $shelf->getUrl('/delete') }}" data-shortcut="delete" class="icon-list-item">
<span>@icon('delete')</span>
<span>{{ trans('common.delete') }}</span>
</a>
@endif
@if(!user()->isGuest())
<hr class="primary-background">
@include('entities.favourite-action', ['entity' => $shelf])
@endif
</div>
</div>

6
resources/views/shelves/parts/show-sidebar-section-activity.blade.php Normal file
View File

@@ -0,0 +1,6 @@
@if(count($activity) > 0)
<div id="recent-activity" class="mb-xl">
<h5>{{ trans('entities.recent_activity') }}</h5>
@include('common.activity-list', ['activity' => $activity])
</div>
@endif

21
resources/views/shelves/parts/show-sidebar-section-details.blade.php Normal file
View File

@@ -0,0 +1,21 @@
<div id="details" class="mb-xl">
<h5>{{ trans('common.details') }}</h5>
<div class="blended-links">
@include('entities.meta', ['entity' => $shelf, 'watchOptions' => null])
@if($shelf->hasPermissions())
<div class="active-restriction">
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $shelf))
<a href="{{ $shelf->getUrl('/permissions') }}" class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.shelves_permissions_active') }}</div>
</a>
@else
<div class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.shelves_permissions_active') }}</div>
</div>
@endif
</div>
@endif
</div>
</div>

5
resources/views/shelves/parts/show-sidebar-section-tags.blade.php Normal file
View File

@@ -0,0 +1,5 @@
@if($shelf->tags->count() > 0)
<div id="tags" class="mb-xl">
@include('entities.tag-list', ['entity' => $shelf])
</div>
@endif

82
resources/views/shelves/show.blade.php
View File

@@ -69,87 +69,13 @@
@stop
@section('left')
@if($shelf->tags->count() > 0)
<div id="tags" class="mb-xl">
@include('entities.tag-list', ['entity' => $shelf])
</div>
@endif
<div id="details" class="mb-xl">
<h5>{{ trans('common.details') }}</h5>
<div class="blended-links">
@include('entities.meta', ['entity' => $shelf, 'watchOptions' => null])
@if($shelf->hasPermissions())
<div class="active-restriction">
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $shelf))
<a href="{{ $shelf->getUrl('/permissions') }}" class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.shelves_permissions_active') }}</div>
</a>
@else
<div class="entity-meta-item">
@icon('lock')
<div>{{ trans('entities.shelves_permissions_active') }}</div>
</div>
@endif
</div>
@endif
</div>
</div>
@if(count($activity) > 0)
<div id="recent-activity" class="mb-xl">
<h5>{{ trans('entities.recent_activity') }}</h5>
@include('common.activity-list', ['activity' => $activity])
</div>
@endif
@include('shelves.parts.show-sidebar-section-tags', ['shelf' => $shelf])
@include('shelves.parts.show-sidebar-section-details', ['shelf' => $shelf])
@include('shelves.parts.show-sidebar-section-activity', ['activity' => $activity])
@stop
@section('right')
<div class="actions mb-xl">
<h5>{{ trans('common.actions') }}</h5>
<div class="icon-list text-link">
@if(userCan(\BookStack\Permissions\Permission::BookCreateAll) && userCan(\BookStack\Permissions\Permission::BookshelfUpdate, $shelf))
<a href="{{ $shelf->getUrl('/create-book') }}" data-shortcut="new" class="icon-list-item">
<span class="icon">@icon('add')</span>
<span>{{ trans('entities.books_new_action') }}</span>
</a>
@endif
@include('entities.view-toggle', ['view' => $view, 'type' => 'bookshelf'])
<hr class="primary-background">
@if(userCan(\BookStack\Permissions\Permission::BookshelfUpdate, $shelf))
<a href="{{ $shelf->getUrl('/edit') }}" data-shortcut="edit" class="icon-list-item">
<span>@icon('edit')</span>
<span>{{ trans('common.edit') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::RestrictionsManage, $shelf))
<a href="{{ $shelf->getUrl('/permissions') }}" data-shortcut="permissions" class="icon-list-item">
<span>@icon('lock')</span>
<span>{{ trans('entities.permissions') }}</span>
</a>
@endif
@if(userCan(\BookStack\Permissions\Permission::BookshelfDelete, $shelf))
<a href="{{ $shelf->getUrl('/delete') }}" data-shortcut="delete" class="icon-list-item">
<span>@icon('delete')</span>
<span>{{ trans('common.delete') }}</span>
</a>
@endif
@if(!user()->isGuest())
<hr class="primary-background">
@include('entities.favourite-action', ['entity' => $shelf])
@endif
</div>
</div>
@include('shelves.parts.show-sidebar-section-actions', ['shelf' => $shelf, 'view' => $view])
@stop

1
storage/framework/.gitignore vendored
View File

@@ -7,3 +7,4 @@ routes.php
routes.scanned.php
schedule-*
services.json
purifier/

289
tests/Commands/InstallModuleCommandTest.php Normal file
View File

@@ -0,0 +1,289 @@
<?php
namespace Tests\Commands;
use GuzzleHttp\Psr7\Response;
use Illuminate\Support\Facades\File;
use Tests\TestCase;
use ZipArchive;
class InstallModuleCommandTest extends TestCase
{
public function test_local_module_install_with_active_theme()
{
$this->usingThemeFolder(function () {
$zip = $this->getModuleZipPath();
$expectedInstallPath = theme_path('modules/test-module');
$this->artisan('bookstack:install-module', ['location' => $zip])
->expectsOutput('Module "Test Module" (v1.0.0) successfully installed!')
->expectsOutput("Install location: {$expectedInstallPath}")
->assertExitCode(0);
$this->assertDirectoryExists($expectedInstallPath);
$this->assertFileExists($expectedInstallPath . '/bookstack-module.json');
});
}
public function test_remote_module_install_with_active_theme()
{
$this->usingThemeFolder(function () {
$zip = $this->getModuleZipPath();
$http = $this->mockHttpClient([
new Response(200, ['Content-Length' => filesize($zip)], file_get_contents($zip))
]);
$expectedInstallPath = theme_path('modules/test-module');
$this->artisan('bookstack:install-module', ['location' => 'https://example.com/test-module.zip'])
->expectsOutput("This will download a module from example.com. Modules can contain code which would have the ability to do anything on the BookStack host server.\nYou should only install modules from trusted sources.")
->expectsConfirmation('Are you sure you trust this source?', 'yes')
->expectsOutput('Module "Test Module" (v1.0.0) successfully installed!')
->expectsOutput("Install location: {$expectedInstallPath}")
->assertExitCode(0);
$this->assertEquals(1, $http->requestCount());
$request = $http->requestAt(0);
$this->assertEquals('/test-module.zip', $request->getUri()->getPath());
$this->assertDirectoryExists($expectedInstallPath);
$this->assertFileExists($expectedInstallPath . '/bookstack-module.json');
});
}
public function test_remote_http_module_warns_and_prompts_users()
{
$this->usingThemeFolder(function () {
$zip = $this->getModuleZipPath();
$http = $this->mockHttpClient([
new Response(200, ['Content-Length' => filesize($zip)], file_get_contents($zip))
]);
$expectedInstallPath = theme_path('modules/test-module');
$this->artisan('bookstack:install-module', ['location' => 'http://example.com/test-module.zip'])
->expectsOutput("This will download a module from example.com. Modules can contain code which would have the ability to do anything on the BookStack host server.\nYou should only install modules from trusted sources.")
->expectsConfirmation('Are you sure you trust this source?', 'yes')
->expectsOutput("You are downloading a module from an insecure HTTP source.\nWe recommend only using HTTPS sources to avoid various security risks.")
->expectsConfirmation('Are you sure you want to continue without HTTPS?', 'yes')
->expectsOutput('Module "Test Module" (v1.0.0) successfully installed!')
->expectsOutput("Install location: {$expectedInstallPath}")
->assertExitCode(0);
$request = $http->requestAt(0);
$this->assertEquals('/test-module.zip', $request->getUri()->getPath());
});
}
public function test_remote_module_install_follows_redirects()
{
$this->usingThemeFolder(function () {
$zip = $this->getModuleZipPath();
$http = $this->mockHttpClient([
new Response(302, ['Location' => 'https://example.com/a-test-module.zip']),
new Response(200, ['Content-Length' => filesize($zip)], file_get_contents($zip))
]);
$this->artisan('bookstack:install-module', ['location' => 'https://example.com/test-module.zip'])
->expectsConfirmation('Are you sure you trust this source?', 'yes')
->assertExitCode(0);
$this->assertEquals(2, $http->requestCount());
$this->assertEquals('/test-module.zip', $http->requestAt(0)->getUri()->getPath());
$this->assertEquals('/a-test-module.zip', $http->requestAt(1)->getUri()->getPath());
});
}
public function test_remote_module_install_does_not_follow_redirects_to_different_origin()
{
$this->usingThemeFolder(function () {
$zip = $this->getModuleZipPath();
$http = $this->mockHttpClient([
new Response(302, ['Location' => 'http://example.com/a-test-module.zip']),
new Response(200, ['Content-Length' => filesize($zip)], file_get_contents($zip))
]);
$this->artisan('bookstack:install-module', ['location' => 'https://example.com/test-module.zip'])
->expectsConfirmation('Are you sure you trust this source?', 'yes')
->assertExitCode(1);
$this->assertEquals(1, $http->requestCount());
$this->assertEquals('https', $http->requestAt(0)->getUri()->getScheme());
});
}
public function test_remote_module_install_download_failures_are_announced_to_user()
{
$this->usingThemeFolder(function () {
$http = $this->mockHttpClient([
new Response(404),
]);
$this->artisan('bookstack:install-module', ['location' => 'https://example.com/test-module.zip'])
->expectsConfirmation('Are you sure you trust this source?', 'yes')
->expectsOutput('ERROR: Failed to download module from https://example.com/test-module.zip')
->expectsOutput('Download failed with status code 404')
->assertExitCode(1);
$this->assertEquals(1, $http->requestCount());
});
}
public function test_run_with_invalid_path_exits_early()
{
$this->artisan('bookstack:install-module', ['location' => '/not-found.zip'])
->expectsOutput('ERROR: Module file not found at /not-found.zip')
->assertExitCode(1);
}
public function test_run_with_invalid_zip_has_early_exit()
{
$zip = $this->getModuleZipPath();
file_put_contents($zip, 'invalid zip');
$this->artisan('bookstack:install-module', ['location' => $zip])
->expectsOutput("ERROR: Cannot open ZIP file at {$zip}")
->assertExitCode(1);
}
public function test_run_with_large_zip_has_early_exit()
{
$zip = $this->getModuleZipPath(null, [
'large-file.txt' => str_repeat('a', 1024 * 1024 * 51)
]);
$this->artisan('bookstack:install-module', ['location' => $zip])
->expectsOutput("ERROR: Module ZIP file contents are too large. Maximum size is 50MB")
->assertExitCode(1);
}
public function test_run_with_invalid_module_data_has_early_exit()
{
$zip = $this->getModuleZipPath([
'name' => 'Invalid Module',
'description' => 'A module with invalid data',
'version' => 'dog',
]);
$this->artisan('bookstack:install-module', ['location' => $zip])
->expectsOutput("ERROR: Failed to read module metadata with error: Module in folder \"_temp\" has an invalid 'version' format. Expected semantic version format like '1.0.0' or 'v1.0.0'")
->assertExitCode(1);
}
public function test_local_module_install_without_active_theme_can_setup_theme_folder()
{
$zip = $this->getModuleZipPath();
$expectedThemePath = base_path('themes/custom');
File::deleteDirectory($expectedThemePath);
$this->artisan('bookstack:install-module', ['location' => $zip])
->expectsConfirmation('No active theme folder found, would you like to create one?', 'yes')
->expectsOutput("Created theme folder at {$expectedThemePath}")
->expectsOutput("You will need to set APP_THEME=custom in your BookStack env configuration to enable this theme!")
->expectsOutput('Module "Test Module" (v1.0.0) successfully installed!')
->assertExitCode(0);
$this->assertDirectoryExists($expectedThemePath . '/modules/test-module');
File::deleteDirectory($expectedThemePath);
}
public function test_local_module_install_with_active_theme_and_conflicting_modules_file_causes_early_exit()
{
$this->usingThemeFolder(function () {
$zip = $this->getModuleZipPath();
File::put(theme_path('modules'), '{}');
$this->artisan('bookstack:install-module', ['location' => $zip])
->expectsOutput("ERROR: Cannot create a modules folder, file already exists at " . theme_path('modules'))
->assertExitCode(1);
});
}
public function test_single_existing_module_with_same_name_replace()
{
$this->usingThemeFolder(function () {
$original = $this->createModuleFolderInCurrentTheme(['name' => 'Test Module', 'description' => 'cat', 'version' => '1.0.0']);
$new = $this->getModuleZipPath(['name' => 'Test Module', 'description' => '', 'version' => '2.0.0']);
$this->artisan('bookstack:install-module', ['location' => $new])
->expectsOutput('The following modules already exist with the same name:')
->expectsOutput('Test Module (test-module:v1.0.0) - cat')
->expectsChoice('What would you like to do?', 'Replace existing module', ['Cancel module install', 'Add alongside existing module', 'Replace existing module'])
->expectsOutput("Replacing existing module in test-module folder")
->assertExitCode(0);
$this->assertFileExists($original . '/bookstack-module.json');
$metadata = json_decode(file_get_contents($original . '/bookstack-module.json'), true);
$this->assertEquals('2.0.0', $metadata['version']);
});
}
public function test_single_existing_module_with_same_name_cancel()
{
$this->usingThemeFolder(function () {
$original = $this->createModuleFolderInCurrentTheme(['name' => 'Test Module', 'description' => 'cat', 'version' => '1.0.0']);
$new = $this->getModuleZipPath(['name' => 'Test Module', 'description' => '', 'version' => '2.0.0']);
$this->artisan('bookstack:install-module', ['location' => $new])
->expectsOutput('The following modules already exist with the same name:')
->expectsOutput('Test Module (test-module:v1.0.0) - cat')
->expectsChoice('What would you like to do?', 'Cancel module install', ['Cancel module install', 'Add alongside existing module', 'Replace existing module'])
->assertExitCode(1);
$this->assertFileExists($original . '/bookstack-module.json');
$metadata = json_decode(file_get_contents($original . '/bookstack-module.json'), true);
$this->assertEquals('1.0.0', $metadata['version']);
});
}
public function test_single_existing_module_with_same_name_add()
{
$this->usingThemeFolder(function () {
$original = $this->createModuleFolderInCurrentTheme(['name' => 'Test Module', 'description' => 'cat', 'version' => '1.0.0']);
$new = $this->getModuleZipPath(['name' => 'Test Module', 'description' => '', 'version' => '2.0.0']);
$this->artisan('bookstack:install-module', ['location' => $new])
->expectsOutput('The following modules already exist with the same name:')
->expectsOutput('Test Module (test-module:v1.0.0) - cat')
->expectsChoice('What would you like to do?', 'Add alongside existing module', ['Cancel module install', 'Add alongside existing module', 'Replace existing module'])
->assertExitCode(0);
$dirs = File::directories(theme_path('modules/'));
$this->assertCount(2, $dirs);
});
}
protected function createModuleFolderInCurrentTheme(array|null $metadata = null, array $extraFiles = []): string
{
$original = $this->getModuleZipPath($metadata, $extraFiles);
$targetPath = theme_path('modules/test-module');
mkdir($targetPath, 0777, true);
$originalZip = new ZipArchive();
$originalZip->open($original);
$originalZip->extractTo($targetPath);
$originalZip->close();
return $targetPath;
}
protected function getModuleZipPath(array|null $metadata = null, array $extraFiles = []): string
{
$zip = new ZipArchive();
$tmpFile = tempnam(sys_get_temp_dir(), 'bs-test-module');
$zip->open($tmpFile, ZipArchive::CREATE);
$zip->addFromString('bookstack-module.json', json_encode($metadata ?? [
'name' => 'Test Module',
'description' => 'A test module for BookStack',
'version' => '1.0.0',
]));
foreach ($extraFiles as $path => $contents) {
$zip->addFromString($path, $contents);
}
$zip->close();
return $tmpFile;
}
}

35
tests/Entity/BookTest.php
View File

@@ -154,6 +154,20 @@ class BookTest extends TestCase
$this->assertNotificationContains($redirectReq, 'Book Successfully Deleted');
}
public function test_delete_with_shelf_context_returns_to_shelf_view_after_delete()
{
$shelf = $this->entities->shelfHasBooks();
/** @var Book $book */
$book = $shelf->books()->first();
$this->asEditor()->get($shelf->getUrl());
$this->get($book->getUrl());
$this->get($book->getUrl('/delete'));
$resp = $this->delete($book->getUrl());
$resp->assertRedirect($shelf->getUrl());
}
public function test_cancel_on_create_page_leads_back_to_books_listing()
{
$resp = $this->asEditor()->get('/create-book');
@@ -264,4 +278,25 @@ class BookTest extends TestCase
$resp = $this->asEditor()->get($book->getUrl());
$resp->assertSee("<p>My great<br>\ndescription<br>\n<br>\nwith newlines</p>", false);
}
public function test_description_with_only_br_tags_results_in_empty_p_tag_used_on_show()
{
$descriptions = [
'<p><br></p>',
'<p><br><br><br><br></p>',
'<p><br><br><br></p><h1><br><br><br><br><br></h1>',
];
$book = $this->entities->book();
$this->asEditor();
foreach ($descriptions as $descriptionTestCase) {
$book->description_html = $descriptionTestCase;
$book->save();
$resp = $this->get($book->getUrl());
$html = $this->withHtml($resp);
$descriptionHtml = $html->getInnerHtml('.book-content > div.text-muted:first-child');
$this->assertEquals('<p></p>', $descriptionHtml);
}
}
}

481
tests/Entity/PageContentFilteringTest.php Normal file
View File

@@ -0,0 +1,481 @@
<?php
namespace Tests\Entity;
use Tests\TestCase;
class PageContentFilteringTest extends TestCase
{
public function test_page_content_scripts_removed_by_default()
{
$this->asEditor();
$page = $this->entities->page();
$script = 'abc123<script>console.log("hello-test")</script>abc123';
$page->html = "escape {$script}";
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$pageView->assertDontSee($script, false);
$pageView->assertSee('abc123abc123');
}
public function test_more_complex_content_script_escaping_scenarios()
{
config()->set('app.content_filtering', 'j');
$checks = [
"<p>Some script</p><script>alert('cat')</script>",
"<div><div><div><div><p>Some script</p><script>alert('cat')</script></div></div></div></div>",
"<p>Some script<script>alert('cat')</script></p>",
"<p>Some script <div><script>alert('cat')</script></div></p>",
"<p>Some script <script><div>alert('cat')</script></div></p>",
"<p>Some script <script><div>alert('cat')</script><script><div>alert('cat')</script></p><script><div>alert('cat')</script>",
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$this->withHtml($pageView)->assertElementNotContains('.page-content', '<script>');
$this->withHtml($pageView)->assertElementNotContains('.page-content', '</script>');
}
}
public function test_js_and_base64_src_urls_are_removed()
{
config()->set('app.content_filtering', 'j');
$checks = [
'<iframe src="javascript:alert(document.cookie)"></iframe>',
'<iframe src="JavAScRipT:alert(document.cookie)"></iframe>',
'<iframe src="JavAScRipT:alert(document.cookie)"></iframe>',
'<iframe SRC=" javascript: alert(document.cookie)"></iframe>',
'<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',
'<iframe src="DaTa:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',
'<iframe src=" data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',
'<img src="javascript:alert(document.cookie)"/>',
'<img src="JavAScRipT:alert(document.cookie)"/>',
'<img src="JavAScRipT:alert(document.cookie)"/>',
'<img SRC=" javascript: alert(document.cookie)"/>',
'<img src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
'<img src="DaTa:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
'<img src=" data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
'<iframe srcdoc="<script>window.alert(document.cookie)</script>"></iframe>',
'<iframe SRCdoc="<script>window.alert(document.cookie)</script>"></iframe>',
'<IMG SRC=`javascript:alert("RSnake says, \'XSS\'")`>',
'<object data="javascript:alert(document.cookie)"></object>',
'<object data="JavAScRipT:alert(document.cookie)"></object>',
'<object data="JavAScRipT:alert(document.cookie)"></object>',
'<object SRC=" javascript: alert(document.cookie)"></object>',
'<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></object>',
'<object data="DaTa:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></object>',
'<object data=" data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></object>',
'<embed src="javascript:alert(document.cookie)"/>',
'<embed src="JavAScRipT:alert(document.cookie)"/>',
'<embed src="JavAScRipT:alert(document.cookie)"/>',
'<embed SRC=" javascript: alert(document.cookie)"/>',
'<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
'<embed src="DaTa:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
'<embed src=" data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$html = $this->withHtml($pageView);
$html->assertElementNotContains('.page-content', '<object');
$html->assertElementNotContains('.page-content', 'data=');
$html->assertElementNotContains('.page-content', '<iframe>');
$html->assertElementNotContains('.page-content', '<img');
$html->assertElementNotContains('.page-content', '</iframe>');
$html->assertElementNotContains('.page-content', 'src=');
$html->assertElementNotContains('.page-content', 'javascript:');
$html->assertElementNotContains('.page-content', 'data:');
$html->assertElementNotContains('.page-content', 'base64');
}
}
public function test_javascript_uri_links_are_removed()
{
config()->set('app.content_filtering', 'j');
$checks = [
'<a id="xss" href="javascript:alert(document.cookie)>Click me</a>',
'<a id="xss" href="javascript: alert(document.cookie)>Click me</a>',
'<a id="xss" href="JaVaScRiPt: alert(document.cookie)>Click me</a>',
'<a id="xss" href=" JaVaScRiPt: alert(document.cookie)>Click me</a>',
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$this->withHtml($pageView)->assertElementNotContains('.page-content', '<a id="xss"');
$this->withHtml($pageView)->assertElementNotContains('.page-content', 'href=javascript:');
}
}
public function test_form_filtering_is_controlled_by_config()
{
config()->set('app.content_filtering', '');
$page = $this->entities->page();
$page->html = '<form><input type="text" id="dont-see-this" value="test"></form>';
$page->save();
$this->asEditor()->get($page->getUrl())->assertSee('dont-see-this', false);
config()->set('app.content_filtering', 'f');
$this->get($page->getUrl())->assertDontSee('dont-see-this', false);
}
public function test_form_actions_with_javascript_are_removed()
{
config()->set('app.content_filtering', 'j');
$checks = [
'<customform><custominput id="xss" type=submit formaction=javascript:alert(document.domain) value=Submit><custominput></customform>',
'<customform ><custombutton id="xss" formaction="JaVaScRiPt:alert(document.domain)">Click me</custombutton></customform>',
'<customform ><custombutton id="xss" formaction=javascript:alert(document.domain)>Click me</custombutton></customform>',
'<customform id="xss" action=javascript:alert(document.domain)><input type=submit value=Submit></customform>',
'<customform id="xss" action="JaVaScRiPt:alert(document.domain)"><input type=submit value=Submit></customform>',
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$pageView->assertDontSee('id="xss"', false);
$pageView->assertDontSee('action=javascript:', false);
$pageView->assertDontSee('action=JaVaScRiPt:', false);
$pageView->assertDontSee('formaction=javascript:', false);
$pageView->assertDontSee('formaction=JaVaScRiPt:', false);
}
}
public function test_form_elements_are_removed()
{
config()->set('app.content_filtering', 'f');
$checks = [
'<p>thisisacattofind</p><form>thisdogshouldnotbefound</form>',
'<p>thisisacattofind</p><input type="text" value="thisdogshouldnotbefound">',
'<p>thisisacattofind</p><select><option>thisdogshouldnotbefound</option></select>',
'<p>thisisacattofind</p><textarea>thisdogshouldnotbefound</textarea>',
'<p>thisisacattofind</p><fieldset>thisdogshouldnotbefound</fieldset>',
'<p>thisisacattofind</p><button>thisdogshouldnotbefound</button>',
'<p>thisisacattofind</p><BUTTON>thisdogshouldnotbefound</BUTTON>',
<<<'TESTCASE'
<svg width="200" height="100" xmlns="http://www.w3.org/2000/svg">
<foreignObject width="100%" height="100%">
<body xmlns="http://www.w3.org/1999/xhtml">
<p>thisisacattofind</p>
<form>
<p>thisdogshouldnotbefound</p>
</form>
<input type="text" placeholder="thisdogshouldnotbefound" />
<button type="submit">thisdogshouldnotbefound</button>
</body>
</foreignObject>
</svg>
TESTCASE
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$pageView->assertSee('thisisacattofind');
$pageView->assertDontSee('thisdogshouldnotbefound');
}
}
public function test_form_attributes_are_removed()
{
config()->set('app.content_filtering', 'f');
$withinSvgSample = <<<'TESTCASE'
<svg width="200" height="100" xmlns="http://www.w3.org/2000/svg">
<foreignObject width="100%" height="100%">
<body xmlns="http://www.w3.org/1999/xhtml">
<p formaction="a">thisisacattofind</p>
<p formaction="a">thisisacattofind</p>
</body>
</foreignObject>
</svg>
TESTCASE;
$checks = [
'formaction' => '<p formaction="a">thisisacattofind</p>',
'form' => '<p form="a">thisisacattofind</p>',
'formmethod' => '<p formmethod="a">thisisacattofind</p>',
'formtarget' => '<p formtarget="a">thisisacattofind</p>',
'FORMTARGET' => '<p FORMTARGET="a">thisisacattofind</p>',
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $attribute => $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$pageView->assertSee('thisisacattofind');
$this->withHtml($pageView)->assertElementNotExists(".page-content [{$attribute}]");
}
$page->html = $withinSvgSample;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$html = $this->withHtml($pageView);
foreach ($checks as $attribute => $check) {
$pageView->assertSee('thisisacattofind');
$html->assertElementNotExists(".page-content [{$attribute}]");
}
}
public function test_metadata_redirects_are_removed()
{
config()->set('app.content_filtering', 'h');
$checks = [
'<meta http-equiv="refresh" content="0; url=//external_url">',
'<meta http-equiv="refresh" ConTeNt="0; url=//external_url">',
'<meta http-equiv="refresh" content="0; UrL=//external_url">',
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$this->withHtml($pageView)->assertElementNotContains('.page-content', '<meta>');
$this->withHtml($pageView)->assertElementNotContains('.page-content', '</meta>');
$this->withHtml($pageView)->assertElementNotContains('.page-content', 'content=');
$this->withHtml($pageView)->assertElementNotContains('.page-content', 'external_url');
}
}
public function test_page_inline_on_attributes_removed_by_default()
{
config()->set('app.content_filtering', 'j');
$this->asEditor();
$page = $this->entities->page();
$script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
$page->html = "escape {$script}";
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$pageView->assertDontSee($script, false);
$pageView->assertSee('<p>Hello</p>', false);
}
public function test_more_complex_inline_on_attributes_escaping_scenarios()
{
config()->set('app.content_filtering', 'j');
$checks = [
'<p onclick="console.log(\'test\')">Hello</p>',
'<p OnCliCk="console.log(\'test\')">Hello</p>',
'<div>Lorem ipsum dolor sit amet.</div><p onclick="console.log(\'test\')">Hello</p>',
'<div>Lorem ipsum dolor sit amet.<p onclick="console.log(\'test\')">Hello</p></div>',
'<div><div><div><div>Lorem ipsum dolor sit amet.<p onclick="console.log(\'test\')">Hello</p></div></div></div></div>',
'<div onclick="console.log(\'test\')">Lorem ipsum dolor sit amet.</div><p onclick="console.log(\'test\')">Hello</p><div></div>',
'<a a="<img src=1 onerror=\'alert(1)\'> ',
'\<a onclick="alert(document.cookie)"\>xss link\</a\>',
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$this->withHtml($pageView)->assertElementNotContains('.page-content', 'onclick');
}
}
public function test_page_content_scripts_show_with_filters_disabled()
{
$this->asEditor();
$page = $this->entities->page();
config()->set('app.content_filtering', '');
$script = 'abc123<script>console.log("hello-test")</script>abc123';
$page->html = "no escape {$script}";
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertSee($script, false);
$pageView->assertDontSee('abc123abc123');
}
public function test_svg_script_usage_is_removed()
{
config()->set('app.content_filtering', 'j');
$checks = [
'<svg id="test" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="100" height="100"><a xlink:href="javascript:alert(document.domain)"><rect x="0" y="0" width="100" height="100" /></a></svg>',
'<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><use xlink:href="data:application/xml;base64 ,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KPGRlZnM+CjxjaXJjbGUgaWQ9InRlc3QiIHI9IjAiIGN4PSIwIiBjeT0iMCIgc3R5bGU9ImZpbGw6ICNGMDAiPgo8c2V0IGF0dHJpYnV0ZU5hbWU9ImZpbGwiIGF0dHJpYnV0ZVR5cGU9IkNTUyIgb25iZWdpbj0nYWxlcnQoZG9jdW1lbnQuZG9tYWluKScKb25lbmQ9J2FsZXJ0KCJvbmVuZCIpJyB0bz0iIzAwRiIgYmVnaW49IjBzIiBkdXI9Ijk5OXMiIC8+CjwvY2lyY2xlPgo8L2RlZnM+Cjx1c2UgeGxpbms6aHJlZj0iI3Rlc3QiLz4KPC9zdmc+#test"/></svg>',
'<svg><animate href=#xss attributeName=href values=javascript:alert(1) /></svg>',
'<svg><animate href="#xss" attributeName="href" values="a;javascript:alert(1)" /></svg>',
'<svg><animate href="#xss" attributeName="href" values="a;data:alert(1)" /></svg>',
'<svg><animate href=#xss attributeName=href from=javascript:alert(1) to=1 /><a id=xss><text x=20 y=20>XSS</text></a>',
'<svg><set href=#xss attributeName=href from=? to=javascript:alert(1) /><a id=xss><text x=20 y=20>XSS</text></a>',
'<svg><g><g><g><animate href=#xss attributeName=href values=javascript:alert(1) /></g></g></g></svg>',
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$html = $this->withHtml($pageView);
$html->assertElementNotContains('.page-content', 'alert');
$html->assertElementNotContains('.page-content', 'xlink:href');
$html->assertElementNotContains('.page-content', 'application/xml');
$html->assertElementNotContains('.page-content', 'javascript');
}
}
public function test_page_inline_on_attributes_show_with_filters_disabled()
{
$this->asEditor();
$page = $this->entities->page();
config()->set('app.content_filtering', '');
$script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
$page->html = "escape {$script}";
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertSee($script, false);
$pageView->assertDontSee('<p>Hello</p>', false);
}
public function test_non_content_filtering_is_controlled_by_config()
{
config()->set('app.content_filtering', '');
$page = $this->entities->page();
$html = <<<'HTML'
<style>superbeans!</style>
<template id="template">superbeans!</template>
HTML;
$page->html = $html;
$page->save();
$resp = $this->asEditor()->get($page->getUrl());
$resp->assertSee('superbeans', false);
config()->set('app.content_filtering', 'h');
$resp = $this->asEditor()->get($page->getUrl());
$resp->assertDontSee('superbeans', false);
}
public function test_non_content_filtering()
{
config()->set('app.content_filtering', 'h');
$page = $this->entities->page();
$html = <<<'HTML'
<style>superbeans!</style>
<p>inbetweenpsection</p>
<link rel="stylesheet" href="https://example.com/superbeans.css">
<meta name="description" content="superbeans!">
<title>superbeans!</title>
<template id="template">superbeans!</template>
HTML;
$page->html = $html;
$page->save();
$resp = $this->asEditor()->get($page->getUrl());
$resp->assertDontSee('superbeans', false);
$resp->assertSee('inbetweenpsection', false);
}
public function test_allow_list_filtering_is_controlled_by_config()
{
config()->set('app.content_filtering', '');
$page = $this->entities->page();
$page->html = '<div style="position: absolute; left: 0;color:#00FFEE;">Hello!</div>';
$page->save();
$resp = $this->asEditor()->get($page->getUrl());
$resp->assertSee('style="position: absolute; left: 0;color:#00FFEE;"', false);
config()->set('app.content_filtering', 'a');
$resp = $this->get($page->getUrl());
$resp->assertDontSee('style="position: absolute; left: 0;color:#00FFEE;"', false);
$resp->assertSee('style="color:#00FFEE;"', false);
}
public function test_allow_list_style_filtering()
{
$testCasesExpectedByInput = [
'<div style="position:absolute;left:0;color:#00FFEE;">Hello!</div>' => '<div style="color:#00FFEE;">Hello!</div>',
'<div style="background:#FF0000;left:0;color:#00FFEE;">Hello!</div>' => '<div style="background:#FF0000;color:#00FFEE;">Hello!</div>',
'<div style="color:#00FFEE;">Hello!<style>testinghello!</style></div>' => '<div style="color:#00FFEE;">Hello!</div>',
'<div drawio-diagram="5332" another-attr="cat">Hello!</div>' => '<div drawio-diagram="5332">Hello!</div>',
];
config()->set('app.content_filtering', 'a');
$page = $this->entities->page();
$this->asEditor();
foreach ($testCasesExpectedByInput as $input => $expected) {
$page->html = $input;
$page->save();
$resp = $this->get($page->getUrl());
$resp->assertSee($expected, false);
}
}
}

348
tests/Entity/PageContentTest.php
View File

@@ -101,351 +101,6 @@ class PageContentTest extends TestCase
$pageResp->assertSee('Hello Barry');
}
public function test_page_content_scripts_removed_by_default()
{
$this->asEditor();
$page = $this->entities->page();
$script = 'abc123<script>console.log("hello-test")</script>abc123';
$page->html = "escape {$script}";
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$pageView->assertDontSee($script, false);
$pageView->assertSee('abc123abc123');
}
public function test_more_complex_content_script_escaping_scenarios()
{
$checks = [
"<p>Some script</p><script>alert('cat')</script>",
"<div><div><div><div><p>Some script</p><script>alert('cat')</script></div></div></div></div>",
"<p>Some script<script>alert('cat')</script></p>",
"<p>Some script <div><script>alert('cat')</script></div></p>",
"<p>Some script <script><div>alert('cat')</script></div></p>",
"<p>Some script <script><div>alert('cat')</script><script><div>alert('cat')</script></p><script><div>alert('cat')</script>",
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$this->withHtml($pageView)->assertElementNotContains('.page-content', '<script>');
$this->withHtml($pageView)->assertElementNotContains('.page-content', '</script>');
}
}
public function test_js_and_base64_src_urls_are_removed()
{
$checks = [
'<iframe src="javascript:alert(document.cookie)"></iframe>',
'<iframe src="JavAScRipT:alert(document.cookie)"></iframe>',
'<iframe src="JavAScRipT:alert(document.cookie)"></iframe>',
'<iframe SRC=" javascript: alert(document.cookie)"></iframe>',
'<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',
'<iframe src="DaTa:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',
'<iframe src=" data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',
'<img src="javascript:alert(document.cookie)"/>',
'<img src="JavAScRipT:alert(document.cookie)"/>',
'<img src="JavAScRipT:alert(document.cookie)"/>',
'<img SRC=" javascript: alert(document.cookie)"/>',
'<img src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
'<img src="DaTa:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
'<img src=" data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
'<iframe srcdoc="<script>window.alert(document.cookie)</script>"></iframe>',
'<iframe SRCdoc="<script>window.alert(document.cookie)</script>"></iframe>',
'<IMG SRC=`javascript:alert("RSnake says, \'XSS\'")`>',
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$html = $this->withHtml($pageView);
$html->assertElementNotContains('.page-content', '<iframe>');
$html->assertElementNotContains('.page-content', '<img');
$html->assertElementNotContains('.page-content', '</iframe>');
$html->assertElementNotContains('.page-content', 'src=');
$html->assertElementNotContains('.page-content', 'javascript:');
$html->assertElementNotContains('.page-content', 'data:');
$html->assertElementNotContains('.page-content', 'base64');
}
}
public function test_javascript_uri_links_are_removed()
{
$checks = [
'<a id="xss" href="javascript:alert(document.cookie)>Click me</a>',
'<a id="xss" href="javascript: alert(document.cookie)>Click me</a>',
'<a id="xss" href="JaVaScRiPt: alert(document.cookie)>Click me</a>',
'<a id="xss" href=" JaVaScRiPt: alert(document.cookie)>Click me</a>',
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$this->withHtml($pageView)->assertElementNotContains('.page-content', '<a id="xss"');
$this->withHtml($pageView)->assertElementNotContains('.page-content', 'href=javascript:');
}
}
public function test_form_actions_with_javascript_are_removed()
{
$checks = [
'<customform><custominput id="xss" type=submit formaction=javascript:alert(document.domain) value=Submit><custominput></customform>',
'<customform ><custombutton id="xss" formaction="JaVaScRiPt:alert(document.domain)">Click me</custombutton></customform>',
'<customform ><custombutton id="xss" formaction=javascript:alert(document.domain)>Click me</custombutton></customform>',
'<customform id="xss" action=javascript:alert(document.domain)><input type=submit value=Submit></customform>',
'<customform id="xss" action="JaVaScRiPt:alert(document.domain)"><input type=submit value=Submit></customform>',
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$pageView->assertDontSee('id="xss"', false);
$pageView->assertDontSee('action=javascript:', false);
$pageView->assertDontSee('action=JaVaScRiPt:', false);
$pageView->assertDontSee('formaction=javascript:', false);
$pageView->assertDontSee('formaction=JaVaScRiPt:', false);
}
}
public function test_form_elements_are_removed()
{
$checks = [
'<p>thisisacattofind</p><form>thisdogshouldnotbefound</form>',
'<p>thisisacattofind</p><input type="text" value="thisdogshouldnotbefound">',
'<p>thisisacattofind</p><select><option>thisdogshouldnotbefound</option></select>',
'<p>thisisacattofind</p><textarea>thisdogshouldnotbefound</textarea>',
'<p>thisisacattofind</p><fieldset>thisdogshouldnotbefound</fieldset>',
'<p>thisisacattofind</p><button>thisdogshouldnotbefound</button>',
'<p>thisisacattofind</p><BUTTON>thisdogshouldnotbefound</BUTTON>',
<<<'TESTCASE'
<svg width="200" height="100" xmlns="http://www.w3.org/2000/svg">
<foreignObject width="100%" height="100%">
<body xmlns="http://www.w3.org/1999/xhtml">
<p>thisisacattofind</p>
<form>
<p>thisdogshouldnotbefound</p>
</form>
<input type="text" placeholder="thisdogshouldnotbefound" />
<button type="submit">thisdogshouldnotbefound</button>
</body>
</foreignObject>
</svg>
TESTCASE
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$pageView->assertSee('thisisacattofind');
$pageView->assertDontSee('thisdogshouldnotbefound');
}
}
public function test_form_attributes_are_removed()
{
$withinSvgSample = <<<'TESTCASE'
<svg width="200" height="100" xmlns="http://www.w3.org/2000/svg">
<foreignObject width="100%" height="100%">
<body xmlns="http://www.w3.org/1999/xhtml">
<p formaction="a">thisisacattofind</p>
<p formaction="a">thisisacattofind</p>
</body>
</foreignObject>
</svg>
TESTCASE;
$checks = [
'formaction' => '<p formaction="a">thisisacattofind</p>',
'form' => '<p form="a">thisisacattofind</p>',
'formmethod' => '<p formmethod="a">thisisacattofind</p>',
'formtarget' => '<p formtarget="a">thisisacattofind</p>',
'FORMTARGET' => '<p FORMTARGET="a">thisisacattofind</p>',
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $attribute => $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$pageView->assertSee('thisisacattofind');
$this->withHtml($pageView)->assertElementNotExists(".page-content [{$attribute}]");
}
$page->html = $withinSvgSample;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$html = $this->withHtml($pageView);
foreach ($checks as $attribute => $check) {
$pageView->assertSee('thisisacattofind');
$html->assertElementNotExists(".page-content [{$attribute}]");
}
}
public function test_metadata_redirects_are_removed()
{
$checks = [
'<meta http-equiv="refresh" content="0; url=//external_url">',
'<meta http-equiv="refresh" ConTeNt="0; url=//external_url">',
'<meta http-equiv="refresh" content="0; UrL=//external_url">',
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$this->withHtml($pageView)->assertElementNotContains('.page-content', '<meta>');
$this->withHtml($pageView)->assertElementNotContains('.page-content', '</meta>');
$this->withHtml($pageView)->assertElementNotContains('.page-content', 'content=');
$this->withHtml($pageView)->assertElementNotContains('.page-content', 'external_url');
}
}
public function test_page_inline_on_attributes_removed_by_default()
{
$this->asEditor();
$page = $this->entities->page();
$script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
$page->html = "escape {$script}";
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$pageView->assertDontSee($script, false);
$pageView->assertSee('<p>Hello</p>', false);
}
public function test_more_complex_inline_on_attributes_escaping_scenarios()
{
$checks = [
'<p onclick="console.log(\'test\')">Hello</p>',
'<p OnCliCk="console.log(\'test\')">Hello</p>',
'<div>Lorem ipsum dolor sit amet.</div><p onclick="console.log(\'test\')">Hello</p>',
'<div>Lorem ipsum dolor sit amet.<p onclick="console.log(\'test\')">Hello</p></div>',
'<div><div><div><div>Lorem ipsum dolor sit amet.<p onclick="console.log(\'test\')">Hello</p></div></div></div></div>',
'<div onclick="console.log(\'test\')">Lorem ipsum dolor sit amet.</div><p onclick="console.log(\'test\')">Hello</p><div></div>',
'<a a="<img src=1 onerror=\'alert(1)\'> ',
'\<a onclick="alert(document.cookie)"\>xss link\</a\>',
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$this->withHtml($pageView)->assertElementNotContains('.page-content', 'onclick');
}
}
public function test_page_content_scripts_show_when_configured()
{
$this->asEditor();
$page = $this->entities->page();
config()->set('app.allow_content_scripts', 'true');
$script = 'abc123<script>console.log("hello-test")</script>abc123';
$page->html = "no escape {$script}";
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertSee($script, false);
$pageView->assertDontSee('abc123abc123');
}
public function test_svg_script_usage_is_removed()
{
$checks = [
'<svg id="test" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="100" height="100"><a xlink:href="javascript:alert(document.domain)"><rect x="0" y="0" width="100" height="100" /></a></svg>',
'<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><use xlink:href="data:application/xml;base64 ,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KPGRlZnM+CjxjaXJjbGUgaWQ9InRlc3QiIHI9IjAiIGN4PSIwIiBjeT0iMCIgc3R5bGU9ImZpbGw6ICNGMDAiPgo8c2V0IGF0dHJpYnV0ZU5hbWU9ImZpbGwiIGF0dHJpYnV0ZVR5cGU9IkNTUyIgb25iZWdpbj0nYWxlcnQoZG9jdW1lbnQuZG9tYWluKScKb25lbmQ9J2FsZXJ0KCJvbmVuZCIpJyB0bz0iIzAwRiIgYmVnaW49IjBzIiBkdXI9Ijk5OXMiIC8+CjwvY2lyY2xlPgo8L2RlZnM+Cjx1c2UgeGxpbms6aHJlZj0iI3Rlc3QiLz4KPC9zdmc+#test"/></svg>',
'<svg><animate href=#xss attributeName=href values=javascript:alert(1) /></svg>',
'<svg><animate href="#xss" attributeName="href" values="a;javascript:alert(1)" /></svg>',
'<svg><animate href="#xss" attributeName="href" values="a;data:alert(1)" /></svg>',
'<svg><animate href=#xss attributeName=href from=javascript:alert(1) to=1 /><a id=xss><text x=20 y=20>XSS</text></a>',
'<svg><set href=#xss attributeName=href from=? to=javascript:alert(1) /><a id=xss><text x=20 y=20>XSS</text></a>',
'<svg><g><g><g><animate href=#xss attributeName=href values=javascript:alert(1) /></g></g></g></svg>',
];
$this->asEditor();
$page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$html = $this->withHtml($pageView);
$html->assertElementNotContains('.page-content', 'alert');
$html->assertElementNotContains('.page-content', 'xlink:href');
$html->assertElementNotContains('.page-content', 'application/xml');
$html->assertElementNotContains('.page-content', 'javascript');
}
}
public function test_page_inline_on_attributes_show_if_configured()
{
$this->asEditor();
$page = $this->entities->page();
config()->set('app.allow_content_scripts', 'true');
$script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
$page->html = "escape {$script}";
$page->save();
$pageView = $this->get($page->getUrl());
$pageView->assertSee($script, false);
$pageView->assertDontSee('<p>Hello</p>', false);
}
public function test_duplicate_ids_does_not_break_page_render()
{
$this->asEditor();
@@ -649,6 +304,7 @@ TESTCASE;
public function test_page_markdown_single_html_comment_saving()
{
config()->set('app.content_filtering', 'jfh');
$this->asEditor();
$page = $this->entities->page();
@@ -656,7 +312,7 @@ TESTCASE;
$this->put($page->getUrl(), [
'name' => $page->name, 'markdown' => $content,
'html' => '', 'summary' => '',
]);
])->assertRedirect();
$page->refresh();
$this->assertStringMatchesFormat($content, $page->html);

4
tests/Entity/PageDraftTest.php
View File

@@ -160,9 +160,11 @@ class PageDraftTest extends TestCase
{
$this->asAdmin();
$page = $this->entities->page();
$page->html = '<p>test content<script>hellotherekitty</script></p>';
$page->save();
$this->getJson('/ajax/page/' . $page->id)->assertJson([
'html' => $page->html,
'html' => '<p>test content</p>',
]);
}

Some files were not shown because too many files have changed in this diff Show More