Update assets and version for release v0.13

Prevents slug change when using only non-ascii chars
Allows use of more localised urls.

Closes #233

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,11 @@
+### For Feature Requests
+Desired Feature:
+
+### For Bug Reports
+PHP Version:
+
+MySQL Version:
+
+Expected Behavior:
+
+Actual Behavior:

.gitignore

@@ -10,4 +10,6 @@ Homestead.yaml
 /public/bower
 /storage/images
 _ide_helper.php
-/storage/debugbar
+/storage/debugbar
+.phpstorm.meta.php
+yarn.lock

.travis.yml

@@ -6,8 +6,6 @@ php:
 
 cache:
   directories:
-    - vendor
-    - node_modules
     - $HOME/.composer/cache
 
 addons:
@@ -17,19 +15,17 @@ addons:
     - mysql-client-core-5.6
     - mysql-client-5.6
 
-before_install:
-  - npm install -g npm@latest
-
 before_script:
   - mysql -u root -e 'create database `bookstack-test`;'
   - composer config -g github-oauth.github.com $GITHUB_ACCESS_TOKEN
   - phpenv config-rm xdebug.ini
   - composer self-update
+  - composer dump-autoload --no-interaction
   - composer install --prefer-dist --no-interaction
-  - npm install
-  - ./node_modules/.bin/gulp
+  - php artisan clear-compiled -n
+  - php artisan optimize -n
   - php artisan migrate --force -n --database=mysql_testing
   - php artisan db:seed --force -n --class=DummyContentSeeder --database=mysql_testing
 
 script:
-  - vendor/bin/phpunit
+  - phpunit

app/Attachment.php

@@ -0,0 +1,36 @@
+<?php namespace BookStack;
+
+
+class Attachment extends Ownable
+{
+    protected $fillable = ['name', 'order'];
+
+    /**
+     * Get the downloadable file name for this upload.
+     * @return mixed|string
+     */
+    public function getFileName()
+    {
+        if (str_contains($this->name, '.')) return $this->name;
+        return $this->name . '.' . $this->extension;
+    }
+
+    /**
+     * Get the page this file was uploaded to.
+     * @return Page
+     */
+    public function page()
+    {
+        return $this->belongsTo(Page::class, 'uploaded_to');
+    }
+
+    /**
+     * Get the url of this file.
+     * @return string
+     */
+    public function getUrl()
+    {
+        return baseUrl('/attachments/' . $this->id);
+    }
+
+}

app/Book.php

@@ -13,9 +13,9 @@ class Book extends Entity
     public function getUrl($path = false)
     {
         if ($path !== false) {
-            return baseUrl('/books/' . $this->slug . '/' . trim($path, '/'));
+            return baseUrl('/books/' . urlencode($this->slug) . '/' . trim($path, '/'));
         }
-        return baseUrl('/books/' . $this->slug);
+        return baseUrl('/books/' . urlencode($this->slug));
     }
 
     /*

app/Chapter.php

@@ -32,9 +32,9 @@ class Chapter extends Entity
     {
         $bookSlug = $this->getAttribute('bookSlug') ? $this->getAttribute('bookSlug') : $this->book->slug;
         if ($path !== false) {
-            return baseUrl('/books/' . $bookSlug. '/chapter/' . $this->slug . '/' . trim($path, '/'));
+            return baseUrl('/books/' . urlencode($bookSlug) . '/chapter/' . urlencode($this->slug) . '/' . trim($path, '/'));
         }
-        return baseUrl('/books/' . $bookSlug. '/chapter/' . $this->slug);
+        return baseUrl('/books/' . urlencode($bookSlug) . '/chapter/' . urlencode($this->slug));
     }
 
     /**

app/EmailConfirmation.php

@@ -1,16 +0,0 @@
-<?php namespace BookStack;
-
-class EmailConfirmation extends Model
-{
-    protected $fillable = ['user_id', 'token'];
-
-    /**
-     * Get the user that this confirmation is attached to.
-     * @return \Illuminate\Database\Eloquent\Relations\BelongsTo
-     */
-    public function user()
-    {
-        return $this->belongsTo(User::class);
-    }
-    
-}

app/Entity.php

@@ -160,43 +160,50 @@ class Entity extends Ownable
     public function fullTextSearchQuery($fieldsToSearch, $terms, $wheres = [])
     {
         $exactTerms = [];
-        if (count($terms) === 0) {
-            $search = $this;
-            $orderBy = 'updated_at';
-        } else {
-            foreach ($terms as $key => $term) {
-                $term = htmlentities($term, ENT_QUOTES);
-                $term = preg_replace('/[+\-><\(\)~*\"@]+/', ' ', $term);
-                if (preg_match('/\s/', $term)) {
-                    $exactTerms[] = '%' . $term . '%';
-                    $term = '"' . $term . '"';
-                } else {
-                    $term = '' . $term . '*';
-                }
-                if ($term !== '*') $terms[$key] = $term;
-            }
-            $termString = implode(' ', $terms);
-            $fields = implode(',', $fieldsToSearch);
-            $search = static::selectRaw('*, MATCH(name) AGAINST(? IN BOOLEAN MODE) AS title_relevance', [$termString]);
-            $search = $search->whereRaw('MATCH(' . $fields . ') AGAINST(? IN BOOLEAN MODE)', [$termString]);
+        $fuzzyTerms = [];
+        $search = static::newQuery();
 
-            // Ensure at least one exact term matches if in search
-            if (count($exactTerms) > 0) {
-                $search = $search->where(function ($query) use ($exactTerms, $fieldsToSearch) {
-                    foreach ($exactTerms as $exactTerm) {
-                        foreach ($fieldsToSearch as $field) {
-                            $query->orWhere($field, 'like', $exactTerm);
-                        }
-                    }
-                });
+        foreach ($terms as $key => $term) {
+            $term = htmlentities($term, ENT_QUOTES);
+            $term = preg_replace('/[+\-><\(\)~*\"@]+/', ' ', $term);
+            if (preg_match('/&quot;.*?&quot;/', $term) || is_numeric($term)) {
+                $term = str_replace('&quot;', '', $term);
+                $exactTerms[] = '%' . $term . '%';
+            } else {
+                $term = '' . $term . '*';
+                if ($term !== '*') $fuzzyTerms[] = $term;
             }
-            $orderBy = 'title_relevance';
-        };
+        }
+
+        $isFuzzy = count($exactTerms) === 0 && count($fuzzyTerms) > 0;
+
+
+        // Perform fulltext search if relevant terms exist.
+        if ($isFuzzy) {
+            $termString = implode(' ', $fuzzyTerms);
+            $fields = implode(',', $fieldsToSearch);
+            $search = $search->selectRaw('*, MATCH(name) AGAINST(? IN BOOLEAN MODE) AS title_relevance', [$termString]);
+            $search = $search->whereRaw('MATCH(' . $fields . ') AGAINST(? IN BOOLEAN MODE)', [$termString]);
+        }
+
+        // Ensure at least one exact term matches if in search
+        if (count($exactTerms) > 0) {
+            $search = $search->where(function ($query) use ($exactTerms, $fieldsToSearch) {
+                foreach ($exactTerms as $exactTerm) {
+                    foreach ($fieldsToSearch as $field) {
+                        $query->orWhere($field, 'like', $exactTerm);
+                    }
+                }
+            });
+        }
+
+        $orderBy = $isFuzzy ? 'title_relevance' : 'updated_at';
 
         // Add additional where terms
         foreach ($wheres as $whereTerm) {
             $search->where($whereTerm[0], $whereTerm[1], $whereTerm[2]);
         }
+
         // Load in relations
         if ($this->isA('page')) {
             $search = $search->with('book', 'chapter', 'createdBy', 'updatedBy');
@@ -206,5 +213,5 @@ class Entity extends Ownable
 
         return $search->orderBy($orderBy, 'desc');
     }
-    
+
 }

app/Events/Event.php

@@ -1,8 +0,0 @@
-<?php
-
-namespace BookStack\Events;
-
-abstract class Event
-{
-    //
-}

app/Exceptions/FileUploadException.php

@@ -0,0 +1,4 @@
+<?php namespace BookStack\Exceptions;
+
+
+class FileUploadException extends PrettyException {}

app/Exceptions/Handler.php

@@ -47,19 +47,60 @@ class Handler extends ExceptionHandler
     {
         // Handle notify exceptions which will redirect to the
         // specified location then show a notification message.
-        if ($e instanceof NotifyException) {
-            session()->flash('error', $e->message);
+        if ($this->isExceptionType($e, NotifyException::class)) {
+            session()->flash('error', $this->getOriginalMessage($e));
             return redirect($e->redirectLocation);
         }
 
         // Handle pretty exceptions which will show a friendly application-fitting page
         // Which will include the basic message to point the user roughly to the cause.
-        if (($e instanceof PrettyException || $e->getPrevious() instanceof PrettyException)  && !config('app.debug')) {
-            $message = ($e instanceof PrettyException) ? $e->getMessage() : $e->getPrevious()->getMessage();
+        if ($this->isExceptionType($e, PrettyException::class)  && !config('app.debug')) {
+            $message = $this->getOriginalMessage($e);
             $code = ($e->getCode() === 0) ? 500 : $e->getCode();
             return response()->view('errors/' . $code, ['message' => $message], $code);
         }
 
         return parent::render($request, $e);
     }
+
+    /**
+     * Check the exception chain to compare against the original exception type.
+     * @param Exception $e
+     * @param $type
+     * @return bool
+     */
+    protected function isExceptionType(Exception $e, $type) {
+        do {
+            if (is_a($e, $type)) return true;
+        } while ($e = $e->getPrevious());
+        return false;
+    }
+
+    /**
+     * Get original exception message.
+     * @param Exception $e
+     * @return string
+     */
+    protected function getOriginalMessage(Exception $e) {
+        do {
+            $message = $e->getMessage();
+        } while ($e = $e->getPrevious());
+        return $message;
+    }
+
+    /**
+     * Convert an authentication exception into an unauthenticated response.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Illuminate\Auth\AuthenticationException  $exception
+     * @return \Illuminate\Http\Response
+     */
+    protected function unauthenticated($request, AuthenticationException $exception)
+    {
+        if ($request->expectsJson()) {
+            return response()->json(['error' => 'Unauthenticated.'], 401);
+        }
+
+        return redirect()->guest('login');
+    }
 }

app/Exceptions/PrettyException.php

@@ -1,5 +1,3 @@
 <?php namespace BookStack\Exceptions;
 
-use Exception;
-
-class PrettyException extends Exception {}
+class PrettyException extends \Exception {}

app/Http/Controllers/AttachmentController.php

@@ -0,0 +1,215 @@
+<?php namespace BookStack\Http\Controllers;
+
+use BookStack\Exceptions\FileUploadException;
+use BookStack\Attachment;
+use BookStack\Repos\PageRepo;
+use BookStack\Services\AttachmentService;
+use Illuminate\Http\Request;
+
+class AttachmentController extends Controller
+{
+    protected $attachmentService;
+    protected $attachment;
+    protected $pageRepo;
+
+    /**
+     * AttachmentController constructor.
+     * @param AttachmentService $attachmentService
+     * @param Attachment $attachment
+     * @param PageRepo $pageRepo
+     */
+    public function __construct(AttachmentService $attachmentService, Attachment $attachment, PageRepo $pageRepo)
+    {
+        $this->attachmentService = $attachmentService;
+        $this->attachment = $attachment;
+        $this->pageRepo = $pageRepo;
+        parent::__construct();
+    }
+
+
+    /**
+     * Endpoint at which attachments are uploaded to.
+     * @param Request $request
+     * @return \Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\JsonResponse|\Symfony\Component\HttpFoundation\Response
+     */
+    public function upload(Request $request)
+    {
+        $this->validate($request, [
+            'uploaded_to' => 'required|integer|exists:pages,id',
+            'file' => 'required|file'
+        ]);
+
+        $pageId = $request->get('uploaded_to');
+        $page = $this->pageRepo->getById($pageId, true);
+
+        $this->checkPermission('attachment-create-all');
+        $this->checkOwnablePermission('page-update', $page);
+
+        $uploadedFile = $request->file('file');
+
+        try {
+            $attachment = $this->attachmentService->saveNewUpload($uploadedFile, $pageId);
+        } catch (FileUploadException $e) {
+            return response($e->getMessage(), 500);
+        }
+
+        return response()->json($attachment);
+    }
+
+    /**
+     * Update an uploaded attachment.
+     * @param int $attachmentId
+     * @param Request $request
+     * @return mixed
+     */
+    public function uploadUpdate($attachmentId, Request $request)
+    {
+        $this->validate($request, [
+            'uploaded_to' => 'required|integer|exists:pages,id',
+            'file' => 'required|file'
+        ]);
+
+        $pageId = $request->get('uploaded_to');
+        $page = $this->pageRepo->getById($pageId, true);
+        $attachment = $this->attachment->findOrFail($attachmentId);
+
+        $this->checkOwnablePermission('page-update', $page);
+        $this->checkOwnablePermission('attachment-create', $attachment);
+        
+        if (intval($pageId) !== intval($attachment->uploaded_to)) {
+            return $this->jsonError('Page mismatch during attached file update');
+        }
+
+        $uploadedFile = $request->file('file');
+
+        try {
+            $attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);
+        } catch (FileUploadException $e) {
+            return response($e->getMessage(), 500);
+        }
+
+        return response()->json($attachment);
+    }
+
+    /**
+     * Update the details of an existing file.
+     * @param $attachmentId
+     * @param Request $request
+     * @return Attachment|mixed
+     */
+    public function update($attachmentId, Request $request)
+    {
+        $this->validate($request, [
+            'uploaded_to' => 'required|integer|exists:pages,id',
+            'name' => 'required|string|min:1|max:255',
+            'link' =>  'url|min:1|max:255'
+        ]);
+
+        $pageId = $request->get('uploaded_to');
+        $page = $this->pageRepo->getById($pageId, true);
+        $attachment = $this->attachment->findOrFail($attachmentId);
+
+        $this->checkOwnablePermission('page-update', $page);
+        $this->checkOwnablePermission('attachment-create', $attachment);
+
+        if (intval($pageId) !== intval($attachment->uploaded_to)) {
+            return $this->jsonError('Page mismatch during attachment update');
+        }
+
+        $attachment = $this->attachmentService->updateFile($attachment, $request->all());
+        return $attachment;
+    }
+
+    /**
+     * Attach a link to a page.
+     * @param Request $request
+     * @return mixed
+     */
+    public function attachLink(Request $request)
+    {
+        $this->validate($request, [
+            'uploaded_to' => 'required|integer|exists:pages,id',
+            'name' => 'required|string|min:1|max:255',
+            'link' =>  'required|url|min:1|max:255'
+        ]);
+
+        $pageId = $request->get('uploaded_to');
+        $page = $this->pageRepo->getById($pageId, true);
+
+        $this->checkPermission('attachment-create-all');
+        $this->checkOwnablePermission('page-update', $page);
+
+        $attachmentName = $request->get('name');
+        $link = $request->get('link');
+        $attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, $pageId);
+
+        return response()->json($attachment);
+    }
+
+    /**
+     * Get the attachments for a specific page.
+     * @param $pageId
+     * @return mixed
+     */
+    public function listForPage($pageId)
+    {
+        $page = $this->pageRepo->getById($pageId, true);
+        $this->checkOwnablePermission('page-view', $page);
+        return response()->json($page->attachments);
+    }
+
+    /**
+     * Update the attachment sorting.
+     * @param $pageId
+     * @param Request $request
+     * @return mixed
+     */
+    public function sortForPage($pageId, Request $request)
+    {
+        $this->validate($request, [
+            'files' => 'required|array',
+            'files.*.id' => 'required|integer',
+        ]);
+        $page = $this->pageRepo->getById($pageId);
+        $this->checkOwnablePermission('page-update', $page);
+
+        $attachments = $request->get('files');
+        $this->attachmentService->updateFileOrderWithinPage($attachments, $pageId);
+        return response()->json(['message' => 'Attachment order updated']);
+    }
+
+    /**
+     * Get an attachment from storage.
+     * @param $attachmentId
+     * @return \Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector|\Symfony\Component\HttpFoundation\Response
+     */
+    public function get($attachmentId)
+    {
+        $attachment = $this->attachment->findOrFail($attachmentId);
+        $page = $this->pageRepo->getById($attachment->uploaded_to);
+        $this->checkOwnablePermission('page-view', $page);
+
+        if ($attachment->external) {
+            return redirect($attachment->path);
+        }
+
+        $attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);
+        return response($attachmentContents, 200, [
+            'Content-Type' => 'application/octet-stream',
+            'Content-Disposition' => 'attachment; filename="'. $attachment->getFileName() .'"'
+        ]);
+    }
+
+    /**
+     * Delete a specific attachment in the system.
+     * @param $attachmentId
+     * @return mixed
+     */
+    public function delete($attachmentId)
+    {
+        $attachment = $this->attachment->findOrFail($attachmentId);
+        $this->checkOwnablePermission('attachment-delete', $attachment);
+        $this->attachmentService->deleteFile($attachment);
+        return response()->json(['message' => 'Attachment deleted']);
+    }
+}

app/Http/Controllers/Auth/ForgotPasswordController.php

@@ -0,0 +1,68 @@
+<?php
+
+namespace BookStack\Http\Controllers\Auth;
+
+use BookStack\Http\Controllers\Controller;
+use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
+use Illuminate\Http\Request;
+use Password;
+
+class ForgotPasswordController extends Controller
+{
+    /*
+    |--------------------------------------------------------------------------
+    | Password Reset Controller
+    |--------------------------------------------------------------------------
+    |
+    | This controller is responsible for handling password reset emails and
+    | includes a trait which assists in sending these notifications from
+    | your application to your users. Feel free to explore this trait.
+    |
+    */
+
+    use SendsPasswordResetEmails;
+
+    /**
+     * Create a new controller instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        $this->middleware('guest');
+        parent::__construct();
+    }
+
+
+    /**
+     * Send a reset link to the given user.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\RedirectResponse
+     */
+    public function sendResetLinkEmail(Request $request)
+    {
+        $this->validate($request, ['email' => 'required|email']);
+
+        // We will send the password reset link to this user. Once we have attempted
+        // to send the link, we will examine the response then see the message we
+        // need to show to the user. Finally, we'll send out a proper response.
+        $response = $this->broker()->sendResetLink(
+            $request->only('email')
+        );
+
+        if ($response === Password::RESET_LINK_SENT) {
+            $message = 'A password reset link has been sent to ' . $request->get('email') . '.';
+            session()->flash('success', $message);
+            return back()->with('status', trans($response));
+        }
+
+        // If an error was returned by the password broker, we will get this message
+        // translated so we can notify a user of the problem. We'll redirect back
+        // to where the users came from so they can attempt this process again.
+        return back()->withErrors(
+            ['email' => trans($response)]
+        );
+    }
+
+}

app/Http/Controllers/Auth/LoginController.php

@@ -0,0 +1,123 @@
+<?php
+
+namespace BookStack\Http\Controllers\Auth;
+
+use BookStack\Http\Controllers\Controller;
+use BookStack\Repos\UserRepo;
+use BookStack\Services\SocialAuthService;
+use Illuminate\Contracts\Auth\Authenticatable;
+use Illuminate\Foundation\Auth\AuthenticatesUsers;
+use Illuminate\Http\Request;
+
+class LoginController extends Controller
+{
+    /*
+    |--------------------------------------------------------------------------
+    | Login Controller
+    |--------------------------------------------------------------------------
+    |
+    | This controller handles authenticating users for the application and
+    | redirecting them to your home screen. The controller uses a trait
+    | to conveniently provide its functionality to your applications.
+    |
+    */
+
+    use AuthenticatesUsers;
+
+    /**
+     * Where to redirect users after login.
+     *
+     * @var string
+     */
+    protected $redirectTo = '/';
+
+    protected $redirectPath = '/';
+    protected $redirectAfterLogout = '/login';
+
+    protected $socialAuthService;
+    protected $userRepo;
+
+    /**
+     * Create a new controller instance.
+     *
+     * @param SocialAuthService $socialAuthService
+     * @param UserRepo $userRepo
+     */
+    public function __construct(SocialAuthService $socialAuthService, UserRepo $userRepo)
+    {
+        $this->middleware('guest', ['only' => ['getLogin', 'postLogin']]);
+        $this->socialAuthService = $socialAuthService;
+        $this->userRepo = $userRepo;
+        $this->redirectPath = baseUrl('/');
+        $this->redirectAfterLogout = baseUrl('/login');
+        parent::__construct();
+    }
+
+    public function username()
+    {
+        return config('auth.method') === 'standard' ? 'email' : 'username';
+    }
+
+    /**
+     * Overrides the action when a user is authenticated.
+     * If the user authenticated but does not exist in the user table we create them.
+     * @param Request $request
+     * @param Authenticatable $user
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws AuthException
+     */
+    protected function authenticated(Request $request, Authenticatable $user)
+    {
+        // Explicitly log them out for now if they do no exist.
+        if (!$user->exists) auth()->logout($user);
+
+        if (!$user->exists && $user->email === null && !$request->has('email')) {
+            $request->flash();
+            session()->flash('request-email', true);
+            return redirect('/login');
+        }
+
+        if (!$user->exists && $user->email === null && $request->has('email')) {
+            $user->email = $request->get('email');
+        }
+
+        if (!$user->exists) {
+
+            // Check for users with same email already
+            $alreadyUser = $user->newQuery()->where('email', '=', $user->email)->count() > 0;
+            if ($alreadyUser) {
+                throw new AuthException('A user with the email ' . $user->email . ' already exists but with different credentials.');
+            }
+
+            $user->save();
+            $this->userRepo->attachDefaultRole($user);
+            auth()->login($user);
+        }
+
+        $path = session()->pull('url.intended', '/');
+        $path = baseUrl($path, true);
+        return redirect($path);
+    }
+
+    /**
+     * Show the application login form.
+     * @return \Illuminate\Http\Response
+     */
+    public function getLogin()
+    {
+        $socialDrivers = $this->socialAuthService->getActiveDrivers();
+        $authMethod = config('auth.method');
+        return view('auth/login', ['socialDrivers' => $socialDrivers, 'authMethod' => $authMethod]);
+    }
+
+    /**
+     * Redirect to the relevant social site.
+     * @param $socialDriver
+     * @return \Symfony\Component\HttpFoundation\RedirectResponse
+     */
+    public function getSocialLogin($socialDriver)
+    {
+        session()->put('social-callback', 'login');
+        return $this->socialAuthService->startLogIn($socialDriver);
+    }
+}

app/Http/Controllers/Auth/RegisterController.php

@@ -1,62 +1,68 @@
-<?php namespace BookStack\Http\Controllers\Auth;
+<?php
 
-use BookStack\Exceptions\AuthException;
-use Illuminate\Contracts\Auth\Authenticatable;
-use Illuminate\Http\Request;
-use BookStack\Exceptions\SocialSignInException;
+namespace BookStack\Http\Controllers\Auth;
+
+use BookStack\Exceptions\ConfirmationEmailException;
 use BookStack\Exceptions\UserRegistrationException;
 use BookStack\Repos\UserRepo;
 use BookStack\Services\EmailConfirmationService;
 use BookStack\Services\SocialAuthService;
-use BookStack\SocialAccount;
+use BookStack\User;
+use Exception;
+use Illuminate\Http\Request;
+use Illuminate\Http\Response;
 use Validator;
 use BookStack\Http\Controllers\Controller;
-use Illuminate\Foundation\Auth\ThrottlesLogins;
-use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
+use Illuminate\Foundation\Auth\RegistersUsers;
 
-class AuthController extends Controller
+class RegisterController extends Controller
 {
     /*
     |--------------------------------------------------------------------------
-    | Registration & Login Controller
+    | Register Controller
     |--------------------------------------------------------------------------
     |
-    | This controller handles the registration of new users, as well as the
-    | authentication of existing users. By default, this controller uses
-    | a simple trait to add these behaviors. Why don't you explore it?
+    | This controller handles the registration of new users as well as their
+    | validation and creation. By default this controller uses a trait to
+    | provide this functionality without requiring any additional code.
     |
     */
 
-    use AuthenticatesAndRegistersUsers, ThrottlesLogins;
-
-    protected $redirectPath = '/';
-    protected $redirectAfterLogout = '/login';
-    protected $username = 'email';
+    use RegistersUsers;
 
     protected $socialAuthService;
     protected $emailConfirmationService;
     protected $userRepo;
 
     /**
-     * Create a new authentication controller instance.
+     * Where to redirect users after login / registration.
+     *
+     * @var string
+     */
+    protected $redirectTo = '/';
+    protected $redirectPath = '/';
+
+    /**
+     * Create a new controller instance.
+     *
      * @param SocialAuthService $socialAuthService
      * @param EmailConfirmationService $emailConfirmationService
      * @param UserRepo $userRepo
      */
     public function __construct(SocialAuthService $socialAuthService, EmailConfirmationService $emailConfirmationService, UserRepo $userRepo)
     {
-        $this->middleware('guest', ['only' => ['getLogin', 'postLogin', 'getRegister', 'postRegister']]);
+        $this->middleware('guest');
         $this->socialAuthService = $socialAuthService;
         $this->emailConfirmationService = $emailConfirmationService;
         $this->userRepo = $userRepo;
+        $this->redirectTo = baseUrl('/');
         $this->redirectPath = baseUrl('/');
-        $this->redirectAfterLogout = baseUrl('/login');
-        $this->username = config('auth.method') === 'standard' ? 'email' : 'username';
         parent::__construct();
     }
 
     /**
      * Get a validator for an incoming registration request.
+     *
      * @param  array $data
      * @return \Illuminate\Contracts\Validation\Validator
      */
@@ -69,6 +75,10 @@ class AuthController extends Controller
         ]);
     }
 
+    /**
+     * Check whether or not registrations are allowed in the app settings.
+     * @throws UserRegistrationException
+     */
     protected function checkRegistrationAllowed()
     {
         if (!setting('registration-enabled')) {
@@ -78,7 +88,7 @@ class AuthController extends Controller
 
     /**
      * Show the application registration form.
-     * @return \Illuminate\Http\Response
+     * @return Response
      */
     public function getRegister()
     {
@@ -89,9 +99,10 @@ class AuthController extends Controller
 
     /**
      * Handle a registration request for the application.
-     * @param  \Illuminate\Http\Request $request
-     * @return \Illuminate\Http\Response
+     * @param Request|\Illuminate\Http\Request $request
+     * @return Response
      * @throws UserRegistrationException
+     * @throws \Illuminate\Foundation\Validation\ValidationException
      */
     public function postRegister(Request $request)
     {
@@ -108,66 +119,18 @@ class AuthController extends Controller
         return $this->registerUser($userData);
     }
 
-
     /**
-     * Overrides the action when a user is authenticated.
-     * If the user authenticated but does not exist in the user table we create them.
-     * @param Request $request
-     * @param Authenticatable $user
-     * @return \Illuminate\Http\RedirectResponse
-     * @throws AuthException
+     * Create a new user instance after a valid registration.
+     * @param  array  $data
+     * @return User
      */
-    protected function authenticated(Request $request, Authenticatable $user)
+    protected function create(array $data)
     {
-        // Explicitly log them out for now if they do no exist.
-        if (!$user->exists) auth()->logout($user);
-
-        if (!$user->exists && $user->email === null && !$request->has('email')) {
-            $request->flash();
-            session()->flash('request-email', true);
-            return redirect('/login');
-        }
-
-        if (!$user->exists && $user->email === null && $request->has('email')) {
-            $user->email = $request->get('email');
-        }
-
-        if (!$user->exists) {
-
-            // Check for users with same email already
-            $alreadyUser = $user->newQuery()->where('email', '=', $user->email)->count() > 0;
-            if ($alreadyUser) {
-                throw new AuthException('A user with the email ' . $user->email . ' already exists but with different credentials.');
-            }
-
-            $user->save();
-            $this->userRepo->attachDefaultRole($user);
-            auth()->login($user);
-        }
-
-        $path = session()->pull('url.intended', '/');
-        $path = baseUrl($path, true);
-        return redirect($path);
-    }
-
-    /**
-     * Register a new user after a registration callback.
-     * @param $socialDriver
-     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
-     * @throws UserRegistrationException
-     */
-    protected function socialRegisterCallback($socialDriver)
-    {
-        $socialUser = $this->socialAuthService->handleRegistrationCallback($socialDriver);
-        $socialAccount = $this->socialAuthService->fillSocialAccount($socialDriver, $socialUser);
-
-        // Create an array of the user data to create a new user instance
-        $userData = [
-            'name' => $socialUser->getName(),
-            'email' => $socialUser->getEmail(),
-            'password' => str_random(30)
-        ];
-        return $this->registerUser($userData, $socialAccount);
+        return User::create([
+            'name' => $data['name'],
+            'email' => $data['email'],
+            'password' => bcrypt($data['password']),
+        ]);
     }
 
     /**
@@ -176,7 +139,7 @@ class AuthController extends Controller
      * @param bool|false|SocialAccount $socialAccount
      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
      * @throws UserRegistrationException
-     * @throws \BookStack\Exceptions\ConfirmationEmailException
+     * @throws ConfirmationEmailException
      */
     protected function registerUser(array $userData, $socialAccount = false)
     {
@@ -195,7 +158,13 @@ class AuthController extends Controller
 
         if (setting('registration-confirmation') || setting('registration-restrict')) {
             $newUser->save();
-            $this->emailConfirmationService->sendConfirmation($newUser);
+
+            try {
+                $this->emailConfirmationService->sendConfirmation($newUser);
+            } catch (Exception $e) {
+                session()->flash('error', trans('auth.email_confirm_send_error'));
+            }
+
             return redirect('/register/confirm');
         }
 
@@ -213,18 +182,6 @@ class AuthController extends Controller
         return view('auth/register-confirm');
     }
 
-    /**
-     * View the confirmation email as a standard web page.
-     * @param $token
-     * @return \Illuminate\View\View
-     * @throws UserRegistrationException
-     */
-    public function viewConfirmEmail($token)
-    {
-        $confirmation = $this->emailConfirmationService->getEmailConfirmationFromToken($token);
-        return view('emails/email-confirmation', ['token' => $confirmation->token]);
-    }
-
     /**
      * Confirms an email via a token and logs the user into the system.
      * @param $token
@@ -237,8 +194,8 @@ class AuthController extends Controller
         $user = $confirmation->user;
         $user->email_confirmed = true;
         $user->save();
-        auth()->login($confirmation->user);
-        session()->flash('success', 'Your email has been confirmed!');
+        auth()->login($user);
+        session()->flash('success', trans('auth.email_confirm_success'));
         $this->emailConfirmationService->deleteConfirmationsByUser($user);
         return redirect($this->redirectPath);
     }
@@ -264,33 +221,19 @@ class AuthController extends Controller
             'email' => 'required|email|exists:users,email'
         ]);
         $user = $this->userRepo->getByEmail($request->get('email'));
+
+        try {
+            $this->emailConfirmationService->sendConfirmation($user);
+        } catch (Exception $e) {
+            session()->flash('error', trans('auth.email_confirm_send_error'));
+            return redirect('/register/confirm');
+        }
+
         $this->emailConfirmationService->sendConfirmation($user);
-        session()->flash('success', 'Confirmation email resent, Please check your inbox.');
+        session()->flash('success', trans('auth.email_confirm_resent'));
         return redirect('/register/confirm');
     }
 
-    /**
-     * Show the application login form.
-     * @return \Illuminate\Http\Response
-     */
-    public function getLogin()
-    {
-        $socialDrivers = $this->socialAuthService->getActiveDrivers();
-        $authMethod = config('auth.method');
-        return view('auth/login', ['socialDrivers' => $socialDrivers, 'authMethod' => $authMethod]);
-    }
-
-    /**
-     * Redirect to the relevant social site.
-     * @param $socialDriver
-     * @return \Symfony\Component\HttpFoundation\RedirectResponse
-     */
-    public function getSocialLogin($socialDriver)
-    {
-        session()->put('social-callback', 'login');
-        return $this->socialAuthService->startLogIn($socialDriver);
-    }
-
     /**
      * Redirect to the social site for authentication intended to register.
      * @param $socialDriver
@@ -334,4 +277,25 @@ class AuthController extends Controller
         return $this->socialAuthService->detachSocialAccount($socialDriver);
     }
 
-}
+    /**
+     * Register a new user after a registration callback.
+     * @param $socialDriver
+     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
+     * @throws UserRegistrationException
+     */
+    protected function socialRegisterCallback($socialDriver)
+    {
+        $socialUser = $this->socialAuthService->handleRegistrationCallback($socialDriver);
+        $socialAccount = $this->socialAuthService->fillSocialAccount($socialDriver, $socialUser);
+
+        // Create an array of the user data to create a new user instance
+        $userData = [
+            'name' => $socialUser->getName(),
+            'email' => $socialUser->getEmail(),
+            'password' => str_random(30)
+        ];
+        return $this->registerUser($userData, $socialAccount);
+    }
+
+
+}

app/Http/Controllers/Auth/ResetPasswordController.php

@@ -5,7 +5,7 @@ namespace BookStack\Http\Controllers\Auth;
 use BookStack\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\ResetsPasswords;
 
-class PasswordController extends Controller
+class ResetPasswordController extends Controller
 {
     /*
     |--------------------------------------------------------------------------
@@ -23,10 +23,27 @@ class PasswordController extends Controller
     protected $redirectTo = '/';
 
     /**
-     * Create a new password controller instance.
+     * Create a new controller instance.
+     *
+     * @return void
      */
     public function __construct()
     {
         $this->middleware('guest');
+        parent::__construct();
     }
-}
+
+    /**
+     * Get the response for a successful password reset.
+     *
+     * @param  string  $response
+     * @return \Illuminate\Http\Response
+     */
+    protected function sendResetResponse($response)
+    {
+        $message = 'Your password has been successfully reset.';
+        session()->flash('success', $message);
+        return redirect($this->redirectPath())
+            ->with('status', trans($response));
+    }
+}

app/Http/Controllers/BookController.php

@@ -3,7 +3,6 @@
 use Activity;
 use BookStack\Repos\UserRepo;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Auth;
 use BookStack\Http\Requests;
 use BookStack\Repos\BookRepo;
 use BookStack\Repos\ChapterRepo;
@@ -180,21 +179,31 @@ class BookController extends Controller
             return redirect($book->getUrl());
         }
 
-        $sortedBooks = [];
         // Sort pages and chapters
+        $sortedBooks = [];
+        $updatedModels = collect();
         $sortMap = json_decode($request->get('sort-tree'));
         $defaultBookId = $book->id;
-        foreach ($sortMap as $index => $bookChild) {
-            $id = $bookChild->id;
+
+        // Loop through contents of provided map and update entities accordingly
+        foreach ($sortMap as $bookChild) {
+            $priority = $bookChild->sort;
+            $id = intval($bookChild->id);
             $isPage = $bookChild->type == 'page';
-            $bookId = $this->bookRepo->exists($bookChild->book) ? $bookChild->book : $defaultBookId;
+            $bookId = $this->bookRepo->exists($bookChild->book) ? intval($bookChild->book) : $defaultBookId;
+            $chapterId = ($isPage && $bookChild->parentChapter === false) ? 0 : intval($bookChild->parentChapter);
             $model = $isPage ? $this->pageRepo->getById($id) : $this->chapterRepo->getById($id);
-            $isPage ? $this->pageRepo->changeBook($bookId, $model) : $this->chapterRepo->changeBook($bookId, $model);
-            $model->priority = $index;
-            if ($isPage) {
-                $model->chapter_id = ($bookChild->parentChapter === false) ? 0 : $bookChild->parentChapter;
+
+            // Update models only if there's a change in parent chain or ordering.
+            if ($model->priority !== $priority || $model->book_id !== $bookId || ($isPage && $model->chapter_id !== $chapterId)) {
+                $isPage ? $this->pageRepo->changeBook($bookId, $model) : $this->chapterRepo->changeBook($bookId, $model);
+                $model->priority = $priority;
+                if ($isPage) $model->chapter_id = $chapterId;
+                $model->save();
+                $updatedModels->push($model);
             }
-            $model->save();
+
+            // Store involved books to be sorted later
             if (!in_array($bookId, $sortedBooks)) {
                 $sortedBooks[] = $bookId;
             }
@@ -203,10 +212,12 @@ class BookController extends Controller
         // Add activity for books
         foreach ($sortedBooks as $bookId) {
             $updatedBook = $this->bookRepo->getById($bookId);
-            $this->bookRepo->updateBookPermissions($updatedBook);
             Activity::add($updatedBook, 'book_sort', $updatedBook->id);
         }
 
+        // Update permissions on changed models
+        $this->bookRepo->buildJointPermissions($updatedModels);
+
         return redirect($book->getUrl());
     }
 

app/Http/Controllers/ChapterController.php

@@ -115,9 +115,11 @@ class ChapterController extends Controller
         $book = $this->bookRepo->getBySlug($bookSlug);
         $chapter = $this->chapterRepo->getBySlug($chapterSlug, $book->id);
         $this->checkOwnablePermission('chapter-update', $chapter);
+        if ($chapter->name !== $request->get('name')) {
+            $chapter->slug = $this->chapterRepo->findSuitableSlug($request->get('name'), $book->id, $chapter->id);
+        }
         $chapter->fill($request->all());
-        $chapter->slug = $this->chapterRepo->findSuitableSlug($chapter->name, $book->id, $chapter->id);
-        $chapter->updated_by = auth()->user()->id;
+        $chapter->updated_by = user()->id;
         $chapter->save();
         Activity::add($chapter, 'chapter_update', $book->id);
         return redirect($chapter->getUrl());
@@ -204,7 +206,7 @@ class ChapterController extends Controller
             return redirect()->back();
         }
 
-        $this->chapterRepo->changeBook($parent->id, $chapter);
+        $this->chapterRepo->changeBook($parent->id, $chapter, true);
         Activity::add($chapter, 'chapter_move', $chapter->book->id);
         session()->flash('success', sprintf('Chapter moved to "%s"', $parent->name));
 

app/Http/Controllers/Controller.php

@@ -3,13 +3,11 @@
 namespace BookStack\Http\Controllers;
 
 use BookStack\Ownable;
-use HttpRequestException;
 use Illuminate\Foundation\Bus\DispatchesJobs;
 use Illuminate\Http\Exception\HttpResponseException;
+use Illuminate\Http\Request;
 use Illuminate\Routing\Controller as BaseController;
 use Illuminate\Foundation\Validation\ValidatesRequests;
-use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Facades\Session;
 use BookStack\User;
 
 abstract class Controller extends BaseController
@@ -30,17 +28,21 @@ abstract class Controller extends BaseController
      */
     public function __construct()
     {
-        // Get a user instance for the current user
-        $user = auth()->user();
-        if (!$user) $user = User::getDefault();
+        $this->middleware(function ($request, $next) {
 
-        // Share variables with views
-        view()->share('signedIn', auth()->check());
-        view()->share('currentUser', $user);
+            // Get a user instance for the current user
+            $user = user();
 
-        // Share variables with controllers
-        $this->currentUser = $user;
-        $this->signedIn = auth()->check();
+            // Share variables with controllers
+            $this->currentUser = $user;
+            $this->signedIn = auth()->check();
+
+            // Share variables with views
+            view()->share('signedIn', $this->signedIn);
+            view()->share('currentUser', $user);
+
+            return $next($request);
+        });
     }
 
     /**
@@ -67,8 +69,13 @@ abstract class Controller extends BaseController
      */
     protected function showPermissionError()
     {
-        Session::flash('error', trans('errors.permission'));
-        $response = request()->wantsJson() ? response()->json(['error' => trans('errors.permissionJson')], 403) : redirect('/');
+        if (request()->wantsJson()) {
+            $response = response()->json(['error' => trans('errors.permissionJson')], 403);
+        } else {
+            $response = redirect('/');
+            session()->flash('error', trans('errors.permission'));
+        }
+
         throw new HttpResponseException($response);
     }
 
@@ -79,7 +86,7 @@ abstract class Controller extends BaseController
      */
     protected function checkPermission($permissionName)
     {
-        if (!$this->currentUser || !$this->currentUser->can($permissionName)) {
+        if (!user() || !user()->can($permissionName)) {
             $this->showPermissionError();
         }
         return true;
@@ -121,4 +128,22 @@ abstract class Controller extends BaseController
         return response()->json(['message' => $messageText], $statusCode);
     }
 
+    /**
+     * Create the response for when a request fails validation.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  array  $errors
+     * @return \Symfony\Component\HttpFoundation\Response
+     */
+    protected function buildFailedValidationResponse(Request $request, array $errors)
+    {
+        if ($request->expectsJson()) {
+            return response()->json(['validation' => $errors], 422);
+        }
+
+        return redirect()->to($this->getRedirectUrl())
+            ->withInput($request->input())
+            ->withErrors($errors, $this->errorBag());
+    }
+
 }

app/Http/Controllers/PageController.php

@@ -12,6 +12,7 @@ use BookStack\Repos\ChapterRepo;
 use BookStack\Repos\PageRepo;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 use Views;
+use GatherContent\Htmldiff\Htmldiff;
 
 class PageController extends Controller
 {
@@ -42,27 +43,60 @@ class PageController extends Controller
 
     /**
      * Show the form for creating a new page.
-     * @param      $bookSlug
-     * @param bool $chapterSlug
+     * @param string $bookSlug
+     * @param string $chapterSlug
      * @return Response
      * @internal param bool $pageSlug
      */
-    public function create($bookSlug, $chapterSlug = false)
+    public function create($bookSlug, $chapterSlug = null)
     {
         $book = $this->bookRepo->getBySlug($bookSlug);
         $chapter = $chapterSlug ? $this->chapterRepo->getBySlug($chapterSlug, $book->id) : null;
         $parent = $chapter ? $chapter : $book;
         $this->checkOwnablePermission('page-create', $parent);
-        $this->setPageTitle('Create New Page');
 
-        $draft = $this->pageRepo->getDraftPage($book, $chapter);
-        return redirect($draft->getUrl());
+        // Redirect to draft edit screen if signed in
+        if ($this->signedIn) {
+            $draft = $this->pageRepo->getDraftPage($book, $chapter);
+            return redirect($draft->getUrl());
+        }
+
+        // Otherwise show edit view
+        $this->setPageTitle('Create New Page');
+        return view('pages/guest-create', ['parent' => $parent]);
+    }
+
+    /**
+     * Create a new page as a guest user.
+     * @param Request $request
+     * @param string $bookSlug
+     * @param string|null $chapterSlug
+     * @return mixed
+     * @throws NotFoundException
+     */
+    public function createAsGuest(Request $request, $bookSlug, $chapterSlug = null)
+    {
+        $this->validate($request, [
+            'name' => 'required|string|max:255'
+        ]);
+
+        $book = $this->bookRepo->getBySlug($bookSlug);
+        $chapter = $chapterSlug ? $this->chapterRepo->getBySlug($chapterSlug, $book->id) : null;
+        $parent = $chapter ? $chapter : $book;
+        $this->checkOwnablePermission('page-create', $parent);
+
+        $page = $this->pageRepo->getDraftPage($book, $chapter);
+        $this->pageRepo->publishDraft($page, [
+            'name' => $request->get('name'),
+            'html' => ''
+        ]);
+        return redirect($page->getUrl('/edit'));
     }
 
     /**
      * Show form to continue editing a draft page.
-     * @param $bookSlug
-     * @param $pageId
+     * @param string $bookSlug
+     * @param int $pageId
      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
      */
     public function editDraft($bookSlug, $pageId)
@@ -72,7 +106,13 @@ class PageController extends Controller
         $this->checkOwnablePermission('page-create', $book);
         $this->setPageTitle('Edit Page Draft');
 
-        return view('pages/edit', ['page' => $draft, 'book' => $book, 'isDraft' => true]);
+        $draftsEnabled = $this->signedIn;
+        return view('pages/edit', [
+            'page' => $draft,
+            'book' => $book,
+            'isDraft' => true,
+            'draftsEnabled' => $draftsEnabled
+        ]);
     }
 
     /**
@@ -112,8 +152,8 @@ class PageController extends Controller
      * Display the specified page.
      * If the page is not found via the slug the
      * revisions are searched for a match.
-     * @param $bookSlug
-     * @param $pageSlug
+     * @param string $bookSlug
+     * @param string $pageSlug
      * @return Response
      */
     public function show($bookSlug, $pageSlug)
@@ -131,14 +171,17 @@ class PageController extends Controller
         $this->checkOwnablePermission('page-view', $page);
 
         $sidebarTree = $this->bookRepo->getChildren($book);
+        $pageNav = $this->pageRepo->getPageNav($page);
+        
         Views::add($page);
         $this->setPageTitle($page->getShortName());
-        return view('pages/show', ['page' => $page, 'book' => $book, 'current' => $page, 'sidebarTree' => $sidebarTree]);
+        return view('pages/show', ['page' => $page, 'book' => $book,
+                                   'current' => $page, 'sidebarTree' => $sidebarTree, 'pageNav' => $pageNav]);
     }
 
     /**
      * Get page from an ajax request.
-     * @param $pageId
+     * @param int $pageId
      * @return \Illuminate\Http\JsonResponse
      */
     public function getPageAjax($pageId)
@@ -149,8 +192,8 @@ class PageController extends Controller
 
     /**
      * Show the form for editing the specified page.
-     * @param $bookSlug
-     * @param $pageSlug
+     * @param string $bookSlug
+     * @param string $pageSlug
      * @return Response
      */
     public function edit($bookSlug, $pageSlug)
@@ -179,14 +222,20 @@ class PageController extends Controller
 
         if (count($warnings) > 0) session()->flash('warning', implode("\n", $warnings));
 
-        return view('pages/edit', ['page' => $page, 'book' => $book, 'current' => $page]);
+        $draftsEnabled = $this->signedIn;
+        return view('pages/edit', [
+            'page' => $page,
+            'book' => $book,
+            'current' => $page,
+            'draftsEnabled' => $draftsEnabled
+        ]);
     }
 
     /**
      * Update the specified page in storage.
      * @param  Request $request
-     * @param          $bookSlug
-     * @param          $pageSlug
+     * @param  string $bookSlug
+     * @param  string $pageSlug
      * @return Response
      */
     public function update(Request $request, $bookSlug, $pageSlug)
@@ -205,13 +254,21 @@ class PageController extends Controller
     /**
      * Save a draft update as a revision.
      * @param Request $request
-     * @param $pageId
+     * @param int $pageId
      * @return \Illuminate\Http\JsonResponse
      */
     public function saveDraft(Request $request, $pageId)
     {
         $page = $this->pageRepo->getById($pageId, true);
         $this->checkOwnablePermission('page-update', $page);
+
+        if (!$this->signedIn) {
+            return response()->json([
+                'status' => 'error',
+                'message' => 'Guests cannot save drafts',
+            ], 500);
+        }
+
         if ($page->draft) {
             $draft = $this->pageRepo->updateDraftPage($page, $request->only(['name', 'html', 'markdown']));
         } else {
@@ -230,7 +287,7 @@ class PageController extends Controller
     /**
      * Redirect from a special link url which
      * uses the page id rather than the name.
-     * @param $pageId
+     * @param int $pageId
      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
      */
     public function redirectFromLink($pageId)
@@ -241,8 +298,8 @@ class PageController extends Controller
 
     /**
      * Show the deletion page for the specified page.
-     * @param $bookSlug
-     * @param $pageSlug
+     * @param string $bookSlug
+     * @param string $pageSlug
      * @return \Illuminate\View\View
      */
     public function showDelete($bookSlug, $pageSlug)
@@ -257,8 +314,8 @@ class PageController extends Controller
 
     /**
      * Show the deletion page for the specified page.
-     * @param $bookSlug
-     * @param $pageId
+     * @param string $bookSlug
+     * @param int $pageId
      * @return \Illuminate\View\View
      * @throws NotFoundException
      */
@@ -273,8 +330,8 @@ class PageController extends Controller
 
     /**
      * Remove the specified page from storage.
-     * @param $bookSlug
-     * @param $pageSlug
+     * @param string $bookSlug
+     * @param string $pageSlug
      * @return Response
      * @internal param int $id
      */
@@ -291,8 +348,8 @@ class PageController extends Controller
 
     /**
      * Remove the specified draft page from storage.
-     * @param $bookSlug
-     * @param $pageId
+     * @param string $bookSlug
+     * @param int $pageId
      * @return Response
      * @throws NotFoundException
      */
@@ -308,8 +365,8 @@ class PageController extends Controller
 
     /**
      * Shows the last revisions for this page.
-     * @param $bookSlug
-     * @param $pageSlug
+     * @param string $bookSlug
+     * @param string $pageSlug
      * @return \Illuminate\View\View
      */
     public function showRevisions($bookSlug, $pageSlug)
@@ -322,9 +379,9 @@ class PageController extends Controller
 
     /**
      * Shows a preview of a single revision
-     * @param $bookSlug
-     * @param $pageSlug
-     * @param $revisionId
+     * @param string $bookSlug
+     * @param string $pageSlug
+     * @param int $revisionId
      * @return \Illuminate\View\View
      */
     public function showRevision($bookSlug, $pageSlug, $revisionId)
@@ -332,16 +389,48 @@ class PageController extends Controller
         $book = $this->bookRepo->getBySlug($bookSlug);
         $page = $this->pageRepo->getBySlug($pageSlug, $book->id);
         $revision = $this->pageRepo->getRevisionById($revisionId);
+
         $page->fill($revision->toArray());
         $this->setPageTitle('Page Revision For ' . $page->getShortName());
-        return view('pages/revision', ['page' => $page, 'book' => $book]);
+        
+        return view('pages/revision', [
+            'page' => $page,
+            'book' => $book,
+        ]);
+    }
+
+    /**
+     * Shows the changes of a single revision
+     * @param string $bookSlug
+     * @param string $pageSlug
+     * @param int $revisionId
+     * @return \Illuminate\View\View
+     */
+    public function showRevisionChanges($bookSlug, $pageSlug, $revisionId)
+    {
+        $book = $this->bookRepo->getBySlug($bookSlug);
+        $page = $this->pageRepo->getBySlug($pageSlug, $book->id);
+        $revision = $this->pageRepo->getRevisionById($revisionId);
+
+        $prev = $revision->getPrevious();
+        $prevContent = ($prev === null) ? '' : $prev->html;
+        $diff = (new Htmldiff)->diff($prevContent, $revision->html);
+
+        $page->fill($revision->toArray());
+        $this->setPageTitle('Page Revision For ' . $page->getShortName());
+
+        return view('pages/revision', [
+            'page' => $page,
+            'book' => $book,
+            'diff' => $diff,
+        ]);
     }
 
     /**
      * Restores a page using the content of the specified revision.
-     * @param $bookSlug
-     * @param $pageSlug
-     * @param $revisionId
+     * @param string $bookSlug
+     * @param string $pageSlug
+     * @param int $revisionId
      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
      */
     public function restoreRevision($bookSlug, $pageSlug, $revisionId)
@@ -357,8 +446,8 @@ class PageController extends Controller
     /**
      * Exports a page to pdf format using barryvdh/laravel-dompdf wrapper.
      * https://github.com/barryvdh/laravel-dompdf
-     * @param $bookSlug
-     * @param $pageSlug
+     * @param string $bookSlug
+     * @param string $pageSlug
      * @return \Illuminate\Http\Response
      */
     public function exportPdf($bookSlug, $pageSlug)
@@ -374,8 +463,8 @@ class PageController extends Controller
 
     /**
      * Export a page to a self-contained HTML file.
-     * @param $bookSlug
-     * @param $pageSlug
+     * @param string $bookSlug
+     * @param string $pageSlug
      * @return \Illuminate\Http\Response
      */
     public function exportHtml($bookSlug, $pageSlug)
@@ -391,8 +480,8 @@ class PageController extends Controller
 
     /**
      * Export a page to a simple plaintext .txt file.
-     * @param $bookSlug
-     * @param $pageSlug
+     * @param string $bookSlug
+     * @param string $pageSlug
      * @return \Illuminate\Http\Response
      */
     public function exportPlainText($bookSlug, $pageSlug)
@@ -434,8 +523,8 @@ class PageController extends Controller
 
     /**
      * Show the Restrictions view.
-     * @param $bookSlug
-     * @param $pageSlug
+     * @param string $bookSlug
+     * @param string $pageSlug
      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
      */
     public function showRestrict($bookSlug, $pageSlug)
@@ -452,8 +541,8 @@ class PageController extends Controller
 
     /**
      * Show the view to choose a new parent to move a page into.
-     * @param $bookSlug
-     * @param $pageSlug
+     * @param string $bookSlug
+     * @param string $pageSlug
      * @return mixed
      * @throws NotFoundException
      */
@@ -470,8 +559,8 @@ class PageController extends Controller
 
     /**
      * Does the action of moving the location of a page
-     * @param $bookSlug
-     * @param $pageSlug
+     * @param string $bookSlug
+     * @param string $pageSlug
      * @param Request $request
      * @return mixed
      * @throws NotFoundException
@@ -513,8 +602,8 @@ class PageController extends Controller
 
     /**
      * Set the permissions for this page.
-     * @param $bookSlug
-     * @param $pageSlug
+     * @param string $bookSlug
+     * @param string $pageSlug
      * @param Request $request
      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
      */

app/Http/Controllers/SettingController.php

@@ -17,10 +17,7 @@ class SettingController extends Controller
         $this->setPageTitle('Settings');
 
         // Get application version
-        $version = false;
-        if (function_exists('exec')) {
-            $version = exec('git describe --always --tags ');
-        }
+        $version = trim(file_get_contents(base_path('version')));
 
         return view('settings/index', ['version' => $version]);
     }

app/Http/Controllers/UserController.php

@@ -3,6 +3,7 @@
 namespace BookStack\Http\Controllers;
 
 use BookStack\Activity;
+use Exception;
 use Illuminate\Http\Request;
 
 use Illuminate\Http\Response;
@@ -56,7 +57,7 @@ class UserController extends Controller
     {
         $this->checkPermission('users-manage');
         $authMethod = config('auth.method');
-        $roles = $this->userRepo->getAssignableRoles();
+        $roles = $this->userRepo->getAllRoles();
         return view('users/create', ['authMethod' => $authMethod, 'roles' => $roles]);
     }
 
@@ -100,9 +101,14 @@ class UserController extends Controller
 
         // Get avatar from gravatar and save
         if (!config('services.disable_services')) {
-            $avatar = \Images::saveUserGravatar($user);
-            $user->avatar()->associate($avatar);
-            $user->save();
+            try {
+                $avatar = \Images::saveUserGravatar($user);
+                $user->avatar()->associate($avatar);
+                $user->save();
+            } catch (Exception $e) {
+                \Log::error('Failed to save user gravatar image');
+            }
+
         }
 
         return redirect('/settings/users');
@@ -120,12 +126,13 @@ class UserController extends Controller
             return $this->currentUser->id == $id;
         });
 
-        $authMethod = config('auth.method');
-
         $user = $this->user->findOrFail($id);
+
+        $authMethod = ($user->system_name) ? 'system' : config('auth.method');
+
         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
         $this->setPageTitle('User Profile');
-        $roles = $this->userRepo->getAssignableRoles();
+        $roles = $this->userRepo->getAllRoles();
         return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]);
     }
 
@@ -180,7 +187,7 @@ class UserController extends Controller
 
     /**
      * Show the user delete page.
-     * @param $id
+     * @param int $id
      * @return \Illuminate\View\View
      */
     public function delete($id)
@@ -213,6 +220,11 @@ class UserController extends Controller
             return redirect($user->getEditUrl());
         }
 
+        if ($user->system_name === 'public') {
+            session()->flash('error', 'You cannot delete the guest user');
+            return redirect($user->getEditUrl());
+        }
+
         $this->userRepo->destroy($user);
         session()->flash('success', 'User successfully removed');
 

app/Http/Kernel.php

@@ -9,15 +9,32 @@ class Kernel extends HttpKernel
     /**
      * The application's global HTTP middleware stack.
      *
+     * These middleware are run during every request to your application.
+     *
      * @var array
      */
     protected $middleware = [
         \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
-        \BookStack\Http\Middleware\EncryptCookies::class,
-        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
-        \Illuminate\Session\Middleware\StartSession::class,
-        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-        \BookStack\Http\Middleware\VerifyCsrfToken::class,
+    ];
+
+    /**
+     * The application's route middleware groups.
+     *
+     * @var array
+     */
+    protected $middlewareGroups = [
+        'web' => [
+            \BookStack\Http\Middleware\EncryptCookies::class,
+            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
+            \Illuminate\Session\Middleware\StartSession::class,
+            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
+            \BookStack\Http\Middleware\VerifyCsrfToken::class,
+            \Illuminate\Routing\Middleware\SubstituteBindings::class,
+        ],
+        'api' => [
+            'throttle:60,1',
+            'bindings',
+        ],
     ];
 
     /**
@@ -26,6 +43,7 @@ class Kernel extends HttpKernel
      * @var array
      */
     protected $routeMiddleware = [
+        'can' => \Illuminate\Auth\Middleware\Authorize::class,
         'auth'       => \BookStack\Http\Middleware\Authenticate::class,
         'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
         'guest'      => \BookStack\Http\Middleware\RedirectIfAuthenticated::class,

app/Http/Middleware/Authenticate.php

@@ -33,7 +33,7 @@ class Authenticate
     public function handle($request, Closure $next)
     {
         if ($this->auth->check() && setting('registration-confirmation') && !$this->auth->user()->email_confirmed) {
-            return redirect()->guest(baseUrl('/register/confirm/awaiting'));
+            return redirect(baseUrl('/register/confirm/awaiting'));
         }
 
         if ($this->auth->guest() && !setting('app-public')) {

app/Http/Middleware/RedirectIfAuthenticated.php

@@ -34,7 +34,8 @@ class RedirectIfAuthenticated
      */
     public function handle($request, Closure $next)
     {
-        if ($this->auth->check()) {
+        $requireConfirmation = setting('registration-confirmation');
+        if ($this->auth->check() && (!$requireConfirmation || ($requireConfirmation && $this->auth->user()->email_confirmed))) {
             return redirect('/');
         }
 

app/Jobs/Job.php

@@ -1,21 +0,0 @@
-<?php
-
-namespace BookStack\Jobs;
-
-use Illuminate\Bus\Queueable;
-
-abstract class Job
-{
-    /*
-    |--------------------------------------------------------------------------
-    | Queueable Jobs
-    |--------------------------------------------------------------------------
-    |
-    | This job base class provides a central location to place any logic that
-    | is shared across all of your jobs. The trait included with the class
-    | provides access to the "queueOn" and "delay" queue helper methods.
-    |
-    */
-
-    use Queueable;
-}

app/Notifications/ConfirmEmail.php

@@ -0,0 +1,49 @@
+<?php
+
+namespace BookStack\Notifications;
+
+use Illuminate\Notifications\Notification;
+use Illuminate\Notifications\Messages\MailMessage;
+
+class ConfirmEmail extends Notification
+{
+
+    public $token;
+
+    /**
+     * Create a new notification instance.
+     * @param string $token
+     */
+    public function __construct($token)
+    {
+        $this->token = $token;
+    }
+
+    /**
+     * Get the notification's delivery channels.
+     *
+     * @param  mixed  $notifiable
+     * @return array
+     */
+    public function via($notifiable)
+    {
+        return ['mail'];
+    }
+
+    /**
+     * Get the mail representation of the notification.
+     *
+     * @param  mixed  $notifiable
+     * @return \Illuminate\Notifications\Messages\MailMessage
+     */
+    public function toMail($notifiable)
+    {
+        $appName = ['appName' => setting('app-name')];
+        return (new MailMessage)
+                    ->subject(trans('auth.email_confirm_subject', $appName))
+                    ->greeting(trans('auth.email_confirm_greeting', $appName))
+                    ->line(trans('auth.email_confirm_text'))
+                    ->action(trans('auth.email_confirm_action'), baseUrl('/register/confirm/' . $this->token));
+    }
+
+}

app/Notifications/ResetPassword.php

@@ -0,0 +1,50 @@
+<?php
+
+namespace BookStack\Notifications;
+
+use Illuminate\Notifications\Notification;
+use Illuminate\Notifications\Messages\MailMessage;
+
+class ResetPassword extends Notification
+{
+    /**
+     * The password reset token.
+     *
+     * @var string
+     */
+    public $token;
+
+    /**
+     * Create a notification instance.
+     *
+     * @param  string  $token
+     */
+    public function __construct($token)
+    {
+        $this->token = $token;
+    }
+
+    /**
+     * Get the notification's channels.
+     *
+     * @param  mixed  $notifiable
+     * @return array|string
+     */
+    public function via($notifiable)
+    {
+        return ['mail'];
+    }
+
+    /**
+     * Build the mail representation of the notification.
+     *
+     * @return \Illuminate\Notifications\Messages\MailMessage
+     */
+    public function toMail()
+    {
+        return (new MailMessage)
+            ->line('You are receiving this email because we received a password reset request for your account.')
+            ->action('Reset Password', baseUrl('password/reset/' . $this->token))
+            ->line('If you did not request a password reset, no further action is required.');
+    }
+}

app/Page.php

@@ -54,6 +54,15 @@ class Page extends Entity
         return $this->hasMany(PageRevision::class)->where('type', '=', 'version')->orderBy('created_at', 'desc');
     }
 
+    /**
+     * Get the attachments assigned to this page.
+     * @return \Illuminate\Database\Eloquent\Relations\HasMany
+     */
+    public function attachments()
+    {
+        return $this->hasMany(Attachment::class, 'uploaded_to')->orderBy('order', 'asc');
+    }
+
     /**
      * Get the url for this page.
      * @param string|bool $path
@@ -63,13 +72,13 @@ class Page extends Entity
     {
         $bookSlug = $this->getAttribute('bookSlug') ? $this->getAttribute('bookSlug') : $this->book->slug;
         $midText = $this->draft ? '/draft/' : '/page/';
-        $idComponent = $this->draft ? $this->id : $this->slug;
+        $idComponent = $this->draft ? $this->id : urlencode($this->slug);
 
         if ($path !== false) {
-            return baseUrl('/books/' . $bookSlug . $midText . $idComponent . '/' . trim($path, '/'));
+            return baseUrl('/books/' . urlencode($bookSlug) . $midText . $idComponent . '/' . trim($path, '/'));
         }
 
-        return baseUrl('/books/' . $bookSlug . $midText . $idComponent);
+        return baseUrl('/books/' . urlencode($bookSlug) . $midText . $idComponent);
     }
 
     /**

app/PageRevision.php

@@ -3,7 +3,7 @@
 
 class PageRevision extends Model
 {
-    protected $fillable = ['name', 'html', 'text', 'markdown'];
+    protected $fillable = ['name', 'html', 'text', 'markdown', 'summary'];
 
     /**
      * Get the user that created the page revision
@@ -25,11 +25,26 @@ class PageRevision extends Model
 
     /**
      * Get the url for this revision.
+     * @param null|string $path
      * @return string
      */
-    public function getUrl()
+    public function getUrl($path = null)
     {
-        return $this->page->getUrl() . '/revisions/' . $this->id;
+        $url = $this->page->getUrl() . '/revisions/' . $this->id;
+        if ($path) return $url . '/' . trim($path, '/');
+        return $url;
+    }
+
+    /**
+     * Get the previous revision for the same page if existing
+     * @return \BookStack\PageRevision|null
+     */
+    public function getPrevious()
+    {
+        if ($id = static::where('page_id', '=', $this->page_id)->where('id', '<', $this->id)->max('id')) {
+            return static::find($id);
+        }
+        return null;
     }
 
 }

app/Providers/AppServiceProvider.php

@@ -1,10 +1,6 @@
-<?php
+<?php namespace BookStack\Providers;
 
-namespace BookStack\Providers;
-
-use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\ServiceProvider;
-use BookStack\User;
 
 class AppServiceProvider extends ServiceProvider
 {

app/Providers/BroadcastServiceProvider.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace BookStack\Providers;
+
+use Illuminate\Support\ServiceProvider;
+use Illuminate\Support\Facades\Broadcast;
+
+class BroadcastServiceProvider extends ServiceProvider
+{
+    /**
+     * Bootstrap any application services.
+     *
+     * @return void
+     */
+    public function boot()
+    {
+//        Broadcast::routes();
+//
+//        /*
+//         * Authenticate the user's personal channel...
+//         */
+//        Broadcast::channel('BookStack.User.*', function ($user, $userId) {
+//            return (int) $user->id === (int) $userId;
+//        });
+    }
+}

app/Providers/EventServiceProvider.php

@@ -21,13 +21,10 @@ class EventServiceProvider extends ServiceProvider
     /**
      * Register any other events for your application.
      *
-     * @param  \Illuminate\Contracts\Events\Dispatcher  $events
      * @return void
      */
-    public function boot(DispatcherContract $events)
+    public function boot()
     {
-        parent::boot($events);
-
-        //
+        parent::boot();
     }
 }

app/Providers/PaginationServiceProvider.php

@@ -1,11 +1,12 @@
 <?php namespace BookStack\Providers;
 
 
-use Illuminate\Support\ServiceProvider;
+use Illuminate\Pagination\PaginationServiceProvider as IlluminatePaginationServiceProvider;
 use Illuminate\Pagination\Paginator;
 
-class PaginationServiceProvider extends ServiceProvider
+class PaginationServiceProvider extends IlluminatePaginationServiceProvider
 {
+
     /**
      * Register the service provider.
      *
@@ -13,6 +14,10 @@ class PaginationServiceProvider extends ServiceProvider
      */
     public function register()
     {
+        Paginator::viewFactoryResolver(function () {
+            return $this->app['view'];
+        });
+
         Paginator::currentPathResolver(function () {
             return baseUrl($this->app['request']->path());
         });

app/Providers/RouteServiceProvider.php

@@ -4,6 +4,7 @@ namespace BookStack\Providers;
 
 use Illuminate\Routing\Router;
 use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;
+use Route;
 
 class RouteServiceProvider extends ServiceProvider
 {
@@ -19,26 +20,54 @@ class RouteServiceProvider extends ServiceProvider
     /**
      * Define your route model bindings, pattern filters, etc.
      *
-     * @param  \Illuminate\Routing\Router  $router
      * @return void
      */
-    public function boot(Router $router)
+    public function boot()
     {
-        //
-
-        parent::boot($router);
+        parent::boot();
     }
 
     /**
      * Define the routes for the application.
      *
-     * @param  \Illuminate\Routing\Router  $router
      * @return void
      */
-    public function map(Router $router)
+    public function map()
     {
-        $router->group(['namespace' => $this->namespace], function ($router) {
-            require app_path('Http/routes.php');
+        $this->mapWebRoutes();
+//        $this->mapApiRoutes();
+    }
+    /**
+     * Define the "web" routes for the application.
+     *
+     * These routes all receive session state, CSRF protection, etc.
+     *
+     * @return void
+     */
+    protected function mapWebRoutes()
+    {
+        Route::group([
+            'middleware' => 'web',
+            'namespace' => $this->namespace,
+        ], function ($router) {
+            require base_path('routes/web.php');
+        });
+    }
+    /**
+     * Define the "api" routes for the application.
+     *
+     * These routes are typically stateless.
+     *
+     * @return void
+     */
+    protected function mapApiRoutes()
+    {
+        Route::group([
+            'middleware' => 'api',
+            'namespace' => $this->namespace,
+            'prefix' => 'api',
+        ], function ($router) {
+            require base_path('routes/api.php');
         });
     }
 }

app/Repos/BookRepo.php

@@ -2,6 +2,7 @@
 
 use Alpha\B;
 use BookStack\Exceptions\NotFoundException;
+use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Support\Str;
 use BookStack\Book;
 use Views;
@@ -131,8 +132,8 @@ class BookRepo extends EntityRepo
     {
         $book = $this->book->newInstance($input);
         $book->slug = $this->findSuitableSlug($book->name);
-        $book->created_by = auth()->user()->id;
-        $book->updated_by = auth()->user()->id;
+        $book->created_by = user()->id;
+        $book->updated_by = user()->id;
         $book->save();
         $this->permissionService->buildJointPermissionsForEntity($book);
         return $book;
@@ -146,9 +147,11 @@ class BookRepo extends EntityRepo
      */
     public function updateFromInput(Book $book, $input)
     {
+        if ($book->name !== $input['name']) {
+            $book->slug = $this->findSuitableSlug($input['name'], $book->id);
+        }
         $book->fill($input);
-        $book->slug = $this->findSuitableSlug($book->name, $book->id);
-        $book->updated_by = auth()->user()->id;
+        $book->updated_by = user()->id;
         $book->save();
         $this->permissionService->buildJointPermissionsForEntity($book);
         return $book;
@@ -173,15 +176,6 @@ class BookRepo extends EntityRepo
         $book->delete();
     }
 
-    /**
-     * Alias method to update the book jointPermissions in the PermissionService.
-     * @param Book $book
-     */
-    public function updateBookPermissions(Book $book)
-    {
-        $this->permissionService->buildJointPermissionsForEntity($book);
-    }
-
     /**
      * Get the next child element priority.
      * @param Book $book
@@ -216,8 +210,7 @@ class BookRepo extends EntityRepo
      */
     public function findSuitableSlug($name, $currentId = false)
     {
-        $slug = Str::slug($name);
-        if ($slug === "") $slug = substr(md5(rand(1, 500)), 0, 5);
+        $slug = $this->nameToSlug($name);
         while ($this->doesSlugExist($slug, $currentId)) {
             $slug .= '-' . substr(md5(rand(1, 500)), 0, 3);
         }

app/Repos/ChapterRepo.php

@@ -98,8 +98,8 @@ class ChapterRepo extends EntityRepo
     {
         $chapter = $this->chapter->newInstance($input);
         $chapter->slug = $this->findSuitableSlug($chapter->name, $book->id);
-        $chapter->created_by = auth()->user()->id;
-        $chapter->updated_by = auth()->user()->id;
+        $chapter->created_by = user()->id;
+        $chapter->updated_by = user()->id;
         $chapter = $book->chapters()->save($chapter);
         $this->permissionService->buildJointPermissionsForEntity($chapter);
         return $chapter;
@@ -150,8 +150,7 @@ class ChapterRepo extends EntityRepo
      */
     public function findSuitableSlug($name, $bookId, $currentId = false)
     {
-        $slug = Str::slug($name);
-        if ($slug === "") $slug = substr(md5(rand(1, 500)), 0, 5);
+        $slug = $this->nameToSlug($name);
         while ($this->doesSlugExist($slug, $bookId, $currentId)) {
             $slug .= '-' . substr(md5(rand(1, 500)), 0, 3);
         }
@@ -195,11 +194,12 @@ class ChapterRepo extends EntityRepo
 
     /**
      * Changes the book relation of this chapter.
-     * @param         $bookId
+     * @param $bookId
      * @param Chapter $chapter
+     * @param bool $rebuildPermissions
      * @return Chapter
      */
-    public function changeBook($bookId, Chapter $chapter)
+    public function changeBook($bookId, Chapter $chapter, $rebuildPermissions = false)
     {
         $chapter->book_id = $bookId;
         // Update related activity
@@ -213,9 +213,12 @@ class ChapterRepo extends EntityRepo
         foreach ($chapter->pages as $page) {
             $this->pageRepo->changeBook($bookId, $page);
         }
-        // Update permissions
-        $chapter->load('book');
-        $this->permissionService->buildJointPermissionsForEntity($chapter->book);
+
+        // Update permissions if applicable
+        if ($rebuildPermissions) {
+            $chapter->load('book');
+            $this->permissionService->buildJointPermissionsForEntity($chapter->book);
+        }
 
         return $chapter;
     }

app/Repos/EntityRepo.php

@@ -6,6 +6,7 @@ use BookStack\Entity;
 use BookStack\Page;
 use BookStack\Services\PermissionService;
 use BookStack\User;
+use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\Log;
 
 class EntityRepo
@@ -131,9 +132,8 @@ class EntityRepo
      */
     public function getUserDraftPages($count = 20, $page = 0)
     {
-        $user = auth()->user();
         return $this->page->where('draft', '=', true)
-            ->where('created_by', '=', $user->id)
+            ->where('created_by', '=', user()->id)
             ->orderBy('updated_at', 'desc')
             ->skip($count * $page)->take($count)->get();
     }
@@ -168,15 +168,16 @@ class EntityRepo
      * @param $termString
      * @return array
      */
-    protected function prepareSearchTerms($termString)
+    public function prepareSearchTerms($termString)
     {
         $termString = $this->cleanSearchTermString($termString);
-        preg_match_all('/"(.*?)"/', $termString, $matches);
+        preg_match_all('/(".*?")/', $termString, $matches);
+        $terms = [];
         if (count($matches[1]) > 0) {
-            $terms = $matches[1];
+            foreach ($matches[1] as $match) {
+                $terms[] = $match;
+            }
             $termString = trim(preg_replace('/"(.*?)"/', '', $termString));
-        } else {
-            $terms = [];
         }
         if (!empty($termString)) $terms = array_merge($terms, explode(' ', $termString));
         return $terms;
@@ -259,6 +260,28 @@ class EntityRepo
         return $query;
     }
 
+    /**
+     * Alias method to update the book jointPermissions in the PermissionService.
+     * @param Collection $collection collection on entities
+     */
+    public function buildJointPermissions(Collection $collection)
+    {
+        $this->permissionService->buildJointPermissionsForEntities($collection);
+    }
+
+    /**
+     * Format a name as a url slug.
+     * @param $name
+     * @return string
+     */
+    protected function nameToSlug($name)
+    {
+        $slug = str_replace(' ', '-', strtolower($name));
+        $slug = preg_replace('/[\+\/\\\?\@\}\{\.\,\=\[\]\#\&\!\*\'\;\:\$\%]/', '', $slug);
+        if ($slug === "") $slug = substr(md5(rand(1, 500)), 0, 5);
+        return $slug;
+    }
+
 }
 
 

app/Repos/ImageRepo.php

@@ -5,6 +5,7 @@ use BookStack\Image;
 use BookStack\Page;
 use BookStack\Services\ImageService;
 use BookStack\Services\PermissionService;
+use Illuminate\Contracts\Filesystem\FileNotFoundException;
 use Setting;
 use Symfony\Component\HttpFoundation\File\UploadedFile;
 
@@ -191,7 +192,12 @@ class ImageRepo
      */
     public function getThumbnail(Image $image, $width = 220, $height = 220, $keepRatio = false)
     {
-        return $this->imageService->getThumbnail($image, $width, $height, $keepRatio);
+        try {
+            return $this->imageService->getThumbnail($image, $width, $height, $keepRatio);
+        } catch (FileNotFoundException $exception) {
+            $image->delete();
+            return [];
+        }
     }
 
 

app/Repos/PageRepo.php

@@ -5,8 +5,10 @@ use BookStack\Book;
 use BookStack\Chapter;
 use BookStack\Entity;
 use BookStack\Exceptions\NotFoundException;
+use BookStack\Services\AttachmentService;
 use Carbon\Carbon;
 use DOMDocument;
+use DOMXPath;
 use Illuminate\Support\Str;
 use BookStack\Page;
 use BookStack\PageRevision;
@@ -47,7 +49,7 @@ class PageRepo extends EntityRepo
      * Get a page via a specific ID.
      * @param $id
      * @param bool $allowDrafts
-     * @return mixed
+     * @return Page
      */
     public function getById($id, $allowDrafts = false)
     {
@@ -58,7 +60,7 @@ class PageRepo extends EntityRepo
      * Get a page identified by the given slug.
      * @param $slug
      * @param $bookId
-     * @return mixed
+     * @return Page
      * @throws NotFoundException
      */
     public function getBySlug($slug, $bookId)
@@ -110,31 +112,6 @@ class PageRepo extends EntityRepo
         return $this->page->where('slug', '=', $slug)->where('book_id', '=', $bookId)->count();
     }
 
-    /**
-     * Save a new page into the system.
-     * Input validation must be done beforehand.
-     * @param array $input
-     * @param Book $book
-     * @param int $chapterId
-     * @return Page
-     */
-    public function saveNew(array $input, Book $book, $chapterId = null)
-    {
-        $page = $this->newFromInput($input);
-        $page->slug = $this->findSuitableSlug($page->name, $book->id);
-
-        if ($chapterId) $page->chapter_id = $chapterId;
-
-        $page->html = $this->formatHtml($input['html']);
-        $page->text = strip_tags($page->html);
-        $page->created_by = auth()->user()->id;
-        $page->updated_by = auth()->user()->id;
-
-        $book->pages()->save($page);
-        return $page;
-    }
-
-
     /**
      * Publish a draft page to make it a normal page.
      * Sets the slug and updates the content.
@@ -157,6 +134,8 @@ class PageRepo extends EntityRepo
         $draftPage->draft = false;
 
         $draftPage->save();
+        $this->saveRevision($draftPage, 'Initial Publish');
+        
         return $draftPage;
     }
 
@@ -170,8 +149,8 @@ class PageRepo extends EntityRepo
     {
         $page = $this->page->newInstance();
         $page->name = 'New Page';
-        $page->created_by = auth()->user()->id;
-        $page->updated_by = auth()->user()->id;
+        $page->created_by = user()->id;
+        $page->updated_by = user()->id;
         $page->draft = true;
 
         if ($chapter) $page->chapter_id = $chapter->id;
@@ -181,6 +160,35 @@ class PageRepo extends EntityRepo
         return $page;
     }
 
+    /**
+     * Parse te headers on the page to get a navigation menu
+     * @param Page $page
+     * @return array
+     */
+    public function getPageNav(Page $page)
+    {
+        if ($page->html == '') return null;
+        libxml_use_internal_errors(true);
+        $doc = new DOMDocument();
+        $doc->loadHTML(mb_convert_encoding($page->html, 'HTML-ENTITIES', 'UTF-8'));
+        $xPath = new DOMXPath($doc);
+        $headers = $xPath->query("//h1|//h2|//h3|//h4|//h5|//h6");
+
+        if (is_null($headers)) return null;
+
+        $tree = [];
+        foreach ($headers as $header) {
+            $text = $header->nodeValue;
+            $tree[] = [
+                'nodeName' => strtolower($header->nodeName),
+                'level' => intval(str_replace('h', '', $header->nodeName)),
+                'link' => '#' . $header->getAttribute('id'),
+                'text' => strlen($text) > 30 ? substr($text, 0, 27) . '...' : $text
+            ];
+        }
+        return $tree;
+    }
+
     /**
      * Formats a page's html to be tagged correctly
      * within the system.
@@ -308,10 +316,9 @@ class PageRepo extends EntityRepo
      */
     public function updatePage(Page $page, $book_id, $input)
     {
-        // Save a revision before updating
-        if ($page->html !== $input['html'] || $page->name !== $input['name']) {
-            $this->saveRevision($page);
-        }
+        // Hold the old details to compare later
+        $oldHtml = $page->html;
+        $oldName = $page->name;
 
         // Prevent slug being updated if no name change
         if ($page->name !== $input['name']) {
@@ -324,7 +331,7 @@ class PageRepo extends EntityRepo
         }
 
         // Update with new details
-        $userId = auth()->user()->id;
+        $userId = user()->id;
         $page->fill($input);
         $page->html = $this->formatHtml($input['html']);
         $page->text = strip_tags($page->html);
@@ -335,6 +342,11 @@ class PageRepo extends EntityRepo
         // Remove all update drafts for this user & page.
         $this->userUpdateDraftsQuery($page, $userId)->delete();
 
+        // Save a revision after updating
+        if ($oldHtml !== $input['html'] || $oldName !== $input['name'] || $input['summary'] !== null) {
+            $this->saveRevision($page, $input['summary']);
+        }
+
         return $page;
     }
 
@@ -352,7 +364,7 @@ class PageRepo extends EntityRepo
         $page->fill($revision->toArray());
         $page->slug = $this->findSuitableSlug($page->name, $book->id, $page->id);
         $page->text = strip_tags($page->html);
-        $page->updated_by = auth()->user()->id;
+        $page->updated_by = user()->id;
         $page->save();
         return $page;
     }
@@ -360,24 +372,28 @@ class PageRepo extends EntityRepo
     /**
      * Saves a page revision into the system.
      * @param Page $page
+     * @param null|string $summary
      * @return $this
      */
-    public function saveRevision(Page $page)
+    public function saveRevision(Page $page, $summary = null)
     {
-        $revision = $this->pageRevision->fill($page->toArray());
+        $revision = $this->pageRevision->newInstance($page->toArray());
         if (setting('app-editor') !== 'markdown') $revision->markdown = '';
         $revision->page_id = $page->id;
         $revision->slug = $page->slug;
         $revision->book_slug = $page->book->slug;
-        $revision->created_by = auth()->user()->id;
+        $revision->created_by = user()->id;
         $revision->created_at = $page->updated_at;
         $revision->type = 'version';
+        $revision->summary = $summary;
         $revision->save();
+
         // Clear old revisions
         if ($this->pageRevision->where('page_id', '=', $page->id)->count() > 50) {
             $this->pageRevision->where('page_id', '=', $page->id)
                 ->orderBy('created_at', 'desc')->skip(50)->take(5)->delete();
         }
+
         return $revision;
     }
 
@@ -389,7 +405,7 @@ class PageRepo extends EntityRepo
      */
     public function saveUpdateDraft(Page $page, $data = [])
     {
-        $userId = auth()->user()->id;
+        $userId = user()->id;
         $drafts = $this->userUpdateDraftsQuery($page, $userId)->get();
 
         if ($drafts->count() > 0) {
@@ -520,7 +536,7 @@ class PageRepo extends EntityRepo
         $query = $this->pageRevision->where('type', '=', 'update_draft')
             ->where('page_id', '=', $page->id)
             ->where('updated_at', '>', $page->updated_at)
-            ->where('created_by', '!=', auth()->user()->id)
+            ->where('created_by', '!=', user()->id)
             ->with('createdBy');
 
         if ($minRange !== null) {
@@ -533,7 +549,7 @@ class PageRepo extends EntityRepo
     /**
      * Gets a single revision via it's id.
      * @param $id
-     * @return mixed
+     * @return PageRevision
      */
     public function getRevisionById($id)
     {
@@ -598,8 +614,7 @@ class PageRepo extends EntityRepo
      */
     public function findSuitableSlug($name, $bookId, $currentId = false)
     {
-        $slug = Str::slug($name);
-        if ($slug === "") $slug = substr(md5(rand(1, 500)), 0, 5);
+        $slug = $this->nameToSlug($name);
         while ($this->doesSlugExist($slug, $bookId, $currentId)) {
             $slug .= '-' . substr(md5(rand(1, 500)), 0, 3);
         }
@@ -618,12 +633,20 @@ class PageRepo extends EntityRepo
         $page->revisions()->delete();
         $page->permissions()->delete();
         $this->permissionService->deleteJointPermissionsForEntity($page);
+
+        // Delete AttachedFiles
+        $attachmentService = app(AttachmentService::class);
+        foreach ($page->attachments as $attachment) {
+            $attachmentService->deleteFile($attachment);
+        }
+
         $page->delete();
     }
 
     /**
      * Get the latest pages added to the system.
      * @param $count
+     * @return mixed
      */
     public function getRecentlyCreatedPaginated($count = 20)
     {
@@ -633,6 +656,7 @@ class PageRepo extends EntityRepo
     /**
      * Get the latest pages added to the system.
      * @param $count
+     * @return mixed
      */
     public function getRecentlyUpdatedPaginated($count = 20)
     {

app/Repos/PermissionsRepo.php

@@ -35,7 +35,7 @@ class PermissionsRepo
      */
     public function getAllRoles()
     {
-        return $this->role->where('hidden', '=', false)->get();
+        return $this->role->all();
     }
 
     /**
@@ -45,7 +45,7 @@ class PermissionsRepo
      */
     public function getAllRolesExcept(Role $role)
     {
-        return $this->role->where('id', '!=', $role->id)->where('hidden', '=', false)->get();
+        return $this->role->where('id', '!=', $role->id)->get();
     }
 
     /**
@@ -90,8 +90,6 @@ class PermissionsRepo
     {
         $role = $this->role->findOrFail($roleId);
 
-        if ($role->hidden) throw new PermissionsException("Cannot update a hidden role");
-
         $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
         $this->assignRolePermissions($role, $permissions);
 

app/Repos/UserRepo.php

@@ -2,6 +2,7 @@
 
 use BookStack\Role;
 use BookStack\User;
+use Exception;
 use Setting;
 
 class UserRepo
@@ -84,9 +85,14 @@ class UserRepo
 
         // Get avatar from gravatar and save
         if (!config('services.disable_services')) {
-            $avatar = \Images::saveUserGravatar($user);
-            $user->avatar()->associate($avatar);
-            $user->save();
+            try {
+                $avatar = \Images::saveUserGravatar($user);
+                $user->avatar()->associate($avatar);
+                $user->save();
+            } catch (Exception $e) {
+                $user->save();
+                \Log::error('Failed to save user gravatar image');
+            }
         }
 
         return $user;
@@ -193,9 +199,9 @@ class UserRepo
      * Get the roles in the system that are assignable to a user.
      * @return mixed
      */
-    public function getAssignableRoles()
+    public function getAllRoles()
     {
-        return $this->role->visible();
+        return $this->role->all();
     }
 
     /**
@@ -205,7 +211,7 @@ class UserRepo
      */
     public function getRestrictableRoles()
     {
-        return $this->role->where('hidden', '=', false)->where('system_name', '=', '')->get();
+        return $this->role->where('system_name', '!=', 'admin')->get();
     }
 
 }

app/Role.php

@@ -66,7 +66,7 @@ class Role extends Model
     /**
      * Get the role object for the specified role.
      * @param $roleName
-     * @return mixed
+     * @return Role
      */
     public static function getRole($roleName)
     {
@@ -76,7 +76,7 @@ class Role extends Model
     /**
      * Get the role object for the specified system role.
      * @param $roleName
-     * @return mixed
+     * @return Role
      */
     public static function getSystemRole($roleName)
     {

app/Services/ActivityService.php

@@ -19,7 +19,7 @@ class ActivityService
     {
         $this->activity = $activity;
         $this->permissionService = $permissionService;
-        $this->user = auth()->user();
+        $this->user = user();
     }
 
     /**

app/Services/AttachmentService.php

@@ -0,0 +1,201 @@
+<?php namespace BookStack\Services;
+
+use BookStack\Exceptions\FileUploadException;
+use BookStack\Attachment;
+use Exception;
+use Symfony\Component\HttpFoundation\File\UploadedFile;
+
+class AttachmentService extends UploadService
+{
+
+    /**
+     * Get an attachment from storage.
+     * @param Attachment $attachment
+     * @return string
+     */
+    public function getAttachmentFromStorage(Attachment $attachment)
+    {
+        $attachmentPath = $this->getStorageBasePath() . $attachment->path;
+        return $this->getStorage()->get($attachmentPath);
+    }
+
+    /**
+     * Store a new attachment upon user upload.
+     * @param UploadedFile $uploadedFile
+     * @param int $page_id
+     * @return Attachment
+     * @throws FileUploadException
+     */
+    public function saveNewUpload(UploadedFile $uploadedFile, $page_id)
+    {
+        $attachmentName = $uploadedFile->getClientOriginalName();
+        $attachmentPath = $this->putFileInStorage($attachmentName, $uploadedFile);
+        $largestExistingOrder = Attachment::where('uploaded_to', '=', $page_id)->max('order');
+
+        $attachment = Attachment::forceCreate([
+            'name' => $attachmentName,
+            'path' => $attachmentPath,
+            'extension' => $uploadedFile->getClientOriginalExtension(),
+            'uploaded_to' => $page_id,
+            'created_by' => user()->id,
+            'updated_by' => user()->id,
+            'order' => $largestExistingOrder + 1
+        ]);
+
+        return $attachment;
+    }
+
+    /**
+     * Store a upload, saving to a file and deleting any existing uploads
+     * attached to that file.
+     * @param UploadedFile $uploadedFile
+     * @param Attachment $attachment
+     * @return Attachment
+     * @throws FileUploadException
+     */
+    public function saveUpdatedUpload(UploadedFile $uploadedFile, Attachment $attachment)
+    {
+        if (!$attachment->external) {
+            $this->deleteFileInStorage($attachment);
+        }
+
+        $attachmentName = $uploadedFile->getClientOriginalName();
+        $attachmentPath = $this->putFileInStorage($attachmentName, $uploadedFile);
+
+        $attachment->name = $attachmentName;
+        $attachment->path = $attachmentPath;
+        $attachment->external = false;
+        $attachment->extension = $uploadedFile->getClientOriginalExtension();
+        $attachment->save();
+        return $attachment;
+    }
+
+    /**
+     * Save a new File attachment from a given link and name.
+     * @param string $name
+     * @param string $link
+     * @param int $page_id
+     * @return Attachment
+     */
+    public function saveNewFromLink($name, $link, $page_id)
+    {
+        $largestExistingOrder = Attachment::where('uploaded_to', '=', $page_id)->max('order');
+        return Attachment::forceCreate([
+            'name' => $name,
+            'path' => $link,
+            'external' => true,
+            'extension' => '',
+            'uploaded_to' => $page_id,
+            'created_by' => user()->id,
+            'updated_by' => user()->id,
+            'order' => $largestExistingOrder + 1
+        ]);
+    }
+
+    /**
+     * Get the file storage base path, amended for storage type.
+     * This allows us to keep a generic path in the database.
+     * @return string
+     */
+    private function getStorageBasePath()
+    {
+        return $this->isLocal() ? 'storage/' : '';
+    }
+
+    /**
+     * Updates the file ordering for a listing of attached files.
+     * @param array $attachmentList
+     * @param $pageId
+     */
+    public function updateFileOrderWithinPage($attachmentList, $pageId)
+    {
+        foreach ($attachmentList as $index => $attachment) {
+            Attachment::where('uploaded_to', '=', $pageId)->where('id', '=', $attachment['id'])->update(['order' => $index]);
+        }
+    }
+
+
+    /**
+     * Update the details of a file.
+     * @param Attachment $attachment
+     * @param $requestData
+     * @return Attachment
+     */
+    public function updateFile(Attachment $attachment, $requestData)
+    {
+        $attachment->name = $requestData['name'];
+        if (isset($requestData['link']) && trim($requestData['link']) !== '') {
+            $attachment->path = $requestData['link'];
+            if (!$attachment->external) {
+                $this->deleteFileInStorage($attachment);
+                $attachment->external = true;
+            }
+        }
+        $attachment->save();
+        return $attachment;
+    }
+
+    /**
+     * Delete a File from the database and storage.
+     * @param Attachment $attachment
+     */
+    public function deleteFile(Attachment $attachment)
+    {
+        if ($attachment->external) {
+            $attachment->delete();
+            return;
+        }
+        
+        $this->deleteFileInStorage($attachment);
+        $attachment->delete();
+    }
+
+    /**
+     * Delete a file from the filesystem it sits on.
+     * Cleans any empty leftover folders.
+     * @param Attachment $attachment
+     */
+    protected function deleteFileInStorage(Attachment $attachment)
+    {
+        $storedFilePath = $this->getStorageBasePath() . $attachment->path;
+        $storage = $this->getStorage();
+        $dirPath = dirname($storedFilePath);
+
+        $storage->delete($storedFilePath);
+        if (count($storage->allFiles($dirPath)) === 0) {
+            $storage->deleteDirectory($dirPath);
+        }
+    }
+
+    /**
+     * Store a file in storage with the given filename
+     * @param $attachmentName
+     * @param UploadedFile $uploadedFile
+     * @return string
+     * @throws FileUploadException
+     */
+    protected function putFileInStorage($attachmentName, UploadedFile $uploadedFile)
+    {
+        $attachmentData = file_get_contents($uploadedFile->getRealPath());
+
+        $storage = $this->getStorage();
+        $attachmentBasePath = 'uploads/files/' . Date('Y-m-M') . '/';
+        $storageBasePath = $this->getStorageBasePath() . $attachmentBasePath;
+
+        $uploadFileName = $attachmentName;
+        while ($storage->exists($storageBasePath . $uploadFileName)) {
+            $uploadFileName = str_random(3) . $uploadFileName;
+        }
+
+        $attachmentPath = $attachmentBasePath . $uploadFileName;
+        $attachmentStoragePath = $this->getStorageBasePath() . $attachmentPath;
+
+        try {
+            $storage->put($attachmentStoragePath, $attachmentData);
+        } catch (Exception $e) {
+            throw new FileUploadException('File path ' . $attachmentStoragePath . ' could not be uploaded to. Ensure it is writable to the server.');
+        }
+        return $attachmentPath;
+    }
+
+}

app/Services/EmailConfirmationService.php

@@ -1,30 +1,27 @@
 <?php namespace BookStack\Services;
 
-
+use BookStack\Notifications\ConfirmEmail;
+use BookStack\Repos\UserRepo;
 use Carbon\Carbon;
-use Illuminate\Contracts\Mail\Mailer;
-use Illuminate\Mail\Message;
-use BookStack\EmailConfirmation;
 use BookStack\Exceptions\ConfirmationEmailException;
 use BookStack\Exceptions\UserRegistrationException;
-use BookStack\Repos\UserRepo;
-use BookStack\Setting;
 use BookStack\User;
+use Illuminate\Database\Connection as Database;
 
 class EmailConfirmationService
 {
-    protected $mailer;
-    protected $emailConfirmation;
+    protected $db;
+    protected $users;
 
     /**
      * EmailConfirmationService constructor.
-     * @param Mailer            $mailer
-     * @param EmailConfirmation $emailConfirmation
+     * @param Database $db
+     * @param UserRepo $users
      */
-    public function __construct(Mailer $mailer, EmailConfirmation $emailConfirmation)
+    public function __construct(Database $db, UserRepo $users)
     {
-        $this->mailer = $mailer;
-        $this->emailConfirmation = $emailConfirmation;
+        $this->db = $db;
+        $this->users = $users;
     }
 
     /**
@@ -38,16 +35,28 @@ class EmailConfirmationService
         if ($user->email_confirmed) {
             throw new ConfirmationEmailException('Email has already been confirmed, Try logging in.', '/login');
         }
+
         $this->deleteConfirmationsByUser($user);
+        $token = $this->createEmailConfirmation($user);
+
+        $user->notify(new ConfirmEmail($token));
+    }
+
+    /**
+     * Creates a new email confirmation in the database and returns the token.
+     * @param User $user
+     * @return string
+     */
+    public function createEmailConfirmation(User $user)
+    {
         $token = $this->getToken();
-        $this->emailConfirmation->create([
+        $this->db->table('email_confirmations')->insert([
             'user_id' => $user->id,
-            'token'   => $token,
+            'token' => $token,
+            'created_at' => Carbon::now(),
+            'updated_at' => Carbon::now()
         ]);
-        $this->mailer->send('emails/email-confirmation', ['token' => $token], function (Message $message) use ($user) {
-            $appName = setting('app-name', 'BookStack');
-            $message->to($user->email, $user->name)->subject('Confirm your email on ' . $appName . '.');
-        });
+        return $token;
     }
 
     /**
@@ -59,22 +68,24 @@ class EmailConfirmationService
      */
     public function getEmailConfirmationFromToken($token)
     {
-        $emailConfirmation = $this->emailConfirmation->where('token', '=', $token)->first();
-        // If not found
+        $emailConfirmation = $this->db->table('email_confirmations')->where('token', '=', $token)->first();
+
+        // If not found show error
         if ($emailConfirmation === null) {
             throw new UserRegistrationException('This confirmation token is not valid or has already been used, Please try registering again.', '/register');
         }
 
         // If more than a day old
-        if (Carbon::now()->subDay()->gt($emailConfirmation->created_at)) {
-            $this->sendConfirmation($emailConfirmation->user);
+        if (Carbon::now()->subDay()->gt(new Carbon($emailConfirmation->created_at))) {
+            $user = $this->users->getById($emailConfirmation->user_id);
+            $this->sendConfirmation($user);
             throw new UserRegistrationException('The confirmation token has expired, A new confirmation email has been sent.', '/register/confirm');
         }
 
+        $emailConfirmation->user = $this->users->getById($emailConfirmation->user_id);
         return $emailConfirmation;
     }
 
-
     /**
      * Delete all email confirmations that belong to a user.
      * @param User $user
@@ -82,7 +93,7 @@ class EmailConfirmationService
      */
     public function deleteConfirmationsByUser(User $user)
     {
-        return $this->emailConfirmation->where('user_id', '=', $user->id)->delete();
+        return $this->db->table('email_confirmations')->where('user_id', '=', $user->id)->delete();
     }
 
     /**
@@ -92,7 +103,7 @@ class EmailConfirmationService
     protected function getToken()
     {
         $token = str_random(24);
-        while ($this->emailConfirmation->where('token', '=', $token)->exists()) {
+        while ($this->db->table('email_confirmations')->where('token', '=', $token)->exists()) {
             $token = str_random(25);
         }
         return $token;

app/Services/ExportService.php

@@ -48,11 +48,13 @@ class ExportService
             foreach ($imageTagsOutput[0] as $index => $imgMatch) {
                 $oldImgString = $imgMatch;
                 $srcString = $imageTagsOutput[2][$index];
-                if (strpos(trim($srcString), 'http') !== 0) {
-                    $pathString = public_path($srcString);
+                $isLocal = strpos(trim($srcString), 'http') !== 0;
+                if ($isLocal) {
+                    $pathString = public_path(trim($srcString, '/'));
                 } else {
                     $pathString = $srcString;
                 }
+                if ($isLocal && !file_exists($pathString)) continue;
                 $imageContent = file_get_contents($pathString);
                 $imageEncoded = 'data:image/' . pathinfo($pathString, PATHINFO_EXTENSION) . ';base64,' . base64_encode($imageContent);
                 $newImageString = str_replace($srcString, $imageEncoded, $oldImgString);

app/Services/ImageService.php

@@ -9,20 +9,13 @@ use Intervention\Image\ImageManager;
 use Illuminate\Contracts\Filesystem\Factory as FileSystem;
 use Illuminate\Contracts\Filesystem\Filesystem as FileSystemInstance;
 use Illuminate\Contracts\Cache\Repository as Cache;
-use Setting;
 use Symfony\Component\HttpFoundation\File\UploadedFile;
 
-class ImageService
+class ImageService extends UploadService
 {
 
     protected $imageTool;
-    protected $fileSystem;
     protected $cache;
-
-    /**
-     * @var FileSystemInstance
-     */
-    protected $storageInstance;
     protected $storageUrl;
 
     /**
@@ -34,8 +27,8 @@ class ImageService
     public function __construct(ImageManager $imageTool, FileSystem $fileSystem, Cache $cache)
     {
         $this->imageTool = $imageTool;
-        $this->fileSystem = $fileSystem;
         $this->cache = $cache;
+        parent::__construct($fileSystem);
     }
 
     /**
@@ -88,6 +81,9 @@ class ImageService
         if ($secureUploads) $imageName = str_random(16) . '-' . $imageName;
 
         $imagePath = '/uploads/images/' . $type . '/' . Date('Y-m-M') . '/';
+
+        if ($this->isLocal()) $imagePath = '/public' . $imagePath;
+
         while ($storage->exists($imagePath . $imageName)) {
             $imageName = str_random(3) . $imageName;
         }
@@ -95,10 +91,13 @@ class ImageService
 
         try {
             $storage->put($fullPath, $imageData);
+            $storage->setVisibility($fullPath, 'public');
         } catch (Exception $e) {
             throw new ImageUploadException('Image Path ' . $fullPath . ' is not writable by the server.');
         }
 
+        if ($this->isLocal()) $fullPath = str_replace_first('/public', '', $fullPath);
+
         $imageDetails = [
             'name'       => $imageName,
             'path'       => $fullPath,
@@ -107,8 +106,8 @@ class ImageService
             'uploaded_to' => $uploadedTo
         ];
 
-        if (auth()->user() && auth()->user()->id !== 0) {
-            $userId = auth()->user()->id;
+        if (user()->id !== 0) {
+            $userId = user()->id;
             $imageDetails['created_by'] = $userId;
             $imageDetails['updated_by'] = $userId;
         }
@@ -118,6 +117,16 @@ class ImageService
         return $image;
     }
 
+    /**
+     * Get the storage path, Dependant of storage type.
+     * @param Image $image
+     * @return mixed|string
+     */
+    protected function getPath(Image $image)
+    {
+        return ($this->isLocal()) ? ('public/' . $image->path) : $image->path;
+    }
+
     /**
      * Get the thumbnail for an image.
      * If $keepRatio is true only the width will be used.
@@ -134,7 +143,8 @@ class ImageService
     public function getThumbnail(Image $image, $width = 220, $height = 220, $keepRatio = false)
     {
         $thumbDirName = '/' . ($keepRatio ? 'scaled-' : 'thumbs-') . $width . '-' . $height . '/';
-        $thumbFilePath = dirname($image->path) . $thumbDirName . basename($image->path);
+        $imagePath = $this->getPath($image);
+        $thumbFilePath = dirname($imagePath) . $thumbDirName . basename($imagePath);
 
         if ($this->cache->has('images-' . $image->id . '-' . $thumbFilePath) && $this->cache->get('images-' . $thumbFilePath)) {
             return $this->getPublicUrl($thumbFilePath);
@@ -147,7 +157,7 @@ class ImageService
         }
 
         try {
-            $thumb = $this->imageTool->make($storage->get($image->path));
+            $thumb = $this->imageTool->make($storage->get($imagePath));
         } catch (Exception $e) {
             if ($e instanceof \ErrorException || $e instanceof NotSupportedException) {
                 throw new ImageUploadException('The server cannot create thumbnails. Please check you have the GD PHP extension installed.');
@@ -167,6 +177,7 @@ class ImageService
 
         $thumbData = (string)$thumb->encode();
         $storage->put($thumbFilePath, $thumbData);
+        $storage->setVisibility($thumbFilePath, 'public');
         $this->cache->put('images-' . $image->id . '-' . $thumbFilePath, $thumbFilePath, 60 * 72);
 
         return $this->getPublicUrl($thumbFilePath);
@@ -181,8 +192,8 @@ class ImageService
     {
         $storage = $this->getStorage();
 
-        $imageFolder = dirname($image->path);
-        $imageFileName = basename($image->path);
+        $imageFolder = dirname($this->getPath($image));
+        $imageFileName = basename($this->getPath($image));
         $allImages = collect($storage->allFiles($imageFolder));
 
         $imagesToDelete = $allImages->filter(function ($imagePath) use ($imageFileName) {
@@ -211,7 +222,7 @@ class ImageService
     public function saveUserGravatar(User $user, $size = 500)
     {
         $emailHash = md5(strtolower(trim($user->email)));
-        $url = 'http://www.gravatar.com/avatar/' . $emailHash . '?s=' . $size . '&d=identicon';
+        $url = 'https://www.gravatar.com/avatar/' . $emailHash . '?s=' . $size . '&d=identicon';
         $imageName = str_replace(' ', '-', $user->name . '-gravatar.png');
         $image = $this->saveNewFromUrl($url, 'user', $imageName);
         $image->created_by = $user->id;
@@ -220,35 +231,9 @@ class ImageService
         return $image;
     }
 
-    /**
-     * Get the storage that will be used for storing images.
-     * @return FileSystemInstance
-     */
-    private function getStorage()
-    {
-        if ($this->storageInstance !== null) return $this->storageInstance;
-
-        $storageType = config('filesystems.default');
-        $this->storageInstance = $this->fileSystem->disk($storageType);
-
-        return $this->storageInstance;
-    }
-
-    /**
-     * Check whether or not a folder is empty.
-     * @param $path
-     * @return int
-     */
-    private function isFolderEmpty($path)
-    {
-        $files = $this->getStorage()->files($path);
-        $folders = $this->getStorage()->directories($path);
-        return count($files) === 0 && count($folders) === 0;
-    }
-
     /**
      * Gets a public facing url for an image by checking relevant environment variables.
-     * @param $filePath
+     * @param string $filePath
      * @return string
      */
     private function getPublicUrl($filePath)
@@ -257,16 +242,24 @@ class ImageService
             $storageUrl = config('filesystems.url');
 
             // Get the standard public s3 url if s3 is set as storage type
+            // Uses the nice, short URL if bucket name has no periods in otherwise the longer
+            // region-based url will be used to prevent http issues.
             if ($storageUrl == false && config('filesystems.default') === 's3') {
                 $storageDetails = config('filesystems.disks.s3');
-                $storageUrl = 'https://s3-' . $storageDetails['region'] . '.amazonaws.com/' . $storageDetails['bucket'];
+                if (strpos($storageDetails['bucket'], '.') === false) {
+                    $storageUrl = 'https://' . $storageDetails['bucket'] . '.s3.amazonaws.com';
+                } else {
+                    $storageUrl = 'https://s3-' . $storageDetails['region'] . '.amazonaws.com/' . $storageDetails['bucket'];
+                }
             }
 
             $this->storageUrl = $storageUrl;
         }
 
+        if ($this->isLocal()) $filePath = str_replace_first('public/', '', $filePath);
+
         return ($this->storageUrl == false ? rtrim(baseUrl(''), '/') : rtrim($this->storageUrl, '/')) . $filePath;
     }
 
 
-}
+}

app/Services/PermissionService.php

@@ -8,15 +8,16 @@ use BookStack\Ownable;
 use BookStack\Page;
 use BookStack\Role;
 use BookStack\User;
-use Illuminate\Database\Eloquent\Collection;
+use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\Log;
 
 class PermissionService
 {
 
-    protected $userRoles;
-    protected $isAdmin;
     protected $currentAction;
-    protected $currentUser;
+    protected $isAdminUser;
+    protected $userRoles = false;
+    protected $currentUserModel = false;
 
     public $book;
     public $chapter;
@@ -25,6 +26,8 @@ class PermissionService
     protected $jointPermission;
     protected $role;
 
+    protected $entityCache;
+
     /**
      * PermissionService constructor.
      * @param JointPermission $jointPermission
@@ -35,12 +38,6 @@ class PermissionService
      */
     public function __construct(JointPermission $jointPermission, Book $book, Chapter $chapter, Page $page, Role $role)
     {
-        $this->currentUser = auth()->user();
-        $userSet = $this->currentUser !== null;
-        $this->userRoles = false;
-        $this->isAdmin = $userSet ? $this->currentUser->hasRole('admin') : false;
-        if (!$userSet) $this->currentUser = new User();
-
         $this->jointPermission = $jointPermission;
         $this->role = $role;
         $this->book = $book;
@@ -48,6 +45,57 @@ class PermissionService
         $this->page = $page;
     }
 
+    /**
+     * Prepare the local entity cache and ensure it's empty
+     */
+    protected function readyEntityCache()
+    {
+        $this->entityCache = [
+            'books' => collect(),
+            'chapters' => collect()
+        ];
+    }
+
+    /**
+     * Get a book via ID, Checks local cache
+     * @param $bookId
+     * @return Book
+     */
+    protected function getBook($bookId)
+    {
+        if (isset($this->entityCache['books']) && $this->entityCache['books']->has($bookId)) {
+            return $this->entityCache['books']->get($bookId);
+        }
+
+        $book = $this->book->find($bookId);
+        if ($book === null) $book = false;
+        if (isset($this->entityCache['books'])) {
+            $this->entityCache['books']->put($bookId, $book);
+        }
+
+        return $book;
+    }
+
+    /**
+     * Get a chapter via ID, Checks local cache
+     * @param $chapterId
+     * @return Book
+     */
+    protected function getChapter($chapterId)
+    {
+        if (isset($this->entityCache['chapters']) && $this->entityCache['chapters']->has($chapterId)) {
+            return $this->entityCache['chapters']->get($chapterId);
+        }
+
+        $chapter = $this->chapter->find($chapterId);
+        if ($chapter === null) $chapter = false;
+        if (isset($this->entityCache['chapters'])) {
+            $this->entityCache['chapters']->put($chapterId, $chapter);
+        }
+
+        return $chapter;
+    }
+
     /**
      * Get the roles for the current user;
      * @return array|bool
@@ -64,7 +112,7 @@ class PermissionService
         }
 
 
-        foreach ($this->currentUser->roles as $role) {
+        foreach ($this->currentUser()->roles as $role) {
             $roles[] = $role->id;
         }
         return $roles;
@@ -76,6 +124,7 @@ class PermissionService
     public function buildJointPermissions()
     {
         $this->jointPermission->truncate();
+        $this->readyEntityCache();
 
         // Get all roles (Should be the most limited dimension)
         $roles = $this->role->with('permissions')->get();
@@ -97,7 +146,7 @@ class PermissionService
     }
 
     /**
-     * Create the entity jointPermissions for a particular entity.
+     * Rebuild the entity jointPermissions for a particular entity.
      * @param Entity $entity
      */
     public function buildJointPermissionsForEntity(Entity $entity)
@@ -116,6 +165,17 @@ class PermissionService
         $this->createManyJointPermissions($entities, $roles);
     }
 
+    /**
+     * Rebuild the entity jointPermissions for a collection of entities.
+     * @param Collection $entities
+     */
+    public function buildJointPermissionsForEntities(Collection $entities)
+    {
+        $roles = $this->role->with('jointPermissions')->get();
+        $this->deleteManyJointPermissionsForEntities($entities);
+        $this->createManyJointPermissions($entities, $roles);
+    }
+
     /**
      * Build the entity jointPermissions for a particular role.
      * @param Role $role
@@ -177,9 +237,14 @@ class PermissionService
      */
     protected function deleteManyJointPermissionsForEntities($entities)
     {
+        $query = $this->jointPermission->newQuery();
         foreach ($entities as $entity) {
-            $entity->jointPermissions()->delete();
+            $query->orWhere(function($query) use ($entity) {
+                $query->where('entity_id', '=', $entity->id)
+                    ->where('entity_type', '=', $entity->getMorphClass());
+            });
         }
+        $query->delete();
     }
 
     /**
@@ -189,6 +254,7 @@ class PermissionService
      */
     protected function createManyJointPermissions($entities, $roles)
     {
+        $this->readyEntityCache();
         $jointPermissions = [];
         foreach ($entities as $entity) {
             foreach ($roles as $role) {
@@ -248,8 +314,9 @@ class PermissionService
         } elseif ($entity->isA('chapter')) {
 
             if (!$entity->restricted) {
-                $hasExplicitAccessToBook = $entity->book->hasActiveRestriction($role->id, $restrictionAction);
-                $hasPermissiveAccessToBook = !$entity->book->restricted;
+                $book = $this->getBook($entity->book_id);
+                $hasExplicitAccessToBook = $book->hasActiveRestriction($role->id, $restrictionAction);
+                $hasPermissiveAccessToBook = !$book->restricted;
                 return $this->createJointPermissionDataArray($entity, $role, $action,
                     ($hasExplicitAccessToBook || ($roleHasPermission && $hasPermissiveAccessToBook)),
                     ($hasExplicitAccessToBook || ($roleHasPermissionOwn && $hasPermissiveAccessToBook)));
@@ -261,11 +328,14 @@ class PermissionService
         } elseif ($entity->isA('page')) {
 
             if (!$entity->restricted) {
-                $hasExplicitAccessToBook = $entity->book->hasActiveRestriction($role->id, $restrictionAction);
-                $hasPermissiveAccessToBook = !$entity->book->restricted;
-                $hasExplicitAccessToChapter = $entity->chapter && $entity->chapter->hasActiveRestriction($role->id, $restrictionAction);
-                $hasPermissiveAccessToChapter = $entity->chapter && !$entity->chapter->restricted;
-                $acknowledgeChapter = ($entity->chapter && $entity->chapter->restricted);
+                $book = $this->getBook($entity->book_id);
+                $hasExplicitAccessToBook = $book->hasActiveRestriction($role->id, $restrictionAction);
+                $hasPermissiveAccessToBook = !$book->restricted;
+
+                $chapter = $this->getChapter($entity->chapter_id);
+                $hasExplicitAccessToChapter = $chapter && $chapter->hasActiveRestriction($role->id, $restrictionAction);
+                $hasPermissiveAccessToChapter = $chapter && !$chapter->restricted;
+                $acknowledgeChapter = ($chapter && $chapter->restricted);
 
                 $hasExplicitAccessToParents = $acknowledgeChapter ? $hasExplicitAccessToChapter : $hasExplicitAccessToBook;
                 $hasPermissiveAccessToParents = $acknowledgeChapter ? $hasPermissiveAccessToChapter : $hasPermissiveAccessToBook;
@@ -314,7 +384,11 @@ class PermissionService
      */
     public function checkOwnableUserAccess(Ownable $ownable, $permission)
     {
-        if ($this->isAdmin) return true;
+        if ($this->isAdmin()) {
+            $this->clean();
+            return true;
+        }
+
         $explodedPermission = explode('-', $permission);
 
         $baseQuery = $ownable->where('id', '=', $ownable->id);
@@ -325,10 +399,10 @@ class PermissionService
 
         // Handle non entity specific jointPermissions
         if (in_array($explodedPermission[0], $nonJointPermissions)) {
-            $allPermission = $this->currentUser && $this->currentUser->can($permission . '-all');
-            $ownPermission = $this->currentUser && $this->currentUser->can($permission . '-own');
+            $allPermission = $this->currentUser() && $this->currentUser()->can($permission . '-all');
+            $ownPermission = $this->currentUser() && $this->currentUser()->can($permission . '-own');
             $this->currentAction = 'view';
-            $isOwner = $this->currentUser && $this->currentUser->id === $ownable->created_by;
+            $isOwner = $this->currentUser() && $this->currentUser()->id === $ownable->created_by;
             return ($allPermission || ($isOwner && $ownPermission));
         }
 
@@ -338,7 +412,9 @@ class PermissionService
         }
 
 
-        return $this->entityRestrictionQuery($baseQuery)->count() > 0;
+        $q = $this->entityRestrictionQuery($baseQuery)->count() > 0;
+        $this->clean();
+        return $q;
     }
 
     /**
@@ -368,7 +444,7 @@ class PermissionService
      */
     protected function entityRestrictionQuery($query)
     {
-        return $query->where(function ($parentQuery) {
+        $q = $query->where(function ($parentQuery) {
             $parentQuery->whereHas('jointPermissions', function ($permissionQuery) {
                 $permissionQuery->whereIn('role_id', $this->getRoles())
                     ->where('action', '=', $this->currentAction)
@@ -376,11 +452,13 @@ class PermissionService
                         $query->where('has_permission', '=', true)
                             ->orWhere(function ($query) {
                                 $query->where('has_permission_own', '=', true)
-                                    ->where('created_by', '=', $this->currentUser->id);
+                                    ->where('created_by', '=', $this->currentUser()->id);
                             });
                     });
             });
         });
+        $this->clean();
+        return $q;
     }
 
     /**
@@ -394,9 +472,9 @@ class PermissionService
         // Prevent drafts being visible to others.
         $query = $query->where(function ($query) {
             $query->where('draft', '=', false);
-            if ($this->currentUser) {
+            if ($this->currentUser()) {
                 $query->orWhere(function ($query) {
-                    $query->where('draft', '=', true)->where('created_by', '=', $this->currentUser->id);
+                    $query->where('draft', '=', true)->where('created_by', '=', $this->currentUser()->id);
                 });
             }
         });
@@ -434,7 +512,10 @@ class PermissionService
      */
     public function enforceEntityRestrictions($query, $action = 'view')
     {
-        if ($this->isAdmin) return $query;
+        if ($this->isAdmin()) {
+            $this->clean();
+            return $query;
+        }
         $this->currentAction = $action;
         return $this->entityRestrictionQuery($query);
     }
@@ -449,11 +530,15 @@ class PermissionService
      */
     public function filterRestrictedEntityRelations($query, $tableName, $entityIdColumn, $entityTypeColumn)
     {
-        if ($this->isAdmin) return $query;
+        if ($this->isAdmin()) {
+            $this->clean();
+            return $query;
+        }
+
         $this->currentAction = 'view';
         $tableDetails = ['tableName' => $tableName, 'entityIdColumn' => $entityIdColumn, 'entityTypeColumn' => $entityTypeColumn];
 
-        return $query->where(function ($query) use ($tableDetails) {
+        $q = $query->where(function ($query) use ($tableDetails) {
             $query->whereExists(function ($permissionQuery) use (&$tableDetails) {
                 $permissionQuery->select('id')->from('joint_permissions')
                     ->whereRaw('joint_permissions.entity_id=' . $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn'])
@@ -463,12 +548,12 @@ class PermissionService
                     ->where(function ($query) {
                         $query->where('has_permission', '=', true)->orWhere(function ($query) {
                             $query->where('has_permission_own', '=', true)
-                                ->where('created_by', '=', $this->currentUser->id);
+                                ->where('created_by', '=', $this->currentUser()->id);
                         });
                     });
             });
         });
-
+        return $q;
     }
 
     /**
@@ -480,11 +565,15 @@ class PermissionService
      */
     public function filterRelatedPages($query, $tableName, $entityIdColumn)
     {
-        if ($this->isAdmin) return $query;
+        if ($this->isAdmin()) {
+            $this->clean();
+            return $query;
+        }
+
         $this->currentAction = 'view';
         $tableDetails = ['tableName' => $tableName, 'entityIdColumn' => $entityIdColumn];
 
-        return $query->where(function ($query) use ($tableDetails) {
+        $q = $query->where(function ($query) use ($tableDetails) {
             $query->where(function ($query) use (&$tableDetails) {
                 $query->whereExists(function ($permissionQuery) use (&$tableDetails) {
                     $permissionQuery->select('id')->from('joint_permissions')
@@ -495,12 +584,50 @@ class PermissionService
                         ->where(function ($query) {
                             $query->where('has_permission', '=', true)->orWhere(function ($query) {
                                 $query->where('has_permission_own', '=', true)
-                                    ->where('created_by', '=', $this->currentUser->id);
+                                    ->where('created_by', '=', $this->currentUser()->id);
                             });
                         });
                 });
             })->orWhere($tableDetails['entityIdColumn'], '=', 0);
         });
+        $this->clean();
+        return $q;
+    }
+
+    /**
+     * Check if the current user is an admin.
+     * @return bool
+     */
+    private function isAdmin()
+    {
+        if ($this->isAdminUser === null) {
+            $this->isAdminUser = ($this->currentUser()->id !== null) ? $this->currentUser()->hasRole('admin') : false;
+        }
+
+        return $this->isAdminUser;
+    }
+
+    /**
+     * Get the current user
+     * @return User
+     */
+    private function currentUser()
+    {
+        if ($this->currentUserModel === false) {
+            $this->currentUserModel = user();
+        }
+
+        return $this->currentUserModel;
+    }
+
+    /**
+     * Clean the cached user elements.
+     */
+    private function clean()
+    {
+        $this->currentUserModel = false;
+        $this->userRoles = false;
+        $this->isAdminUser = null;
     }
 
 }

app/Services/SocialAuthService.php

@@ -100,7 +100,7 @@ class SocialAuthService
         $socialAccount = $this->socialAccount->where('driver_id', '=', $socialId)->first();
         $user = $this->userRepo->getByEmail($socialUser->getEmail());
         $isLoggedIn = auth()->check();
-        $currentUser = auth()->user();
+        $currentUser = user();
 
         // When a user is not logged in and a matching SocialAccount exists,
         // Simply log the user into the application.
@@ -158,7 +158,7 @@ class SocialAuthService
         $driver = trim(strtolower($socialDriver));
 
         if (!in_array($driver, $this->validSocialDrivers)) abort(404, 'Social Driver Not Found');
-        if (!$this->checkDriverConfigured($driver)) throw new SocialDriverNotConfigured;
+        if (!$this->checkDriverConfigured($driver)) throw new SocialDriverNotConfigured("Your {$driver} social settings are not configured correctly.");
 
         return $driver;
     }
@@ -214,9 +214,9 @@ class SocialAuthService
     public function detachSocialAccount($socialDriver)
     {
         session();
-        auth()->user()->socialAccounts()->where('driver', '=', $socialDriver)->delete();
+        user()->socialAccounts()->where('driver', '=', $socialDriver)->delete();
         session()->flash('success', title_case($socialDriver) . ' account successfully detached');
-        return redirect(auth()->user()->getEditUrl());
+        return redirect(user()->getEditUrl());
     }
 
 }

app/Services/UploadService.php

@@ -0,0 +1,64 @@
+<?php namespace BookStack\Services;
+
+use Illuminate\Contracts\Filesystem\Factory as FileSystem;
+use Illuminate\Contracts\Filesystem\Filesystem as FileSystemInstance;
+
+class UploadService
+{
+
+    /**
+     * @var FileSystem
+     */
+    protected $fileSystem;
+
+    /**
+     * @var FileSystemInstance
+     */
+    protected $storageInstance;
+
+
+    /**
+     * FileService constructor.
+     * @param $fileSystem
+     */
+    public function __construct(FileSystem $fileSystem)
+    {
+        $this->fileSystem = $fileSystem;
+    }
+
+    /**
+     * Get the storage that will be used for storing images.
+     * @return FileSystemInstance
+     */
+    protected function getStorage()
+    {
+        if ($this->storageInstance !== null) return $this->storageInstance;
+
+        $storageType = config('filesystems.default');
+        $this->storageInstance = $this->fileSystem->disk($storageType);
+
+        return $this->storageInstance;
+    }
+
+
+    /**
+     * Check whether or not a folder is empty.
+     * @param $path
+     * @return bool
+     */
+    protected function isFolderEmpty($path)
+    {
+        $files = $this->getStorage()->files($path);
+        $folders = $this->getStorage()->directories($path);
+        return (count($files) === 0 && count($folders) === 0);
+    }
+
+    /**
+     * Check if using a local filesystem.
+     * @return bool
+     */
+    protected function isLocal()
+    {
+        return strtolower(config('filesystems.default')) === 'local';
+    }
+}

app/Services/ViewService.php

@@ -18,7 +18,7 @@ class ViewService
     public function __construct(View $view, PermissionService $permissionService)
     {
         $this->view = $view;
-        $this->user = auth()->user();
+        $this->user = user();
         $this->permissionService = $permissionService;
     }
 
@@ -84,7 +84,7 @@ class ViewService
             ->filterRestrictedEntityRelations($this->view, 'views', 'viewable_id', 'viewable_type');
 
         if ($filterModel) $query = $query->where('viewable_type', '=', get_class($filterModel));
-        $query = $query->where('user_id', '=', auth()->user()->id);
+        $query = $query->where('user_id', '=', user()->id);
 
         $viewables = $query->with('viewable')->orderBy('updated_at', 'desc')
             ->skip($count * $page)->take($count)->get()->pluck('viewable');

app/User.php

@@ -1,13 +1,16 @@
 <?php namespace BookStack;
 
+use BookStack\Notifications\ResetPassword;
 use Illuminate\Auth\Authenticatable;
 use Illuminate\Auth\Passwords\CanResetPassword;
 use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
 use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
+use Illuminate\Database\Eloquent\Relations\BelongsToMany;
+use Illuminate\Notifications\Notifiable;
 
 class User extends Model implements AuthenticatableContract, CanResetPasswordContract
 {
-    use Authenticatable, CanResetPassword;
+    use Authenticatable, CanResetPassword, Notifiable;
 
     /**
      * The database table used by the model.
@@ -34,21 +37,30 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
     protected $permissions;
 
     /**
-     * Returns a default guest user.
+     * Returns the default public user.
+     * @return User
      */
     public static function getDefault()
     {
-        return new static([
-            'email' => 'guest',
-            'name' => 'Guest'
-        ]);
+        return static::where('system_name', '=', 'public')->first();
+    }
+
+    /**
+     * Check if the user is the default public user.
+     * @return bool
+     */
+    public function isDefault()
+    {
+        return $this->system_name === 'public';
     }
 
     /**
      * The roles that belong to the user.
+     * @return BelongsToMany
      */
     public function roles()
     {
+        if ($this->id === 0) return ;
         return $this->belongsToMany(Role::class);
     }
 
@@ -183,4 +195,14 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
 
         return '';
     }
+
+    /**
+     * Send the password reset notification.
+     * @param  string  $token
+     * @return void
+     */
+    public function sendPasswordResetNotification($token)
+    {
+        $this->notify(new ResetPassword($token));
+    }
 }

app/helpers.php

@@ -2,33 +2,39 @@
 
 use BookStack\Ownable;
 
-if (!function_exists('versioned_asset')) {
-    /**
-     * Get the path to a versioned file.
-     *
-     * @param  string $file
-     * @return string
-     *
-     * @throws \InvalidArgumentException
-     */
-    function versioned_asset($file)
-    {
-        static $manifest = null;
+/**
+ * Get the path to a versioned file.
+ *
+ * @param  string $file
+ * @return string
+ * @throws Exception
+ */
+function versioned_asset($file = '')
+{
+    static $version = null;
 
-        if (is_null($manifest)) {
-            $manifest = json_decode(file_get_contents(public_path('build/manifest.json')), true);
-        }
-
-        if (isset($manifest[$file])) {
-            return baseUrl($manifest[$file]);
-        }
-
-        if (file_exists(public_path($file))) {
-            return baseUrl($file);
-        }
-
-        throw new InvalidArgumentException("File {$file} not defined in asset manifest.");
+    if (is_null($version)) {
+        $versionFile = base_path('version');
+        $version = trim(file_get_contents($versionFile));
     }
+
+    $additional = '';
+    if (config('app.env') === 'development') {
+        $additional = sha1_file(public_path($file));
+    }
+
+    $path = $file . '?version=' . urlencode($version) . $additional;
+    return baseUrl($path);
+}
+
+/**
+ * Helper method to get the current User.
+ * Defaults to public 'Guest' user if not logged in.
+ * @return \BookStack\User
+ */
+function user()
+{
+    return auth()->user() ?: \BookStack\User::getDefault();
 }
 
 /**
@@ -42,7 +48,7 @@ if (!function_exists('versioned_asset')) {
 function userCan($permission, Ownable $ownable = null)
 {
     if ($ownable === null) {
-        return auth()->user() && auth()->user()->can($permission);
+        return user() && user()->can($permission);
     }
 
     // Check permission on ownable item
@@ -58,7 +64,7 @@ function userCan($permission, Ownable $ownable = null)
  */
 function setting($key, $default = false)
 {
-    $settingService = app('BookStack\Services\SettingService');
+    $settingService = app(\BookStack\Services\SettingService::class);
     return $settingService->get($key, $default);
 }
 
@@ -74,11 +80,17 @@ function baseUrl($path, $forceAppDomain = false)
     if ($isFullUrl && !$forceAppDomain) return $path;
     $path = trim($path, '/');
 
+    // Remove non-specified domain if forced and we have a domain
     if ($isFullUrl && $forceAppDomain) {
         $explodedPath = explode('/', $path);
         $path = implode('/', array_splice($explodedPath, 3));
     }
 
+    // Return normal url path if not specified in config
+    if (config('app.url') === '') {
+        return url($path);
+    }
+
     return rtrim(config('app.url'), '/') . '/' . $path;
 }
 
@@ -117,14 +129,14 @@ function sortUrl($path, $data, $overrideData = [])
 {
     $queryStringSections = [];
     $queryData = array_merge($data, $overrideData);
-    
+
     // Change sorting direction is already sorted on current attribute
     if (isset($overrideData['sort']) && $overrideData['sort'] === $data['sort']) {
         $queryData['order'] = ($data['order'] === 'asc') ? 'desc' : 'asc';
     } else {
         $queryData['order'] = 'asc';
     }
-    
+
     foreach ($queryData as $name => $value) {
         $trimmedVal = trim($value);
         if ($trimmedVal === '') continue;
@@ -134,4 +146,4 @@ function sortUrl($path, $data, $overrideData = [])
     if (count($queryStringSections) === 0) return $path;
 
     return baseUrl($path . '?' . implode('&', $queryStringSections));
-}
+}

composer.json

@@ -5,23 +5,24 @@
     "license": "MIT",
     "type": "project",
     "require": {
-        "php": ">=5.5.9",
-        "laravel/framework": "5.2.*",
+        "php": ">=5.6.4",
+        "laravel/framework": "^5.3.4",
+        "ext-tidy": "*",
         "intervention/image": "^2.3",
         "laravel/socialite": "^2.0",
         "barryvdh/laravel-ide-helper": "^2.1",
-        "barryvdh/laravel-debugbar": "^2.0",
+        "barryvdh/laravel-debugbar": "^2.2.3",
         "league/flysystem-aws-s3-v3": "^1.0",
-        "barryvdh/laravel-dompdf": "0.6.*",
-        "predis/predis": "^1.0"
+        "barryvdh/laravel-dompdf": "^0.7",
+        "predis/predis": "^1.1",
+        "gathercontent/htmldiff": "^0.2.1"
     },
     "require-dev": {
         "fzaninotto/faker": "~1.4",
         "mockery/mockery": "0.9.*",
-        "phpunit/phpunit": "~4.0",
-        "phpspec/phpspec": "~2.1",
-        "symfony/dom-crawler": "~3.0",
-        "symfony/css-selector": "~3.0"
+        "phpunit/phpunit": "~5.0",
+        "symfony/css-selector": "3.1.*",
+        "symfony/dom-crawler": "3.1.*"
     },
     "autoload": {
         "classmap": [
@@ -37,21 +38,19 @@
         ]
     },
     "scripts": {
-        "post-install-cmd": [
-            "php artisan clear-compiled",
-            "php artisan optimize"
-        ],
-        "pre-update-cmd": [
-            "php artisan clear-compiled"
-        ],
-        "post-update-cmd": [
-            "php artisan optimize"
-        ],
         "post-root-package-install": [
-            "php -r \"copy('.env.example', '.env');\""
+            "php -r \"file_exists('.env') || copy('.env.example', '.env');\""
         ],
         "post-create-project-cmd": [
             "php artisan key:generate"
+        ],
+        "post-install-cmd": [
+            "Illuminate\\Foundation\\ComposerScripts::postInstall",
+            "php artisan optimize"
+        ],
+        "post-update-cmd": [
+            "Illuminate\\Foundation\\ComposerScripts::postUpdate",
+            "php artisan optimize"
         ]
     },
     "config": {

config/app.php

@@ -57,7 +57,7 @@ return [
     |
     */
 
-    'locale' => 'en',
+    'locale' => env('APP_LANG', 'en'),
 
     /*
     |--------------------------------------------------------------------------
@@ -138,6 +138,7 @@ return [
         Illuminate\Translation\TranslationServiceProvider::class,
         Illuminate\Validation\ValidationServiceProvider::class,
         Illuminate\View\ViewServiceProvider::class,
+        Illuminate\Notifications\NotificationServiceProvider::class,
         Laravel\Socialite\SocialiteServiceProvider::class,
 
         /**
@@ -156,6 +157,7 @@ return [
 
         BookStack\Providers\AuthServiceProvider::class,
         BookStack\Providers\AppServiceProvider::class,
+        BookStack\Providers\BroadcastServiceProvider::class,
         BookStack\Providers\EventServiceProvider::class,
         BookStack\Providers\RouteServiceProvider::class,
         BookStack\Providers\CustomFacadeProvider::class,
@@ -194,6 +196,7 @@ return [
         'Lang'      => Illuminate\Support\Facades\Lang::class,
         'Log'       => Illuminate\Support\Facades\Log::class,
         'Mail'      => Illuminate\Support\Facades\Mail::class,
+        'Notification' => Illuminate\Support\Facades\Notification::class,
         'Password'  => Illuminate\Support\Facades\Password::class,
         'Queue'     => Illuminate\Support\Facades\Queue::class,
         'Redirect'  => Illuminate\Support\Facades\Redirect::class,

config/filesystems.php

@@ -56,7 +56,7 @@ return [
 
         'local' => [
             'driver' => 'local',
-            'root'   => public_path(),
+            'root'   => base_path(),
         ],
 
         'ftp' => [

config/setting-defaults.php

@@ -6,8 +6,11 @@
 return [
 
     'app-name'        => 'BookStack',
+    'app-name-header' => true,
     'app-editor'      => 'wysiwyg',
     'app-color'       => '#0288D1',
-    'app-color-light' => 'rgba(21, 101, 192, 0.15)'
+    'app-color-light' => 'rgba(21, 101, 192, 0.15)',
+    'app-custom-head' => false,
+    'registration-enabled' => false,
 
 ];

database/migrations/2015_08_29_105422_add_roles_and_permissions.php

@@ -129,7 +129,7 @@ class AddRolesAndPermissions extends Migration
 
         // Set all current users as admins
         // (At this point only the initially create user should be an admin)
-        $users = DB::table('users')->get();
+        $users = DB::table('users')->get()->all();
         foreach ($users as $user) {
             DB::table('role_user')->insert([
                 'role_id' => $adminId,

database/migrations/2016_07_07_181521_add_summary_to_page_revisions.php

@@ -0,0 +1,31 @@
+<?php
+
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class AddSummaryToPageRevisions extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('page_revisions', function ($table) {
+            $table->string('summary')->nullable();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('page_revisions', function ($table) {
+            $table->dropColumn('summary');
+        });
+    }
+}

database/migrations/2016_09_29_101449_remove_hidden_roles.php

@@ -0,0 +1,66 @@
+<?php
+
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class RemoveHiddenRoles extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        // Remove the hidden property from roles
+        Schema::table('roles', function(Blueprint $table) {
+            $table->dropColumn('hidden');
+        });
+
+        // Add column to mark system users
+        Schema::table('users', function(Blueprint $table) {
+            $table->string('system_name')->nullable()->index();
+        });
+
+        // Insert our new public system user.
+        $publicUserId = DB::table('users')->insertGetId([
+            'email' => 'guest@example.com',
+            'name' => 'Guest',
+            'system_name' => 'public',
+            'email_confirmed' => true,
+            'created_at' => \Carbon\Carbon::now(),
+            'updated_at' => \Carbon\Carbon::now(),
+        ]);
+        
+        // Get the public role
+        $publicRole = DB::table('roles')->where('system_name', '=', 'public')->first();
+
+        // Connect the new public user to the public role
+        DB::table('role_user')->insert([
+            'user_id' => $publicUserId,
+            'role_id' => $publicRole->id
+        ]);
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('roles', function(Blueprint $table) {
+            $table->boolean('hidden')->default(false);
+            $table->index('hidden');
+        });
+
+        DB::table('users')->where('system_name', '=', 'public')->delete();
+
+        Schema::table('users', function(Blueprint $table) {
+            $table->dropColumn('system_name');
+        });
+
+        DB::table('roles')->where('system_name', '=', 'public')->update(['hidden' => true]);
+    }
+}

database/migrations/2016_10_09_142037_create_attachments_table.php

@@ -0,0 +1,71 @@
+<?php
+
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class CreateAttachmentsTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::create('attachments', function (Blueprint $table) {
+            $table->increments('id');
+            $table->string('name');
+            $table->string('path');
+            $table->string('extension', 20);
+            $table->integer('uploaded_to');
+
+            $table->boolean('external');
+            $table->integer('order');
+
+            $table->integer('created_by');
+            $table->integer('updated_by');
+
+            $table->index('uploaded_to');
+            $table->timestamps();
+        });
+
+        // Get roles with permissions we need to change
+        $adminRoleId = DB::table('roles')->where('system_name', '=', 'admin')->first()->id;
+
+        // Create & attach new entity permissions
+        $ops = ['Create All', 'Create Own', 'Update All', 'Update Own', 'Delete All', 'Delete Own'];
+        $entity = 'Attachment';
+        foreach ($ops as $op) {
+            $permissionId = DB::table('role_permissions')->insertGetId([
+                'name' => strtolower($entity) . '-' . strtolower(str_replace(' ', '-', $op)),
+                'display_name' => $op . ' ' . $entity . 's',
+                'created_at' => \Carbon\Carbon::now()->toDateTimeString(),
+                'updated_at' => \Carbon\Carbon::now()->toDateTimeString()
+            ]);
+            DB::table('permission_role')->insert([
+                'role_id' => $adminRoleId,
+                'permission_id' => $permissionId
+            ]);
+        }
+
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::dropIfExists('attachments');
+
+        // Create & attach new entity permissions
+        $ops = ['Create All', 'Create Own', 'Update All', 'Update Own', 'Delete All', 'Delete Own'];
+        $entity = 'Attachment';
+        foreach ($ops as $op) {
+            $permName = strtolower($entity) . '-' . strtolower(str_replace(' ', '-', $op));
+            DB::table('role_permissions')->where('name', '=', $permName)->delete();
+        }
+    }
+}

gulpfile.js

@@ -1,27 +1,8 @@
 var elixir = require('laravel-elixir');
 
-// Custom extensions
-var gulp = require('gulp');
-var Task = elixir.Task;
-var fs = require('fs');
-
-elixir.extend('queryVersion', function(inputFiles) {
-     new Task('queryVersion', function() {
-         var manifestObject = {};
-         var uidString = Date.now().toString(16).slice(4);
-         for (var i = 0; i < inputFiles.length; i++) {
-             var file = inputFiles[i];
-             manifestObject[file] = file + '?version=' + uidString;
-         }
-         var fileContents = JSON.stringify(manifestObject, null, 1);
-         fs.writeFileSync('public/build/manifest.json', fileContents);
-     }).watch(['./public/css/*.css', './public/js/*.js']);
-});
-
-elixir(function(mix) {
-    mix.sass('styles.scss')
-        .sass('print-styles.scss')
-        .sass('export-styles.scss')
-        .browserify('global.js', 'public/js/common.js')
-        .queryVersion(['css/styles.css', 'css/print-styles.css', 'js/common.js']);
+elixir(mix => {
+    mix.sass('styles.scss');
+    mix.sass('print-styles.scss');
+    mix.sass('export-styles.scss');
+    mix.browserify('global.js', './public/js/common.js');
 });

package.json

@@ -1,18 +1,19 @@
 {
   "private": true,
-  "devDependencies": {
-    "gulp": "^3.9.0"
+  "scripts": {
+    "prod": "gulp --production",
+    "dev": "gulp watch"
   },
-  "dependencies": {
+  "devDependencies": {
     "angular": "^1.5.5",
     "angular-animate": "^1.5.5",
     "angular-resource": "^1.5.5",
     "angular-sanitize": "^1.5.5",
-    "angular-ui-sortable": "^0.14.0",
-    "babel-runtime": "^5.8.29",
-    "bootstrap-sass": "^3.0.0",
+    "angular-ui-sortable": "^0.15.0",
     "dropzone": "^4.0.1",
-    "laravel-elixir": "^5.0.0",
+    "gulp": "^3.9.0",
+    "laravel-elixir": "^6.0.0-11",
+    "laravel-elixir-browserify-official": "^0.1.3",
     "marked": "^0.3.5",
     "moment": "^2.12.0",
     "zeroclipboard": "^2.2.0"

phpspec.yml

@@ -1,5 +0,0 @@
-suites:
-    main:
-        namespace: BookStack
-        psr4_prefix: BookStack
-        src_path: app

phpunit.xml

@@ -28,8 +28,9 @@
         <env name="DB_CONNECTION" value="mysql_testing"/>
         <env name="MAIL_DRIVER" value="log"/>
         <env name="AUTH_METHOD" value="standard"/>
-        <env name="DISABLE_EXTERNAL_SERVICES" value="false"/>
+        <env name="DISABLE_EXTERNAL_SERVICES" value="true"/>
         <env name="LDAP_VERSION" value="3"/>
+        <env name="STORAGE_TYPE" value="local"/>
         <env name="GITHUB_APP_ID" value="aaaaaaaaaaaaaa"/>
         <env name="GITHUB_APP_SECRET" value="aaaaaaaaaaaaaa"/>
         <env name="GOOGLE_APP_ID" value="aaaaaaaaaaaaaa"/>

public/build/manifest.json

@@ -1,5 +0,0 @@
-{
- "css/styles.css": "css/styles.css?version=d6312b2",
- "css/print-styles.css": "css/print-styles.css?version=d6312b2",
- "js/common.js": "js/common.js?version=d6312b2"
-}

public/css/print-styles.css

@@ -1 +1 @@
-header{display:none}body{font-size:12px}.faded-small{display:none}.page-content{margin:0 auto}.print-hidden{display:none}.print-full-width{width:100%;float:none;display:block}h2{font-size:2em;line-height:1;margin-top:.6em;margin-bottom:.3em}
+.faded-small,.print-hidden,header{display:none}body{font-size:12px}.page-content{margin:0 auto}.print-full-width{width:100%;float:none;display:block}h2{font-size:2em;line-height:1;margin-top:.6em;margin-bottom:.3em}

public/libs/tinymce/plugins/advlist/plugin.min.js

@@ -1 +1 @@
-tinymce.PluginManager.add("advlist",function(a){function b(a,b){var c=[];return tinymce.each(b.split(/[ ,]/),function(a){c.push({text:a.replace(/\-/g," ").replace(/\b\w/g,function(a){return a.toUpperCase()}),data:"default"==a?"":a})}),c}function c(b,c){a.undoManager.transact(function(){var d,e=a.dom,f=a.selection;d=e.getParent(f.getNode(),"ol,ul"),d&&d.nodeName==b&&c!==!1||a.execCommand("UL"==b?"InsertUnorderedList":"InsertOrderedList"),c=c===!1?g[b]:c,g[b]=c,d=e.getParent(f.getNode(),"ol,ul"),d&&(e.setStyle(d,"listStyleType",c?c:null),d.removeAttribute("data-mce-style")),a.focus()})}function d(b){var c=a.dom.getStyle(a.dom.getParent(a.selection.getNode(),"ol,ul"),"listStyleType")||"";b.control.items().each(function(a){a.active(a.settings.data===c)})}var e,f,g={};e=b("OL",a.getParam("advlist_number_styles","default,lower-alpha,lower-greek,lower-roman,upper-alpha,upper-roman")),f=b("UL",a.getParam("advlist_bullet_styles","default,circle,disc,square")),a.addButton("numlist",{type:"splitbutton",tooltip:"Numbered list",menu:e,onshow:d,onselect:function(a){c("OL",a.control.settings.data)},onclick:function(){c("OL",!1)}}),a.addButton("bullist",{type:"splitbutton",tooltip:"Bullet list",menu:f,onshow:d,onselect:function(a){c("UL",a.control.settings.data)},onclick:function(){c("UL",!1)}})});
+tinymce.PluginManager.add("advlist",function(a){function b(a,b){var c=[];return tinymce.each(b.split(/[ ,]/),function(a){c.push({text:a.replace(/\-/g," ").replace(/\b\w/g,function(a){return a.toUpperCase()}),data:"default"==a?"":a})}),c}function c(b,c){a.undoManager.transact(function(){var d,e=a.dom,f=a.selection;if(d=e.getParent(f.getNode(),"ol,ul"),!d||d.nodeName!=b||c===!1){var h={"list-style-type":c?c:""};a.execCommand("UL"==b?"InsertUnorderedList":"InsertOrderedList",!1,h)}c=c===!1?g[b]:c,g[b]=c,d=e.getParent(f.getNode(),"ol,ul"),d&&(e.setStyle(d,"listStyleType",c?c:null),d.removeAttribute("data-mce-style")),a.focus()})}function d(b){var c=a.dom.getStyle(a.dom.getParent(a.selection.getNode(),"ol,ul"),"listStyleType")||"";b.control.items().each(function(a){a.active(a.settings.data===c)})}var e,f,g={};e=b("OL",a.getParam("advlist_number_styles","default,lower-alpha,lower-greek,lower-roman,upper-alpha,upper-roman")),f=b("UL",a.getParam("advlist_bullet_styles","default,circle,disc,square")),a.addButton("numlist",{type:"splitbutton",tooltip:"Numbered list",menu:e,onshow:d,onselect:function(a){c("OL",a.control.settings.data)},onclick:function(){c("OL",!1)}}),a.addButton("bullist",{type:"splitbutton",tooltip:"Bullet list",menu:f,onshow:d,onselect:function(a){c("UL",a.control.settings.data)},onclick:function(){c("UL",!1)}})});

public/libs/tinymce/plugins/contextmenu/plugin.min.js

@@ -1 +1 @@
-tinymce.PluginManager.add("contextmenu",function(a){var b,c=a.settings.contextmenu_never_use_native;a.on("contextmenu",function(d){var e,f=a.getDoc();if(!d.ctrlKey||c){if(d.preventDefault(),tinymce.Env.mac&&tinymce.Env.webkit&&2==d.button&&f.caretRangeFromPoint&&a.selection.setRng(f.caretRangeFromPoint(d.x,d.y)),e=a.settings.contextmenu||"link image inserttable | cell row column deletetable",b)b.show();else{var g=[];tinymce.each(e.split(/[ ,]/),function(b){var c=a.menuItems[b];"|"==b&&(c={text:b}),c&&(c.shortcut="",g.push(c))});for(var h=0;h<g.length;h++)"|"==g[h].text&&(0!==h&&h!=g.length-1||g.splice(h,1));b=new tinymce.ui.Menu({items:g,context:"contextmenu",classes:"contextmenu"}).renderTo(),a.on("remove",function(){b.remove(),b=null})}var i={x:d.pageX,y:d.pageY};a.inline||(i=tinymce.DOM.getPos(a.getContentAreaContainer()),i.x+=d.clientX,i.y+=d.clientY),b.moveTo(i.x,i.y)}})});
+tinymce.PluginManager.add("contextmenu",function(a){var b,c=a.settings.contextmenu_never_use_native,d=function(a){return a.ctrlKey&&!c},e=function(){return tinymce.Env.mac&&tinymce.Env.webkit};a.on("mousedown",function(b){e()&&2===b.button&&!d(b)&&a.selection.isCollapsed()&&a.once("contextmenu",function(b){a.selection.placeCaretAt(b.clientX,b.clientY)})}),a.on("contextmenu",function(c){var e;if(!d(c)){if(c.preventDefault(),e=a.settings.contextmenu||"link image inserttable | cell row column deletetable",b)b.show();else{var f=[];tinymce.each(e.split(/[ ,]/),function(b){var c=a.menuItems[b];"|"==b&&(c={text:b}),c&&(c.shortcut="",f.push(c))});for(var g=0;g<f.length;g++)"|"==f[g].text&&(0!==g&&g!=f.length-1||f.splice(g,1));b=new tinymce.ui.Menu({items:f,context:"contextmenu",classes:"contextmenu"}).renderTo(),a.on("remove",function(){b.remove(),b=null})}var h={x:c.pageX,y:c.pageY};a.inline||(h=tinymce.DOM.getPos(a.getContentAreaContainer()),h.x+=c.clientX,h.y+=c.clientY),b.moveTo(h.x,h.y)}})});

public/libs/tinymce/plugins/fullscreen/plugin.min.js

@@ -1 +1 @@
-tinymce.PluginManager.add("fullscreen",function(a){function b(){var a,b,c=window,d=document,e=d.body;return e.offsetWidth&&(a=e.offsetWidth,b=e.offsetHeight),c.innerWidth&&c.innerHeight&&(a=c.innerWidth,b=c.innerHeight),{w:a,h:b}}function c(){var a=tinymce.DOM.getViewPort();return{x:a.x,y:a.y}}function d(a){scrollTo(a.x,a.y)}function e(){function e(){m.setStyle(p,"height",b().h-(o.clientHeight-p.clientHeight))}var n,o,p,q,r=document.body,s=document.documentElement;l=!l,o=a.getContainer(),n=o.style,p=a.getContentAreaContainer().firstChild,q=p.style,l?(k=c(),f=q.width,g=q.height,q.width=q.height="100%",i=n.width,j=n.height,n.width=n.height="",m.addClass(r,"mce-fullscreen"),m.addClass(s,"mce-fullscreen"),m.addClass(o,"mce-fullscreen"),m.bind(window,"resize",e),e(),h=e):(q.width=f,q.height=g,i&&(n.width=i),j&&(n.height=j),m.removeClass(r,"mce-fullscreen"),m.removeClass(s,"mce-fullscreen"),m.removeClass(o,"mce-fullscreen"),m.unbind(window,"resize",h),d(k)),a.fire("FullscreenStateChanged",{state:l})}var f,g,h,i,j,k,l=!1,m=tinymce.DOM;return a.settings.inline?void 0:(a.on("init",function(){a.addShortcut("Meta+Alt+F","",e)}),a.on("remove",function(){h&&m.unbind(window,"resize",h)}),a.addCommand("mceFullScreen",e),a.addMenuItem("fullscreen",{text:"Fullscreen",shortcut:"Meta+Alt+F",selectable:!0,onClick:function(){e(),a.focus()},onPostRender:function(){var b=this;a.on("FullscreenStateChanged",function(a){b.active(a.state)})},context:"view"}),a.addButton("fullscreen",{tooltip:"Fullscreen",shortcut:"Meta+Alt+F",onClick:e,onPostRender:function(){var b=this;a.on("FullscreenStateChanged",function(a){b.active(a.state)})}}),{isFullscreen:function(){return l}})});
+tinymce.PluginManager.add("fullscreen",function(a){function b(){var a,b,c=window,d=document,e=d.body;return e.offsetWidth&&(a=e.offsetWidth,b=e.offsetHeight),c.innerWidth&&c.innerHeight&&(a=c.innerWidth,b=c.innerHeight),{w:a,h:b}}function c(){var a=tinymce.DOM.getViewPort();return{x:a.x,y:a.y}}function d(a){scrollTo(a.x,a.y)}function e(){function e(){m.setStyle(p,"height",b().h-(o.clientHeight-p.clientHeight))}var n,o,p,q,r=document.body,s=document.documentElement;l=!l,o=a.getContainer(),n=o.style,p=a.getContentAreaContainer().firstChild,q=p.style,l?(k=c(),f=q.width,g=q.height,q.width=q.height="100%",i=n.width,j=n.height,n.width=n.height="",m.addClass(r,"mce-fullscreen"),m.addClass(s,"mce-fullscreen"),m.addClass(o,"mce-fullscreen"),m.bind(window,"resize",e),e(),h=e):(q.width=f,q.height=g,i&&(n.width=i),j&&(n.height=j),m.removeClass(r,"mce-fullscreen"),m.removeClass(s,"mce-fullscreen"),m.removeClass(o,"mce-fullscreen"),m.unbind(window,"resize",h),d(k)),a.fire("FullscreenStateChanged",{state:l})}var f,g,h,i,j,k,l=!1,m=tinymce.DOM;return a.settings.inline?void 0:(a.on("init",function(){a.addShortcut("Ctrl+Shift+F","",e)}),a.on("remove",function(){h&&m.unbind(window,"resize",h)}),a.addCommand("mceFullScreen",e),a.addMenuItem("fullscreen",{text:"Fullscreen",shortcut:"Ctrl+Shift+F",selectable:!0,onClick:function(){e(),a.focus()},onPostRender:function(){var b=this;a.on("FullscreenStateChanged",function(a){b.active(a.state)})},context:"view"}),a.addButton("fullscreen",{tooltip:"Fullscreen",shortcut:"Ctrl+Shift+F",onClick:e,onPostRender:function(){var b=this;a.on("FullscreenStateChanged",function(a){b.active(a.state)})}}),{isFullscreen:function(){return l}})});

public/libs/tinymce/plugins/importcss/plugin.min.js

@@ -1 +1 @@
-tinymce.PluginManager.add("importcss",function(a){function b(a){var b=tinymce.Env.cacheSuffix;return"string"==typeof a&&(a=a.replace("?"+b,"").replace("&"+b,"")),a}function c(b){var c=a.settings,d=c.skin!==!1?c.skin||"lightgray":!1;if(d){var e=c.skin_url;return e=e?a.documentBaseURI.toAbsolute(e):tinymce.baseURL+"/skins/"+d,b===e+"/content"+(a.inline?".inline":"")+".min.css"}return!1}function d(a){return"string"==typeof a?function(b){return-1!==b.indexOf(a)}:a instanceof RegExp?function(b){return a.test(b)}:a}function e(d,e){function f(a,d){var i,j=a.href;if(j=b(j),j&&e(j,d)&&!c(j)){h(a.imports,function(a){f(a,!0)});try{i=a.cssRules||a.rules}catch(k){}h(i,function(a){a.styleSheet?f(a.styleSheet,!0):a.selectorText&&h(a.selectorText.split(","),function(a){g.push(tinymce.trim(a))})})}}var g=[],i={};h(a.contentCSS,function(a){i[a]=!0}),e||(e=function(a,b){return b||i[a]});try{h(d.styleSheets,function(a){f(a)})}catch(j){}return g}function f(b){var c,d=/^(?:([a-z0-9\-_]+))?(\.[a-z0-9_\-\.]+)$/i.exec(b);if(d){var e=d[1],f=d[2].substr(1).split(".").join(" "),g=tinymce.makeMap("a,img");return d[1]?(c={title:b},a.schema.getTextBlockElements()[e]?c.block=e:a.schema.getBlockElements()[e]||g[e.toLowerCase()]?c.selector=e:c.inline=e):d[2]&&(c={inline:"span",title:b.substr(1),classes:f}),a.settings.importcss_merge_classes!==!1?c.classes=f:c.attributes={"class":f},c}}var g=this,h=tinymce.each;a.on("renderFormatsMenu",function(b){var c=a.settings,i={},j=c.importcss_selector_converter||f,k=d(c.importcss_selector_filter),l=b.control;a.settings.importcss_append||l.items().remove();var m=[];tinymce.each(c.importcss_groups,function(a){a=tinymce.extend({},a),a.filter=d(a.filter),m.push(a)}),h(e(b.doc||a.getDoc(),d(c.importcss_file_filter)),function(b){if(-1===b.indexOf(".mce-")&&!i[b]&&(!k||k(b))){var c,d=j.call(g,b);if(d){var e=d.name||tinymce.DOM.uniqueId();if(m)for(var f=0;f<m.length;f++)if(!m[f].filter||m[f].filter(b)){m[f].item||(m[f].item={text:m[f].title,menu:[]}),c=m[f].item.menu;break}a.formatter.register(e,d);var h=tinymce.extend({},l.settings.itemDefaults,{text:d.title,format:e});c?c.push(h):l.add(h)}i[b]=!0}}),h(m,function(a){l.add(a.item)}),b.control.renderNew()}),g.convertSelectorToFormat=f});
+tinymce.PluginManager.add("importcss",function(a){function b(a){var b=tinymce.Env.cacheSuffix;return"string"==typeof a&&(a=a.replace("?"+b,"").replace("&"+b,"")),a}function c(b){var c=a.settings,d=c.skin!==!1?c.skin||"lightgray":!1;if(d){var e=c.skin_url;return e=e?a.documentBaseURI.toAbsolute(e):tinymce.baseURL+"/skins/"+d,b===e+"/content"+(a.inline?".inline":"")+".min.css"}return!1}function d(a){return"string"==typeof a?function(b){return-1!==b.indexOf(a)}:a instanceof RegExp?function(b){return a.test(b)}:a}function e(d,e){function f(a,d){var h,i=a.href;if(i=b(i),i&&e(i,d)&&!c(i)){n(a.imports,function(a){f(a,!0)});try{h=a.cssRules||a.rules}catch(j){}n(h,function(a){a.styleSheet?f(a.styleSheet,!0):a.selectorText&&n(a.selectorText.split(","),function(a){g.push(tinymce.trim(a))})})}}var g=[],h={};n(a.contentCSS,function(a){h[a]=!0}),e||(e=function(a,b){return b||h[a]});try{n(d.styleSheets,function(a){f(a)})}catch(i){}return g}function f(b){var c,d=/^(?:([a-z0-9\-_]+))?(\.[a-z0-9_\-\.]+)$/i.exec(b);if(d){var e=d[1],f=d[2].substr(1).split(".").join(" "),g=tinymce.makeMap("a,img");return d[1]?(c={title:b},a.schema.getTextBlockElements()[e]?c.block=e:a.schema.getBlockElements()[e]||g[e.toLowerCase()]?c.selector=e:c.inline=e):d[2]&&(c={inline:"span",title:b.substr(1),classes:f}),a.settings.importcss_merge_classes!==!1?c.classes=f:c.attributes={"class":f},c}}function g(a,b){return tinymce.util.Tools.grep(a,function(a){return!a.filter||a.filter(b)})}function h(a){return tinymce.util.Tools.map(a,function(a){return tinymce.util.Tools.extend({},a,{original:a,selectors:{},filter:d(a.filter),item:{text:a.title,menu:[]}})})}function i(a,b){return null===b||a.settings.importcss_exclusive!==!1}function j(b,c,d){return!(i(a,c)?b in d:b in c.selectors)}function k(b,c,d){i(a,c)?d[b]=!0:c.selectors[b]=!0}function l(b,c,d){var e,g=a.settings;return e=d&&d.selector_converter?d.selector_converter:g.importcss_selector_converter?g.importcss_selector_converter:f,e.call(b,c,d)}var m=this,n=tinymce.each;a.on("renderFormatsMenu",function(b){var c=a.settings,f={},i=d(c.importcss_selector_filter),o=b.control,p=h(c.importcss_groups),q=function(b,c){if(j(b,c,f)){k(b,c,f);var d=l(m,b,c);if(d){var e=d.name||tinymce.DOM.uniqueId();return a.formatter.register(e,d),tinymce.extend({},o.settings.itemDefaults,{text:d.title,format:e})}}return null};a.settings.importcss_append||o.items().remove(),n(e(b.doc||a.getDoc(),d(c.importcss_file_filter)),function(a){if(-1===a.indexOf(".mce-")&&(!i||i(a))){var b=g(p,a);if(b.length>0)tinymce.util.Tools.each(b,function(b){var c=q(a,b);c&&b.item.menu.push(c)});else{var c=q(a,null);c&&o.add(c)}}}),n(p,function(a){a.item.menu.length>0&&o.add(a.item)}),b.control.renderNew()}),m.convertSelectorToFormat=f});

public/libs/tinymce/plugins/legacyoutput/plugin.min.js

@@ -1 +1 @@
-!function(a){a.on("AddEditor",function(a){a.editor.settings.inline_styles=!1}),a.PluginManager.add("legacyoutput",function(b,c,d){b.on("init",function(){var c="p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li,table,img",d=a.explode(b.settings.font_size_style_values),e=b.schema;b.formatter.register({alignleft:{selector:c,attributes:{align:"left"}},aligncenter:{selector:c,attributes:{align:"center"}},alignright:{selector:c,attributes:{align:"right"}},alignjustify:{selector:c,attributes:{align:"justify"}},bold:[{inline:"b",remove:"all"},{inline:"strong",remove:"all"},{inline:"span",styles:{fontWeight:"bold"}}],italic:[{inline:"i",remove:"all"},{inline:"em",remove:"all"},{inline:"span",styles:{fontStyle:"italic"}}],underline:[{inline:"u",remove:"all"},{inline:"span",styles:{textDecoration:"underline"},exact:!0}],strikethrough:[{inline:"strike",remove:"all"},{inline:"span",styles:{textDecoration:"line-through"},exact:!0}],fontname:{inline:"font",attributes:{face:"%value"}},fontsize:{inline:"font",attributes:{size:function(b){return a.inArray(d,b.value)+1}}},forecolor:{inline:"font",attributes:{color:"%value"}},hilitecolor:{inline:"font",styles:{backgroundColor:"%value"}}}),a.each("b,i,u,strike".split(","),function(a){e.addValidElements(a+"[*]")}),e.getElementRule("font")||e.addValidElements("font[face|size|color|style]"),a.each(c.split(","),function(a){var b=e.getElementRule(a);b&&(b.attributes.align||(b.attributes.align={},b.attributesOrder.push("align")))})}),b.addButton("fontsizeselect",function(){var a=[],c="8pt=1 10pt=2 12pt=3 14pt=4 18pt=5 24pt=6 36pt=7",d=b.settings.fontsize_formats||c;return b.$.each(d.split(" "),function(b,c){var d=c,e=c,f=c.split("=");f.length>1&&(d=f[0],e=f[1]),a.push({text:d,value:e})}),{type:"listbox",text:"Font Sizes",tooltip:"Font Sizes",values:a,fixedWidth:!0,onPostRender:function(){var a=this;b.on("NodeChange",function(){var c;c=b.dom.getParent(b.selection.getNode(),"font"),c?a.value(c.size):a.value("")})},onclick:function(a){a.control.settings.value&&b.execCommand("FontSize",!1,a.control.settings.value)}}}),b.addButton("fontselect",function(){function a(a){a=a.replace(/;$/,"").split(";");for(var b=a.length;b--;)a[b]=a[b].split("=");return a}var c="Andale Mono=andale mono,monospace;Arial=arial,helvetica,sans-serif;Arial Black=arial black,sans-serif;Book Antiqua=book antiqua,palatino,serif;Comic Sans MS=comic sans ms,sans-serif;Courier New=courier new,courier,monospace;Georgia=georgia,palatino,serif;Helvetica=helvetica,arial,sans-serif;Impact=impact,sans-serif;Symbol=symbol;Tahoma=tahoma,arial,helvetica,sans-serif;Terminal=terminal,monaco,monospace;Times New Roman=times new roman,times,serif;Trebuchet MS=trebuchet ms,geneva,sans-serif;Verdana=verdana,geneva,sans-serif;Webdings=webdings;Wingdings=wingdings,zapf dingbats",e=[],f=a(b.settings.font_formats||c);return d.each(f,function(a,b){e.push({text:{raw:b[0]},value:b[1],textStyle:-1==b[1].indexOf("dings")?"font-family:"+b[1]:""})}),{type:"listbox",text:"Font Family",tooltip:"Font Family",values:e,fixedWidth:!0,onPostRender:function(){var a=this;b.on("NodeChange",function(){var c;c=b.dom.getParent(b.selection.getNode(),"font"),c?a.value(c.face):a.value("")})},onselect:function(a){a.control.settings.value&&b.execCommand("FontName",!1,a.control.settings.value)}}})})}(tinymce);
+!function(a){a.PluginManager.add("legacyoutput",function(b,c,d){b.settings.inline_styles=!1,b.on("init",function(){var c="p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li,table,img",d=a.explode(b.settings.font_size_style_values),e=b.schema;b.formatter.register({alignleft:{selector:c,attributes:{align:"left"}},aligncenter:{selector:c,attributes:{align:"center"}},alignright:{selector:c,attributes:{align:"right"}},alignjustify:{selector:c,attributes:{align:"justify"}},bold:[{inline:"b",remove:"all"},{inline:"strong",remove:"all"},{inline:"span",styles:{fontWeight:"bold"}}],italic:[{inline:"i",remove:"all"},{inline:"em",remove:"all"},{inline:"span",styles:{fontStyle:"italic"}}],underline:[{inline:"u",remove:"all"},{inline:"span",styles:{textDecoration:"underline"},exact:!0}],strikethrough:[{inline:"strike",remove:"all"},{inline:"span",styles:{textDecoration:"line-through"},exact:!0}],fontname:{inline:"font",attributes:{face:"%value"}},fontsize:{inline:"font",attributes:{size:function(b){return a.inArray(d,b.value)+1}}},forecolor:{inline:"font",attributes:{color:"%value"}},hilitecolor:{inline:"font",styles:{backgroundColor:"%value"}}}),a.each("b,i,u,strike".split(","),function(a){e.addValidElements(a+"[*]")}),e.getElementRule("font")||e.addValidElements("font[face|size|color|style]"),a.each(c.split(","),function(a){var b=e.getElementRule(a);b&&(b.attributes.align||(b.attributes.align={},b.attributesOrder.push("align")))})}),b.addButton("fontsizeselect",function(){var a=[],c="8pt=1 10pt=2 12pt=3 14pt=4 18pt=5 24pt=6 36pt=7",d=b.settings.fontsize_formats||c;return b.$.each(d.split(" "),function(b,c){var d=c,e=c,f=c.split("=");f.length>1&&(d=f[0],e=f[1]),a.push({text:d,value:e})}),{type:"listbox",text:"Font Sizes",tooltip:"Font Sizes",values:a,fixedWidth:!0,onPostRender:function(){var a=this;b.on("NodeChange",function(){var c;c=b.dom.getParent(b.selection.getNode(),"font"),c?a.value(c.size):a.value("")})},onclick:function(a){a.control.settings.value&&b.execCommand("FontSize",!1,a.control.settings.value)}}}),b.addButton("fontselect",function(){function a(a){a=a.replace(/;$/,"").split(";");for(var b=a.length;b--;)a[b]=a[b].split("=");return a}var c="Andale Mono=andale mono,monospace;Arial=arial,helvetica,sans-serif;Arial Black=arial black,sans-serif;Book Antiqua=book antiqua,palatino,serif;Comic Sans MS=comic sans ms,sans-serif;Courier New=courier new,courier,monospace;Georgia=georgia,palatino,serif;Helvetica=helvetica,arial,sans-serif;Impact=impact,sans-serif;Symbol=symbol;Tahoma=tahoma,arial,helvetica,sans-serif;Terminal=terminal,monaco,monospace;Times New Roman=times new roman,times,serif;Trebuchet MS=trebuchet ms,geneva,sans-serif;Verdana=verdana,geneva,sans-serif;Webdings=webdings;Wingdings=wingdings,zapf dingbats",e=[],f=a(b.settings.font_formats||c);return d.each(f,function(a,b){e.push({text:{raw:b[0]},value:b[1],textStyle:-1==b[1].indexOf("dings")?"font-family:"+b[1]:""})}),{type:"listbox",text:"Font Family",tooltip:"Font Family",values:e,fixedWidth:!0,onPostRender:function(){var a=this;b.on("NodeChange",function(){var c;c=b.dom.getParent(b.selection.getNode(),"font"),c?a.value(c.face):a.value("")})},onselect:function(a){a.control.settings.value&&b.execCommand("FontName",!1,a.control.settings.value)}}})})}(tinymce);

public/libs/tinymce/plugins/preview/plugin.min.js

@@ -1 +1 @@
-tinymce.PluginManager.add("preview",function(a){var b=a.settings,c=!tinymce.Env.ie;a.addCommand("mcePreview",function(){a.windowManager.open({title:"Preview",width:parseInt(a.getParam("plugin_preview_width","650"),10),height:parseInt(a.getParam("plugin_preview_height","500"),10),html:'<iframe src="javascript:\'\'" frameborder="0"'+(c?' sandbox="allow-scripts"':"")+"></iframe>",buttons:{text:"Close",onclick:function(){this.parent().parent().close()}},onPostRender:function(){var d,e="";e+='<base href="'+a.documentBaseURI.getURI()+'">',tinymce.each(a.contentCSS,function(b){e+='<link type="text/css" rel="stylesheet" href="'+a.documentBaseURI.toAbsolute(b)+'">'});var f=b.body_id||"tinymce";-1!=f.indexOf("=")&&(f=a.getParam("body_id","","hash"),f=f[a.id]||f);var g=b.body_class||"";-1!=g.indexOf("=")&&(g=a.getParam("body_class","","hash"),g=g[a.id]||"");var h=a.settings.directionality?' dir="'+a.settings.directionality+'"':"";if(d="<!DOCTYPE html><html><head>"+e+'</head><body id="'+f+'" class="mce-content-body '+g+'"'+h+">"+a.getContent()+"</body></html>",c)this.getEl("body").firstChild.src="data:text/html;charset=utf-8,"+encodeURIComponent(d);else{var i=this.getEl("body").firstChild.contentWindow.document;i.open(),i.write(d),i.close()}}})}),a.addButton("preview",{title:"Preview",cmd:"mcePreview"}),a.addMenuItem("preview",{text:"Preview",cmd:"mcePreview",context:"view"})});
+tinymce.PluginManager.add("preview",function(a){var b=a.settings,c=!tinymce.Env.ie;a.addCommand("mcePreview",function(){a.windowManager.open({title:"Preview",width:parseInt(a.getParam("plugin_preview_width","650"),10),height:parseInt(a.getParam("plugin_preview_height","500"),10),html:'<iframe src="javascript:\'\'" frameborder="0"'+(c?' sandbox="allow-scripts"':"")+"></iframe>",buttons:{text:"Close",onclick:function(){this.parent().parent().close()}},onPostRender:function(){var d,e="";e+='<base href="'+a.documentBaseURI.getURI()+'">',tinymce.each(a.contentCSS,function(b){e+='<link type="text/css" rel="stylesheet" href="'+a.documentBaseURI.toAbsolute(b)+'">'});var f=b.body_id||"tinymce";-1!=f.indexOf("=")&&(f=a.getParam("body_id","","hash"),f=f[a.id]||f);var g=b.body_class||"";-1!=g.indexOf("=")&&(g=a.getParam("body_class","","hash"),g=g[a.id]||"");var h='<script>document.addEventListener && document.addEventListener("click", function(e) {for (var elm = e.target; elm; elm = elm.parentNode) {if (elm.nodeName === "A") {e.preventDefault();}}}, false);</script> ',i=a.settings.directionality?' dir="'+a.settings.directionality+'"':"";if(d="<!DOCTYPE html><html><head>"+e+'</head><body id="'+f+'" class="mce-content-body '+g+'"'+i+">"+a.getContent()+h+"</body></html>",c)this.getEl("body").firstChild.src="data:text/html;charset=utf-8,"+encodeURIComponent(d);else{var j=this.getEl("body").firstChild.contentWindow.document;j.open(),j.write(d),j.close()}}})}),a.addButton("preview",{title:"Preview",cmd:"mcePreview"}),a.addMenuItem("preview",{text:"Preview",cmd:"mcePreview",context:"view"})});

public/libs/tinymce/plugins/template/plugin.min.js

@@ -1 +1 @@
-tinymce.PluginManager.add("template",function(a){function b(b){return function(){var c=a.settings.templates;return"function"==typeof c?void c(b):void("string"==typeof c?tinymce.util.XHR.send({url:c,success:function(a){b(tinymce.util.JSON.parse(a))}}):b(c))}}function c(b){function c(b){function c(b){if(-1==b.indexOf("<html>")){var c="";tinymce.each(a.contentCSS,function(b){c+='<link type="text/css" rel="stylesheet" href="'+a.documentBaseURI.toAbsolute(b)+'">'}),b="<!DOCTYPE html><html><head>"+c+"</head><body>"+b+"</body></html>"}b=f(b,"template_preview_replace_values");var e=d.find("iframe")[0].getEl().contentWindow.document;e.open(),e.write(b),e.close()}var g=b.control.value();g.url?tinymce.util.XHR.send({url:g.url,success:function(a){e=a,c(e)}}):(e=g.content,c(e)),d.find("#description")[0].text(b.control.value().description)}var d,e,h=[];if(!b||0===b.length){var i=a.translate("No templates defined.");return void a.notificationManager.open({text:i,type:"info"})}tinymce.each(b,function(a){h.push({selected:!h.length,text:a.title,value:{url:a.url,content:a.content,description:a.description}})}),d=a.windowManager.open({title:"Insert template",layout:"flex",direction:"column",align:"stretch",padding:15,spacing:10,items:[{type:"form",flex:0,padding:0,items:[{type:"container",label:"Templates",items:{type:"listbox",label:"Templates",name:"template",values:h,onselect:c}}]},{type:"label",name:"description",label:"Description",text:"\xa0"},{type:"iframe",flex:1,border:1}],onsubmit:function(){g(!1,e)},width:a.getParam("template_popup_width",600),height:a.getParam("template_popup_height",500)}),d.find("listbox")[0].fire("select")}function d(b,c){function d(a,b){if(a=""+a,a.length<b)for(var c=0;c<b-a.length;c++)a="0"+a;return a}var e="Sun Mon Tue Wed Thu Fri Sat Sun".split(" "),f="Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sunday".split(" "),g="Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec".split(" "),h="January February March April May June July August September October November December".split(" ");return c=c||new Date,b=b.replace("%D","%m/%d/%Y"),b=b.replace("%r","%I:%M:%S %p"),b=b.replace("%Y",""+c.getFullYear()),b=b.replace("%y",""+c.getYear()),b=b.replace("%m",d(c.getMonth()+1,2)),b=b.replace("%d",d(c.getDate(),2)),b=b.replace("%H",""+d(c.getHours(),2)),b=b.replace("%M",""+d(c.getMinutes(),2)),b=b.replace("%S",""+d(c.getSeconds(),2)),b=b.replace("%I",""+((c.getHours()+11)%12+1)),b=b.replace("%p",""+(c.getHours()<12?"AM":"PM")),b=b.replace("%B",""+a.translate(h[c.getMonth()])),b=b.replace("%b",""+a.translate(g[c.getMonth()])),b=b.replace("%A",""+a.translate(f[c.getDay()])),b=b.replace("%a",""+a.translate(e[c.getDay()])),b=b.replace("%%","%")}function e(b){var c=a.dom,d=a.getParam("template_replace_values");h(c.select("*",b),function(a){h(d,function(b,e){c.hasClass(a,e)&&"function"==typeof d[e]&&d[e](a)})})}function f(b,c){return h(a.getParam(c),function(a,c){"function"==typeof a&&(a=a(c)),b=b.replace(new RegExp("\\{\\$"+c+"\\}","g"),a)}),b}function g(b,c){function g(a,b){return new RegExp("\\b"+b+"\\b","g").test(a.className)}var i,j,k=a.dom,l=a.selection.getContent();c=f(c,"template_replace_values"),i=k.create("div",null,c),j=k.select(".mceTmpl",i),j&&j.length>0&&(i=k.create("div",null),i.appendChild(j[0].cloneNode(!0))),h(k.select("*",i),function(b){g(b,a.getParam("template_cdate_classes","cdate").replace(/\s+/g,"|"))&&(b.innerHTML=d(a.getParam("template_cdate_format",a.getLang("template.cdate_format")))),g(b,a.getParam("template_mdate_classes","mdate").replace(/\s+/g,"|"))&&(b.innerHTML=d(a.getParam("template_mdate_format",a.getLang("template.mdate_format")))),g(b,a.getParam("template_selected_content_classes","selcontent").replace(/\s+/g,"|"))&&(b.innerHTML=l)}),e(i),a.execCommand("mceInsertContent",!1,i.innerHTML),a.addVisual()}var h=tinymce.each;a.addCommand("mceInsertTemplate",g),a.addButton("template",{title:"Insert template",onclick:b(c)}),a.addMenuItem("template",{text:"Insert template",onclick:b(c),context:"insert"}),a.on("PreProcess",function(b){var c=a.dom;h(c.select("div",b.node),function(b){c.hasClass(b,"mceTmpl")&&(h(c.select("*",b),function(b){c.hasClass(b,a.getParam("template_mdate_classes","mdate").replace(/\s+/g,"|"))&&(b.innerHTML=d(a.getParam("template_mdate_format",a.getLang("template.mdate_format"))))}),e(b))})})});
+tinymce.PluginManager.add("template",function(a){function b(b){return function(){var c=a.settings.templates;return"function"==typeof c?void c(b):void("string"==typeof c?tinymce.util.XHR.send({url:c,success:function(a){b(tinymce.util.JSON.parse(a))}}):b(c))}}function c(b){function c(b){function c(b){if(-1==b.indexOf("<html>")){var c="";tinymce.each(a.contentCSS,function(b){c+='<link type="text/css" rel="stylesheet" href="'+a.documentBaseURI.toAbsolute(b)+'">'});var e=a.settings.body_class||"";-1!=e.indexOf("=")&&(e=a.getParam("body_class","","hash"),e=e[a.id]||""),b="<!DOCTYPE html><html><head>"+c+'</head><body class="'+e+'">'+b+"</body></html>"}b=f(b,"template_preview_replace_values");var g=d.find("iframe")[0].getEl().contentWindow.document;g.open(),g.write(b),g.close()}var g=b.control.value();g.url?tinymce.util.XHR.send({url:g.url,success:function(a){e=a,c(e)}}):(e=g.content,c(e)),d.find("#description")[0].text(b.control.value().description)}var d,e,h=[];if(!b||0===b.length){var i=a.translate("No templates defined.");return void a.notificationManager.open({text:i,type:"info"})}tinymce.each(b,function(a){h.push({selected:!h.length,text:a.title,value:{url:a.url,content:a.content,description:a.description}})}),d=a.windowManager.open({title:"Insert template",layout:"flex",direction:"column",align:"stretch",padding:15,spacing:10,items:[{type:"form",flex:0,padding:0,items:[{type:"container",label:"Templates",items:{type:"listbox",label:"Templates",name:"template",values:h,onselect:c}}]},{type:"label",name:"description",label:"Description",text:"\xa0"},{type:"iframe",flex:1,border:1}],onsubmit:function(){g(!1,e)},minWidth:Math.min(tinymce.DOM.getViewPort().w,a.getParam("template_popup_width",600)),minHeight:Math.min(tinymce.DOM.getViewPort().h,a.getParam("template_popup_height",500))}),d.find("listbox")[0].fire("select")}function d(b,c){function d(a,b){if(a=""+a,a.length<b)for(var c=0;c<b-a.length;c++)a="0"+a;return a}var e="Sun Mon Tue Wed Thu Fri Sat Sun".split(" "),f="Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sunday".split(" "),g="Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec".split(" "),h="January February March April May June July August September October November December".split(" ");return c=c||new Date,b=b.replace("%D","%m/%d/%Y"),b=b.replace("%r","%I:%M:%S %p"),b=b.replace("%Y",""+c.getFullYear()),b=b.replace("%y",""+c.getYear()),b=b.replace("%m",d(c.getMonth()+1,2)),b=b.replace("%d",d(c.getDate(),2)),b=b.replace("%H",""+d(c.getHours(),2)),b=b.replace("%M",""+d(c.getMinutes(),2)),b=b.replace("%S",""+d(c.getSeconds(),2)),b=b.replace("%I",""+((c.getHours()+11)%12+1)),b=b.replace("%p",""+(c.getHours()<12?"AM":"PM")),b=b.replace("%B",""+a.translate(h[c.getMonth()])),b=b.replace("%b",""+a.translate(g[c.getMonth()])),b=b.replace("%A",""+a.translate(f[c.getDay()])),b=b.replace("%a",""+a.translate(e[c.getDay()])),b=b.replace("%%","%")}function e(b){var c=a.dom,d=a.getParam("template_replace_values");h(c.select("*",b),function(a){h(d,function(b,e){c.hasClass(a,e)&&"function"==typeof d[e]&&d[e](a)})})}function f(b,c){return h(a.getParam(c),function(a,c){"function"==typeof a&&(a=a(c)),b=b.replace(new RegExp("\\{\\$"+c+"\\}","g"),a)}),b}function g(b,c){function g(a,b){return new RegExp("\\b"+b+"\\b","g").test(a.className)}var i,j,k=a.dom,l=a.selection.getContent();c=f(c,"template_replace_values"),i=k.create("div",null,c),j=k.select(".mceTmpl",i),j&&j.length>0&&(i=k.create("div",null),i.appendChild(j[0].cloneNode(!0))),h(k.select("*",i),function(b){g(b,a.getParam("template_cdate_classes","cdate").replace(/\s+/g,"|"))&&(b.innerHTML=d(a.getParam("template_cdate_format",a.getLang("template.cdate_format")))),g(b,a.getParam("template_mdate_classes","mdate").replace(/\s+/g,"|"))&&(b.innerHTML=d(a.getParam("template_mdate_format",a.getLang("template.mdate_format")))),g(b,a.getParam("template_selected_content_classes","selcontent").replace(/\s+/g,"|"))&&(b.innerHTML=l)}),e(i),a.execCommand("mceInsertContent",!1,i.innerHTML),a.addVisual()}var h=tinymce.each;a.addCommand("mceInsertTemplate",g),a.addButton("template",{title:"Insert template",onclick:b(c)}),a.addMenuItem("template",{text:"Insert template",onclick:b(c),context:"insert"}),a.on("PreProcess",function(b){var c=a.dom;h(c.select("div",b.node),function(b){c.hasClass(b,"mceTmpl")&&(h(c.select("*",b),function(b){c.hasClass(b,a.getParam("template_mdate_classes","mdate").replace(/\s+/g,"|"))&&(b.innerHTML=d(a.getParam("template_mdate_format",a.getLang("template.mdate_format"))))}),e(b))})})});

public/libs/tinymce/plugins/textcolor/plugin.min.js

@@ -1 +1 @@
-tinymce.PluginManager.add("textcolor",function(a){function b(b){var c;return a.dom.getParents(a.selection.getStart(),function(a){var d;(d=a.style["forecolor"==b?"color":"background-color"])&&(c=d)}),c}function c(){var b,c,d=[];for(c=a.settings.textcolor_map||["000000","Black","993300","Burnt orange","333300","Dark olive","003300","Dark green","003366","Dark azure","000080","Navy Blue","333399","Indigo","333333","Very dark gray","800000","Maroon","FF6600","Orange","808000","Olive","008000","Green","008080","Teal","0000FF","Blue","666699","Grayish blue","808080","Gray","FF0000","Red","FF9900","Amber","99CC00","Yellow green","339966","Sea green","33CCCC","Turquoise","3366FF","Royal blue","800080","Purple","999999","Medium gray","FF00FF","Magenta","FFCC00","Gold","FFFF00","Yellow","00FF00","Lime","00FFFF","Aqua","00CCFF","Sky blue","993366","Red violet","FFFFFF","White","FF99CC","Pink","FFCC99","Peach","FFFF99","Light yellow","CCFFCC","Pale green","CCFFFF","Pale cyan","99CCFF","Light sky blue","CC99FF","Plum"],b=0;b<c.length;b+=2)d.push({text:c[b+1],color:"#"+c[b]});return d}function d(){function b(a,b){var c="transparent"==a;return'<td class="mce-grid-cell'+(c?" mce-colorbtn-trans":"")+'"><div id="'+n+"-"+o++ +'" data-mce-color="'+(a?a:"")+'" role="option" tabIndex="-1" style="'+(a?"background-color: "+a:"")+'" title="'+tinymce.translate(b)+'">'+(c?"&#215;":"")+"</div></td>"}var d,e,f,g,h,k,l,m=this,n=m._id,o=0;for(d=c(),d.push({text:tinymce.translate("No color"),color:"transparent"}),f='<table class="mce-grid mce-grid-border mce-colorbutton-grid" role="list" cellspacing="0"><tbody>',g=d.length-1,k=0;j>k;k++){for(f+="<tr>",h=0;i>h;h++)l=k*i+h,l>g?f+="<td></td>":(e=d[l],f+=b(e.color,e.text));f+="</tr>"}if(a.settings.color_picker_callback){for(f+='<tr><td colspan="'+i+'" class="mce-custom-color-btn"><div id="'+n+'-c" class="mce-widget mce-btn mce-btn-small mce-btn-flat" role="button" tabindex="-1" aria-labelledby="'+n+'-c" style="width: 100%"><button type="button" role="presentation" tabindex="-1">'+tinymce.translate("Custom...")+"</button></div></td></tr>",f+="<tr>",h=0;i>h;h++)f+=b("","Custom color");f+="</tr>"}return f+="</tbody></table>"}function e(b,c){a.undoManager.transact(function(){a.focus(),a.formatter.apply(b,{value:c}),a.nodeChanged()})}function f(b){a.undoManager.transact(function(){a.focus(),a.formatter.remove(b,{value:null},null,!0),a.nodeChanged()})}function g(c){function d(a){k.hidePanel(),k.color(a),e(k.settings.format,a)}function g(){k.hidePanel(),k.resetColor(),f(k.settings.format)}function h(a,b){a.style.background=b,a.setAttribute("data-mce-color",b)}var j,k=this.parent();tinymce.DOM.getParent(c.target,".mce-custom-color-btn")&&(k.hidePanel(),a.settings.color_picker_callback.call(a,function(a){var b,c,e,f=k.panel.getEl().getElementsByTagName("table")[0];for(b=tinymce.map(f.rows[f.rows.length-1].childNodes,function(a){return a.firstChild}),e=0;e<b.length&&(c=b[e],c.getAttribute("data-mce-color"));e++);if(e==i)for(e=0;i-1>e;e++)h(b[e],b[e+1].getAttribute("data-mce-color"));h(c,a),d(a)},b(k.settings.format))),j=c.target.getAttribute("data-mce-color"),j?(this.lastId&&document.getElementById(this.lastId).setAttribute("aria-selected",!1),c.target.setAttribute("aria-selected",!0),this.lastId=c.target.id,"transparent"==j?g():d(j)):null!==j&&k.hidePanel()}function h(){var a=this;a._color?e(a.settings.format,a._color):f(a.settings.format)}var i,j;j=a.settings.textcolor_rows||5,i=a.settings.textcolor_cols||8,a.addButton("forecolor",{type:"colorbutton",tooltip:"Text color",format:"forecolor",panel:{role:"application",ariaRemember:!0,html:d,onclick:g},onclick:h}),a.addButton("backcolor",{type:"colorbutton",tooltip:"Background color",format:"hilitecolor",panel:{role:"application",ariaRemember:!0,html:d,onclick:g},onclick:h})});
+tinymce.PluginManager.add("textcolor",function(a){function b(b){var c;return a.dom.getParents(a.selection.getStart(),function(a){var d;(d=a.style["forecolor"==b?"color":"background-color"])&&(c=d)}),c}function c(b){var c,d,e=[];for(d=["000000","Black","993300","Burnt orange","333300","Dark olive","003300","Dark green","003366","Dark azure","000080","Navy Blue","333399","Indigo","333333","Very dark gray","800000","Maroon","FF6600","Orange","808000","Olive","008000","Green","008080","Teal","0000FF","Blue","666699","Grayish blue","808080","Gray","FF0000","Red","FF9900","Amber","99CC00","Yellow green","339966","Sea green","33CCCC","Turquoise","3366FF","Royal blue","800080","Purple","999999","Medium gray","FF00FF","Magenta","FFCC00","Gold","FFFF00","Yellow","00FF00","Lime","00FFFF","Aqua","00CCFF","Sky blue","993366","Red violet","FFFFFF","White","FF99CC","Pink","FFCC99","Peach","FFFF99","Light yellow","CCFFCC","Pale green","CCFFFF","Pale cyan","99CCFF","Light sky blue","CC99FF","Plum"],d=a.settings.textcolor_map||d,d=a.settings[b+"_map"]||d,c=0;c<d.length;c+=2)e.push({text:d[c+1],color:"#"+d[c]});return e}function d(){function b(a,b){var c="transparent"==a;return'<td class="mce-grid-cell'+(c?" mce-colorbtn-trans":"")+'"><div id="'+o+"-"+p++ +'" data-mce-color="'+(a?a:"")+'" role="option" tabIndex="-1" style="'+(a?"background-color: "+a:"")+'" title="'+tinymce.translate(b)+'">'+(c?"&#215;":"")+"</div></td>"}var d,e,f,g,h,k,l,m,n=this,o=n._id,p=0;for(m=n.settings.origin,d=c(m),d.push({text:tinymce.translate("No color"),color:"transparent"}),f='<table class="mce-grid mce-grid-border mce-colorbutton-grid" role="list" cellspacing="0"><tbody>',g=d.length-1,k=0;k<j[m];k++){for(f+="<tr>",h=0;h<i[m];h++)l=k*i[m]+h,l>g?f+="<td></td>":(e=d[l],f+=b(e.color,e.text));f+="</tr>"}if(a.settings.color_picker_callback){for(f+='<tr><td colspan="'+i[m]+'" class="mce-custom-color-btn"><div id="'+o+'-c" class="mce-widget mce-btn mce-btn-small mce-btn-flat" role="button" tabindex="-1" aria-labelledby="'+o+'-c" style="width: 100%"><button type="button" role="presentation" tabindex="-1">'+tinymce.translate("Custom...")+"</button></div></td></tr>",f+="<tr>",h=0;h<i[m];h++)f+=b("","Custom color");f+="</tr>"}return f+="</tbody></table>"}function e(b,c){a.undoManager.transact(function(){a.focus(),a.formatter.apply(b,{value:c}),a.nodeChanged()})}function f(b){a.undoManager.transact(function(){a.focus(),a.formatter.remove(b,{value:null},null,!0),a.nodeChanged()})}function g(c){function d(a){l.hidePanel(),l.color(a),e(l.settings.format,a)}function g(){l.hidePanel(),l.resetColor(),f(l.settings.format)}function h(a,b){a.style.background=b,a.setAttribute("data-mce-color",b)}var j,k,l=this.parent();k=l.settings.origin,tinymce.DOM.getParent(c.target,".mce-custom-color-btn")&&(l.hidePanel(),a.settings.color_picker_callback.call(a,function(a){var b,c,e,f=l.panel.getEl().getElementsByTagName("table")[0];for(b=tinymce.map(f.rows[f.rows.length-1].childNodes,function(a){return a.firstChild}),e=0;e<b.length&&(c=b[e],c.getAttribute("data-mce-color"));e++);if(e==i[k])for(e=0;e<i[k]-1;e++)h(b[e],b[e+1].getAttribute("data-mce-color"));h(c,a),d(a)},b(l.settings.format))),j=c.target.getAttribute("data-mce-color"),j?(this.lastId&&document.getElementById(this.lastId).setAttribute("aria-selected",!1),c.target.setAttribute("aria-selected",!0),this.lastId=c.target.id,"transparent"==j?g():d(j)):null!==j&&l.hidePanel()}function h(){var a=this;a._color?e(a.settings.format,a._color):f(a.settings.format)}var i,j;j={forecolor:a.settings.forecolor_rows||a.settings.textcolor_rows||5,backcolor:a.settings.backcolor_rows||a.settings.textcolor_rows||5},i={forecolor:a.settings.forecolor_cols||a.settings.textcolor_cols||8,backcolor:a.settings.backcolor_cols||a.settings.textcolor_cols||8},a.addButton("forecolor",{type:"colorbutton",tooltip:"Text color",format:"forecolor",panel:{origin:"forecolor",role:"application",ariaRemember:!0,html:d,onclick:g},onclick:h}),a.addButton("backcolor",{type:"colorbutton",tooltip:"Background color",format:"hilitecolor",panel:{origin:"backcolor",role:"application",ariaRemember:!0,html:d,onclick:g},onclick:h})});

public/libs/tinymce/skins/lightgray/fonts/tinymce-small.svg

@@ -36,7 +36,7 @@
 <glyph unicode="&#xe01a;" glyph-name="forecolor" d="M651.168 676.166c-24.612 81.962-28.876 91.834-107.168 91.834h-64c-79.618 0-82.664-10.152-108.418-96 0-0.002 0-0.002-0.002-0.004l-143.998-479.996h113.636l57.6 192h226.366l57.6-192h113.63l-145.246 484.166zM437.218 512l38.4 136c10.086 33.618 36.38 30 36.38 30s26.294 3.618 36.38-30h0.004l38.4-136h-149.564z" />
 <glyph unicode="&#xe01b;" glyph-name="table" d="M64 768v-704h896v704h-896zM384 320v128h256v-128h-256zM640 256v-128h-256v128h256zM640 640v-128h-256v128h256zM320 640v-128h-192v128h192zM128 448h192v-128h-192v128zM704 448h192v-128h-192v128zM704 512v128h192v-128h-192zM128 256h192v-128h-192v128zM704 128v128h192v-128h-192z" />
 <glyph unicode="&#xe01c;" glyph-name="hr" d="M64 512h896v-128h-896z" />
-<glyph unicode="&#xe01d;" glyph-name="removefromat" d="M64 192h512v-128h-512v128zM768 768h-220.558l-183.766-512h-132.288l183.762 512h-223.15v128h576v-128zM929.774 64l-129.774 129.774-129.774-129.774-62.226 62.226 129.774 129.774-129.774 129.774 62.226 62.226 129.774-129.774 129.774 129.774 62.226-62.226-129.774-129.774 129.774-129.774-62.226-62.226z" />
+<glyph unicode="&#xe01d;" glyph-name="removeformat" d="M64 192h512v-128h-512v128zM768 768h-220.558l-183.766-512h-132.288l183.762 512h-223.15v128h576v-128zM929.774 64l-129.774 129.774-129.774-129.774-62.226 62.226 129.774 129.774-129.774 129.774 62.226 62.226 129.774-129.774 129.774 129.774 62.226-62.226-129.774-129.774 129.774-129.774-62.226-62.226z" />
 <glyph unicode="&#xe01e;" glyph-name="subscript" d="M768 50v-50h128v-64h-192v146l128 60v50h-128v64h192v-146zM676 704h-136l-188-188-188 188h-136l256-256-256-256h136l188 188 188-188h136l-256 256z" />
 <glyph unicode="&#xe01f;" glyph-name="superscript" d="M768 754v-50h128v-64h-192v146l128 60v50h-128v64h192v-146zM676 704h-136l-188-188-188 188h-136l256-256-256-256h136l188 188 188-188h136l-256 256z" />
 <glyph unicode="&#xe020;" glyph-name="charmap" d="M704 128v37.004c151.348 61.628 256 193.82 256 346.996 0 212.078-200.576 384-448 384s-448-171.922-448-384c0-153.176 104.654-285.368 256-346.996v-37.004h-192l-64 96v-224h320v222.812c-100.9 51.362-170.666 161.54-170.666 289.188 0 176.732 133.718 320 298.666 320s298.666-143.268 298.666-320c0-127.648-69.766-237.826-170.666-289.188v-222.812h320v224l-64-96h-192z" />

readme.md

@@ -2,13 +2,15 @@
 
 [![GitHub release](https://img.shields.io/github/release/ssddanbrown/BookStack.svg?maxAge=2592000)](https://github.com/ssddanbrown/BookStack/releases/latest)
 [![license](https://img.shields.io/github/license/ssddanbrown/BookStack.svg?maxAge=2592000)](https://github.com/ssddanbrown/BookStack/blob/master/LICENSE)
-[![Build Status](https://travis-ci.org/ssddanbrown/BookStack.svg)](https://travis-ci.org/ssddanbrown/BookStack)
+[![Build Status](https://travis-ci.org/BookStackApp/BookStack.svg)](https://travis-ci.org/BookStackApp/BookStack)
 
 A platform for storing and organising information and documentation. General information and documentation for BookStack can be found at https://www.bookstackapp.com/.
 
 * [Installation Instructions](https://www.bookstackapp.com/docs/admin/installation)
 * [Documentation](https://www.bookstackapp.com/docs)
-* [Demo Instance](https://demo.bookstackapp.com) *(Login username: `admin@example.com`. Password: `password`)*
+* [Demo Instance](https://demo.bookstackapp.com)
+  * *Username: `admin@example.com`*
+  * *Password: `password`*
 * [BookStack Blog](https://www.bookstackapp.com/blog)
 
 ## Development & Testing
@@ -29,7 +31,7 @@ php artisan migrate --database=mysql_testing
 php artisan db:seed --class=DummyContentSeeder --database=mysql_testing
 ```
 
-Once done you can run `phpunit` (or `./vendor/bin/phpunit` if `phpunit` is not found) in the application root directory to run all tests.
+Once done you can run `phpunit` in the application root directory to run all tests.
 
 ## License
 
@@ -51,3 +53,5 @@ These are the great projects used to help build BookStack:
 * [TinyColorPicker](http://www.dematte.at/tinyColorPicker/index.html)
 * [Marked](https://github.com/chjj/marked)
 * [Moment.js](http://momentjs.com/)
+
+Additionally, Thank you [BrowserStack](https://www.browserstack.com/) for supporting us and making cross-browser testing easy.

resources/assets/js/components/drop-zone.html

@@ -1,3 +0,0 @@
-<div class="dropzone-container">
-    <div class="dz-message">Drop files or click here to upload</div>
-</div>

resources/assets/js/components/image-picker.html

@@ -1,15 +0,0 @@
-
-<div class="image-picker">
-    <div>
-        <img ng-if="image && image !== 'none'" ng-src="{{image}}" ng-class="{{imageClass}}" alt="Image Preview">
-        <img ng-if="image === '' && defaultImage" ng-src="{{defaultImage}}" ng-class="{{imageClass}}" alt="Image Preview">
-    </div>
-    <button class="button" type="button" ng-click="showImageManager()">Select Image</button>
-    <br>
-
-    <button class="text-button" ng-click="reset()" type="button">Reset</button>
-    <span ng-show="showRemove" class="sep">|</span>
-    <button ng-show="showRemove" class="text-button neg" ng-click="remove()" type="button">Remove</button>
-
-    <input type="hidden" ng-attr-name="{{name}}" ng-attr-id="{{name}}" ng-attr-value="{{value}}">
-</div>

resources/assets/js/components/toggle-switch.html

@@ -1,4 +0,0 @@
-<div class="toggle-switch" ng-click="switch()" ng-class="{'active': isActive}">
-    <input type="hidden" ng-attr-name="{{name}}" ng-attr-value="{{value}}"/>
-    <div class="switch-handle"></div>
-</div>

resources/assets/js/controllers.js

@@ -1,8 +1,10 @@
 "use strict";
 
-const moment = require('moment');
+import moment from 'moment';
+import 'moment/locale/en-gb';
+moment.locale('en-gb');
 
-module.exports = function (ngApp, events) {
+export default function (ngApp, events) {
 
     ngApp.controller('ImageManagerController', ['$scope', '$attrs', '$http', '$timeout', 'imageManagerService',
         function ($scope, $attrs, $http, $timeout, imageManagerService) {
@@ -17,7 +19,7 @@ module.exports = function (ngApp, events) {
             $scope.imageDeleteSuccess = false;
             $scope.uploadedTo = $attrs.uploadedTo;
             $scope.view = 'all';
-            
+
             $scope.searching = false;
             $scope.searchTerm = '';
 
@@ -48,7 +50,7 @@ module.exports = function (ngApp, events) {
                 $scope.hasMore = preSearchHasMore;
             }
             $scope.cancelSearch = cancelSearch;
-            
+
 
             /**
              * Runs on image upload, Adds an image to local list of images
@@ -69,7 +71,7 @@ module.exports = function (ngApp, events) {
              */
             function callbackAndHide(returnData) {
                 if (callback) callback(returnData);
-                $scope.showing = false;
+                $scope.hide();
             }
 
             /**
@@ -109,6 +111,7 @@ module.exports = function (ngApp, events) {
             function show(doneCallback) {
                 callback = doneCallback;
                 $scope.showing = true;
+                $('#image-manager').find('.overlay').css('display', 'flex').hide().fadeIn(240);
                 // Get initial images if they have not yet been loaded in.
                 if (!dataLoaded) {
                     fetchData();
@@ -131,6 +134,7 @@ module.exports = function (ngApp, events) {
              */
             $scope.hide = function () {
                 $scope.showing = false;
+                $('#image-manager').find('.overlay').fadeOut(240);
             };
 
             var baseUrl = window.baseUrl('/images/' + $scope.imageType + '/all/');
@@ -160,7 +164,6 @@ module.exports = function (ngApp, events) {
 
             /**
              * Start a search operation
-             * @param searchTerm
              */
             $scope.searchImages = function() {
 
@@ -194,7 +197,7 @@ module.exports = function (ngApp, events) {
                 $scope.view = viewName;
                 baseUrl = window.baseUrl('/images/' + $scope.imageType  + '/' + viewName + '/');
                 fetchData();
-            }
+            };
 
             /**
              * Save the details of an image.
@@ -203,7 +206,7 @@ module.exports = function (ngApp, events) {
             $scope.saveImageDetails = function (event) {
                 event.preventDefault();
                 var url = window.baseUrl('/images/update/' + $scope.selectedImage.id);
-                $http.put(url, this.selectedImage).then((response) => {
+                $http.put(url, this.selectedImage).then(response => {
                     events.emit('success', 'Image details updated');
                 }, (response) => {
                     if (response.status === 422) {
@@ -298,15 +301,16 @@ module.exports = function (ngApp, events) {
         var isEdit = pageId !== 0;
         var autosaveFrequency = 30; // AutoSave interval in seconds.
         var isMarkdown = $attrs.editorType === 'markdown';
+        $scope.draftsEnabled = $attrs.draftsEnabled === 'true';
         $scope.isUpdateDraft = Number($attrs.pageUpdateDraft) === 1;
         $scope.isNewPageDraft = Number($attrs.pageNewDraft) === 1;
 
-        // Set inital header draft text
+        // Set initial header draft text
         if ($scope.isUpdateDraft || $scope.isNewPageDraft) {
             $scope.draftText = 'Editing Draft'
         } else {
             $scope.draftText = 'Editing Page'
-        };
+        }
 
         var autoSave = false;
 
@@ -315,7 +319,7 @@ module.exports = function (ngApp, events) {
             html: false
         };
 
-        if (isEdit) {
+        if (isEdit && $scope.draftsEnabled) {
             setTimeout(() => {
                 startAutoSave();
             }, 1000);
@@ -334,6 +338,8 @@ module.exports = function (ngApp, events) {
             $scope.editorChange = function() {};
         }
 
+        let lastSave = 0;
+
         /**
          * Start the AutoSave loop, Checks for content change
          * before performing the costly AJAX request.
@@ -343,6 +349,8 @@ module.exports = function (ngApp, events) {
             currentContent.html = $scope.editContent;
 
             autoSave = $interval(() => {
+                // Return if manually saved recently to prevent bombarding the server
+                if (Date.now() - lastSave < (1000*autosaveFrequency)/2) return;
                 var newTitle = $('#name').val();
                 var newHtml = $scope.editContent;
 
@@ -355,12 +363,12 @@ module.exports = function (ngApp, events) {
             }, 1000 * autosaveFrequency);
         }
 
+        let draftErroring = false;
         /**
          * Save a draft update into the system via an AJAX request.
-         * @param title
-         * @param html
          */
         function saveDraft() {
+            if (!$scope.draftsEnabled) return;
             var data = {
                 name: $('#name').val(),
                 html: isMarkdown ? $sce.getTrustedHtml($scope.displayContent) : $scope.editContent
@@ -369,13 +377,27 @@ module.exports = function (ngApp, events) {
             if (isMarkdown) data.markdown = $scope.editContent;
 
             let url = window.baseUrl('/ajax/page/' + pageId + '/save-draft');
-            $http.put(url, data).then((responseData) => {
+            $http.put(url, data).then(responseData => {
+                draftErroring = false;
                 var updateTime = moment.utc(moment.unix(responseData.data.timestamp)).toDate();
                 $scope.draftText = responseData.data.message + moment(updateTime).format('HH:mm');
                 if (!$scope.isNewPageDraft) $scope.isUpdateDraft = true;
+                showDraftSaveNotification();
+                lastSave = Date.now();
+            }, errorRes => {
+                if (draftErroring) return;
+                events.emit('error', 'Failed to save draft. Ensure you have internet connection before saving this page.')
+                draftErroring = true;
             });
         }
 
+        function showDraftSaveNotification() {
+            $scope.draftUpdated = true;
+            $timeout(() => {
+                $scope.draftUpdated = false;
+            }, 2000)
+        }
+
         $scope.forceDraftSave = function() {
             saveDraft();
         };
@@ -416,7 +438,7 @@ module.exports = function (ngApp, events) {
 
             const pageId = Number($attrs.pageId);
             $scope.tags = [];
-            
+
             $scope.sortOptions = {
                 handle: '.handle',
                 items: '> tr',
@@ -439,7 +461,7 @@ module.exports = function (ngApp, events) {
              * Get all tags for the current book and add into scope.
              */
             function getTags() {
-                let url = window.baseUrl('/ajax/tags/get/page/' + pageId);
+                let url = window.baseUrl(`/ajax/tags/get/page/${pageId}`);
                 $http.get(url).then((responseData) => {
                     $scope.tags = responseData.data;
                     addEmptyTag();
@@ -508,21 +530,201 @@ module.exports = function (ngApp, events) {
 
         }]);
 
+
+    ngApp.controller('PageAttachmentController', ['$scope', '$http', '$attrs',
+        function ($scope, $http, $attrs) {
+
+            const pageId = $scope.uploadedTo = $attrs.pageId;
+            let currentOrder = '';
+            $scope.files = [];
+            $scope.editFile = false;
+            $scope.file = getCleanFile();
+            $scope.errors = {
+                link: {},
+                edit: {}
+            };
+
+            function getCleanFile() {
+                return {
+                    page_id: pageId
+                };
+            }
+
+            // Angular-UI-Sort options
+            $scope.sortOptions = {
+                handle: '.handle',
+                items: '> tr',
+                containment: "parent",
+                axis: "y",
+                stop: sortUpdate,
+            };
+
+            /**
+             * Event listener for sort changes.
+             * Updates the file ordering on the server.
+             * @param event
+             * @param ui
+             */
+            function sortUpdate(event, ui) {
+                let newOrder = $scope.files.map(file => {return file.id}).join(':');
+                if (newOrder === currentOrder) return;
+
+                currentOrder = newOrder;
+                $http.put(window.baseUrl(`/attachments/sort/page/${pageId}`), {files: $scope.files}).then(resp => {
+                    events.emit('success', resp.data.message);
+                }, checkError('sort'));
+            }
+
+            /**
+             * Used by dropzone to get the endpoint to upload to.
+             * @returns {string}
+             */
+            $scope.getUploadUrl = function (file) {
+                let suffix = (typeof file !== 'undefined') ? `/${file.id}` : '';
+                return window.baseUrl(`/attachments/upload${suffix}`);
+            };
+
+            /**
+             * Get files for the current page from the server.
+             */
+            function getFiles() {
+                let url = window.baseUrl(`/attachments/get/page/${pageId}`)
+                $http.get(url).then(resp => {
+                    $scope.files = resp.data;
+                    currentOrder = resp.data.map(file => {return file.id}).join(':');
+                }, checkError('get'));
+            }
+            getFiles();
+
+            /**
+             * Runs on file upload, Adds an file to local file list
+             * and shows a success message to the user.
+             * @param file
+             * @param data
+             */
+            $scope.uploadSuccess = function (file, data) {
+                $scope.$apply(() => {
+                    $scope.files.push(data);
+                });
+                events.emit('success', 'File uploaded');
+            };
+
+            /**
+             * Upload and overwrite an existing file.
+             * @param file
+             * @param data
+             */
+            $scope.uploadSuccessUpdate = function (file, data) {
+                $scope.$apply(() => {
+                    let search = filesIndexOf(data);
+                    if (search !== -1) $scope.files[search] = data;
+
+                    if ($scope.editFile) {
+                        $scope.editFile = angular.copy(data);
+                        data.link = '';
+                    }
+                });
+                events.emit('success', 'File updated');
+            };
+
+            /**
+             * Delete a file from the server and, on success, the local listing.
+             * @param file
+             */
+            $scope.deleteFile = function(file) {
+                if (!file.deleting) {
+                    file.deleting = true;
+                    return;
+                }
+                  $http.delete(window.baseUrl(`/attachments/${file.id}`)).then(resp => {
+                      events.emit('success', resp.data.message);
+                      $scope.files.splice($scope.files.indexOf(file), 1);
+                  }, checkError('delete'));
+            };
+
+            /**
+             * Attach a link to a page.
+             * @param file
+             */
+            $scope.attachLinkSubmit = function(file) {
+                file.uploaded_to = pageId;
+                $http.post(window.baseUrl('/attachments/link'), file).then(resp => {
+                    $scope.files.push(resp.data);
+                    events.emit('success', 'Link attached');
+                    $scope.file = getCleanFile();
+                }, checkError('link'));
+            };
+
+            /**
+             * Start the edit mode for a file.
+             * @param file
+             */
+            $scope.startEdit = function(file) {
+                $scope.editFile = angular.copy(file);
+                $scope.editFile.link = (file.external) ? file.path : '';
+            };
+
+            /**
+             * Cancel edit mode
+             */
+            $scope.cancelEdit = function() {
+                $scope.editFile = false;
+            };
+
+            /**
+             * Update the name and link of a file.
+             * @param file
+             */
+            $scope.updateFile = function(file) {
+                $http.put(window.baseUrl(`/attachments/${file.id}`), file).then(resp => {
+                    let search = filesIndexOf(resp.data);
+                    if (search !== -1) $scope.files[search] = resp.data;
+
+                    if ($scope.editFile && !file.external) {
+                        $scope.editFile.link = '';
+                    }
+                    $scope.editFile = false;
+                    events.emit('success', 'Attachment details updated');
+                }, checkError('edit'));
+            };
+
+            /**
+             * Get the url of a file.
+             */
+            $scope.getFileUrl = function(file) {
+                return window.baseUrl('/attachments/' + file.id);
+            };
+
+            /**
+             * Search the local files via another file object.
+             * Used to search via object copies.
+             * @param file
+             * @returns int
+             */
+            function filesIndexOf(file) {
+                for (let i = 0; i < $scope.files.length; i++) {
+                    if ($scope.files[i].id == file.id) return i;
+                }
+                return -1;
+            }
+
+            /**
+             * Check for an error response in a ajax request.
+             * @param errorGroupName
+             */
+            function checkError(errorGroupName) {
+                $scope.errors[errorGroupName] = {};
+                return function(response) {
+                    if (typeof response.data !== 'undefined' && typeof response.data.error !== 'undefined') {
+                        events.emit('error', response.data.error);
+                    }
+                    if (typeof response.data !== 'undefined' && typeof response.data.validation !== 'undefined') {
+                        $scope.errors[errorGroupName] = response.data.validation;
+                        console.log($scope.errors[errorGroupName])
+                    }
+                }
+            }
+
+        }]);
+
 };
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-