mirror of
https://github.com/BookStackApp/BookStack.git
synced 2026-02-05 00:29:48 +03:00
Compare commits
10 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
46001d61d0 | ||
|
|
8dd238ceae | ||
|
|
bb7fd59de9 | ||
|
|
9de294343d | ||
|
|
98a09bcc37 | ||
|
|
ad8fc95521 | ||
|
|
cca066a258 | ||
|
|
22a7772c3d | ||
|
|
9934f85ba9 | ||
|
|
73c6bf4f8d |
@@ -26,6 +26,13 @@ DB_DATABASE=database_database
|
||||
DB_USERNAME=database_username
|
||||
DB_PASSWORD=database_user_password
|
||||
|
||||
# Storage system to use
|
||||
# By default files are stored on the local filesystem, with images being placed in
|
||||
# public web space so they can be efficiently served directly by the web-server.
|
||||
# For other options with different security levels & considerations, refer to:
|
||||
# https://www.bookstackapp.com/docs/admin/upload-config/
|
||||
STORAGE_TYPE=local
|
||||
|
||||
# Mail system to use
|
||||
# Can be 'smtp' or 'sendmail'
|
||||
MAIL_DRIVER=smtp
|
||||
|
||||
@@ -41,7 +41,19 @@ class Comment extends Model implements Loggable, OwnableInterface
|
||||
*/
|
||||
public function entity(): MorphTo
|
||||
{
|
||||
return $this->morphTo('commentable');
|
||||
// We specifically define null here to avoid the different name (commentable)
|
||||
// being used by Laravel eager loading instead of the method name, which it was doing
|
||||
// in some scenarios like when deserialized when going through the queue system.
|
||||
// So we instead specify the type and id column names to use.
|
||||
// Related to:
|
||||
// https://github.com/laravel/framework/pull/24815
|
||||
// https://github.com/laravel/framework/issues/27342
|
||||
// https://github.com/laravel/framework/issues/47953
|
||||
// (and probably more)
|
||||
|
||||
// Ultimately, we could just align the method name to 'commentable' but that would be a potential
|
||||
// breaking change and not really worthwhile in a patch due to the risk of creating extra problems.
|
||||
return $this->morphTo(null, 'commentable_type', 'commentable_id');
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -20,6 +20,7 @@ abstract class BaseNotificationHandler implements NotificationHandler
|
||||
{
|
||||
$users = User::query()->whereIn('id', array_unique($userIds))->get();
|
||||
|
||||
/** @var User $user */
|
||||
foreach ($users as $user) {
|
||||
// Prevent sending to the user that initiated the activity
|
||||
if ($user->id === $initiator->id) {
|
||||
|
||||
@@ -264,7 +264,7 @@ class ImageService
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($this->storage->usingSecureImages() && user()->isGuest()) {
|
||||
if ($this->blockedBySecureImages()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -280,13 +280,24 @@ class ImageService
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($this->storage->usingSecureImages() && user()->isGuest()) {
|
||||
if ($this->blockedBySecureImages()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->imageFileExists($image->path, $image->type);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the current user should be blocked from accessing images based on if secure images are enabled
|
||||
* and if public access is enabled for the application.
|
||||
*/
|
||||
protected function blockedBySecureImages(): bool
|
||||
{
|
||||
$enforced = $this->storage->usingSecureImages() && !setting('app-public');
|
||||
|
||||
return $enforced && user()->isGuest();
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the given image path exists for the given image type and that it is likely an image file.
|
||||
*/
|
||||
|
||||
@@ -74,7 +74,7 @@ class ImageStorage
|
||||
return 'local';
|
||||
}
|
||||
|
||||
// Rename local_secure options to get our image specific storage driver which
|
||||
// Rename local_secure options to get our image-specific storage driver, which
|
||||
// is scoped to the relevant image directories.
|
||||
if ($localSecureInUse) {
|
||||
return 'local_secure_images';
|
||||
|
||||
154
composer.lock
generated
154
composer.lock
generated
@@ -62,16 +62,16 @@
|
||||
},
|
||||
{
|
||||
"name": "aws/aws-sdk-php",
|
||||
"version": "3.360.0",
|
||||
"version": "3.363.2",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/aws/aws-sdk-php.git",
|
||||
"reference": "a21055795be59f3d7c5ca6e4d52a80930dcf8c20"
|
||||
"reference": "f8b5f125248daa8942144b4771c041a63ec41900"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/a21055795be59f3d7c5ca6e4d52a80930dcf8c20",
|
||||
"reference": "a21055795be59f3d7c5ca6e4d52a80930dcf8c20",
|
||||
"url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/f8b5f125248daa8942144b4771c041a63ec41900",
|
||||
"reference": "f8b5f125248daa8942144b4771c041a63ec41900",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -153,22 +153,22 @@
|
||||
"support": {
|
||||
"forum": "https://github.com/aws/aws-sdk-php/discussions",
|
||||
"issues": "https://github.com/aws/aws-sdk-php/issues",
|
||||
"source": "https://github.com/aws/aws-sdk-php/tree/3.360.0"
|
||||
"source": "https://github.com/aws/aws-sdk-php/tree/3.363.2"
|
||||
},
|
||||
"time": "2025-11-17T19:46:19+00:00"
|
||||
"time": "2025-11-25T19:04:55+00:00"
|
||||
},
|
||||
{
|
||||
"name": "bacon/bacon-qr-code",
|
||||
"version": "v3.0.2",
|
||||
"version": "v3.0.3",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/Bacon/BaconQrCode.git",
|
||||
"reference": "fe259c55425b8178f77fb6d1f84ba2473e21ed55"
|
||||
"reference": "36a1cb2b81493fa5b82e50bf8068bf84d1542563"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/Bacon/BaconQrCode/zipball/fe259c55425b8178f77fb6d1f84ba2473e21ed55",
|
||||
"reference": "fe259c55425b8178f77fb6d1f84ba2473e21ed55",
|
||||
"url": "https://api.github.com/repos/Bacon/BaconQrCode/zipball/36a1cb2b81493fa5b82e50bf8068bf84d1542563",
|
||||
"reference": "36a1cb2b81493fa5b82e50bf8068bf84d1542563",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -208,22 +208,22 @@
|
||||
"homepage": "https://github.com/Bacon/BaconQrCode",
|
||||
"support": {
|
||||
"issues": "https://github.com/Bacon/BaconQrCode/issues",
|
||||
"source": "https://github.com/Bacon/BaconQrCode/tree/v3.0.2"
|
||||
"source": "https://github.com/Bacon/BaconQrCode/tree/v3.0.3"
|
||||
},
|
||||
"time": "2025-11-16T22:59:48+00:00"
|
||||
"time": "2025-11-19T17:15:36+00:00"
|
||||
},
|
||||
{
|
||||
"name": "brick/math",
|
||||
"version": "0.14.0",
|
||||
"version": "0.14.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/brick/math.git",
|
||||
"reference": "113a8ee2656b882d4c3164fa31aa6e12cbb7aaa2"
|
||||
"reference": "f05858549e5f9d7bb45875a75583240a38a281d0"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/brick/math/zipball/113a8ee2656b882d4c3164fa31aa6e12cbb7aaa2",
|
||||
"reference": "113a8ee2656b882d4c3164fa31aa6e12cbb7aaa2",
|
||||
"url": "https://api.github.com/repos/brick/math/zipball/f05858549e5f9d7bb45875a75583240a38a281d0",
|
||||
"reference": "f05858549e5f9d7bb45875a75583240a38a281d0",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -262,7 +262,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/brick/math/issues",
|
||||
"source": "https://github.com/brick/math/tree/0.14.0"
|
||||
"source": "https://github.com/brick/math/tree/0.14.1"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -270,7 +270,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2025-08-29T12:40:03+00:00"
|
||||
"time": "2025-11-24T14:40:29+00:00"
|
||||
},
|
||||
{
|
||||
"name": "carbonphp/carbon-doctrine-types",
|
||||
@@ -1739,16 +1739,16 @@
|
||||
},
|
||||
{
|
||||
"name": "laravel/framework",
|
||||
"version": "v12.39.0",
|
||||
"version": "v12.40.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/laravel/framework.git",
|
||||
"reference": "1a6176129ef28eaf42b6b4a6250025120c3d8dac"
|
||||
"reference": "2e986acbf9acf62cba13400bc23c4d639bf188b9"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/laravel/framework/zipball/1a6176129ef28eaf42b6b4a6250025120c3d8dac",
|
||||
"reference": "1a6176129ef28eaf42b6b4a6250025120c3d8dac",
|
||||
"url": "https://api.github.com/repos/laravel/framework/zipball/2e986acbf9acf62cba13400bc23c4d639bf188b9",
|
||||
"reference": "2e986acbf9acf62cba13400bc23c4d639bf188b9",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -1860,7 +1860,7 @@
|
||||
"league/flysystem-sftp-v3": "^3.25.1",
|
||||
"mockery/mockery": "^1.6.10",
|
||||
"opis/json-schema": "^2.4.1",
|
||||
"orchestra/testbench-core": "^10.7.0",
|
||||
"orchestra/testbench-core": "^10.8.0",
|
||||
"pda/pheanstalk": "^5.0.6|^7.0.0",
|
||||
"php-http/discovery": "^1.15",
|
||||
"phpstan/phpstan": "^2.0",
|
||||
@@ -1954,20 +1954,20 @@
|
||||
"issues": "https://github.com/laravel/framework/issues",
|
||||
"source": "https://github.com/laravel/framework"
|
||||
},
|
||||
"time": "2025-11-18T15:16:10+00:00"
|
||||
"time": "2025-11-25T16:16:33+00:00"
|
||||
},
|
||||
{
|
||||
"name": "laravel/prompts",
|
||||
"version": "v0.3.7",
|
||||
"version": "v0.3.8",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/laravel/prompts.git",
|
||||
"reference": "a1891d362714bc40c8d23b0b1d7090f022ea27cc"
|
||||
"reference": "096748cdfb81988f60090bbb839ce3205ace0d35"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/laravel/prompts/zipball/a1891d362714bc40c8d23b0b1d7090f022ea27cc",
|
||||
"reference": "a1891d362714bc40c8d23b0b1d7090f022ea27cc",
|
||||
"url": "https://api.github.com/repos/laravel/prompts/zipball/096748cdfb81988f60090bbb839ce3205ace0d35",
|
||||
"reference": "096748cdfb81988f60090bbb839ce3205ace0d35",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -1983,7 +1983,7 @@
|
||||
"require-dev": {
|
||||
"illuminate/collections": "^10.0|^11.0|^12.0",
|
||||
"mockery/mockery": "^1.5",
|
||||
"pestphp/pest": "^2.3|^3.4",
|
||||
"pestphp/pest": "^2.3|^3.4|^4.0",
|
||||
"phpstan/phpstan": "^1.12.28",
|
||||
"phpstan/phpstan-mockery": "^1.1.3"
|
||||
},
|
||||
@@ -2011,22 +2011,22 @@
|
||||
"description": "Add beautiful and user-friendly forms to your command-line applications.",
|
||||
"support": {
|
||||
"issues": "https://github.com/laravel/prompts/issues",
|
||||
"source": "https://github.com/laravel/prompts/tree/v0.3.7"
|
||||
"source": "https://github.com/laravel/prompts/tree/v0.3.8"
|
||||
},
|
||||
"time": "2025-09-19T13:47:56+00:00"
|
||||
"time": "2025-11-21T20:52:52+00:00"
|
||||
},
|
||||
{
|
||||
"name": "laravel/serializable-closure",
|
||||
"version": "v2.0.6",
|
||||
"version": "v2.0.7",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/laravel/serializable-closure.git",
|
||||
"reference": "038ce42edee619599a1debb7e81d7b3759492819"
|
||||
"reference": "cb291e4c998ac50637c7eeb58189c14f5de5b9dd"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/laravel/serializable-closure/zipball/038ce42edee619599a1debb7e81d7b3759492819",
|
||||
"reference": "038ce42edee619599a1debb7e81d7b3759492819",
|
||||
"url": "https://api.github.com/repos/laravel/serializable-closure/zipball/cb291e4c998ac50637c7eeb58189c14f5de5b9dd",
|
||||
"reference": "cb291e4c998ac50637c7eeb58189c14f5de5b9dd",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -2035,7 +2035,7 @@
|
||||
"require-dev": {
|
||||
"illuminate/support": "^10.0|^11.0|^12.0",
|
||||
"nesbot/carbon": "^2.67|^3.0",
|
||||
"pestphp/pest": "^2.36|^3.0",
|
||||
"pestphp/pest": "^2.36|^3.0|^4.0",
|
||||
"phpstan/phpstan": "^2.0",
|
||||
"symfony/var-dumper": "^6.2.0|^7.0.0"
|
||||
},
|
||||
@@ -2074,20 +2074,20 @@
|
||||
"issues": "https://github.com/laravel/serializable-closure/issues",
|
||||
"source": "https://github.com/laravel/serializable-closure"
|
||||
},
|
||||
"time": "2025-10-09T13:42:30+00:00"
|
||||
"time": "2025-11-21T20:52:36+00:00"
|
||||
},
|
||||
{
|
||||
"name": "laravel/socialite",
|
||||
"version": "v5.23.1",
|
||||
"version": "v5.23.2",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/laravel/socialite.git",
|
||||
"reference": "83d7523c97c1101d288126948947891319eef800"
|
||||
"reference": "41e65d53762d33d617bf0253330d672cb95e624b"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/laravel/socialite/zipball/83d7523c97c1101d288126948947891319eef800",
|
||||
"reference": "83d7523c97c1101d288126948947891319eef800",
|
||||
"url": "https://api.github.com/repos/laravel/socialite/zipball/41e65d53762d33d617bf0253330d672cb95e624b",
|
||||
"reference": "41e65d53762d33d617bf0253330d672cb95e624b",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -2103,9 +2103,9 @@
|
||||
},
|
||||
"require-dev": {
|
||||
"mockery/mockery": "^1.0",
|
||||
"orchestra/testbench": "^4.0|^5.0|^6.0|^7.0|^8.0|^9.0|^10.0",
|
||||
"orchestra/testbench": "^4.18|^5.20|^6.47|^7.55|^8.36|^9.15|^10.8",
|
||||
"phpstan/phpstan": "^1.12.23",
|
||||
"phpunit/phpunit": "^8.0|^9.3|^10.4|^11.5"
|
||||
"phpunit/phpunit": "^8.0|^9.3|^10.4|^11.5|^12.0"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
@@ -2146,20 +2146,20 @@
|
||||
"issues": "https://github.com/laravel/socialite/issues",
|
||||
"source": "https://github.com/laravel/socialite"
|
||||
},
|
||||
"time": "2025-10-27T15:36:41+00:00"
|
||||
"time": "2025-11-21T14:00:38+00:00"
|
||||
},
|
||||
{
|
||||
"name": "laravel/tinker",
|
||||
"version": "v2.10.1",
|
||||
"version": "v2.10.2",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/laravel/tinker.git",
|
||||
"reference": "22177cc71807d38f2810c6204d8f7183d88a57d3"
|
||||
"reference": "3bcb5f62d6f837e0f093a601e26badafb127bd4c"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/laravel/tinker/zipball/22177cc71807d38f2810c6204d8f7183d88a57d3",
|
||||
"reference": "22177cc71807d38f2810c6204d8f7183d88a57d3",
|
||||
"url": "https://api.github.com/repos/laravel/tinker/zipball/3bcb5f62d6f837e0f093a601e26badafb127bd4c",
|
||||
"reference": "3bcb5f62d6f837e0f093a601e26badafb127bd4c",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -2210,9 +2210,9 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/laravel/tinker/issues",
|
||||
"source": "https://github.com/laravel/tinker/tree/v2.10.1"
|
||||
"source": "https://github.com/laravel/tinker/tree/v2.10.2"
|
||||
},
|
||||
"time": "2025-01-27T14:24:01+00:00"
|
||||
"time": "2025-11-20T16:29:12+00:00"
|
||||
},
|
||||
{
|
||||
"name": "league/commonmark",
|
||||
@@ -3466,16 +3466,16 @@
|
||||
},
|
||||
{
|
||||
"name": "nette/utils",
|
||||
"version": "v4.0.8",
|
||||
"version": "v4.0.9",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/nette/utils.git",
|
||||
"reference": "c930ca4e3cf4f17dcfb03037703679d2396d2ede"
|
||||
"reference": "505a30ad386daa5211f08a318e47015b501cad30"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/nette/utils/zipball/c930ca4e3cf4f17dcfb03037703679d2396d2ede",
|
||||
"reference": "c930ca4e3cf4f17dcfb03037703679d2396d2ede",
|
||||
"url": "https://api.github.com/repos/nette/utils/zipball/505a30ad386daa5211f08a318e47015b501cad30",
|
||||
"reference": "505a30ad386daa5211f08a318e47015b501cad30",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -3549,9 +3549,9 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/nette/utils/issues",
|
||||
"source": "https://github.com/nette/utils/tree/v4.0.8"
|
||||
"source": "https://github.com/nette/utils/tree/v4.0.9"
|
||||
},
|
||||
"time": "2025-08-06T21:43:34+00:00"
|
||||
"time": "2025-10-31T00:45:47+00:00"
|
||||
},
|
||||
{
|
||||
"name": "nikic/php-parser",
|
||||
@@ -3613,31 +3613,31 @@
|
||||
},
|
||||
{
|
||||
"name": "nunomaduro/termwind",
|
||||
"version": "v2.3.2",
|
||||
"version": "v2.3.3",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/nunomaduro/termwind.git",
|
||||
"reference": "eb61920a53057a7debd718a5b89c2178032b52c0"
|
||||
"reference": "6fb2a640ff502caace8e05fd7be3b503a7e1c017"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/nunomaduro/termwind/zipball/eb61920a53057a7debd718a5b89c2178032b52c0",
|
||||
"reference": "eb61920a53057a7debd718a5b89c2178032b52c0",
|
||||
"url": "https://api.github.com/repos/nunomaduro/termwind/zipball/6fb2a640ff502caace8e05fd7be3b503a7e1c017",
|
||||
"reference": "6fb2a640ff502caace8e05fd7be3b503a7e1c017",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"ext-mbstring": "*",
|
||||
"php": "^8.2",
|
||||
"symfony/console": "^7.3.4"
|
||||
"symfony/console": "^7.3.6"
|
||||
},
|
||||
"require-dev": {
|
||||
"illuminate/console": "^11.46.1",
|
||||
"laravel/pint": "^1.25.1",
|
||||
"mockery/mockery": "^1.6.12",
|
||||
"pestphp/pest": "^2.36.0 || ^3.8.4",
|
||||
"pestphp/pest": "^2.36.0 || ^3.8.4 || ^4.1.3",
|
||||
"phpstan/phpstan": "^1.12.32",
|
||||
"phpstan/phpstan-strict-rules": "^1.6.2",
|
||||
"symfony/var-dumper": "^7.3.4",
|
||||
"symfony/var-dumper": "^7.3.5",
|
||||
"thecodingmachine/phpstan-strict-rules": "^1.0.0"
|
||||
},
|
||||
"type": "library",
|
||||
@@ -3680,7 +3680,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/nunomaduro/termwind/issues",
|
||||
"source": "https://github.com/nunomaduro/termwind/tree/v2.3.2"
|
||||
"source": "https://github.com/nunomaduro/termwind/tree/v2.3.3"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -3696,7 +3696,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2025-10-18T11:10:27+00:00"
|
||||
"time": "2025-11-20T02:34:59+00:00"
|
||||
},
|
||||
{
|
||||
"name": "onelogin/php-saml",
|
||||
@@ -4120,16 +4120,16 @@
|
||||
},
|
||||
{
|
||||
"name": "predis/predis",
|
||||
"version": "v3.2.0",
|
||||
"version": "v3.3.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/predis/predis.git",
|
||||
"reference": "9e9deec4dfd3ebf65d32eb368f498c646ba2ecd8"
|
||||
"reference": "153097374b39a2f737fe700ebcd725642526cdec"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/predis/predis/zipball/9e9deec4dfd3ebf65d32eb368f498c646ba2ecd8",
|
||||
"reference": "9e9deec4dfd3ebf65d32eb368f498c646ba2ecd8",
|
||||
"url": "https://api.github.com/repos/predis/predis/zipball/153097374b39a2f737fe700ebcd725642526cdec",
|
||||
"reference": "153097374b39a2f737fe700ebcd725642526cdec",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4171,7 +4171,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/predis/predis/issues",
|
||||
"source": "https://github.com/predis/predis/tree/v3.2.0"
|
||||
"source": "https://github.com/predis/predis/tree/v3.3.0"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4179,7 +4179,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2025-08-06T06:41:24+00:00"
|
||||
"time": "2025-11-24T17:48:50+00:00"
|
||||
},
|
||||
{
|
||||
"name": "psr/clock",
|
||||
@@ -8587,16 +8587,16 @@
|
||||
},
|
||||
{
|
||||
"name": "nunomaduro/collision",
|
||||
"version": "v8.8.2",
|
||||
"version": "v8.8.3",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/nunomaduro/collision.git",
|
||||
"reference": "60207965f9b7b7a4ce15a0f75d57f9dadb105bdb"
|
||||
"reference": "1dc9e88d105699d0fee8bb18890f41b274f6b4c4"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/nunomaduro/collision/zipball/60207965f9b7b7a4ce15a0f75d57f9dadb105bdb",
|
||||
"reference": "60207965f9b7b7a4ce15a0f75d57f9dadb105bdb",
|
||||
"url": "https://api.github.com/repos/nunomaduro/collision/zipball/1dc9e88d105699d0fee8bb18890f41b274f6b4c4",
|
||||
"reference": "1dc9e88d105699d0fee8bb18890f41b274f6b4c4",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -8618,7 +8618,7 @@
|
||||
"laravel/sanctum": "^4.1.1",
|
||||
"laravel/tinker": "^2.10.1",
|
||||
"orchestra/testbench-core": "^9.12.0 || ^10.4",
|
||||
"pestphp/pest": "^3.8.2",
|
||||
"pestphp/pest": "^3.8.2 || ^4.0.0",
|
||||
"sebastian/environment": "^7.2.1 || ^8.0"
|
||||
},
|
||||
"type": "library",
|
||||
@@ -8682,7 +8682,7 @@
|
||||
"type": "patreon"
|
||||
}
|
||||
],
|
||||
"time": "2025-06-25T02:12:12+00:00"
|
||||
"time": "2025-11-20T02:55:25+00:00"
|
||||
},
|
||||
{
|
||||
"name": "phar-io/manifest",
|
||||
|
||||
@@ -1 +1 @@
|
||||
a75aa1a640d312e5e6a52f63b121daf5bca1e4ad11aaf9a162c8f91e8e2e00ed
|
||||
ea202c9927a6b6b0bb9f30969642127b6fa14cf5ce70e56482b84ffd5bcf92bf
|
||||
@@ -5,6 +5,8 @@ namespace Tests\Uploads;
|
||||
use BookStack\Entities\Repos\PageRepo;
|
||||
use BookStack\Uploads\Image;
|
||||
use BookStack\Uploads\ImageService;
|
||||
use BookStack\Uploads\UserAvatars;
|
||||
use BookStack\Users\Models\Role;
|
||||
use Illuminate\Support\Str;
|
||||
use Tests\TestCase;
|
||||
|
||||
@@ -467,6 +469,26 @@ class ImageTest extends TestCase
|
||||
}
|
||||
}
|
||||
|
||||
public function test_avatar_images_visible_only_when_public_access_enabled_with_local_secure_restricted()
|
||||
{
|
||||
config()->set('filesystems.images', 'local_secure_restricted');
|
||||
$user = $this->users->admin();
|
||||
$avatars = $this->app->make(UserAvatars::class);
|
||||
$avatars->assignToUserFromExistingData($user, $this->files->pngImageData(), 'png');
|
||||
|
||||
$avatarUrl = $user->getAvatar();
|
||||
|
||||
$resp = $this->get($avatarUrl);
|
||||
$resp->assertRedirect('/login');
|
||||
|
||||
$this->permissions->makeAppPublic();
|
||||
|
||||
$resp = $this->get($avatarUrl);
|
||||
$resp->assertOk();
|
||||
|
||||
$this->files->deleteAtRelativePath($user->avatar->path);
|
||||
}
|
||||
|
||||
public function test_secure_restricted_images_inaccessible_without_relation_permission()
|
||||
{
|
||||
config()->set('filesystems.images', 'local_secure_restricted');
|
||||
@@ -491,6 +513,38 @@ class ImageTest extends TestCase
|
||||
}
|
||||
}
|
||||
|
||||
public function test_secure_restricted_images_accessible_with_public_guest_access()
|
||||
{
|
||||
config()->set('filesystems.images', 'local_secure_restricted');
|
||||
$this->permissions->makeAppPublic();
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
$this->files->uploadGalleryImageToPage($this, $page);
|
||||
$image = Image::query()->where('type', '=', 'gallery')
|
||||
->where('uploaded_to', '=', $page->id)
|
||||
->first();
|
||||
|
||||
$expectedUrl = url($image->path);
|
||||
$expectedPath = storage_path($image->path);
|
||||
auth()->logout();
|
||||
|
||||
$this->get($expectedUrl)->assertOk();
|
||||
|
||||
$this->permissions->setEntityPermissions($page, [], []);
|
||||
|
||||
$resp = $this->get($expectedUrl);
|
||||
$resp->assertNotFound();
|
||||
|
||||
$this->permissions->setEntityPermissions($page, ['view'], [Role::getSystemRole('public')]);
|
||||
|
||||
$this->get($expectedUrl)->assertOk();
|
||||
|
||||
if (file_exists($expectedPath)) {
|
||||
unlink($expectedPath);
|
||||
}
|
||||
}
|
||||
|
||||
public function test_thumbnail_path_handled_by_secure_restricted_images()
|
||||
{
|
||||
config()->set('filesystems.images', 'local_secure_restricted');
|
||||
|
||||
Reference in New Issue
Block a user