Updated version and assets for release v25.12.2

Added Id to crowdin config for compatibility with upcoming change to
crowdin CLI process after switch to codeberg

.github/translators.txt

@@ -512,3 +512,19 @@ David Olsen (dawin) :: Danish
 ltnzr :: French
 Frank Holler (holler.frank) :: German; German Informal
 Korab Arifi (korabidev) :: Albanian
+Petr Husák (petrhusak) :: Czech
+Bernardo Maia (bernardo.bmaia2) :: Portuguese, Brazilian
+Amr (amr3k) :: Arabic
+Tahsin Ahmed (tahsinahmed2012) :: Bengali
+bojan_che :: Serbian (Cyrillic)
+setiawan setiawan (culture.setiawan) :: Indonesian
+Donald Mac Kenzie (kiuman) :: Norwegian Bokmal
+Gabriel Silver (GabrielBSilver) :: Hebrew
+Tomas Darius Davainis (Tomasdd) :: Lithuanian
+CriedHero :: Chinese Simplified
+Henrik (henrik2105) :: Norwegian Bokmal
+FoW (fofwisdom) :: Korean
+serinf-lauza :: French
+Diyan Nikolaev (nikolaev.diyan) :: Bulgarian
+Shadluk Avan (quldosh) :: Uzbek
+Marci (MartonPoto) :: Hungarian

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015-2025, Dan Brown and the BookStack project contributors.
+Copyright (c) 2015-2026, Dan Brown and the BookStack project contributors.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

app/Access/Mfa/TotpService.php

@@ -14,10 +14,9 @@ use PragmaRX\Google2FA\Support\Constants;
 
 class TotpService
 {
-    protected $google2fa;
-
-    public function __construct(Google2FA $google2fa)
-    {
+    public function __construct(
+        protected Google2FA $google2fa
+    ) {
         $this->google2fa = $google2fa;
         // Use SHA1 as a default, Personal testing of other options in 2021 found
         // many apps lack support for other algorithms yet still will scan
@@ -35,7 +34,7 @@ class TotpService
     }
 
     /**
-     * Generate a TOTP URL from secret key.
+     * Generate a TOTP URL from a secret key.
      */
     public function generateUrl(string $secret, User $user): string
     {

app/Activity/Models/MentionHistory.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace BookStack\Activity\Models;
+
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Support\Carbon;
+
+/**
+ * @property int $id
+ * @property string $mentionable_type
+ * @property int $mentionable_id
+ * @property int $from_user_id
+ * @property int $to_user_id
+ * @property Carbon $created_at
+ * @property Carbon $updated_at
+ */
+class MentionHistory extends Model
+{
+    protected $table = 'mention_history';
+}

app/Activity/Notifications/Handlers/CommentMentionNotificationHandler.php

@@ -0,0 +1,85 @@
+<?php
+
+namespace BookStack\Activity\Notifications\Handlers;
+
+use BookStack\Activity\ActivityType;
+use BookStack\Activity\Models\Activity;
+use BookStack\Activity\Models\Comment;
+use BookStack\Activity\Models\Loggable;
+use BookStack\Activity\Models\MentionHistory;
+use BookStack\Activity\Notifications\Messages\CommentMentionNotification;
+use BookStack\Activity\Tools\MentionParser;
+use BookStack\Entities\Models\Page;
+use BookStack\Settings\UserNotificationPreferences;
+use BookStack\Users\Models\User;
+use Illuminate\Database\Eloquent\Collection;
+use Illuminate\Support\Carbon;
+
+class CommentMentionNotificationHandler extends BaseNotificationHandler
+{
+    public function handle(Activity $activity, Loggable|string $detail, User $user): void
+    {
+        if (!($detail instanceof Comment) || !($detail->entity instanceof Page)) {
+            throw new \InvalidArgumentException("Detail for comment mention notifications must be a comment on a page");
+        }
+
+        /** @var Page $page */
+        $page = $detail->entity;
+
+        $parser = new MentionParser();
+        $mentionedUserIds = $parser->parseUserIdsFromHtml($detail->html);
+        $realMentionedUsers = User::whereIn('id', $mentionedUserIds)->get();
+
+        $receivingNotifications = $realMentionedUsers->filter(function (User $user) {
+            $prefs = new UserNotificationPreferences($user);
+            return $prefs->notifyOnCommentMentions();
+        });
+        $receivingNotificationsUserIds = $receivingNotifications->pluck('id')->toArray();
+
+        $userMentionsToLog = $realMentionedUsers;
+
+        // When an edit, we check our history to see if we've already notified the user about this comment before
+        // so that we can filter them out to avoid double notifications.
+        if ($activity->type === ActivityType::COMMENT_UPDATE) {
+            $previouslyNotifiedUserIds = $this->getPreviouslyNotifiedUserIds($detail);
+            $receivingNotificationsUserIds = array_values(array_diff($receivingNotificationsUserIds, $previouslyNotifiedUserIds));
+            $userMentionsToLog = $userMentionsToLog->filter(function (User $user) use ($previouslyNotifiedUserIds) {
+                return !in_array($user->id, $previouslyNotifiedUserIds);
+            });
+        }
+
+        $this->logMentions($userMentionsToLog, $detail, $user);
+        $this->sendNotificationToUserIds(CommentMentionNotification::class, $receivingNotificationsUserIds, $user, $detail, $page);
+    }
+
+    /**
+     * @param Collection<User> $mentionedUsers
+     */
+    protected function logMentions(Collection $mentionedUsers, Comment $comment, User $fromUser): void
+    {
+        $mentions = [];
+        $now = Carbon::now();
+
+        foreach ($mentionedUsers as $mentionedUser) {
+            $mentions[] = [
+                'mentionable_type' => $comment->getMorphClass(),
+                'mentionable_id' => $comment->id,
+                'from_user_id' => $fromUser->id,
+                'to_user_id' => $mentionedUser->id,
+                'created_at' => $now,
+                'updated_at' => $now,
+            ];
+        }
+
+        MentionHistory::query()->insert($mentions);
+    }
+
+    protected function getPreviouslyNotifiedUserIds(Comment $comment): array
+    {
+        return MentionHistory::query()
+            ->where('mentionable_id', $comment->id)
+            ->where('mentionable_type', $comment->getMorphClass())
+            ->pluck('to_user_id')
+            ->toArray();
+    }
+}

app/Activity/Notifications/Messages/CommentMentionNotification.php

@@ -0,0 +1,37 @@
+<?php
+
+namespace BookStack\Activity\Notifications\Messages;
+
+use BookStack\Activity\Models\Comment;
+use BookStack\Activity\Notifications\MessageParts\EntityLinkMessageLine;
+use BookStack\Activity\Notifications\MessageParts\ListMessageLine;
+use BookStack\Entities\Models\Page;
+use BookStack\Users\Models\User;
+use Illuminate\Notifications\Messages\MailMessage;
+
+class CommentMentionNotification extends BaseActivityNotification
+{
+    public function toMail(User $notifiable): MailMessage
+    {
+        /** @var Comment $comment */
+        $comment = $this->detail;
+        /** @var Page $page */
+        $page = $comment->entity;
+
+        $locale = $notifiable->getLocale();
+
+        $listLines = array_filter([
+            $locale->trans('notifications.detail_page_name') => new EntityLinkMessageLine($page),
+            $locale->trans('notifications.detail_page_path') => $this->buildPagePathLine($page, $notifiable),
+            $locale->trans('notifications.detail_commenter') => $this->user->name,
+            $locale->trans('notifications.detail_comment') => strip_tags($comment->html),
+        ]);
+
+        return $this->newMailMessage($locale)
+            ->subject($locale->trans('notifications.comment_mention_subject', ['pageName' => $page->getShortName()]))
+            ->line($locale->trans('notifications.comment_mention_intro', ['appName' => setting('app-name')]))
+            ->line(new ListMessageLine($listLines))
+            ->action($locale->trans('notifications.action_view_comment'), $page->getUrl('#comment' . $comment->local_id))
+            ->line($this->buildReasonFooterLine($locale));
+    }
+}

app/Activity/Notifications/NotificationManager.php

@@ -6,6 +6,7 @@ use BookStack\Activity\ActivityType;
 use BookStack\Activity\Models\Activity;
 use BookStack\Activity\Models\Loggable;
 use BookStack\Activity\Notifications\Handlers\CommentCreationNotificationHandler;
+use BookStack\Activity\Notifications\Handlers\CommentMentionNotificationHandler;
 use BookStack\Activity\Notifications\Handlers\NotificationHandler;
 use BookStack\Activity\Notifications\Handlers\PageCreationNotificationHandler;
 use BookStack\Activity\Notifications\Handlers\PageUpdateNotificationHandler;
@@ -48,5 +49,7 @@ class NotificationManager
         $this->registerHandler(ActivityType::PAGE_CREATE, PageCreationNotificationHandler::class);
         $this->registerHandler(ActivityType::PAGE_UPDATE, PageUpdateNotificationHandler::class);
         $this->registerHandler(ActivityType::COMMENT_CREATE, CommentCreationNotificationHandler::class);
+        $this->registerHandler(ActivityType::COMMENT_CREATE, CommentMentionNotificationHandler::class);
+        $this->registerHandler(ActivityType::COMMENT_UPDATE, CommentMentionNotificationHandler::class);
     }
 }

app/Activity/Tools/MentionParser.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace BookStack\Activity\Tools;
+
+use BookStack\Util\HtmlDocument;
+use DOMElement;
+
+class MentionParser
+{
+    public function parseUserIdsFromHtml(string $html): array
+    {
+        $doc = new HtmlDocument($html);
+
+        $ids = [];
+        $mentionLinks = $doc->queryXPath('//a[@data-mention-user-id]');
+
+        foreach ($mentionLinks as $link) {
+            if ($link instanceof DOMElement) {
+                $id = intval($link->getAttribute('data-mention-user-id'));
+                if ($id > 0) {
+                    $ids[] = $id;
+                }
+            }
+        }
+
+        return array_values(array_unique($ids));
+    }
+}

app/App/HomeController.php

@@ -83,7 +83,7 @@ class HomeController extends Controller
         if ($homepageOption === 'bookshelves') {
             $shelves = $this->queries->shelves->visibleForListWithCover()
                 ->orderBy($commonData['listOptions']->getSort(), $commonData['listOptions']->getOrder())
-                ->paginate(18);
+                ->paginate(setting()->getInteger('lists-page-count-shelves', 18, 1, 1000));
             $data = array_merge($commonData, ['shelves' => $shelves]);
 
             return view('home.shelves', $data);
@@ -92,7 +92,7 @@ class HomeController extends Controller
         if ($homepageOption === 'books') {
             $books = $this->queries->books->visibleForListWithCover()
                 ->orderBy($commonData['listOptions']->getSort(), $commonData['listOptions']->getOrder())
-                ->paginate(18);
+                ->paginate(setting()->getInteger('lists-page-count-books', 18, 1, 1000));
             $data = array_merge($commonData, ['books' => $books]);
 
             return view('home.books', $data);

app/App/Providers/AppServiceProvider.php

@@ -3,6 +3,7 @@
 namespace BookStack\App\Providers;
 
 use BookStack\Access\SocialDriverManager;
+use BookStack\Activity\Models\Comment;
 use BookStack\Activity\Tools\ActivityLogger;
 use BookStack\Entities\Models\Book;
 use BookStack\Entities\Models\Bookshelf;
@@ -73,6 +74,7 @@ class AppServiceProvider extends ServiceProvider
             'book'      => Book::class,
             'chapter'   => Chapter::class,
             'page'      => Page::class,
+            'comment'   => Comment::class,
         ]);
     }
 }

app/App/SluggableInterface.php

@@ -5,11 +5,9 @@ namespace BookStack\App;
 /**
  * Assigned to models that can have slugs.
  * Must have the below properties.
+ *
+ * @property string $slug
  */
 interface SluggableInterface
 {
-    /**
-     * Regenerate the slug for this model.
-     */
-    public function refreshSlug(): string;
 }

app/Config/database.php

@@ -81,7 +81,8 @@ return [
             'strict'         => false,
             'engine'         => null,
             'options'        => extension_loaded('pdo_mysql') ? array_filter([
-                PDO::MYSQL_ATTR_SSL_CA => env('MYSQL_ATTR_SSL_CA'),
+                // @phpstan-ignore class.notFound
+                (PHP_VERSION_ID >= 80500 ? \Pdo\Mysql::ATTR_SSL_CA : \PDO::MYSQL_ATTR_SSL_CA) => env('MYSQL_ATTR_SSL_CA'),
             ]) : [],
         ],
 

app/Config/setting-defaults.php

@@ -41,6 +41,7 @@ return [
         'bookshelves_view_type' => env('APP_VIEWS_BOOKSHELVES', 'grid'),
         'bookshelf_view_type'   => env('APP_VIEWS_BOOKSHELF', 'grid'),
         'books_view_type'       => env('APP_VIEWS_BOOKS', 'grid'),
+        'notifications#comment-mentions' => true,
     ],
 
 ];

app/Entities/Controllers/BookController.php

@@ -8,6 +8,7 @@ use BookStack\Activity\Models\View;
 use BookStack\Activity\Tools\UserEntityWatchOptions;
 use BookStack\Entities\Queries\BookQueries;
 use BookStack\Entities\Queries\BookshelfQueries;
+use BookStack\Entities\Queries\EntityQueries;
 use BookStack\Entities\Repos\BookRepo;
 use BookStack\Entities\Tools\BookContents;
 use BookStack\Entities\Tools\Cloner;
@@ -31,6 +32,7 @@ class BookController extends Controller
         protected ShelfContext $shelfContext,
         protected BookRepo $bookRepo,
         protected BookQueries $queries,
+        protected EntityQueries $entityQueries,
         protected BookshelfQueries $shelfQueries,
         protected ReferenceFetcher $referenceFetcher,
     ) {
@@ -50,7 +52,7 @@ class BookController extends Controller
 
         $books = $this->queries->visibleForListWithCover()
             ->orderBy($listOptions->getSort(), $listOptions->getOrder())
-            ->paginate(18);
+            ->paginate(setting()->getInteger('lists-page-count-books', 18, 1, 1000));
         $recents = $this->isSignedIn() ? $this->queries->recentlyViewedForCurrentUser()->take(4)->get() : false;
         $popular = $this->queries->popularForList()->take(4)->get();
         $new = $this->queries->visibleForList()->orderBy('created_at', 'desc')->take(4)->get();
@@ -127,7 +129,16 @@ class BookController extends Controller
      */
     public function show(Request $request, ActivityQueries $activities, string $slug)
     {
-        $book = $this->queries->findVisibleBySlugOrFail($slug);
+        try {
+            $book = $this->queries->findVisibleBySlugOrFail($slug);
+        } catch (NotFoundException $exception) {
+            $book = $this->entityQueries->findVisibleByOldSlugs('book', $slug);
+            if (is_null($book)) {
+                throw $exception;
+            }
+            return redirect($book->getUrl());
+        }
+
         $bookChildren = (new BookContents($book))->getTree(true);
         $bookParentShelves = $book->shelves()->scopes('visible')->get();
 

app/Entities/Controllers/BookshelfController.php

@@ -6,6 +6,7 @@ use BookStack\Activity\ActivityQueries;
 use BookStack\Activity\Models\View;
 use BookStack\Entities\Queries\BookQueries;
 use BookStack\Entities\Queries\BookshelfQueries;
+use BookStack\Entities\Queries\EntityQueries;
 use BookStack\Entities\Repos\BookshelfRepo;
 use BookStack\Entities\Tools\ShelfContext;
 use BookStack\Exceptions\ImageUploadException;
@@ -23,6 +24,7 @@ class BookshelfController extends Controller
     public function __construct(
         protected BookshelfRepo $shelfRepo,
         protected BookshelfQueries $queries,
+        protected EntityQueries $entityQueries,
         protected BookQueries $bookQueries,
         protected ShelfContext $shelfContext,
         protected ReferenceFetcher $referenceFetcher,
@@ -43,7 +45,7 @@ class BookshelfController extends Controller
 
         $shelves = $this->queries->visibleForListWithCover()
             ->orderBy($listOptions->getSort(), $listOptions->getOrder())
-            ->paginate(18);
+            ->paginate(setting()->getInteger('lists-page-count-shelves', 18, 1, 1000));
         $recents = $this->isSignedIn() ? $this->queries->recentlyViewedForCurrentUser()->get() : false;
         $popular = $this->queries->popularForList()->get();
         $new = $this->queries->visibleForList()
@@ -105,7 +107,16 @@ class BookshelfController extends Controller
      */
     public function show(Request $request, ActivityQueries $activities, string $slug)
     {
-        $shelf = $this->queries->findVisibleBySlugOrFail($slug);
+        try {
+            $shelf = $this->queries->findVisibleBySlugOrFail($slug);
+        } catch (NotFoundException $exception) {
+            $shelf = $this->entityQueries->findVisibleByOldSlugs('bookshelf', $slug);
+            if (is_null($shelf)) {
+                throw $exception;
+            }
+            return redirect($shelf->getUrl());
+        }
+
         $this->checkOwnablePermission(Permission::BookshelfView, $shelf);
 
         $listOptions = SimpleListOptions::fromRequest($request, 'shelf_books')->withSortOptions([

app/Entities/Controllers/ChapterController.php

@@ -77,7 +77,15 @@ class ChapterController extends Controller
      */
     public function show(string $bookSlug, string $chapterSlug)
     {
-        $chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
+        try {
+            $chapter = $this->queries->findVisibleBySlugsOrFail($bookSlug, $chapterSlug);
+        } catch (NotFoundException $exception) {
+            $chapter = $this->entityQueries->findVisibleByOldSlugs('chapter', $chapterSlug, $bookSlug);
+            if (is_null($chapter)) {
+                throw $exception;
+            }
+            return redirect($chapter->getUrl());
+        }
 
         $sidebarTree = (new BookContents($chapter->book))->getTree();
         $pages = $this->entityQueries->pages->visibleForChapterList($chapter->id)->get();

app/Entities/Controllers/PageController.php

@@ -17,7 +17,6 @@ use BookStack\Entities\Tools\PageContent;
 use BookStack\Entities\Tools\PageEditActivity;
 use BookStack\Entities\Tools\PageEditorData;
 use BookStack\Exceptions\NotFoundException;
-use BookStack\Exceptions\NotifyException;
 use BookStack\Exceptions\PermissionsException;
 use BookStack\Http\Controller;
 use BookStack\Permissions\Permission;
@@ -140,9 +139,7 @@ class PageController extends Controller
         try {
             $page = $this->queries->findVisibleBySlugsOrFail($bookSlug, $pageSlug);
         } catch (NotFoundException $e) {
-            $revision = $this->entityQueries->revisions->findLatestVersionBySlugs($bookSlug, $pageSlug);
-            $page = $revision->page ?? null;
-
+            $page = $this->entityQueries->findVisibleByOldSlugs('page', $pageSlug, $bookSlug);
             if (is_null($page)) {
                 throw $e;
             }

app/Entities/Models/BookChild.php

@@ -2,7 +2,6 @@
 
 namespace BookStack\Entities\Models;
 
-use BookStack\References\ReferenceUpdater;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 
 /**
@@ -17,34 +16,10 @@ abstract class BookChild extends Entity
 {
     /**
      * Get the book this page sits in.
+     * @return BelongsTo<Book, $this>
      */
     public function book(): BelongsTo
     {
         return $this->belongsTo(Book::class)->withTrashed();
     }
-
-    /**
-     * Change the book that this entity belongs to.
-     */
-    public function changeBook(int $newBookId): self
-    {
-        $oldUrl = $this->getUrl();
-        $this->book_id = $newBookId;
-        $this->unsetRelation('book');
-        $this->refreshSlug();
-        $this->save();
-
-        if ($oldUrl !== $this->getUrl()) {
-            app()->make(ReferenceUpdater::class)->updateEntityReferences($this, $oldUrl);
-        }
-
-        // Update all child pages if a chapter
-        if ($this instanceof Chapter) {
-            foreach ($this->pages()->withTrashed()->get() as $page) {
-                $page->changeBook($newBookId);
-            }
-        }
-
-        return $this;
-    }
 }

app/Entities/Models/Entity.php

@@ -13,7 +13,6 @@ use BookStack\Activity\Models\Viewable;
 use BookStack\Activity\Models\Watch;
 use BookStack\App\Model;
 use BookStack\App\SluggableInterface;
-use BookStack\Entities\Tools\SlugGenerator;
 use BookStack\Permissions\JointPermissionBuilder;
 use BookStack\Permissions\Models\EntityPermission;
 use BookStack\Permissions\Models\JointPermission;
@@ -405,16 +404,6 @@ abstract class Entity extends Model implements
         app()->make(SearchIndex::class)->indexEntity(clone $this);
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function refreshSlug(): string
-    {
-        $this->slug = app()->make(SlugGenerator::class)->generate($this, $this->name);
-
-        return $this->slug;
-    }
-
     /**
      * {@inheritdoc}
      */
@@ -441,6 +430,14 @@ abstract class Entity extends Model implements
         return $this->morphMany(Watch::class, 'watchable');
     }
 
+    /**
+     * Get the related slug history for this entity.
+     */
+    public function slugHistory(): MorphMany
+    {
+        return $this->morphMany(SlugHistory::class, 'sluggable');
+    }
+
     /**
      * {@inheritdoc}
      */

app/Entities/Models/Page.php

@@ -124,6 +124,14 @@ class Page extends BookChild
         return url('/' . implode('/', $parts));
     }
 
+    /**
+     * Get the ID-based permalink for this page.
+     */
+    public function getPermalink(): string
+    {
+        return url("/link/{$this->id}");
+    }
+
     /**
      * Get this page for JSON display.
      */

app/Entities/Models/SlugHistory.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace BookStack\Entities\Models;
+
+use BookStack\App\Model;
+use BookStack\Permissions\Models\JointPermission;
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Relations\HasMany;
+
+/**
+ * @property int $id
+ * @property int $sluggable_id
+ * @property string $sluggable_type
+ * @property string $slug
+ * @property ?string $parent_slug
+ */
+class SlugHistory extends Model
+{
+    use HasFactory;
+
+    protected $table = 'slug_history';
+
+    public function jointPermissions(): HasMany
+    {
+        return $this->hasMany(JointPermission::class, 'entity_id', 'sluggable_id')
+            ->whereColumn('joint_permissions.entity_type', '=', 'slug_history.sluggable_type');
+    }
+}

app/Entities/Queries/EntityQueries.php

@@ -4,6 +4,7 @@ namespace BookStack\Entities\Queries;
 
 use BookStack\Entities\Models\Entity;
 use BookStack\Entities\Models\EntityTable;
+use BookStack\Entities\Tools\SlugHistory;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Query\Builder as QueryBuilder;
 use Illuminate\Database\Query\JoinClause;
@@ -18,6 +19,7 @@ class EntityQueries
         public ChapterQueries $chapters,
         public PageQueries $pages,
         public PageRevisionQueries $revisions,
+        protected SlugHistory $slugHistory,
     ) {
     }
 
@@ -31,9 +33,30 @@ class EntityQueries
         $explodedId = explode(':', $identifier);
         $entityType = $explodedId[0];
         $entityId = intval($explodedId[1]);
-        $queries = $this->getQueriesForType($entityType);
 
-        return $queries->findVisibleById($entityId);
+        return $this->findVisibleById($entityType, $entityId);
+    }
+
+    /**
+     * Find an entity by its ID.
+     */
+    public function findVisibleById(string $type, int $id): ?Entity
+    {
+        $queries = $this->getQueriesForType($type);
+        return $queries->findVisibleById($id);
+    }
+
+    /**
+     * Find an entity by looking up old slugs in the slug history.
+     */
+    public function findVisibleByOldSlugs(string $type, string $slug, string $parentSlug = ''): ?Entity
+    {
+        $id = $this->slugHistory->lookupEntityIdUsingSlugs($type, $slug, $parentSlug);
+        if ($id === null) {
+            return null;
+        }
+
+        return $this->findVisibleById($type, $id);
     }
 
     /**

app/Entities/Repos/BaseRepo.php

@@ -8,6 +8,8 @@ use BookStack\Entities\Models\HasCoverInterface;
 use BookStack\Entities\Models\HasDescriptionInterface;
 use BookStack\Entities\Models\Entity;
 use BookStack\Entities\Queries\PageQueries;
+use BookStack\Entities\Tools\SlugGenerator;
+use BookStack\Entities\Tools\SlugHistory;
 use BookStack\Exceptions\ImageUploadException;
 use BookStack\References\ReferenceStore;
 use BookStack\References\ReferenceUpdater;
@@ -25,6 +27,8 @@ class BaseRepo
         protected ReferenceStore $referenceStore,
         protected PageQueries $pageQueries,
         protected BookSorter $bookSorter,
+        protected SlugGenerator $slugGenerator,
+        protected SlugHistory $slugHistory,
     ) {
     }
 
@@ -43,7 +47,7 @@ class BaseRepo
             'updated_by' => user()->id,
             'owned_by'   => user()->id,
         ]);
-        $entity->refreshSlug();
+        $this->refreshSlug($entity);
 
         if ($entity instanceof HasDescriptionInterface) {
             $this->updateDescription($entity, $input);
@@ -78,7 +82,7 @@ class BaseRepo
         $entity->updated_by = user()->id;
 
         if ($entity->isDirty('name') || empty($entity->slug)) {
-            $entity->refreshSlug();
+            $this->refreshSlug($entity);
         }
 
         if ($entity instanceof HasDescriptionInterface) {
@@ -155,4 +159,13 @@ class BaseRepo
             $entity->descriptionInfo()->set('', $input['description']);
         }
     }
+
+    /**
+     * Refresh the slug for the given entity.
+     */
+    public function refreshSlug(Entity $entity): void
+    {
+        $this->slugHistory->recordForEntity($entity);
+        $this->slugGenerator->regenerateForEntity($entity);
+    }
 }

app/Entities/Repos/ChapterRepo.php

@@ -7,6 +7,7 @@ use BookStack\Entities\Models\Book;
 use BookStack\Entities\Models\Chapter;
 use BookStack\Entities\Queries\EntityQueries;
 use BookStack\Entities\Tools\BookContents;
+use BookStack\Entities\Tools\ParentChanger;
 use BookStack\Entities\Tools\TrashCan;
 use BookStack\Exceptions\MoveOperationException;
 use BookStack\Exceptions\PermissionsException;
@@ -21,6 +22,7 @@ class ChapterRepo
         protected BaseRepo $baseRepo,
         protected EntityQueries $entityQueries,
         protected TrashCan $trashCan,
+        protected ParentChanger $parentChanger,
     ) {
     }
 
@@ -97,7 +99,7 @@ class ChapterRepo
         }
 
         return (new DatabaseTransaction(function () use ($chapter, $parent) {
-            $chapter = $chapter->changeBook($parent->id);
+            $this->parentChanger->changeBook($chapter, $parent->id);
             $chapter->rebuildPermissions();
             Activity::add(ActivityType::CHAPTER_MOVE, $chapter);
 

app/Entities/Repos/PageRepo.php

@@ -12,6 +12,7 @@ use BookStack\Entities\Queries\EntityQueries;
 use BookStack\Entities\Tools\BookContents;
 use BookStack\Entities\Tools\PageContent;
 use BookStack\Entities\Tools\PageEditorType;
+use BookStack\Entities\Tools\ParentChanger;
 use BookStack\Entities\Tools\TrashCan;
 use BookStack\Exceptions\MoveOperationException;
 use BookStack\Exceptions\PermissionsException;
@@ -31,6 +32,7 @@ class PageRepo
         protected ReferenceStore $referenceStore,
         protected ReferenceUpdater $referenceUpdater,
         protected TrashCan $trashCan,
+        protected ParentChanger $parentChanger,
     ) {
     }
 
@@ -242,7 +244,7 @@ class PageRepo
         }
 
         $page->updated_by = user()->id;
-        $page->refreshSlug();
+        $this->baseRepo->refreshSlug($page);
         $page->save();
         $page->indexForSearch();
         $this->referenceStore->updateForEntity($page);
@@ -284,7 +286,7 @@ class PageRepo
         return (new DatabaseTransaction(function () use ($page, $parent) {
             $page->chapter_id = ($parent instanceof Chapter) ? $parent->id : null;
             $newBookId = ($parent instanceof Chapter) ? $parent->book->id : $parent->id;
-            $page = $page->changeBook($newBookId);
+            $this->parentChanger->changeBook($page, $newBookId);
             $page->rebuildPermissions();
 
             Activity::add(ActivityType::PAGE_MOVE, $page);

app/Entities/Tools/Cloner.php

@@ -13,30 +13,47 @@ use BookStack\Entities\Repos\BookRepo;
 use BookStack\Entities\Repos\ChapterRepo;
 use BookStack\Entities\Repos\PageRepo;
 use BookStack\Permissions\Permission;
+use BookStack\References\ReferenceChangeContext;
+use BookStack\References\ReferenceUpdater;
 use BookStack\Uploads\Image;
 use BookStack\Uploads\ImageService;
 use Illuminate\Http\UploadedFile;
 
 class Cloner
 {
+    protected ReferenceChangeContext $referenceChangeContext;
+
     public function __construct(
         protected PageRepo $pageRepo,
         protected ChapterRepo $chapterRepo,
         protected BookRepo $bookRepo,
         protected ImageService $imageService,
+        protected ReferenceUpdater $referenceUpdater,
     ) {
+        $this->referenceChangeContext = new ReferenceChangeContext();
     }
 
     /**
      * Clone the given page into the given parent using the provided name.
      */
     public function clonePage(Page $original, Entity $parent, string $newName): Page
+    {
+        $context = $this->newReferenceChangeContext();
+        $page = $this->createPageClone($original, $parent, $newName);
+        $this->referenceUpdater->changeReferencesUsingContext($context);
+        return $page;
+    }
+
+    protected function createPageClone(Page $original, Entity $parent, string $newName): Page
     {
         $copyPage = $this->pageRepo->getNewDraftPage($parent);
         $pageData = $this->entityToInputData($original);
         $pageData['name'] = $newName;
 
-        return $this->pageRepo->publishDraft($copyPage, $pageData);
+        $newPage = $this->pageRepo->publishDraft($copyPage, $pageData);
+        $this->referenceChangeContext->add($original, $newPage);
+
+        return $newPage;
     }
 
     /**
@@ -44,6 +61,14 @@ class Cloner
      * Clones all child pages.
      */
     public function cloneChapter(Chapter $original, Book $parent, string $newName): Chapter
+    {
+        $context = $this->newReferenceChangeContext();
+        $chapter = $this->createChapterClone($original, $parent, $newName);
+        $this->referenceUpdater->changeReferencesUsingContext($context);
+        return $chapter;
+    }
+
+    protected function createChapterClone(Chapter $original, Book $parent, string $newName): Chapter
     {
         $chapterDetails = $this->entityToInputData($original);
         $chapterDetails['name'] = $newName;
@@ -53,10 +78,12 @@ class Cloner
         if (userCan(Permission::PageCreate, $copyChapter)) {
             /** @var Page $page */
             foreach ($original->getVisiblePages() as $page) {
-                $this->clonePage($page, $copyChapter, $page->name);
+                $this->createPageClone($page, $copyChapter, $page->name);
             }
         }
 
+        $this->referenceChangeContext->add($original, $copyChapter);
+
         return $copyChapter;
     }
 
@@ -65,6 +92,14 @@ class Cloner
      * Clones all child chapters and pages.
      */
     public function cloneBook(Book $original, string $newName): Book
+    {
+        $context = $this->newReferenceChangeContext();
+        $book = $this->createBookClone($original, $newName);
+        $this->referenceUpdater->changeReferencesUsingContext($context);
+        return $book;
+    }
+
+    protected function createBookClone(Book $original, string $newName): Book
     {
         $bookDetails = $this->entityToInputData($original);
         $bookDetails['name'] = $newName;
@@ -76,11 +111,11 @@ class Cloner
         $directChildren = $original->getDirectVisibleChildren();
         foreach ($directChildren as $child) {
             if ($child instanceof Chapter && userCan(Permission::ChapterCreate, $copyBook)) {
-                $this->cloneChapter($child, $copyBook, $child->name);
+                $this->createChapterClone($child, $copyBook, $child->name);
             }
 
             if ($child instanceof Page && !$child->draft && userCan(Permission::PageCreate, $copyBook)) {
-                $this->clonePage($child, $copyBook, $child->name);
+                $this->createPageClone($child, $copyBook, $child->name);
             }
         }
 
@@ -92,6 +127,8 @@ class Cloner
             }
         }
 
+        $this->referenceChangeContext->add($original, $copyBook);
+
         return $copyBook;
     }
 
@@ -155,4 +192,10 @@ class Cloner
 
         return $tags;
     }
+
+    protected function newReferenceChangeContext(): ReferenceChangeContext
+    {
+        $this->referenceChangeContext = new ReferenceChangeContext();
+        return $this->referenceChangeContext;
+    }
 }

app/Entities/Tools/HierarchyTransformer.php

@@ -17,7 +17,8 @@ class HierarchyTransformer
         protected BookRepo $bookRepo,
         protected BookshelfRepo $shelfRepo,
         protected Cloner $cloner,
-        protected TrashCan $trashCan
+        protected TrashCan $trashCan,
+        protected ParentChanger $parentChanger,
     ) {
     }
 
@@ -35,7 +36,7 @@ class HierarchyTransformer
         foreach ($chapter->pages as $page) {
             $page->chapter_id = 0;
             $page->save();
-            $page->changeBook($book->id);
+            $this->parentChanger->changeBook($page, $book->id);
         }
 
         $this->trashCan->destroyEntity($chapter);

app/Entities/Tools/ParentChanger.php

@@ -0,0 +1,40 @@
+<?php
+
+namespace BookStack\Entities\Tools;
+
+use BookStack\Entities\Models\BookChild;
+use BookStack\Entities\Models\Chapter;
+use BookStack\References\ReferenceUpdater;
+
+class ParentChanger
+{
+    public function __construct(
+        protected SlugGenerator $slugGenerator,
+        protected ReferenceUpdater $referenceUpdater
+    ) {
+    }
+
+    /**
+     * Change the parent book of a chapter or page.
+     */
+    public function changeBook(BookChild $child, int $newBookId): void
+    {
+        $oldUrl = $child->getUrl();
+
+        $child->book_id = $newBookId;
+        $child->unsetRelation('book');
+        $this->slugGenerator->regenerateForEntity($child);
+        $child->save();
+
+        if ($oldUrl !== $child->getUrl()) {
+            $this->referenceUpdater->updateEntityReferences($child, $oldUrl);
+        }
+
+        // Update all child pages if a chapter
+        if ($child instanceof Chapter) {
+            foreach ($child->pages()->withTrashed()->get() as $page) {
+                $this->changeBook($page, $newBookId);
+            }
+        }
+    }
+}

app/Entities/Tools/SlugGenerator.php

@@ -5,12 +5,14 @@ namespace BookStack\Entities\Tools;
 use BookStack\App\Model;
 use BookStack\App\SluggableInterface;
 use BookStack\Entities\Models\BookChild;
+use BookStack\Entities\Models\Entity;
+use BookStack\Users\Models\User;
 use Illuminate\Support\Str;
 
 class SlugGenerator
 {
     /**
-     * Generate a fresh slug for the given entity.
+     * Generate a fresh slug for the given item.
      * The slug will be generated so that it doesn't conflict within the same parent item.
      */
     public function generate(SluggableInterface&Model $model, string $slugSource): string
@@ -23,6 +25,26 @@ class SlugGenerator
         return $slug;
     }
 
+    /**
+     * Regenerate the slug for the given entity.
+     */
+    public function regenerateForEntity(Entity $entity): string
+    {
+        $entity->slug = $this->generate($entity, $entity->name);
+
+        return $entity->slug;
+    }
+
+    /**
+     * Regenerate the slug for a user.
+     */
+    public function regenerateForUser(User $user): string
+    {
+        $user->slug = $this->generate($user, $user->name);
+
+        return $user->slug;
+    }
+
     /**
      * Format a name as a URL slug.
      */

app/Entities/Tools/SlugHistory.php

@@ -0,0 +1,97 @@
+<?php
+
+namespace BookStack\Entities\Tools;
+
+use BookStack\Entities\Models\Book;
+use BookStack\Entities\Models\BookChild;
+use BookStack\Entities\Models\Entity;
+use BookStack\Entities\Models\EntityTable;
+use BookStack\Entities\Models\SlugHistory as SlugHistoryModel;
+use BookStack\Permissions\PermissionApplicator;
+use Illuminate\Support\Facades\DB;
+
+class SlugHistory
+{
+    public function __construct(
+        protected PermissionApplicator $permissions,
+    ) {
+    }
+
+    /**
+     * Record the current slugs for the given entity.
+     */
+    public function recordForEntity(Entity $entity): void
+    {
+        if (!$entity->id || !$entity->slug) {
+            return;
+        }
+
+        $parentSlug = null;
+        if ($entity instanceof BookChild) {
+            $parentSlug = $entity->book()->first()?->slug;
+        }
+
+        $latest = $this->getLatestEntryForEntity($entity);
+        if ($latest && $latest->slug === $entity->slug && $latest->parent_slug === $parentSlug) {
+            return;
+        }
+
+        $info = [
+            'sluggable_type' => $entity->getMorphClass(),
+            'sluggable_id'   => $entity->id,
+            'slug'           => $entity->slug,
+            'parent_slug'    => $parentSlug,
+        ];
+
+        $entry = new SlugHistoryModel();
+        $entry->forceFill($info);
+        $entry->save();
+
+        if ($entity instanceof Book) {
+            $this->recordForBookChildren($entity);
+        }
+    }
+
+    protected function recordForBookChildren(Book $book): void
+    {
+        $query = EntityTable::query()
+            ->select(['type', 'id', 'slug', DB::raw("'{$book->slug}' as parent_slug"), DB::raw('now() as created_at'), DB::raw('now() as updated_at')])
+            ->where('book_id', '=', $book->id)
+            ->whereNotNull('book_id');
+
+        SlugHistoryModel::query()->insertUsing(
+            ['sluggable_type', 'sluggable_id', 'slug', 'parent_slug', 'created_at', 'updated_at'],
+            $query
+        );
+    }
+
+    /**
+     * Find the latest visible entry for an entity which uses the given slug(s) in the history.
+     */
+    public function lookupEntityIdUsingSlugs(string $type, string $slug, string $parentSlug = ''): ?int
+    {
+        $query = SlugHistoryModel::query()
+            ->where('sluggable_type', '=', $type)
+            ->where('slug', '=', $slug);
+
+        if ($parentSlug) {
+            $query->where('parent_slug', '=', $parentSlug);
+        }
+
+        $query = $this->permissions->restrictEntityRelationQuery($query, 'slug_history', 'sluggable_id', 'sluggable_type');
+
+        /** @var SlugHistoryModel|null $result */
+        $result = $query->orderBy('created_at', 'desc')->first();
+
+        return $result?->sluggable_id;
+    }
+
+    protected function getLatestEntryForEntity(Entity $entity): SlugHistoryModel|null
+    {
+        return SlugHistoryModel::query()
+            ->where('sluggable_type', '=', $entity->getMorphClass())
+            ->where('sluggable_id', '=', $entity->id)
+            ->orderBy('created_at', 'desc')
+            ->first();
+    }
+}

app/Entities/Tools/TrashCan.php

@@ -388,7 +388,7 @@ class TrashCan
     /**
      * Update entity relations to remove or update outstanding connections.
      */
-    protected function destroyCommonRelations(Entity $entity)
+    protected function destroyCommonRelations(Entity $entity): void
     {
         Activity::removeEntity($entity);
         $entity->views()->delete();
@@ -402,6 +402,7 @@ class TrashCan
         $entity->watches()->delete();
         $entity->referencesTo()->delete();
         $entity->referencesFrom()->delete();
+        $entity->slugHistory()->delete();
 
         if ($entity instanceof HasCoverInterface && $entity->coverInfo()->exists()) {
             $imageService = app()->make(ImageService::class);

app/Exports/ZipExports/ZipExportReader.php

@@ -58,6 +58,16 @@ class ZipExportReader
     {
         $this->open();
 
+        $info = $this->zip->statName('data.json');
+        if ($info === false) {
+            throw new ZipExportException(trans('errors.import_zip_cant_decode_data'));
+        }
+
+        $maxSize = max(intval(config()->get('app.upload_limit')), 1) * 1000000;
+        if ($info['size'] > $maxSize) {
+            throw new ZipExportException(trans('errors.import_zip_data_too_large'));
+        }
+
         // Validate json data exists, including metadata
         $jsonData = $this->zip->getFromName('data.json') ?: '';
         $importData = json_decode($jsonData, true);
@@ -73,6 +83,17 @@ class ZipExportReader
         return $this->zip->statName("files/{$fileName}") !== false;
     }
 
+    public function fileWithinSizeLimit(string $fileName): bool
+    {
+        $fileInfo = $this->zip->statName("files/{$fileName}");
+        if ($fileInfo === false) {
+            return false;
+        }
+
+        $maxSize = max(intval(config()->get('app.upload_limit')), 1) * 1000000;
+        return $fileInfo['size'] <= $maxSize;
+    }
+
     /**
      * @return false|resource
      */

app/Exports/ZipExports/ZipFileReferenceRule.php

@@ -13,7 +13,6 @@ class ZipFileReferenceRule implements ValidationRule
     ) {
     }
 
-
     /**
      * @inheritDoc
      */
@@ -23,6 +22,13 @@ class ZipFileReferenceRule implements ValidationRule
             $fail('validation.zip_file')->translate();
         }
 
+        if (!$this->context->zipReader->fileWithinSizeLimit($value)) {
+            $fail('validation.zip_file_size')->translate([
+                'attribute' => $value,
+                'size' => config('app.upload_limit'),
+            ]);
+        }
+
         if (!empty($this->acceptedMimes)) {
             $fileMime = $this->context->zipReader->sniffFileMime($value);
             if (!in_array($fileMime, $this->acceptedMimes)) {

app/Exports/ZipExports/ZipImportRunner.php

@@ -265,6 +265,12 @@ class ZipImportRunner
 
     protected function zipFileToUploadedFile(string $fileName, ZipExportReader $reader): UploadedFile
     {
+        if (!$reader->fileWithinSizeLimit($fileName)) {
+            throw new ZipImportException([
+                "File $fileName exceeds app upload limit."
+            ]);
+        }
+
         $tempPath = tempnam(sys_get_temp_dir(), 'bszipextract');
         $fileStream = $reader->streamFile($fileName);
         $tempStream = fopen($tempPath, 'wb');

app/References/ReferenceChangeContext.php

@@ -0,0 +1,45 @@
+<?php
+
+namespace BookStack\References;
+
+use BookStack\Entities\Models\Entity;
+
+class ReferenceChangeContext
+{
+    /**
+     * Entity pairs where the first is the old entity and the second is the new entity.
+     * @var array<array{0: Entity, 1: Entity}>
+     */
+    protected array $changes = [];
+
+    public function add(Entity $oldEntity, Entity $newEntity): void
+    {
+        $this->changes[] = [$oldEntity, $newEntity];
+    }
+
+    /**
+     * Get all the new entities from the changes.
+     */
+    public function getNewEntities(): array
+    {
+        return array_column($this->changes, 1);
+    }
+
+    /**
+     * Get all the old entities from the changes.
+     */
+    public function getOldEntities(): array
+    {
+        return array_column($this->changes, 0);
+    }
+
+    public function getNewForOld(Entity $oldEntity): ?Entity
+    {
+        foreach ($this->changes as [$old, $new]) {
+            if ($old->id === $oldEntity->id && $old->type === $oldEntity->type) {
+                return $new;
+            }
+        }
+        return null;
+    }
+}

app/References/ReferenceUpdater.php

@@ -5,7 +5,6 @@ namespace BookStack\References;
 use BookStack\Entities\Models\Book;
 use BookStack\Entities\Models\HasDescriptionInterface;
 use BookStack\Entities\Models\Entity;
-use BookStack\Entities\Models\EntityContainerData;
 use BookStack\Entities\Models\Page;
 use BookStack\Entities\Repos\RevisionRepo;
 use BookStack\Util\HtmlDocument;
@@ -30,6 +29,47 @@ class ReferenceUpdater
         }
     }
 
+    /**
+     * Change existing references for a range of entities using the given context.
+     */
+    public function changeReferencesUsingContext(ReferenceChangeContext $context): void
+    {
+        $bindings = [];
+        foreach ($context->getOldEntities() as $old) {
+            $bindings[] = $old->getMorphClass();
+            $bindings[] = $old->id;
+        }
+
+        // No targets to update within the context, so no need to continue.
+        if (count($bindings) < 2) {
+            return;
+        }
+
+        $toReferenceQuery = '(to_type, to_id) IN (' . rtrim(str_repeat('(?,?),', count($bindings) / 2), ',') . ')';
+
+        // Cycle each new entity in the context
+        foreach ($context->getNewEntities() as $new) {
+            // For each, get all references from it which lead to other items within the context of the change
+            $newReferencesInContext = $new->referencesFrom()->whereRaw($toReferenceQuery, $bindings)->get();
+            // For each reference, update the URL and the reference entry
+            foreach ($newReferencesInContext as $reference) {
+                $oldToEntity = $reference->to;
+                $newToEntity = $context->getNewForOld($oldToEntity);
+                if ($newToEntity === null) {
+                    continue;
+                }
+
+                $this->updateReferencesWithinEntity($new, $oldToEntity->getUrl(), $newToEntity->getUrl());
+                if ($newToEntity instanceof Page && $oldToEntity instanceof Page) {
+                    $this->updateReferencesWithinEntity($new, $oldToEntity->getPermalink(), $newToEntity->getPermalink());
+                }
+                $reference->to_id = $newToEntity->id;
+                $reference->to_type = $newToEntity->getMorphClass();
+                $reference->save();
+            }
+        }
+    }
+
     /**
      * @return Reference[]
      */

app/Search/SearchController.php

@@ -25,11 +25,12 @@ class SearchController extends Controller
         $searchOpts = SearchOptions::fromRequest($request);
         $fullSearchString = $searchOpts->toString();
         $page = intval($request->get('page', '0')) ?: 1;
+        $count = setting()->getInteger('lists-page-count-search', 18, 1, 1000);
 
-        $results = $this->searchRunner->searchEntities($searchOpts, 'all', $page, 20);
+        $results = $this->searchRunner->searchEntities($searchOpts, 'all', $page, $count);
         $formatter->format($results['results']->all(), $searchOpts);
-        $paginator = new LengthAwarePaginator($results['results'], $results['total'], 20, $page);
-        $paginator->setPath('/search');
+        $paginator = new LengthAwarePaginator($results['results'], $results['total'], $count, $page);
+        $paginator->setPath(url('/search'));
         $paginator->appends($request->except('page'));
 
         $this->setPageTitle(trans('entities.search_for_term', ['term' => $fullSearchString]));
@@ -77,8 +78,9 @@ class SearchController extends Controller
 
         // Search for entities otherwise show most popular
         if ($searchTerm !== false) {
-            $searchTerm .= ' {type:' . implode('|', $entityTypes) . '}';
-            $entities = $this->searchRunner->searchEntities(SearchOptions::fromString($searchTerm), 'all', 1, 20)['results'];
+            $options = SearchOptions::fromString($searchTerm);
+            $options->setFilter('type', implode('|', $entityTypes));
+            $entities = $this->searchRunner->searchEntities($options, 'all', 1, 20)['results'];
         } else {
             $entities = $queryPopular->run(20, 0, $entityTypes);
         }

app/Search/SearchOptionSet.php

@@ -82,4 +82,12 @@ class SearchOptionSet
         $values = array_values(array_filter($this->options, fn (SearchOption $option) => !$option->negated));
         return new self($values);
     }
+
+    /**
+     * @return self<T>
+     */
+    public function limit(int $limit): self
+    {
+        return new self(array_slice(array_values($this->options), 0, $limit));
+    }
 }

app/Search/SearchOptions.php

@@ -35,6 +35,7 @@ class SearchOptions
     {
         $instance = new self();
         $instance->addOptionsFromString($search);
+        $instance->limitOptions();
         return $instance;
     }
 
@@ -87,6 +88,8 @@ class SearchOptions
             $instance->filters = $instance->filters->merge($extras->filters);
         }
 
+        $instance->limitOptions();
+
         return $instance;
     }
 
@@ -147,6 +150,25 @@ class SearchOptions
         $this->filters = $this->filters->merge(new SearchOptionSet($terms['filters']));
     }
 
+    /**
+     * Limit the amount of search options to reasonable levels.
+     * Provides higher limits to logged-in users since that signals a slightly
+     * higher level of trust.
+     */
+    protected function limitOptions(): void
+    {
+        $userLoggedIn = !user()->isGuest();
+        $searchLimit = $userLoggedIn ? 10 : 5;
+        $exactLimit = $userLoggedIn ? 4 : 2;
+        $tagLimit = $userLoggedIn ? 8 : 4;
+        $filterLimit = $userLoggedIn ? 10 : 5;
+
+        $this->searches = $this->searches->limit($searchLimit);
+        $this->exacts = $this->exacts->limit($exactLimit);
+        $this->tags = $this->tags->limit($tagLimit);
+        $this->filters = $this->filters->limit($filterLimit);
+    }
+
     /**
      * Decode backslash escaping within the input string.
      */

app/Settings/AppSettingsStore.php

@@ -14,7 +14,7 @@ class AppSettingsStore
     ) {
     }
 
-    public function storeFromUpdateRequest(Request $request, string $category)
+    public function storeFromUpdateRequest(Request $request, string $category): void
     {
         $this->storeSimpleSettings($request);
         if ($category === 'customization') {
@@ -76,7 +76,7 @@ class AppSettingsStore
     protected function storeSimpleSettings(Request $request): void
     {
         foreach ($request->all() as $name => $value) {
-            if (strpos($name, 'setting-') !== 0) {
+            if (!str_starts_with($name, 'setting-')) {
                 continue;
             }
 
@@ -85,7 +85,7 @@ class AppSettingsStore
         }
     }
 
-    protected function destroyExistingSettingImage(string $settingKey)
+    protected function destroyExistingSettingImage(string $settingKey): void
     {
         $existingVal = setting()->get($settingKey);
         if ($existingVal) {

app/Settings/SettingService.php

@@ -28,6 +28,21 @@ class SettingService
         return $this->formatValue($value, $default);
     }
 
+    /**
+     * Get a setting from the database as an integer.
+     * Returns the default value if not found or not an integer, and clamps the value to the given min/max range.
+     */
+    public function getInteger(string $key, int $default, int $min = 0, int $max = PHP_INT_MAX): int
+    {
+        $value = $this->get($key, $default);
+        if (!is_numeric($value)) {
+            return $default;
+        }
+
+        $int = intval($value);
+        return max($min, min($max, $int));
+    }
+
     /**
      * Get a value from the session instead of the main store option.
      */

app/Settings/UserNotificationPreferences.php

@@ -26,9 +26,14 @@ class UserNotificationPreferences
         return $this->getNotificationSetting('comment-replies');
     }
 
+    public function notifyOnCommentMentions(): bool
+    {
+        return $this->getNotificationSetting('comment-mentions');
+    }
+
     public function updateFromSettingsArray(array $settings)
     {
-        $allowList = ['own-page-changes', 'own-page-comments', 'comment-replies'];
+        $allowList = ['own-page-changes', 'own-page-comments', 'comment-replies', 'comment-mentions'];
         foreach ($settings as $setting => $status) {
             if (!in_array($setting, $allowList)) {
                 continue;

app/Sorting/BookSorter.php

@@ -8,12 +8,14 @@ use BookStack\Entities\Models\Chapter;
 use BookStack\Entities\Models\Entity;
 use BookStack\Entities\Models\Page;
 use BookStack\Entities\Queries\EntityQueries;
+use BookStack\Entities\Tools\ParentChanger;
 use BookStack\Permissions\Permission;
 
 class BookSorter
 {
     public function __construct(
         protected EntityQueries $queries,
+        protected ParentChanger $parentChanger,
     ) {
     }
 
@@ -155,7 +157,7 @@ class BookSorter
 
         // Action the required changes
         if ($bookChanged) {
-            $model = $model->changeBook($newBook->id);
+            $this->parentChanger->changeBook($model, $newBook->id);
         }
 
         if ($model instanceof Page && $chapterChanged) {

app/Uploads/ImageResizer.php

@@ -55,7 +55,7 @@ class ImageResizer
 
     /**
      * Get the thumbnail for an image.
-     * If $keepRatio is true only the width will be used.
+     * If $keepRatio is true, only the width will be used.
      * Checks the cache then storage to avoid creating / accessing the filesystem on every check.
      *
      * @throws Exception
@@ -84,7 +84,7 @@ class ImageResizer
             return $this->storage->getPublicUrl($cachedThumbPath);
         }
 
-        // If thumbnail has already been generated, serve that and cache path
+        // If a thumbnail has already been generated, serve that and cache path
         $disk = $this->storage->getDisk($image->type);
         if (!$shouldCreate && $disk->exists($thumbFilePath)) {
             Cache::put($thumbCacheKey, $thumbFilePath, static::THUMBNAIL_CACHE_TIME);
@@ -110,7 +110,7 @@ class ImageResizer
     }
 
     /**
-     * Resize the image of given data to the specified size, and return the new image data.
+     * Resize the image of given data to the specified size and return the new image data.
      * Format will remain the same as the input format, unless specified.
      *
      * @throws ImageUploadException
@@ -125,6 +125,7 @@ class ImageResizer
         try {
             $thumb = $this->interventionFromImageData($imageData, $format);
         } catch (Exception $e) {
+            Log::error('Failed to resize image with error:' . $e->getMessage());
             throw new ImageUploadException(trans('errors.cannot_create_thumbs'));
         }
 
@@ -154,17 +155,21 @@ class ImageResizer
 
     /**
      * Create an intervention image instance from the given image data.
-     * Performs some manual library usage to ensure image is specifically loaded
+     * Performs some manual library usage to ensure the image is specifically loaded
      * from given binary data instead of data being misinterpreted.
      */
     protected function interventionFromImageData(string $imageData, ?string $fileType): InterventionImage
     {
+        if (!extension_loaded('gd')) {
+            throw new ImageUploadException('The PHP "gd" extension is required to resize images, but is missing.');
+        }
+
         $manager = new ImageManager(
             new Driver(),
             autoOrientation: false,
         );
 
-        // Ensure gif images are decoded natively instead of deferring to intervention GIF
+        // Ensure GIF images are decoded natively instead of deferring to intervention GIF
         // handling since we don't need the added animation support.
         $isGif = $fileType === 'gif';
         $decoder = $isGif ? NativeObjectDecoder::class : BinaryImageDecoder::class;
@@ -223,7 +228,7 @@ class ImageResizer
     }
 
     /**
-     * Checks if the image is a gif. Returns true if it is, else false.
+     * Checks if the image is a GIF. Returns true if it is, else false.
      */
     protected function isGif(Image $image): bool
     {
@@ -250,7 +255,7 @@ class ImageResizer
 
     /**
      * Check if the given avif image data represents an animated image.
-     * This is based up the answer here: https://stackoverflow.com/a/79457313
+     * This is based upon the answer here: https://stackoverflow.com/a/79457313
      */
     protected function isAnimatedAvifData(string &$imageData): bool
     {

app/Users/Controllers/UserSearchController.php

@@ -5,6 +5,7 @@ namespace BookStack\Users\Controllers;
 use BookStack\Http\Controller;
 use BookStack\Permissions\Permission;
 use BookStack\Users\Models\User;
+use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Http\Request;
 
 class UserSearchController extends Controller
@@ -34,8 +35,43 @@ class UserSearchController extends Controller
             $query->where('name', 'like', '%' . $search . '%');
         }
 
+        /** @var Collection<User> $users */
+        $users = $query->get();
+
         return view('form.user-select-list', [
-            'users' => $query->get(),
+            'users' => $users,
+        ]);
+    }
+
+    /**
+     * Search users in the system, with the response formatted
+     * for use in a list of mentions.
+     */
+    public function forMentions(Request $request)
+    {
+        $hasPermission = !user()->isGuest() && (
+                userCan(Permission::CommentCreateAll)
+                || userCan(Permission::CommentUpdate)
+            );
+
+        if (!$hasPermission) {
+            $this->showPermissionError();
+        }
+
+        $search = $request->get('search', '');
+        $query = User::query()
+            ->orderBy('name', 'asc')
+            ->take(20);
+
+        if (!empty($search)) {
+            $query->where('name', 'like', '%' . $search . '%');
+        }
+
+        /** @var Collection<User> $users */
+        $users = $query->get();
+
+        return view('form.user-mention-list', [
+            'users' => $users,
         ]);
     }
 }

app/Users/Models/User.php

@@ -11,7 +11,6 @@ use BookStack\Activity\Models\Watch;
 use BookStack\Api\ApiToken;
 use BookStack\App\Model;
 use BookStack\App\SluggableInterface;
-use BookStack\Entities\Tools\SlugGenerator;
 use BookStack\Permissions\Permission;
 use BookStack\Translation\LocaleDefinition;
 use BookStack\Translation\LocaleManager;
@@ -358,14 +357,4 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
     {
         return "({$this->id}) {$this->name}";
     }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function refreshSlug(): string
-    {
-        $this->slug = app()->make(SlugGenerator::class)->generate($this, $this->name);
-
-        return $this->slug;
-    }
 }

app/Users/UserRepo.php

@@ -5,6 +5,7 @@ namespace BookStack\Users;
 use BookStack\Access\UserInviteException;
 use BookStack\Access\UserInviteService;
 use BookStack\Activity\ActivityType;
+use BookStack\Entities\Tools\SlugGenerator;
 use BookStack\Exceptions\NotifyException;
 use BookStack\Exceptions\UserUpdateException;
 use BookStack\Facades\Activity;
@@ -21,7 +22,8 @@ class UserRepo
 {
     public function __construct(
         protected UserAvatars $userAvatar,
-        protected UserInviteService $inviteService
+        protected UserInviteService $inviteService,
+        protected SlugGenerator $slugGenerator,
     ) {
     }
 
@@ -63,7 +65,7 @@ class UserRepo
         $user->email_confirmed = $emailConfirmed;
         $user->external_auth_id = $data['external_auth_id'] ?? '';
 
-        $user->refreshSlug();
+        $this->slugGenerator->regenerateForUser($user);
         $user->save();
 
         if (!empty($data['language'])) {
@@ -109,7 +111,7 @@ class UserRepo
     {
         if (!empty($data['name'])) {
             $user->name = $data['name'];
-            $user->refreshSlug();
+            $this->slugGenerator->regenerateForUser($user);
         }
 
         if (!empty($data['email']) && $manageUsersAllowed) {

app/Util/HtmlDescriptionFilter.php

@@ -19,7 +19,7 @@ class HtmlDescriptionFilter
      */
     protected static array $allowedAttrsByElements = [
         'p' => [],
-        'a' => ['href', 'title', 'target'],
+        'a' => ['href', 'title', 'target', 'data-mention-user-id'],
         'ol' => [],
         'ul' => [],
         'li' => [],

composer.json

@@ -31,7 +31,7 @@
         "league/oauth2-client": "^2.6",
         "onelogin/php-saml": "^4.3.1",
         "phpseclib/phpseclib": "^3.0",
-        "pragmarx/google2fa": "^8.0",
+        "pragmarx/google2fa": "^9.0",
         "predis/predis": "^3.2",
         "socialiteproviders/discord": "^4.1",
         "socialiteproviders/gitlab": "^4.1",
@@ -47,7 +47,7 @@
         "nunomaduro/collision": "^8.6",
         "larastan/larastan": "^v3.0",
         "phpunit/phpunit": "^11.5",
-        "squizlabs/php_codesniffer": "^3.7",
+        "squizlabs/php_codesniffer": "^4.0.1",
         "ssddanbrown/asserthtml": "^3.1"
     },
     "autoload": {

crowdin.yml

@@ -1,3 +1,4 @@
+project_id: "377219"
 project_identifier: bookstack
 base_path: .
 preserve_hierarchy: false

database/factories/Entities/Models/SlugHistoryFactory.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace Database\Factories\Entities\Models;
+
+use BookStack\Entities\Models\Book;
+use Illuminate\Database\Eloquent\Factories\Factory;
+
+/**
+ * @extends \Illuminate\Database\Eloquent\Factories\Factory<\BookStack\Entities\Models\SlugHistory>
+ */
+class SlugHistoryFactory extends Factory
+{
+    protected $model = \BookStack\Entities\Models\SlugHistory::class;
+
+    /**
+     * Define the model's default state.
+     *
+     * @return array<string, mixed>
+     */
+    public function definition(): array
+    {
+        return [
+            'sluggable_id' => Book::factory(),
+            'sluggable_type' => 'book',
+            'slug' => $this->faker->slug(),
+            'parent_slug' => null,
+        ];
+    }
+}

database/migrations/2025_11_23_161812_create_slug_history_table.php

@@ -0,0 +1,51 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        // Create the table for storing slug history
+        Schema::create('slug_history', function (Blueprint $table) {
+            $table->increments('id');
+            $table->string('sluggable_type', 10)->index();
+            $table->unsignedBigInteger('sluggable_id')->index();
+            $table->string('slug')->index();
+            $table->string('parent_slug')->nullable()->index();
+            $table->timestamps();
+        });
+
+        // Migrate in slugs from page revisions
+        $revisionSlugQuery = DB::table('page_revisions')
+            ->select([
+                DB::raw('\'page\' as sluggable_type'),
+                'page_id as sluggable_id',
+                'slug',
+                'book_slug as parent_slug',
+                DB::raw('min(created_at) as created_at'),
+                DB::raw('min(updated_at) as updated_at'),
+            ])
+            ->where('type', '=', 'version')
+            ->groupBy(['sluggable_id', 'slug', 'parent_slug']);
+
+        DB::table('slug_history')->insertUsing(
+            ['sluggable_type', 'sluggable_id', 'slug', 'parent_slug', 'created_at', 'updated_at'],
+            $revisionSlugQuery,
+        );
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::dropIfExists('slug_history');
+    }
+};

database/migrations/2025_12_15_140219_create_mention_history_table.php

@@ -0,0 +1,31 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::create('mention_history', function (Blueprint $table) {
+            $table->increments('id');
+            $table->string('mentionable_type', 50)->index();
+            $table->unsignedBigInteger('mentionable_id')->index();
+            $table->unsignedInteger('from_user_id');
+            $table->unsignedInteger('to_user_id');
+            $table->timestamps();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::dropIfExists('mention_history');
+    }
+};

database/migrations/2025_12_19_103417_add_views_viewable_type_index.php

@@ -0,0 +1,28 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('views', function (Blueprint $table) {
+            $table->index('viewable_type', 'views_viewable_type_index');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('views', function (Blueprint $table) {
+            $table->dropIndex('views_viewable_type_index');
+        });
+    }
+};

dev/build/esbuild.mjs

@@ -1,12 +1,15 @@
 #!/usr/bin/env node
 
-const esbuild = require('esbuild');
-const path = require('path');
-const fs = require('fs');
+import * as esbuild from 'esbuild';
+import * as path from 'node:path';
+import * as fs from 'node:fs';
+import * as process from "node:process";
 
 // Check if we're building for production
 // (Set via passing `production` as first argument)
-const isProd = process.argv[2] === 'production';
+const mode = process.argv[2];
+const isProd = mode === 'production';
+const __dirname = import.meta.dirname;
 
 // Gather our input files
 const entryPoints = {
@@ -17,11 +20,16 @@ const entryPoints = {
     wysiwyg: path.join(__dirname, '../../resources/js/wysiwyg/index.ts'),
 };
 
+// Watch styles so we can reload on change
+if (mode === 'watch') {
+    entryPoints['styles-dummy'] = path.join(__dirname, '../../public/dist/styles.css');
+}
+
 // Locate our output directory
 const outdir = path.join(__dirname, '../../public/dist');
 
-// Build via esbuild
-esbuild.build({
+// Define the options for esbuild
+const options = {
     bundle: true,
     metafile: true,
     entryPoints,
@@ -33,6 +41,7 @@ esbuild.build({
     minify: isProd,
     logLevel: 'info',
     loader: {
+        '.html': 'copy',
         '.svg': 'text',
     },
     absWorkingDir: path.join(__dirname, '../..'),
@@ -45,6 +54,34 @@ esbuild.build({
         js: '// See the "/licenses" URI for full package license details',
         css: '/* See the "/licenses" URI for full package license details */',
     },
-}).then(result => {
+};
+
+if (mode === 'watch') {
+    options.inject = [
+        path.join(__dirname, './livereload.js'),
+    ];
+}
+
+const ctx = await esbuild.context(options);
+
+if (mode === 'watch') {
+    // Watch for changes and rebuild on change
+    ctx.watch({});
+    let {hosts, port} = await ctx.serve({
+        servedir: path.join(__dirname, '../../public'),
+        cors: {
+            origin: '*',
+        }
+    });
+} else {
+    // Build with meta output for analysis
+    const result = await ctx.rebuild();
+    const outputs = result.metafile.outputs;
+    const files = Object.keys(outputs);
+    for (const file of files) {
+        const output = outputs[file];
+        console.log(`Written: ${file} @ ${Math.round(output.bytes / 1000)}kB`);
+    }
     fs.writeFileSync('esbuild-meta.json', JSON.stringify(result.metafile));
-}).catch(() => process.exit(1));
+    process.exit(0);
+}

dev/build/livereload.js

@@ -0,0 +1,35 @@
+if (!window.__dev_reload_listening) {
+    listen();
+    window.__dev_reload_listening = true;
+}
+
+
+function listen() {
+    console.log('Listening for livereload events...');
+    new EventSource("http://127.0.0.1:8000/esbuild").addEventListener('change', e => {
+        const { added, removed, updated } = JSON.parse(e.data);
+
+        if (!added.length && !removed.length && updated.length > 0) {
+            const updatedPath = updated.filter(path => path.endsWith('.css'))[0]
+            if (!updatedPath) return;
+
+            const links = [...document.querySelectorAll("link[rel='stylesheet']")];
+            for (const link of links) {
+                const url = new URL(link.href);
+                const name = updatedPath.replace('-dummy', '');
+
+                if (url.pathname.endsWith(name)) {
+                    const next = link.cloneNode();
+                    next.href = name + '?version=' + Math.random().toString(36).slice(2);
+                    next.onload = function() {
+                        link.remove();
+                    };
+                    link.after(next);
+                    return
+                }
+            }
+        }
+
+        location.reload()
+    });
+}

dev/checksums/vendor

@@ -1 +1 @@
-719becaceccf0efff4b6a445e98353a0f88eeaf557e63451b892c672a4facc10
+8c5c595184876ce12928f309aa3c9b571987c5e44c69c57c9cb17487f62bd709

dev/docker/Dockerfile

@@ -14,6 +14,9 @@ RUN apt-get update && \
         wait-for-it && \
     rm -rf /var/lib/apt/lists/*
 
+# Mark /app as safe for Git >= 2.35.2
+RUN git config --system --add safe.directory /app
+
 # Install PHP extensions
 RUN docker-php-ext-configure ldap --with-libdir="lib/$(gcc -dumpmachine)" && \
     docker-php-ext-configure gd --with-freetype --with-jpeg && \

dev/docker/db-testing/Dockerfile

@@ -19,8 +19,8 @@ ARG BRANCH=development
 # Download BookStack & install PHP deps
 RUN mkdir -p /var/www && \
     git clone https://github.com/bookstackapp/bookstack.git --branch "$BRANCH" --single-branch /var/www/bookstack && \
-    cd /var/www/bookstack && \	
-   wget https://raw.githubusercontent.com/composer/getcomposer.org/f3108f64b4e1c1ce6eb462b159956461592b3e3e/web/installer -O - -q | php -- --quiet --filename=composer && \
+    cd /var/www/bookstack && \
+    wget https://raw.githubusercontent.com/composer/getcomposer.org/f3108f64b4e1c1ce6eb462b159956461592b3e3e/web/installer -O - -q | php -- --quiet --filename=composer && \
     php composer install
 
 # Set the BookStack dir as the default working dir

dev/docker/db-testing/readme.md

@@ -0,0 +1,32 @@
+# Database Testing Suite
+
+This docker setup is designed to run BookStack's test suite against each major database version we support
+across MySQL and MariaDB to ensure compatibility and highlight any potential issues before a release.
+This is a fairly slow and heavy process, so is designed to just be run manually before a release which
+makes changes to the database schema, or a release which makes significant changes to database queries.
+
+### Running
+
+Everything is ran via the `run.sh` script. This will:
+
+- Optionally, accept a branch of BookStack to use for testing.
+- Build the docker image from the `Dockerfile`.
+  - This will include a built-in copy of the chosen BookStack branch. 
+- Cycle through each major supported database version:
+  - Migrate and seed the database.
+  - Run the full PHP test suite.
+
+If there's a failure for a database version, the script will prompt if you'd like to continue or stop testing.
+
+This script should be ran from this `db-testing` directory:
+
+```bash
+# Enter this directory
+cd dev/docker/db-testing
+
+# Runs for the 'development' branch by default
+./run.sh
+
+# Run for a specific branch
+./run.sh v25-11
+```

dev/docker/db-testing/run.sh

@@ -3,7 +3,7 @@
 BRANCH=${1:-development}
 
 # Build the container with a known name
-docker build --build-arg BRANCH="$BRANCH" -t bookstack:db-testing .
+docker build --no-cache --build-arg BRANCH="$BRANCH" -t bookstack:db-testing .
 if [ $? -eq 1 ]; then
   echo "Failed to build app container for testing"
   exit 1
@@ -11,11 +11,9 @@ fi
 
 # List of database containers to test against
 containers=(
-  "mysql:5.7"
   "mysql:8.0"
   "mysql:8.4"
   "mysql:9.5"
-  "mariadb:10.2"
   "mariadb:10.6"
   "mariadb:10.11"
   "mariadb:11.4"

dev/docs/development.md

@@ -3,7 +3,7 @@
 All development on BookStack is currently done on the `development` branch. 
 When it's time for a release the `development` branch is merged into release with built & minified CSS & JS then tagged at its version. Here are the current development requirements:
 
-* [Node.js](https://nodejs.org/en/) v20.0+
+* [Node.js](https://nodejs.org/en/) v22.0+
 
 ## Building CSS & JavaScript Assets
 

dev/docs/javascript-code.md

@@ -161,3 +161,7 @@ window.$components.firstOnElement(element, name);
 There are a range of available events that are emitted as part of a public & supported API for accessing or extending JavaScript libraries & components used in the system.
 
 Details on these events can be found in the [JavaScript Public Events file](javascript-public-events.md).
+
+## WYSIWYG Editor API
+
+Details on the API for our custom-built WYSIWYG editor can be found in the [WYSIWYG JavaScript API file](./wysiwyg-js-api.md).

dev/docs/javascript-public-events.md

@@ -60,7 +60,7 @@ This event is called when the markdown editor loads, post configuration but befo
 
 #### Event Data
 
-- `markdownIt` - A references to the [MarkdownIt](https://markdown-it.github.io/markdown-it/#MarkdownIt) instance used to render markdown to HTML (Just for the preview).
+- `markdownIt` - A reference to the [MarkdownIt](https://markdown-it.github.io/markdown-it/#MarkdownIt) instance used to render markdown to HTML (Just for the preview).
 - `displayEl` - The IFrame Element that wraps the HTML preview display.
 - `cmEditorView` - The CodeMirror [EditorView](https://codemirror.net/docs/ref/#view.EditorView) instance used for the markdown input editor.
 
@@ -79,7 +79,7 @@ window.addEventListener('editor-markdown::setup', event => {
 This event is called as the embedded diagrams.net drawing editor loads, to allow configuration of the diagrams.net interface.
 See [this diagrams.net page](https://www.diagrams.net/doc/faq/configure-diagram-editor) for details on the available options for the configure event.
 
-If using a custom diagrams.net instance, via the `DRAWIO` option, you will need to ensure  your DRAWIO option URL has the `configure=1` query parameter.
+If using a custom diagrams.net instance, via the `DRAWIO` option, you will need to ensure your DRAWIO option URL has the `configure=1` query parameter.
 
 #### Event Data
 
@@ -134,6 +134,47 @@ window.addEventListener('editor-tinymce::setup', event => {
 });
 ```
 
+### `editor-wysiwyg::post-init`
+
+This is called after the (new custom-built Lexical-based) WYSIWYG editor has been initialised.
+
+#### Event Data
+
+- `usage` - A string label to identify the usage type of the WYSIWYG editor in BookStack.
+- `api` - An instance to the WYSIWYG editor API, as documented in the [WYSIWYG JavaScript API file](./wysiwyg-js-api.md).
+
+##### Example
+
+The below example shows how you'd use this API to create a button, with that button added to the main toolbar of the page editor, which inserts bold "Hello!" text on press:
+
+<details>
+<summary>Show Example</summary>
+
+```javascript
+window.addEventListener('editor-wysiwyg::post-init', event => {
+    const {usage, api} = event.detail;
+    // Check that it's the page editor which is being loaded
+    if (usage !== 'page-editor') {
+        return;
+    }
+    
+    // Create a custom button which inserts bold hello text on press
+    const button = api.ui.createButton({
+        label: 'Greet',
+        action: () => {
+            api.content.insertHtml(`<strong>Hello!</strong>`);
+        }
+    });
+    
+    // Add the button to the start of the first section within the main toolbar
+    const toolbar = api.ui.getMainToolbar();
+    if (toolbar) {
+      toolbar.getSections()[0]?.addButton(button, 0);   
+    }
+});
+```
+</details>
+
 ### `library-cm6::configure-theme`
 
 This event is called whenever a CodeMirror instance is loaded, as a method to configure the theme used by CodeMirror. This applies to all CodeMirror instances including in-page code blocks, editors using in BookStack settings, and the Page markdown editor.
@@ -142,7 +183,7 @@ This event is called whenever a CodeMirror instance is loaded, as a method to co
 
 - `darkModeActive` - A boolean to indicate if the current view/page is being loaded with dark mode active.
 - `registerViewTheme(builder)` - A method that can be called to register a new view (CodeMirror UI) theme.
-  - `builder` - A function that will return  an object that will be passed into the CodeMirror [EditorView.theme()](https://codemirror.net/docs/ref/#view.EditorView^theme) function as a StyleSpec.
+  - `builder` - A function that will return an object that will be passed into the CodeMirror [EditorView.theme()](https://codemirror.net/docs/ref/#view.EditorView^theme) function as a StyleSpec.
 - `registerHighlightStyle(builder)` - A method that can be called to register a new HighlightStyle (code highlighting) theme.
   - `builder` - A function, that receives a reference to [Tag.tags](https://lezer.codemirror.net/docs/ref/#highlight.tags) and returns an array of [TagStyle](https://codemirror.net/docs/ref/#language.TagStyle) objects.
 
@@ -301,7 +342,7 @@ This event is called just after any CodeMirror instances are initialised so that
 
 ##### Example
 
-The below shows how you'd prepend some default text to all content (page) code blocks.
+The below example shows how you'd prepend some default text to all content (page) code blocks.
 
 <details>
 <summary>Show Example</summary>
@@ -318,4 +359,4 @@ window.addEventListener('library-cm6::post-init', event => {
     }
 });
 ```
-</details>
+</details>

dev/docs/wysiwyg-js-api.md

@@ -0,0 +1,136 @@
+# WYSIWYG JavaScript API
+
+**Warning: This API is currently in development and may change without notice.**
+
+Feedback is very much welcomed via this issue: https://github.com/BookStackApp/BookStack/issues/5937
+
+This document covers the JavaScript API for the (newer Lexical-based) WYSIWYG editor.
+This API is built and designed to abstract the internals of the editor away
+to provide a stable interface for performing common customizations.
+
+Only the methods and properties documented here are guaranteed to be stable **once this API
+is out of initial development**.
+Other elements may be accessible but are not designed to be used directly, and therefore may change
+without notice.
+Stable parts of the API may still change where needed, but such changes would be noted as part of BookStack update advisories.
+
+The methods shown here are documented using standard TypeScript notation.
+
+## Overview
+
+The API is provided as an object, which itself provides a number of modules
+via its properties:
+
+- `ui` - Provides methods related to the UI of the editor, like buttons and toolbars.
+- `content` - Provides methods related to the live user content being edited upon.
+
+Each of these modules, and the relevant types used within, are documented in detail below.
+
+The API object itself is provided via the [editor-wysiwyg::post-init](./javascript-public-events.md#editor-wysiwygpost-init)
+JavaScript public event, so you can access it like so:
+
+```javascript
+window.addEventListener('editor-wysiwyg::post-init', event => {
+    const {api} = event.detail;
+});
+```
+
+---
+
+## UI Module
+
+This module provides methods related to the UI of the editor, like buttons and toolbars.
+
+### Methods
+
+#### createButton(options: object): EditorApiButton
+
+Creates a new button which can be used by other methods.
+This takes an option object with the following properties:
+
+- `label` - string, optional - Used for the button text if no icon provided, or the button tooltip if an icon is provided.
+- `icon` - string, optional - The icon to use for the button. Expected to be an SVG string.
+- `action` - callback, required - The action to perform when the button is clicked.
+
+The function returns an [EditorApiButton](#editorapibutton) object.
+
+**Example**
+
+```javascript
+const button = api.ui.createButton({
+    label: 'Warn',
+    icon: '<svg>...</svg>',
+    action: () => {
+        window.alert('You clicked the button!');
+    }
+});
+```
+
+### getMainToolbar(): EditorApiToolbar
+
+Get the main editor toolbar. This is typically the toolbar at the top of the editor.
+The function returns an [EditorApiToolbar](#editorapitoolbar) object, or null if no toolbar is found.
+
+**Example**
+
+```javascript
+const toolbar = api.ui.getMainToolbar();
+const sections = toolbar?.getSections() || [];
+if (sections.length > 0) {
+    sections[0].addButton(button);
+}
+```
+
+### Types
+
+These are types which may be provided from UI module methods.
+
+#### EditorApiButton
+
+Represents a button created via the `createButton` method.
+This has the following methods:
+
+- `setActive(isActive: boolean): void` - Sets whether the button should be in an active state or not (typically active buttons appear as pressed).
+
+#### EditorApiToolbar
+
+Represents a toolbar within the editor. This is a bar typically containing sets of buttons.
+This has the following methods:
+
+- `getSections(): EditorApiToolbarSection[]` - Provides the main [EditorApiToolbarSections](#editorapitoolbarsection) contained within this toolbar.
+
+#### EditorApiToolbarSection
+
+Represents a section of the main editor toolbar, which contains a set of buttons.
+This has the following methods:
+
+- `getLabel(): string` - Provides the string label of the section.
+- `addButton(button: EditorApiButton, targetIndex: number = -1): void` - Adds a button to the section.
+  - By default, this will append the button, although a target index can be provided to insert at a specific position.
+
+---
+
+## Content Module
+
+This module provides methods related to the live user content being edited within the editor.
+
+### Methods
+
+#### insertHtml(html: string, position: string = 'selection'): void
+
+Inserts the given HTML string at the given position string.
+The position, if not provided, will default to `'selection'`, replacing any existing selected content (or inserting at the selection if there's no active selection range).
+Valid position string values are: `selection`, `start` and `end`. `start` & `end` are relative to the whole editor document.
+The HTML is not assured to be added to the editor exactly as provided, since it will be parsed and serialised to fit the editor's internal known model format. Different parts of the HTML content may be handled differently depending on if it's block or inline content.
+
+The function does not return anything.
+
+**Example**
+
+```javascript
+// Basic insert at selection
+api.content.insertHtml('<p>Hello <strong>world</strong>!</p>');
+
+// Insert at the start of the editor content
+api.content.insertHtml('<p>I\'m at the start!</p>', 'start');
+```

dev/licensing/js-library-licenses.txt

@@ -1619,20 +1619,6 @@ Copyright: Copyright (c) 2015 Vitaly Puzrin.
 Source: markdown-it/linkify-it
 Link: markdown-it/linkify-it
 -----------
-livereload-js
-License: MIT
-License File: node_modules/livereload-js/LICENSE
-Copyright: Copyright (c) 2010-2012 Andrey Tarantsov
-Source: git://github.com/livereload/livereload-js.git
-Link: https://github.com/livereload/livereload-js
------------
-livereload
-License: MIT
-License File: node_modules/livereload/LICENSE
-Copyright: Copyright (c) 2010 Joshua Peek
-Source: http://github.com/napcs/node-livereload.git
-Link: http://github.com/napcs/node-livereload.git
------------
 load-json-file
 License: MIT
 License File: node_modules/load-json-file/license
@@ -1928,14 +1914,6 @@ Copyright: Copyright (c) George Zahariev
 Source: git://github.com/gkz/optionator.git
 Link: https://github.com/gkz/optionator
 -----------
-opts
-License: BSD-2-Clause
-License File: node_modules/opts/LICENSE.txt
-Copyright: Copyright (c) 2010, Joey Mazzarelli
-All rights reserved.
-Source: github:khtdr/opts
-Link: http://khtdr.com/opts
------------
 own-keys
 License: MIT
 License File: node_modules/own-keys/LICENSE
@@ -2318,9 +2296,9 @@ Link: https://github.com/ljharb/side-channel#readme
 signal-exit
 License: ISC
 License File: node_modules/signal-exit/LICENSE.txt
-Copyright: Copyright (c) 2015, Contributors
+Copyright: Copyright (c) 2015-2023 Benjamin Coe, Isaac Z. Schlueter, and Contributors
 Source: https://github.com/tapjs/signal-exit.git
-Link: https://github.com/tapjs/signal-exit
+Link: https://github.com/tapjs/signal-exit.git
 -----------
 slash
 License: MIT
@@ -3343,6 +3321,20 @@ Copyright: Copyright 2022 Romain Menke, Antonio Laguna <*******@******.**>
 Source: git+https://github.com/csstools/postcss-plugins.git
 Link: https://github.com/csstools/postcss-plugins/tree/main/packages/css-tokenizer#readme
 -----------
+@emnapi/core
+License: MIT
+License File: node_modules/@emnapi/core/LICENSE
+Copyright: Copyright (c) 2021-present Toyobayashi
+Source: git+https://github.com/toyobayashi/emnapi.git
+Link: https://github.com/toyobayashi/emnapi#readme
+-----------
+@emnapi/runtime
+License: MIT
+License File: node_modules/@emnapi/runtime/LICENSE
+Copyright: Copyright (c) 2021-present Toyobayashi
+Source: git+https://github.com/toyobayashi/emnapi.git
+Link: https://github.com/toyobayashi/emnapi#readme
+-----------
 @esbuild/linux-x64
 License: MIT
 Source: git+https://github.com/evanw/esbuild.git
@@ -3396,7 +3388,7 @@ Link: https://eslint.org
 License: Apache-2.0
 License File: node_modules/@eslint/object-schema/LICENSE
 Source: git+https://github.com/eslint/rewrite.git
-Link: https://github.com/eslint/rewrite#readme
+Link: https://github.com/eslint/rewrite/tree/main/packages/object-schema#readme
 -----------
 @eslint/plugin-kit
 License: Apache-2.0
@@ -3792,6 +3784,11 @@ Copyright: Copyright (c) Microsoft Corporation.
 Source: https://github.com/tsconfig/bases.git
 Link: https://github.com/tsconfig/bases.git
 -----------
+@tybys/wasm-util
+License: MIT
+Source: https://github.com/toyobayashi/wasm-util.git
+Link: https://github.com/toyobayashi/wasm-util.git
+-----------
 @types/babel__core
 License: MIT
 License File: node_modules/@types/babel__core/LICENSE

dev/licensing/php-library-licenses.txt

@@ -760,6 +760,13 @@ Copyright: Copyright (c) 2014-present Fabien Potencier
 Source: https://github.com/symfony/var-dumper.git
 Link: https://symfony.com
 -----------
+thecodingmachine/safe
+License: MIT
+License File: vendor/thecodingmachine/safe/LICENSE
+Copyright: Copyright (c) 2018 TheCodingMachine
+Source: https://github.com/thecodingmachine/safe.git
+Link: https://github.com/thecodingmachine/safe.git
+-----------
 tijsverkoyen/css-to-inline-styles
 License: BSD-3-Clause
 License File: vendor/tijsverkoyen/css-to-inline-styles/LICENSE.md

lang/ar/errors.php

@@ -109,6 +109,7 @@ return [
     'import_zip_cant_read' => 'لم أتمكن من قراءة المِلَفّ المضغوط -ZIP-.',
     'import_zip_cant_decode_data' => 'لم نتمكن من العثور على محتوى المِلَفّ المضغوط data.json وفك تشفيره.',
     'import_zip_no_data' => 'لا تتضمن بيانات المِلَفّ المضغوط أي محتوى متوقع للكتاب أو الفصل أو الصفحة.',
+    'import_zip_data_too_large' => 'ZIP data.json content exceeds the configured application maximum upload size.',
     'import_validation_failed' => 'فشل التحقق من صحة استيراد المِلَفّ المضغوط بسبب الأخطاء التالية:',
     'import_zip_failed_notification' => 'فشل استيراد المِلَفّ المضغوط.',
     'import_perms_books' => 'أنت تفتقر إلى الصلاحيات المطلوبة لإنشاء الكتب.',

lang/ar/notifications.php

@@ -11,6 +11,8 @@ return [
     'updated_page_subject' => 'تم تحديث الصفحة: :pageName',
     'updated_page_intro' => 'تم تحديث الصفحة في :appName:',
     'updated_page_debounce' => 'لمنع تلقي عدد كبير من الإشعارات، لن يتم إرسال إشعارات إليك لفترة من الوقت لإجراء المزيد من التعديلات على هذه الصفحة بواسطة نفس المحرر.',
+    'comment_mention_subject' => 'You have been mentioned in a comment on page: :pageName',
+    'comment_mention_intro' => 'You were mentioned in a comment on :appName:',
 
     'detail_page_name' => 'اسم الصفحة:',
     'detail_page_path' => 'مسار الصفحة:',

lang/ar/preferences.php

@@ -23,6 +23,7 @@ return [
     'notifications_desc' => 'التحكم في إشعارات البريد الإلكتروني الذي تتلقاها عند إجراء نشاط معين داخل النظام.',
     'notifications_opt_own_page_changes' => 'إشعاري عند حدوث تغييرات في الصفحات التي أملكها',
     'notifications_opt_own_page_comments' => 'إشعاري بشأن التعليقات على الصفحات التي أملكها',
+    'notifications_opt_comment_mentions' => 'Notify when I\'m mentioned in a comment',
     'notifications_opt_comment_replies' => 'إشعاري عند الردود على تعليقاتي',
     'notifications_save' => 'حفظ اﻹعدادات',
     'notifications_update_success' => 'تم تحديث إعدادات الإشعارات!',

lang/ar/settings.php

@@ -75,7 +75,7 @@ return [
     'reg_confirm_restrict_domain_placeholder' => 'لم يتم اختيار أي قيود',
 
     // Sorting Settings
-    'sorting' => 'طريقة الترتيب',
+    'sorting' => 'القوائم و الفرز',
     'sorting_book_default' => 'ترتيب الكتاب الافتراضي',
     'sorting_book_default_desc' => 'حدد قاعدة الترتيب الافتراضية لتطبيقها على الكتب الجديدة. لن يؤثر هذا على الكتب الحالية، ويمكن تجاوزه لكل كتاب على حدة.',
     'sorting_rules' => 'قواعد الترتيب',
@@ -103,6 +103,8 @@ return [
     'sort_rule_op_updated_date' => 'تاريخ التحديث',
     'sort_rule_op_chapters_first' => 'الفصول الأولى',
     'sort_rule_op_chapters_last' => 'الفصول الأخيرة',
+    'sorting_page_limits' => 'حدود العرض لكل صفحة',
+    'sorting_page_limits_desc' => 'تعيين عدد العناصر لإظهار كل صفحة في قوائم مختلفة داخل النظام. عادةً ما يكون الرقم الأقل هو الأكثر أداء، بينما وضع رقم أعلى يغني عن النقر على صفحات متعددة. يوصى باستخدام مضاعفات رقم ٣ (18 و 24 و 30 و إلخ...).',
 
     // Maintenance settings
     'maint' => 'الصيانة',
@@ -195,11 +197,13 @@ return [
     'role_import_content' => 'استيراد المحتوى',
     'role_editor_change' => 'تغيير محرر الصفحة',
     'role_notifications' => 'تلقي الإشعارات وإدارتها',
+    'role_permission_note_users_and_roles' => 'These permissions will technically also provide visibility & searching of users & roles in the system.',
     'role_asset' => 'أذونات الأصول',
     'roles_system_warning' => 'اعلم أن الوصول إلى أي من الأذونات الثلاثة المذكورة أعلاه يمكن أن يسمح للمستخدم بتغيير امتيازاته الخاصة أو امتيازات الآخرين في النظام. قم بتعيين الأدوار مع هذه الأذونات فقط للمستخدمين الموثوق بهم.',
     'role_asset_desc' => 'تتحكم هذه الأذونات في الوصول الافتراضي إلى الأصول داخل النظام. ستتجاوز الأذونات الخاصة بالكتب والفصول والصفحات هذه الأذونات.',
     'role_asset_admins' => 'يُمنح المسؤولين حق الوصول تلقائيًا إلى جميع المحتويات ولكن هذه الخيارات قد تعرض خيارات واجهة المستخدم أو تخفيها.',
     'role_asset_image_view_note' => 'يتعلق هذا بالرؤية داخل مدير الصور. يعتمد الوصول الفعلي لملفات الصور المُحمّلة على خِيار تخزين الصور في النظام.',
+    'role_asset_users_note' => 'These permissions will technically also provide visibility & searching of users in the system.',
     'role_all' => 'الكل',
     'role_own' => 'ما يخص',
     'role_controlled_by_asset' => 'يتحكم فيها الأصول التي يتم رفعها إلى',

lang/ar/validation.php

@@ -106,6 +106,7 @@ return [
     'uploaded'             => 'تعذر تحميل الملف. قد لا يقبل الخادم ملفات بهذا الحجم.',
 
     'zip_file' => ':attribute بحاجة إلى الرجوع إلى مِلَفّ داخل المِلَفّ المضغوط.',
+    'zip_file_size' => 'The file :attribute must not exceed :size MB.',
     'zip_file_mime' => ':attribute بحاجة إلى الإشارة إلى مِلَفّ من نوع :validTypes، وجدت :foundType.',
     'zip_model_expected' => 'عنصر البيانات المتوقع ولكن ":type" تم العثور عليه.',
     'zip_unique' => 'يجب أن يكون :attribute فريداً لنوع الكائن داخل المِلَفّ المضغوط.',

lang/bg/auth.php

@@ -6,7 +6,7 @@
  */
 return [
 
-    'failed' => 'Въведените удостоверителни данни не съвпадат с нашите записи.',
+    'failed' => 'Въведените данни не съвпадат с информацията в системата.',
     'throttle' => 'Твърде много опити за влизане. Опитайте пак след :seconds секунди.',
 
     // Login & Register
@@ -65,7 +65,7 @@ return [
     'email_confirm_thanks_desc' => 'Почакайте малко, обработвайки потвърждението ви. Ако не сте пренасочени след 3 секунди, то натиснете долу връзката "Продължаване", за да продължите.',
 
     'email_not_confirmed' => 'Имейл адресът не е потвърден',
-    'email_not_confirmed_text' => 'Вашият емейл адрес все още не е потвърден.',
+    'email_not_confirmed_text' => 'Вашият имейл адрес все още не е потвърден.',
     'email_not_confirmed_click_link' => 'Моля да последвате линка, който ви беше изпратен непосредствено след регистрацията.',
     'email_not_confirmed_resend' => 'Ако не откривате писмото, може да го изпратите отново като попълните формуляра по-долу.',
     'email_not_confirmed_resend_button' => 'Изпрати отново емейла за потвърждение',
@@ -91,7 +91,7 @@ return [
     'mfa_option_totp_title' => 'Мобилно приложение',
     'mfa_option_totp_desc' => 'За да използваш многофакторно удостоверяване, ще ти трябва мобилно приложение, което поддържа временни еднократни пароли (TOTP), като например Google Authenticator, Authy или Microsoft Authenticator.',
     'mfa_option_backup_codes_title' => 'Резервни кодове',
-    'mfa_option_backup_codes_desc' => 'Generates a set of one-time-use backup codes which you\'ll enter on login to verify your identity. Make sure to store these in a safe & secure place.',
+    'mfa_option_backup_codes_desc' => 'Генерира набор от еднократни резервни кодове, които ще въвеждате при влизане, за да потвърдите самоличността си. Уверете се, че ги съхранявате на безопасно и сигурно място.',
     'mfa_gen_confirm_and_enable' => 'Потвърди и включи',
     'mfa_gen_backup_codes_title' => 'Настройка на резервни кодове',
     'mfa_gen_backup_codes_desc' => 'Запази този лист с кодове на сигурно място. Когато достъпваш системата, ще можеш да използваш един от тези кодове като вторичен механизъм за удостоверяване.',

lang/bg/common.php

@@ -6,7 +6,7 @@ return [
 
     // Buttons
     'cancel' => 'Отказ',
-    'close' => 'Close',
+    'close' => 'Затвори',
     'confirm' => 'Потвърждаване',
     'back' => 'Назад',
     'save' => 'Запис',
@@ -20,7 +20,7 @@ return [
     'description' => 'Описание',
     'role' => 'Роля',
     'cover_image' => 'Образ на корицата',
-    'cover_image_description' => 'This image should be approximately 440x250px although it will be flexibly scaled & cropped to fit the user interface in different scenarios as required, so actual dimensions for display will differ.',
+    'cover_image_description' => 'Изображението трябва да е около 440x250 px. Тъй като ще се мащабира и изрязва автоматично спрямо нуждите на интерфейса, крайните размери при показване може да се различават.',
 
     // Actions
     'actions' => 'Действия',
@@ -30,8 +30,8 @@ return [
     'create' => 'Създаване',
     'update' => 'Обновяване',
     'edit' => 'Редактиране',
-    'archive' => 'Archive',
-    'unarchive' => 'Un-Archive',
+    'archive' => 'Архивирай',
+    'unarchive' => 'Разархивирай',
     'sort' => 'Сортиране',
     'move' => 'Преместване',
     'copy' => 'Копиране',
@@ -44,7 +44,7 @@ return [
     'remove' => 'Премахване',
     'add' => 'Добавяне',
     'configure' => 'Конфигуриране',
-    'manage' => 'Manage',
+    'manage' => 'Управлявай',
     'fullscreen' => 'Цял екран',
     'favourite' => 'Любимо',
     'unfavourite' => 'Не е любимо',
@@ -54,7 +54,7 @@ return [
     'filter_clear' => 'Изчистване на филтрите',
     'download' => 'Изтегляне',
     'open_in_tab' => 'Отваряне в раздел',
-    'open' => 'Open',
+    'open' => 'Отвори',
 
     // Sort Options
     'sort_options' => 'Опции за сортиране',
@@ -111,5 +111,5 @@ return [
     'terms_of_service' => 'Условия на услугата',
 
     // OpenSearch
-    'opensearch_description' => 'Search :appName',
+    'opensearch_description' => 'Търси :appName',
 ];

lang/bg/editor.php

@@ -13,7 +13,7 @@ return [
     'cancel' => 'Отказ',
     'save' => 'Запис',
     'close' => 'Затваряне',
-    'apply' => 'Apply',
+    'apply' => 'Приложи',
     'undo' => 'Отмяна',
     'redo' => 'Повтаряне',
     'left' => 'Вляво',

lang/bg/errors.php

@@ -10,7 +10,7 @@ return [
 
     // Auth
     'error_user_exists_different_creds' => 'Потребител с емайл :email вече съществува но с други данни.',
-    'auth_pre_register_theme_prevention' => 'User account could not be registered for the provided details',
+    'auth_pre_register_theme_prevention' => 'Потребителски профил не може да бъде създаден с посочената информация',
     'email_already_confirmed' => 'Емейлът вече беше потвърден. Моля опитрайте да влезете.',
     'email_confirmation_invalid' => 'Този код за достъп не е валиден или вече е бил използван, Моля опитай да се регистрираш отново.',
     'email_confirmation_expired' => 'Кодът за потвърждение изтече, нов емейл за потвърждение беше изпратен.',
@@ -37,7 +37,7 @@ return [
     'social_driver_not_found' => 'Кодът за връзка със социалната мрежа не съществува',
     'social_driver_not_configured' => 'Социалните настройки на твоя :socialAccount не са конфигурирани правилно.',
     'invite_token_expired' => 'Твоята покана е изтекла. Вместо това може да пробваш да възстановиш паролата на профила си.',
-    'login_user_not_found' => 'A user for this action could not be found.',
+    'login_user_not_found' => 'Потребител за това действие не може да бъде намерено.',
 
     // System
     'path_not_writable' => 'Не може да се качи файл в :filePath. Увери се на сървъра, че в пътя може да се записва.',
@@ -109,6 +109,7 @@ return [
     'import_zip_cant_read' => 'Could not read ZIP file.',
     'import_zip_cant_decode_data' => 'Could not find and decode ZIP data.json content.',
     'import_zip_no_data' => 'ZIP file data has no expected book, chapter or page content.',
+    'import_zip_data_too_large' => 'ZIP data.json content exceeds the configured application maximum upload size.',
     'import_validation_failed' => 'Import ZIP failed to validate with errors:',
     'import_zip_failed_notification' => 'Failed to import ZIP file.',
     'import_perms_books' => 'You are lacking the required permissions to create books.',

lang/bg/notifications.php

@@ -11,6 +11,8 @@ return [
     'updated_page_subject' => 'Updated page: :pageName',
     'updated_page_intro' => 'A page has been updated in :appName:',
     'updated_page_debounce' => 'To prevent a mass of notifications, for a while you won\'t be sent notifications for further edits to this page by the same editor.',
+    'comment_mention_subject' => 'You have been mentioned in a comment on page: :pageName',
+    'comment_mention_intro' => 'You were mentioned in a comment on :appName:',
 
     'detail_page_name' => 'Page Name:',
     'detail_page_path' => 'Page Path:',

lang/bg/preferences.php

@@ -23,6 +23,7 @@ return [
     'notifications_desc' => 'Control the email notifications you receive when certain activity is performed within the system.',
     'notifications_opt_own_page_changes' => 'Notify upon changes to pages I own',
     'notifications_opt_own_page_comments' => 'Notify upon comments on pages I own',
+    'notifications_opt_comment_mentions' => 'Notify when I\'m mentioned in a comment',
     'notifications_opt_comment_replies' => 'Notify upon replies to my comments',
     'notifications_save' => 'Save Preferences',
     'notifications_update_success' => 'Notification preferences have been updated!',

lang/bg/settings.php

@@ -75,8 +75,8 @@ return [
     'reg_confirm_restrict_domain_placeholder' => 'Няма наложени ограничения',
 
     // Sorting Settings
-    'sorting' => 'Sorting',
-    'sorting_book_default' => 'Default Book Sort',
+    'sorting' => 'Lists & Sorting',
+    'sorting_book_default' => 'Default Book Sort Rule',
     'sorting_book_default_desc' => 'Select the default sort rule to apply to new books. This won\'t affect existing books, and can be overridden per-book.',
     'sorting_rules' => 'Sort Rules',
     'sorting_rules_desc' => 'These are predefined sorting operations which can be applied to content in the system.',
@@ -103,6 +103,8 @@ return [
     'sort_rule_op_updated_date' => 'Updated Date',
     'sort_rule_op_chapters_first' => 'Chapters First',
     'sort_rule_op_chapters_last' => 'Chapters Last',
+    'sorting_page_limits' => 'Per-Page Display Limits',
+    'sorting_page_limits_desc' => 'Set how many items to show per-page in various lists within the system. Typically a lower amount will be more performant, while a higher amount avoids the need to click through multiple pages. Using an even multiple of 3 (18, 24, 30, etc...) is recommended.',
 
     // Maintenance settings
     'maint' => 'Поддръжка',
@@ -195,11 +197,13 @@ return [
     'role_import_content' => 'Import content',
     'role_editor_change' => 'Change page editor',
     'role_notifications' => 'Receive & manage notifications',
+    'role_permission_note_users_and_roles' => 'These permissions will technically also provide visibility & searching of users & roles in the system.',
     'role_asset' => 'Настройки за достъп до активи',
     'roles_system_warning' => 'Важно: Добавянето на потребител в някое от горните три роли може да му позволи да промени собствените си права или правата на другите в системата. Възлагайте тези роли само на доверени потребители.',
     'role_asset_desc' => 'Тези настройки за достъп контролират достъпа по подразбиране до активите в системата. Настройките за достъп до книги, глави и страници ще отменят тези настройки.',
     'role_asset_admins' => 'Администраторите автоматично получават достъп до цялото съдържание, но тези опции могат да показват или скриват опциите за потребителския интерфейс.',
     'role_asset_image_view_note' => 'This relates to visibility within the image manager. Actual access of uploaded image files will be dependant upon system image storage option.',
+    'role_asset_users_note' => 'These permissions will technically also provide visibility & searching of users in the system.',
     'role_all' => 'Всички',
     'role_own' => 'Собствени',
     'role_controlled_by_asset' => 'Контролирани от актива, към който са качени',

lang/bg/validation.php

@@ -106,6 +106,7 @@ return [
     'uploaded'             => 'Файлът не можа да бъде качен. Сървърът може да не приема файлове с такъв размер.',
 
     'zip_file' => 'The :attribute needs to reference a file within the ZIP.',
+    'zip_file_size' => 'The file :attribute must not exceed :size MB.',
     'zip_file_mime' => 'The :attribute needs to reference a file of type :validTypes, found :foundType.',
     'zip_model_expected' => 'Data object expected but ":type" found.',
     'zip_unique' => 'The :attribute must be unique for the object type within the ZIP.',

lang/bn/activities.php

@@ -131,7 +131,7 @@ return [
     'sort_rule_create' => 'created sort rule',
     'sort_rule_create_notification' => 'Sort rule successfully created',
     'sort_rule_update' => 'updated sort rule',
-    'sort_rule_update_notification' => 'Sort rule successfully updated',
+    'sort_rule_update_notification' => 'রোলটি সার্থকভাবে হালনাগাদ করা হয়েছে',
     'sort_rule_delete' => 'deleted sort rule',
     'sort_rule_delete_notification' => 'Sort rule successfully deleted',
 

lang/bn/auth.php

@@ -24,8 +24,8 @@ return [
     'password_hint' => 'ন্যূনতম ৮ অক্ষরের হতে হবে',
     'forgot_password' => 'পাসওয়ার্ড ভুলে গেছেন?',
     'remember_me' => 'লগইন স্থায়িত্ব ধরে রাখুন',
-    'ldap_email_hint' => 'Please enter an email to use for this account.',
-    'create_account' => 'Create Account',
+    'ldap_email_hint' => 'অনুগ্রহ করে এই অ্যাকাউন্টের জন্য ব্যবহার করার জন্য একটি ইমেইল ঠিকানা লিখুন।',
+    'create_account' => 'অ্যাকাউন্ট তৈরি করুন',
     'already_have_account' => 'Already have an account?',
     'dont_have_account' => 'Don\'t have an account?',
     'social_login' => 'Social Login',
@@ -39,16 +39,16 @@ return [
     'register_success' => 'Thanks for signing up! You are now registered and signed in.',
 
     // Login auto-initiation
-    'auto_init_starting' => 'Attempting Login',
+    'auto_init_starting' => 'লগইন করার চেষ্টা করা হচ্ছে',
     'auto_init_starting_desc' => 'We\'re contacting your authentication system to start the login process. If there\'s no progress after 5 seconds you can try clicking the link below.',
     'auto_init_start_link' => 'Proceed with authentication',
 
     // Password Reset
-    'reset_password' => 'Reset Password',
+    'reset_password' => 'পাসওয়ার্ড রিসেট করুন',
     'reset_password_send_instructions' => 'Enter your email below and you will be sent an email with a password reset link.',
     'reset_password_send_button' => 'Send Reset Link',
     'reset_password_sent' => 'A password reset link will be sent to :email if that email address is found in the system.',
-    'reset_password_success' => 'Your password has been successfully reset.',
+    'reset_password_success' => 'আপনার পাসওয়ার্ড সফলভাবে রিসেট করা হয়েছে.',
     'email_reset_subject' => 'Reset your :appName password',
     'email_reset_text' => 'You are receiving this email because we received a password reset request for your account.',
     'email_reset_not_requested' => 'If you did not request a password reset, no further action is required.',

lang/bn/errors.php

@@ -109,6 +109,7 @@ return [
     'import_zip_cant_read' => 'Could not read ZIP file.',
     'import_zip_cant_decode_data' => 'Could not find and decode ZIP data.json content.',
     'import_zip_no_data' => 'ZIP file data has no expected book, chapter or page content.',
+    'import_zip_data_too_large' => 'ZIP data.json content exceeds the configured application maximum upload size.',
     'import_validation_failed' => 'Import ZIP failed to validate with errors:',
     'import_zip_failed_notification' => 'Failed to import ZIP file.',
     'import_perms_books' => 'You are lacking the required permissions to create books.',

lang/bn/notifications.php

@@ -11,6 +11,8 @@ return [
     'updated_page_subject' => 'Updated page: :pageName',
     'updated_page_intro' => 'A page has been updated in :appName:',
     'updated_page_debounce' => 'To prevent a mass of notifications, for a while you won\'t be sent notifications for further edits to this page by the same editor.',
+    'comment_mention_subject' => 'You have been mentioned in a comment on page: :pageName',
+    'comment_mention_intro' => 'You were mentioned in a comment on :appName:',
 
     'detail_page_name' => 'Page Name:',
     'detail_page_path' => 'Page Path:',

lang/bn/preferences.php

@@ -23,6 +23,7 @@ return [
     'notifications_desc' => 'Control the email notifications you receive when certain activity is performed within the system.',
     'notifications_opt_own_page_changes' => 'Notify upon changes to pages I own',
     'notifications_opt_own_page_comments' => 'Notify upon comments on pages I own',
+    'notifications_opt_comment_mentions' => 'Notify when I\'m mentioned in a comment',
     'notifications_opt_comment_replies' => 'Notify upon replies to my comments',
     'notifications_save' => 'Save Preferences',
     'notifications_update_success' => 'Notification preferences have been updated!',

lang/bn/settings.php

@@ -75,8 +75,8 @@ return [
     'reg_confirm_restrict_domain_placeholder' => 'No restriction set',
 
     // Sorting Settings
-    'sorting' => 'Sorting',
-    'sorting_book_default' => 'Default Book Sort',
+    'sorting' => 'Lists & Sorting',
+    'sorting_book_default' => 'Default Book Sort Rule',
     'sorting_book_default_desc' => 'Select the default sort rule to apply to new books. This won\'t affect existing books, and can be overridden per-book.',
     'sorting_rules' => 'Sort Rules',
     'sorting_rules_desc' => 'These are predefined sorting operations which can be applied to content in the system.',
@@ -103,6 +103,8 @@ return [
     'sort_rule_op_updated_date' => 'Updated Date',
     'sort_rule_op_chapters_first' => 'Chapters First',
     'sort_rule_op_chapters_last' => 'Chapters Last',
+    'sorting_page_limits' => 'Per-Page Display Limits',
+    'sorting_page_limits_desc' => 'Set how many items to show per-page in various lists within the system. Typically a lower amount will be more performant, while a higher amount avoids the need to click through multiple pages. Using an even multiple of 3 (18, 24, 30, etc...) is recommended.',
 
     // Maintenance settings
     'maint' => 'Maintenance',
@@ -195,11 +197,13 @@ return [
     'role_import_content' => 'Import content',
     'role_editor_change' => 'Change page editor',
     'role_notifications' => 'Receive & manage notifications',
+    'role_permission_note_users_and_roles' => 'These permissions will technically also provide visibility & searching of users & roles in the system.',
     'role_asset' => 'Asset Permissions',
     'roles_system_warning' => 'Be aware that access to any of the above three permissions can allow a user to alter their own privileges or the privileges of others in the system. Only assign roles with these permissions to trusted users.',
     'role_asset_desc' => 'These permissions control default access to the assets within the system. Permissions on Books, Chapters and Pages will override these permissions.',
     'role_asset_admins' => 'Admins are automatically given access to all content but these options may show or hide UI options.',
     'role_asset_image_view_note' => 'This relates to visibility within the image manager. Actual access of uploaded image files will be dependant upon system image storage option.',
+    'role_asset_users_note' => 'These permissions will technically also provide visibility & searching of users in the system.',
     'role_all' => 'All',
     'role_own' => 'Own',
     'role_controlled_by_asset' => 'Controlled by the asset they are uploaded to',

lang/bn/validation.php

@@ -106,6 +106,7 @@ return [
     'uploaded'             => 'The file could not be uploaded. The server may not accept files of this size.',
 
     'zip_file' => 'The :attribute needs to reference a file within the ZIP.',
+    'zip_file_size' => 'The file :attribute must not exceed :size MB.',
     'zip_file_mime' => 'The :attribute needs to reference a file of type :validTypes, found :foundType.',
     'zip_model_expected' => 'Data object expected but ":type" found.',
     'zip_unique' => 'The :attribute must be unique for the object type within the ZIP.',

lang/bs/errors.php

@@ -109,6 +109,7 @@ return [
     'import_zip_cant_read' => 'Could not read ZIP file.',
     'import_zip_cant_decode_data' => 'Could not find and decode ZIP data.json content.',
     'import_zip_no_data' => 'ZIP file data has no expected book, chapter or page content.',
+    'import_zip_data_too_large' => 'ZIP data.json content exceeds the configured application maximum upload size.',
     'import_validation_failed' => 'Import ZIP failed to validate with errors:',
     'import_zip_failed_notification' => 'Failed to import ZIP file.',
     'import_perms_books' => 'You are lacking the required permissions to create books.',

lang/bs/notifications.php

@@ -11,6 +11,8 @@ return [
     'updated_page_subject' => 'Updated page: :pageName',
     'updated_page_intro' => 'A page has been updated in :appName:',
     'updated_page_debounce' => 'To prevent a mass of notifications, for a while you won\'t be sent notifications for further edits to this page by the same editor.',
+    'comment_mention_subject' => 'You have been mentioned in a comment on page: :pageName',
+    'comment_mention_intro' => 'You were mentioned in a comment on :appName:',
 
     'detail_page_name' => 'Page Name:',
     'detail_page_path' => 'Page Path:',

lang/bs/preferences.php

@@ -23,6 +23,7 @@ return [
     'notifications_desc' => 'Control the email notifications you receive when certain activity is performed within the system.',
     'notifications_opt_own_page_changes' => 'Notify upon changes to pages I own',
     'notifications_opt_own_page_comments' => 'Notify upon comments on pages I own',
+    'notifications_opt_comment_mentions' => 'Notify when I\'m mentioned in a comment',
     'notifications_opt_comment_replies' => 'Notify upon replies to my comments',
     'notifications_save' => 'Save Preferences',
     'notifications_update_success' => 'Notification preferences have been updated!',

lang/bs/settings.php

@@ -75,8 +75,8 @@ return [
     'reg_confirm_restrict_domain_placeholder' => 'No restriction set',
 
     // Sorting Settings
-    'sorting' => 'Sorting',
-    'sorting_book_default' => 'Default Book Sort',
+    'sorting' => 'Lists & Sorting',
+    'sorting_book_default' => 'Default Book Sort Rule',
     'sorting_book_default_desc' => 'Select the default sort rule to apply to new books. This won\'t affect existing books, and can be overridden per-book.',
     'sorting_rules' => 'Sort Rules',
     'sorting_rules_desc' => 'These are predefined sorting operations which can be applied to content in the system.',
@@ -103,6 +103,8 @@ return [
     'sort_rule_op_updated_date' => 'Updated Date',
     'sort_rule_op_chapters_first' => 'Chapters First',
     'sort_rule_op_chapters_last' => 'Chapters Last',
+    'sorting_page_limits' => 'Per-Page Display Limits',
+    'sorting_page_limits_desc' => 'Set how many items to show per-page in various lists within the system. Typically a lower amount will be more performant, while a higher amount avoids the need to click through multiple pages. Using an even multiple of 3 (18, 24, 30, etc...) is recommended.',
 
     // Maintenance settings
     'maint' => 'Maintenance',
@@ -195,11 +197,13 @@ return [
     'role_import_content' => 'Import content',
     'role_editor_change' => 'Change page editor',
     'role_notifications' => 'Receive & manage notifications',
+    'role_permission_note_users_and_roles' => 'These permissions will technically also provide visibility & searching of users & roles in the system.',
     'role_asset' => 'Asset Permissions',
     'roles_system_warning' => 'Be aware that access to any of the above three permissions can allow a user to alter their own privileges or the privileges of others in the system. Only assign roles with these permissions to trusted users.',
     'role_asset_desc' => 'These permissions control default access to the assets within the system. Permissions on Books, Chapters and Pages will override these permissions.',
     'role_asset_admins' => 'Admins are automatically given access to all content but these options may show or hide UI options.',
     'role_asset_image_view_note' => 'This relates to visibility within the image manager. Actual access of uploaded image files will be dependant upon system image storage option.',
+    'role_asset_users_note' => 'These permissions will technically also provide visibility & searching of users in the system.',
     'role_all' => 'All',
     'role_own' => 'Own',
     'role_controlled_by_asset' => 'Controlled by the asset they are uploaded to',

lang/bs/validation.php

@@ -106,6 +106,7 @@ return [
     'uploaded'             => 'Fajl nije učitan. Server ne prihvata fajlove ove veličine.',
 
     'zip_file' => 'The :attribute needs to reference a file within the ZIP.',
+    'zip_file_size' => 'The file :attribute must not exceed :size MB.',
     'zip_file_mime' => 'The :attribute needs to reference a file of type :validTypes, found :foundType.',
     'zip_model_expected' => 'Data object expected but ":type" found.',
     'zip_unique' => 'The :attribute must be unique for the object type within the ZIP.',

lang/ca/errors.php

@@ -109,6 +109,7 @@ return [
     'import_zip_cant_read' => 'No es pot llegir el fitxer ZIP.',
     'import_zip_cant_decode_data' => 'No s\'ha pogut trobar i descodificar el fitxer data.json en el fitxer ZIP.',
     'import_zip_no_data' => 'Les dades del fitxer ZIP no contenen cap llibre, capítol o contingut de pàgina.',
+    'import_zip_data_too_large' => 'ZIP data.json content exceeds the configured application maximum upload size.',
     'import_validation_failed' => 'Error en validar la importació del ZIP amb els errors:',
     'import_zip_failed_notification' => 'Error en importar l\'arxiu ZIP.',
     'import_perms_books' => 'Li falten els permisos necessaris per crear llibres.',

lang/ca/notifications.php

@@ -11,6 +11,8 @@ return [
     'updated_page_subject' => 'S’ha actualitzat la pàgina :pageName',
     'updated_page_intro' => 'S’ha actualitzat una pàgina a :appName.',
     'updated_page_debounce' => 'Per a evitar que s’acumulin les notificacions, durant un temps no se us notificarà cap canvi fet en aquesta pàgina pel mateix usuari.',
+    'comment_mention_subject' => 'You have been mentioned in a comment on page: :pageName',
+    'comment_mention_intro' => 'You were mentioned in a comment on :appName:',
 
     'detail_page_name' => 'Nom de la pàgina:',
     'detail_page_path' => 'Ruta de la pàgina:',

lang/ca/preferences.php

@@ -23,6 +23,7 @@ return [
     'notifications_desc' => 'Gestioneu les notificacions de correu electrònic que rebreu quan es facin certes activitats.',
     'notifications_opt_own_page_changes' => 'Notifica’m els canvis a les meves pàgines.',
     'notifications_opt_own_page_comments' => 'Notifica’m la creació de comentaris a les meves pàgines.',
+    'notifications_opt_comment_mentions' => 'Notify when I\'m mentioned in a comment',
     'notifications_opt_comment_replies' => 'Notifica’m les respostes als meus comentaris.',
     'notifications_save' => 'Desa les preferències',
     'notifications_update_success' => 'S’han actualitzat les preferències de notificació',

lang/ca/settings.php

@@ -75,8 +75,8 @@ return [
     'reg_confirm_restrict_domain_placeholder' => 'No hi ha cap restricció',
 
     // Sorting Settings
-    'sorting' => 'Ordenar',
-    'sorting_book_default' => 'Ordre predeterminat del llibre',
+    'sorting' => 'Lists & Sorting',
+    'sorting_book_default' => 'Default Book Sort Rule',
     'sorting_book_default_desc' => 'Selecciona la regla d\'ordenació predeterminada per aplicar a nous llibres. Això no afectarà els llibres existents, i pot ser anul·lat per llibre.',
     'sorting_rules' => 'Regles d\'ordenació',
     'sorting_rules_desc' => 'Són operacions d\'ordenació predefinides que es poden aplicar al contingut en el sistema.',
@@ -103,6 +103,8 @@ return [
     'sort_rule_op_updated_date' => 'Data d\'actualització',
     'sort_rule_op_chapters_first' => 'Capítols a l\'inici',
     'sort_rule_op_chapters_last' => 'Capítols al final',
+    'sorting_page_limits' => 'Per-Page Display Limits',
+    'sorting_page_limits_desc' => 'Set how many items to show per-page in various lists within the system. Typically a lower amount will be more performant, while a higher amount avoids the need to click through multiple pages. Using an even multiple of 3 (18, 24, 30, etc...) is recommended.',
 
     // Maintenance settings
     'maint' => 'Manteniment',
@@ -195,11 +197,13 @@ return [
     'role_import_content' => 'Importar contingut',
     'role_editor_change' => 'Canvi de l’editor de pàgina',
     'role_notifications' => 'Recepció i gestió de notificacions',
+    'role_permission_note_users_and_roles' => 'These permissions will technically also provide visibility & searching of users & roles in the system.',
     'role_asset' => 'Permisos de recursos',
     'roles_system_warning' => 'Tingueu en compte que l’accés a qualsevol dels tres permisos de dalt permeten que l’usuari canviï els seus privilegis i els privilegis d’altres usuaris. Assigneu rols d’usuari amb aquests permisos només a usuaris de confiança.',
     'role_asset_desc' => 'Aquests permisos controlen l’accés per defecte als recursos del sistema. El permisos dels llibres, capítols i pàgines sobreescriuran aquests permisos.',
     'role_asset_admins' => 'Als administradors se’ls dona accés automàticament a tot el contingut però aquestes opcions mostren o amaguen opcions de la interfície d’usuari.',
     'role_asset_image_view_note' => 'Això té relació amb la visibilitat al gestor d’imatges. L’accés a les imatges pujades dependrà de l’opció d’emmagatzematge d’imatges dels sistema.',
+    'role_asset_users_note' => 'These permissions will technically also provide visibility & searching of users in the system.',
     'role_all' => 'Tot',
     'role_own' => 'Propi',
     'role_controlled_by_asset' => 'Controlat pel recurs a què estan pujats',

lang/ca/validation.php

@@ -106,6 +106,7 @@ return [
     'uploaded'             => 'No s’ha pogut pujar el fitxer. És possible que el servidor no admeti fitxers d’aquesta mida.',
 
     'zip_file' => 'El :attribute necessita fer referència a un arxiu dins del ZIP.',
+    'zip_file_size' => 'The file :attribute must not exceed :size MB.',
     'zip_file_mime' => 'El :attribute necessita fer referència a un arxiu de tipus :validTyes, trobat :foundType.',
     'zip_model_expected' => 'S\'esperava un objecte de dades, però s\'ha trobat ":type".',
     'zip_unique' => 'El :attribute ha de ser únic pel tipus d\'objecte dins del ZIP.',

lang/cs/entities.php

@@ -63,10 +63,10 @@ return [
     'import_delete_desc' => 'Potvrzením odstraníte nahraný ZIP soubor. Tento krok nelze vrátit zpět.',
     'import_errors' => 'Chyby importu',
     'import_errors_desc' => 'Při pokusu o import došlo k následujícím chybám:',
-    'breadcrumb_siblings_for_page' => 'Navigate siblings for page',
-    'breadcrumb_siblings_for_chapter' => 'Navigate siblings for chapter',
-    'breadcrumb_siblings_for_book' => 'Navigate siblings for book',
-    'breadcrumb_siblings_for_bookshelf' => 'Navigate siblings for shelf',
+    'breadcrumb_siblings_for_page' => 'Přejít na jinou stránku',
+    'breadcrumb_siblings_for_chapter' => 'Přejít na jinou kapitolu',
+    'breadcrumb_siblings_for_book' => 'Přejít na jinou knihu',
+    'breadcrumb_siblings_for_bookshelf' => 'Přejít na jinou polici',
 
     // Permissions and restrictions
     'permissions' => 'Oprávnění',