Book API: Added shelves list to show endpoint

For #6006 Added test to cover.
Editors: Made drawings appear clickiable via cursor
2026-02-24 19:07:20 +03:00 · 2026-02-24 10:25:17 +00:00 · 2026-02-21 16:00:14 +00:00 · 2026-02-21 15:52:25 +00:00 · 2026-02-21 13:59:29 +00:00 · 2026-02-21 13:56:50 +00:00
162 changed files with 4352 additions and 1889 deletions
--- a/.env.example.complete
+++ b/.env.example.complete
@@ -351,10 +351,25 @@ EXPORT_PDF_COMMAND_TIMEOUT=15
 # Only used if 'ALLOW_UNTRUSTED_SERVER_FETCHING=true' which disables security protections.
 WKHTMLTOPDF=false
-# Allow <script> tags in page content
+# Allow JavaScript, and other potentiall dangerous content in page content.
 # This also removes CSP-level JavaScript control.
 # Note, if set to 'true' the page editor may still escape scripts.
 # DEPRECATED: Use 'APP_CONTENT_FILTERING' instead as detailed below. Activiting this option
 # effectively sets APP_CONTENT_FILTERING='' (No filtering)
 ALLOW_CONTENT_SCRIPTS=false
 # Control the behaviour of content filtering, primarily used for page content.
 # This setting is a string of characters which represent different available filters:
 # - j - Filter out JavaScript and unknown binary data based content
 # - h - Filter out unexpected, and potentially dangerous, HTML elements
 # - f - Filter out unexpected form elements
 # - a - Run content through a more complex allowlist filter
 # This defaults to using all filters, unless ALLOW_CONTENT_SCRIPTS is set to true in which case no filters are used.
 # Note: These filters are a best-attempt and may not be 100% effective. They are typically a layer used in addition to other security measures.
 # Note: The default value will always be the most-strict, so it's advised to leave this unset in your own configuration
 # to ensure you are always using the full range of filters.
 APP_CONTENT_FILTERING="jfha"
 # Indicate if robots/crawlers should crawl your instance.
 # Can be 'true', 'false' or 'null'.
 # The behaviour of the default 'null' option will depend on the 'app-public' admin setting.
--- a/.github/translators.txt
+++ b/.github/translators.txt
@@ -528,3 +528,5 @@ serinf-lauza :: French
 Diyan Nikolaev (nikolaev.diyan) :: Bulgarian
 Shadluk Avan (quldosh) :: Uzbek
 Marci (MartonPoto) :: Hungarian
 Michał Sadurski (wheeskeey) :: Polish
 JanDziaslo :: Polish
--- a/app/Activity/Models/Comment.php
+++ b/app/Activity/Models/Comment.php
@@ -8,6 +8,7 @@ use BookStack\Permissions\PermissionApplicator;
 use BookStack\Users\Models\HasCreatorAndUpdater;
 use BookStack\Users\Models\OwnableInterface;
 use BookStack\Util\HtmlContentFilter;
 use BookStack\Util\HtmlContentFilterConfig;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
@@ -82,7 +83,8 @@ class Comment extends Model implements Loggable, OwnableInterface
    public function safeHtml(): string
    {
-        return HtmlContentFilter::removeScriptsFromHtmlString($this->html ?? '');
+        $filter = new HtmlContentFilter(new HtmlContentFilterConfig());
        return $filter->filterString($this->html ?? '');
    }
    public function jointPermissions(): HasMany
--- a/app/App/Providers/ThemeServiceProvider.php
+++ b/app/App/Providers/ThemeServiceProvider.php
@@ -4,6 +4,8 @@ namespace BookStack\App\Providers;
 use BookStack\Theming\ThemeEvents;
 use BookStack\Theming\ThemeService;
 use BookStack\Theming\ThemeViews;
 use Illuminate\Support\Facades\Blade;
 use Illuminate\Support\ServiceProvider;
 class ThemeServiceProvider extends ServiceProvider
@@ -24,7 +26,26 @@ class ThemeServiceProvider extends ServiceProvider
    {
        // Boot up the theme system
        $themeService = $this->app->make(ThemeService::class);
        $viewFactory = $this->app->make('view');
        $themeViews = new ThemeViews($viewFactory->getFinder());
        // Use a custom include so that we can insert theme views before/after includes.
        // This is done, even if no theme is active, so that view caching does not create problems
        // when switching between themes or when switching a theme on/off.
        $viewFactory->share('__themeViews', $themeViews);
        Blade::directive('include', function ($expression) {
            return "<?php echo \$__themeViews->handleViewInclude({$expression}, array_diff_key(get_defined_vars(), ['__data' => 1, '__path' => 1])); ?>";
        });
        if (!$themeService->getTheme()) {
            return;
        }
        $themeService->loadModules();
        $themeService->readThemeActions();
        $themeService->dispatch(ThemeEvents::APP_BOOT, $this->app);
        $themeViews->registerViewPathsForTheme($themeService->getModules());
        $themeService->dispatch(ThemeEvents::THEME_REGISTER_VIEWS, $themeViews);
    }
 }
--- a/app/App/helpers.php
+++ b/app/App/helpers.php
@@ -81,8 +81,7 @@ function setting(?string $key = null, mixed $default = null): mixed
 /**
 * Get a path to a theme resource.
- * Returns null if a theme is not configured and
+ * Returns null if a theme is not configured, and therefore a full path is not available for use.
 * therefore a full path is not available for use.
 */
 function theme_path(string $path = ''): ?string
 {
--- a/app/Config/app.php
+++ b/app/Config/app.php
@@ -37,10 +37,15 @@ return [
    // The limit for all uploaded files, including images and attachments in MB.
    'upload_limit' => env('FILE_UPLOAD_SIZE_LIMIT', 50),
-    // Allow <script> tags to entered within page content.
+    // Control the behaviour of content filtering, primarily used for page content.
-    // <script> tags are escaped by default.
+    // This setting is a string of characters which represent different available filters:
-    // Even when overridden the WYSIWYG editor may still escape script content.
+    // - j - Filter out JavaScript and unknown binary data based content
-    'allow_content_scripts' => env('ALLOW_CONTENT_SCRIPTS', false),
+    // - h - Filter out unexpected, and potentially dangerous, HTML elements
    // - f - Filter out unexpected form elements
    // - a - Run content through a more complex allowlist filter
    // This defaults to using all filters, unless ALLOW_CONTENT_SCRIPTS is set to true in which case no filters are used.
    // Note: These filters are a best-attempt and may not be 100% effective. They are typically a layer used in addition to other security measures.
    'content_filtering' => env('APP_CONTENT_FILTERING', env('ALLOW_CONTENT_SCRIPTS', false) === true ? '' : 'jhfa'),
    // Allow server-side fetches to be performed to potentially unknown
    // and user-provided locations. Primarily used in exports when loading
@@ -48,8 +53,8 @@ return [
    'allow_untrusted_server_fetching' => env('ALLOW_UNTRUSTED_SERVER_FETCHING', false),
    // Override the default behaviour for allowing crawlers to crawl the instance.
-    // May be ignored if view has be overridden or modified.
+    // May be ignored if the underlying view has been overridden or modified.
-    // Defaults to null since, if not set, 'app-public' status used instead.
+    // Defaults to null in which case the 'app-public' status is used instead.
    'allow_robots' => env('ALLOW_ROBOTS', null),
    // Application Base URL, Used by laravel in development commands
--- a/app/Config/view.php
+++ b/app/Config/view.php
@@ -8,12 +8,6 @@
 * Do not edit this file unless you're happy to maintain any changes yourself.
 */
 // Join up possible view locations
 $viewPaths = [realpath(base_path('resources/views'))];
 if ($theme = env('APP_THEME', false)) {
    array_unshift($viewPaths, base_path('themes/' . $theme));
 }
 return [
    // App theme
@@ -26,7 +20,7 @@ return [
    // Most templating systems load templates from disk. Here you may specify
    // an array of paths that should be checked for your views. Of course
    // the usual Laravel view path has already been registered for you.
-    'paths' => $viewPaths,
+    'paths' => [realpath(base_path('resources/views'))],
    // Compiled View Path
    // This option determines where all the compiled Blade templates will be
--- a/app/Console/Commands/InstallModuleCommand.php
+++ b/app/Console/Commands/InstallModuleCommand.php
@@ -0,0 +1,305 @@
 <?php
 namespace BookStack\Console\Commands;
 use BookStack\Http\HttpRequestService;
 use BookStack\Theming\ThemeModule;
 use BookStack\Theming\ThemeModuleException;
 use BookStack\Theming\ThemeModuleManager;
 use BookStack\Theming\ThemeModuleZip;
 use GuzzleHttp\Psr7\Request;
 use Illuminate\Console\Command;
 use Illuminate\Support\Str;
 class InstallModuleCommand extends Command
 {
    /**
     * The name and signature of the console command.
     *
     * @var string
     */
    protected $signature = 'bookstack:install-module
                            {location : The URL or path of the module file}';
    /**
     * The console command description.
     *
     * @var string
     */
    protected $description = 'Install a module to the currently configured theme';
    protected array $cleanupActions = [];
    /**
     * Execute the console command.
     */
    public function handle(): int
    {
        $location = $this->argument('location');
        // Get the ZIP file containing the module files
        $zipPath = $this->getPathToZip($location);
        if (!$zipPath) {
            $this->cleanup();
            return 1;
        }
        // Validate module zip file (metadata, size, etc...) and get module instance
        $zip = new ThemeModuleZip($zipPath);
        $themeModule = $this->validateAndGetModuleInfoFromZip($zip);
        if (!$themeModule) {
            $this->cleanup();
            return 1;
        }
        // Get the theme folder in use, attempting to create one if no active theme in use
        $themeFolder = $this->getThemeFolder();
        if (!$themeFolder) {
            $this->cleanup();
            return 1;
        }
        // Get the modules folder of the theme, attempting to create it if not existing,
        // and create a new module manager instance.
        $moduleFolder = $this->getModuleFolder($themeFolder);
        if (!$moduleFolder) {
            $this->cleanup();
            return 1;
        }
        $manager = new ThemeModuleManager($moduleFolder);
        // Handle existing modules with the same name
        $exitingModulesWithName = $manager->getByName($themeModule->name);
        $shouldContinue = $this->handleExistingModulesWithSameName($exitingModulesWithName, $manager);
        if (!$shouldContinue) {
            $this->cleanup();
            return 1;
        }
        // Extract module ZIP into the theme modules folder
        try {
            $newModule = $manager->addFromZip($themeModule->name, $zip);
        } catch (ThemeModuleException $exception) {
            $this->error("ERROR: Failed to install module with error: {$exception->getMessage()}");
            $this->cleanup();
            return 1;
        }
        $this->info("Module \"{$newModule->name}\" ({$newModule->getVersion()}) successfully installed!");
        $this->info("Install location: {$moduleFolder}/{$newModule->folderName}");
        $this->cleanup();
        return 0;
    }
    /**
     * @param ThemeModule[] $existingModules
     */
    protected function handleExistingModulesWithSameName(array $existingModules, ThemeModuleManager $manager): bool
    {
        if (count($existingModules) === 0) {
            return true;
        }
        $this->warn("The following modules already exist with the same name:");
        foreach ($existingModules as $folder => $module) {
            $this->line("{$module->name} ({$folder}:{$module->getVersion()}) - {$module->description}");
        }
        $this->line('');
        $choices = ['Cancel module install', 'Add alongside existing module'];
        if (count($existingModules) === 1) {
            $choices[] = 'Replace existing module';
        }
        $choice = $this->choice("What would you like to do?", $choices, 0, null, false);
        if ($choice === 'Cancel module install') {
            return false;
        }
        if ($choice === 'Replace existing module') {
            $existingModuleFolder = array_key_first($existingModules);
            $this->info("Replacing existing module in {$existingModuleFolder} folder");
            $manager->deleteModuleFolder($existingModuleFolder);
        }
        return true;
    }
    protected function getModuleFolder(string $themeFolder): string|null
    {
        $path = $themeFolder . DIRECTORY_SEPARATOR . 'modules';
        if (file_exists($path) && !is_dir($path)) {
            $this->error("ERROR: Cannot create a modules folder, file already exists at {$path}");
            return null;
        }
        if (!file_exists($path)) {
            $created = mkdir($path, 0755, true);
            if (!$created) {
                $this->error("ERROR: Failed to create a modules folder at {$path}");
                return null;
            }
        }
        return $path;
    }
    protected function getThemeFolder(): string|null
    {
        $path = theme_path('');
        if (!$path || !is_dir($path)) {
            $shouldCreate = $this->confirm('No active theme folder found, would you like to create one?');
            if (!$shouldCreate) {
                return null;
            }
            $folder = 'custom';
            while (file_exists(base_path("themes" . DIRECTORY_SEPARATOR  . $folder))) {
                $folder = 'custom-' . Str::random(4);
            }
            $path = base_path("themes/{$folder}");
            $created = mkdir($path, 0755, true);
            if (!$created) {
                $this->error('Failed to create a theme folder to use. This may be a permissions issue. Try manually configuring an active theme');
                return null;
            }
            $this->info("Created theme folder at {$path}");
            $this->warn("You will need to set APP_THEME={$folder} in your BookStack env configuration to enable this theme!");
        }
        return $path;
    }
    protected function validateAndGetModuleInfoFromZip(ThemeModuleZip $zip): ThemeModule|null
    {
        if (!$zip->exists()) {
            $this->error("ERROR: Cannot open ZIP file at {$zip->getPath()}");
            return null;
        }
        if ($zip->getContentsSize() > (50 * 1024 * 1024)) {
            $this->error("ERROR: Module ZIP file contents are too large. Maximum size is 50MB");
            return null;
        }
        try {
            $themeModule = $zip->getModuleInstance();
        } catch (ThemeModuleException $exception) {
            $this->error("ERROR: Failed to read module metadata with error: {$exception->getMessage()}");
            return null;
        }
        return $themeModule;
    }
    protected function downloadModuleFile(string $location): string|null
    {
        $httpRequests = app()->make(HttpRequestService::class);
        $client = $httpRequests->buildClient(30, ['stream' => true]);
        $originalUrl = parse_url($location);
        $currentLocation = $location;
        $maxRedirects = 3;
        $redirectCount = 0;
        // Follow redirects up to 3 times for the same hostname
        do {
            $resp = $client->sendRequest(new Request('GET', $currentLocation));
            $statusCode = $resp->getStatusCode();
            if ($statusCode >= 300 && $statusCode < 400 && $redirectCount < $maxRedirects) {
                $redirectLocation = $resp->getHeaderLine('Location');
                if ($redirectLocation) {
                    $redirectUrl = parse_url($redirectLocation);
                    if (
                        ($originalUrl['host'] ?? '') === ($redirectUrl['host'] ?? '')
                        && ($originalUrl['scheme'] ?? '') === ($redirectUrl['scheme'] ?? '')
                        && ($originalUrl['port'] ?? '') === ($redirectUrl['port'] ?? '')
                    ) {
                        $currentLocation = $redirectLocation;
                        $redirectCount++;
                        continue;
                    }
                }
            }
            break;
        } while (true);
        if ($resp->getStatusCode() >= 300) {
            $this->error("ERROR: Failed to download module from {$location}");
            $this->error("Download failed with status code {$resp->getStatusCode()}");
            return null;
        }
        $tempFile = tempnam(sys_get_temp_dir(), 'bookstack_module_');
        $fileHandle = fopen($tempFile, 'w');
        $respBody = $resp->getBody();
        $size = 0;
        $maxSize = 50 * 1024 * 1024;
        while (!$respBody->eof()) {
            fwrite($fileHandle, $respBody->read(1024));
            $size += 1024;
            if ($size > $maxSize) {
                fclose($fileHandle);
                unlink($tempFile);
                $this->error("ERROR: Module ZIP file is too large. Maximum size is 50MB");
                return '';
            }
        }
        fclose($fileHandle);
        $this->cleanupActions[] = function () use ($tempFile) {
            unlink($tempFile);
        };
        return $tempFile;
    }
    protected function getPathToZip(string $location): string|null
    {
        $lowerLocation = strtolower($location);
        $isRemote = str_starts_with($lowerLocation, 'http://') || str_starts_with($lowerLocation, 'https://');
        if ($isRemote) {
            // Warning about fetching from source
            $host = parse_url($location, PHP_URL_HOST);
            $this->warn("This will download a module from {$host}. Modules can contain code which would have the ability to do anything on the BookStack host server.\nYou should only install modules from trusted sources.");
            $trustHost = $this->confirm('Are you sure you trust this source?');
            if (!$trustHost) {
                return null;
            }
            // Check if the connection is http. If so, warn the user.
            if (str_starts_with($lowerLocation, 'http://')) {
                $this->warn("You are downloading a module from an insecure HTTP source.\nWe recommend only using HTTPS sources to avoid various security risks.");
                if (!$this->confirm('Are you sure you want to continue without HTTPS?')) {
                    return null;
                }
            }
            // Download ZIP and get its location
            return $this->downloadModuleFile($location);
        }
        // Validate file and get full location
        $zipPath = realpath($location);
        if (!$zipPath || !is_file($zipPath)) {
            $this->error("ERROR: Module file not found at {$location}");
            return null;
        }
        return $zipPath;
    }
    protected function cleanup(): void
    {
        foreach ($this->cleanupActions as $action) {
            $action();
        }
    }
 }
--- a/app/Entities/Controllers/BookApiController.php
+++ b/app/Entities/Controllers/BookApiController.php
@@ -7,11 +7,14 @@ use BookStack\Entities\Models\Book;
 use BookStack\Entities\Models\Chapter;
 use BookStack\Entities\Models\Entity;
 use BookStack\Entities\Queries\BookQueries;
 use BookStack\Entities\Queries\BookshelfQueries;
 use BookStack\Entities\Queries\PageQueries;
 use BookStack\Entities\Repos\BookRepo;
 use BookStack\Entities\Tools\BookContents;
 use BookStack\Http\ApiController;
 use BookStack\Permissions\Permission;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Relations\BelongsToMany;
 use Illuminate\Http\Request;
 use Illuminate\Validation\ValidationException;
@@ -21,6 +24,7 @@ class BookApiController extends ApiController
        protected BookRepo $bookRepo,
        protected BookQueries $queries,
        protected PageQueries $pageQueries,
        protected BookshelfQueries $shelfQueries,
    ) {
    }
@@ -60,13 +64,20 @@ class BookApiController extends ApiController
     * View the details of a single book.
     * The response data will contain a 'content' property listing the chapter and pages directly within, in
     * the same structure as you'd see within the BookStack interface when viewing a book. Top-level
-     * contents will have a 'type' property to distinguish between pages & chapters.
+     * contents will have a 'type' property to distinguish between pages and chapters.
     */
    public function read(string $id)
    {
        $book = $this->queries->findVisibleByIdOrFail(intval($id));
        $book = $this->forJsonDisplay($book);
-        $book->load(['createdBy', 'updatedBy', 'ownedBy']);
+        $book->load([
            'createdBy',
            'updatedBy',
            'ownedBy',
            'shelves' => function (BelongsToMany $query) {
                $query->select(['id', 'name', 'slug'])->scopes('visible');
            }
        ]);
        $contents = (new BookContents($book))->getTree(true, false)->all();
        $contentsApiData = (new ApiEntityListFormatter($contents))
--- a/app/Entities/Controllers/BookController.php
+++ b/app/Entities/Controllers/BookController.php
@@ -224,9 +224,14 @@ class BookController extends Controller
    {
        $book = $this->queries->findVisibleBySlugOrFail($bookSlug);
        $this->checkOwnablePermission(Permission::BookDelete, $book);
        $contextShelf = $this->shelfContext->getContextualShelfForBook($book);
        $this->bookRepo->destroy($book);
        if ($contextShelf) {
            return redirect($contextShelf->getUrl());
        }
        return redirect('/books');
    }
--- a/app/Entities/Controllers/PageController.php
+++ b/app/Entities/Controllers/PageController.php
@@ -21,6 +21,8 @@ use BookStack\Exceptions\PermissionsException;
 use BookStack\Http\Controller;
 use BookStack\Permissions\Permission;
 use BookStack\References\ReferenceFetcher;
 use BookStack\Util\HtmlContentFilter;
 use BookStack\Util\HtmlContentFilterConfig;
 use Exception;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Http\Request;
@@ -173,7 +175,7 @@ class PageController extends Controller
    }
    /**
-     * Get page from an ajax request.
+     * Get a page from an ajax request.
     *
     * @throws NotFoundException
     */
@@ -183,6 +185,10 @@ class PageController extends Controller
        $page->setHidden(array_diff($page->getHidden(), ['html', 'markdown']));
        $page->makeHidden(['book']);
        $filterConfig = HtmlContentFilterConfig::fromConfigString(config('app.content_filtering'));
        $filter = new HtmlContentFilter($filterConfig);
        $page->html = $filter->filterString($page->html);
        return response()->json($page);
    }
--- a/app/Entities/Models/Bookshelf.php
+++ b/app/Entities/Models/Bookshelf.php
@@ -19,7 +19,7 @@ class Bookshelf extends Entity implements HasDescriptionInterface, HasCoverInter
    public float $searchFactor = 1.2;
-    protected $hidden = ['image_id', 'deleted_at', 'description_html', 'priority', 'default_template_id', 'sort_rule_id', 'entity_id', 'entity_type', 'chapter_id', 'book_id'];
+    protected $hidden = ['pivot', 'image_id', 'deleted_at', 'description_html', 'priority', 'default_template_id', 'sort_rule_id', 'entity_id', 'entity_type', 'chapter_id', 'book_id'];
    protected $fillable = ['name'];
    /**
--- a/app/Entities/Tools/EntityHtmlDescription.php
+++ b/app/Entities/Tools/EntityHtmlDescription.php
@@ -6,6 +6,7 @@ use BookStack\Entities\Models\Book;
 use BookStack\Entities\Models\Bookshelf;
 use BookStack\Entities\Models\Chapter;
 use BookStack\Util\HtmlContentFilter;
 use BookStack\Util\HtmlContentFilterConfig;
 class EntityHtmlDescription
 {
@@ -50,7 +51,13 @@ class EntityHtmlDescription
            return $html;
        }
-        return HtmlContentFilter::removeScriptsFromHtmlString($html);
+        $isEmpty = empty(trim(strip_tags($html)));
        if ($isEmpty) {
            return '<p></p>';
        }
        $filter = new HtmlContentFilter(new HtmlContentFilterConfig());
        return $filter->filterString($html);
    }
    public function getPlain(): string
--- a/app/Entities/Tools/PageContent.php
+++ b/app/Entities/Tools/PageContent.php
@@ -2,6 +2,7 @@
 namespace BookStack\Entities\Tools;
 use BookStack\App\AppVersion;
 use BookStack\Entities\Models\Page;
 use BookStack\Entities\Queries\PageQueries;
 use BookStack\Entities\Tools\Markdown\MarkdownToHtml;
@@ -13,6 +14,7 @@ use BookStack\Uploads\ImageRepo;
 use BookStack\Uploads\ImageService;
 use BookStack\Users\Models\User;
 use BookStack\Util\HtmlContentFilter;
 use BookStack\Util\HtmlContentFilterConfig;
 use BookStack\Util\HtmlDocument;
 use BookStack\Util\WebSafeMimeSniffer;
 use Closure;
@@ -317,11 +319,30 @@ class PageContent
            $this->updateIdsRecursively($doc->getBody(), 0, $idMap, $changeMap);
        }
-        if (!config('app.allow_content_scripts')) {
+        $cacheKey = $this->getContentCacheKey($doc->getBodyInnerHtml());
-            HtmlContentFilter::removeScriptsFromDocument($doc);
+        $cached = cache()->get($cacheKey, null);
        if ($cached !== null) {
            return $cached;
        }
-        return $doc->getBodyInnerHtml();
+        $filterConfig = HtmlContentFilterConfig::fromConfigString(config('app.content_filtering'));
        $filter = new HtmlContentFilter($filterConfig);
        $filtered = $filter->filterDocument($doc);
        $cacheTime = 86400 * 7; // 1 week
        cache()->put($cacheKey, $filtered, $cacheTime);
        return $filtered;
    }
    protected function getContentCacheKey(string $html): string
    {
        $contentHash = md5($html);
        $contentId = $this->page->id;
        $contentTime = $this->page->updated_at?->timestamp ?? time();
        $appVersion = AppVersion::get();
        $filterConfig = config('app.content_filtering') ?? '';
        return "page-content-cache::{$filterConfig}::{$appVersion}::{$contentId}::{$contentTime}::{$contentHash}";
    }
    /**
--- a/app/Entities/Tools/PageEditorData.php
+++ b/app/Entities/Tools/PageEditorData.php
@@ -8,6 +8,8 @@ use BookStack\Entities\Queries\EntityQueries;
 use BookStack\Entities\Tools\Markdown\HtmlToMarkdown;
 use BookStack\Entities\Tools\Markdown\MarkdownToHtml;
 use BookStack\Permissions\Permission;
 use BookStack\Util\HtmlContentFilter;
 use BookStack\Util\HtmlContentFilterConfig;
 class PageEditorData
 {
@@ -47,6 +49,7 @@ class PageEditorData
        $isDraftRevision = false;
        $this->warnings = [];
        $editActivity = new PageEditActivity($page);
        $lastEditorId = $page->updated_by ?? user()->id;
        if ($editActivity->hasActiveEditing()) {
            $this->warnings[] = $editActivity->activeEditingMessage();
@@ -58,11 +61,20 @@ class PageEditorData
            $page->forceFill($userDraft->only(['name', 'html', 'markdown']));
            $isDraftRevision = true;
            $this->warnings[] = $editActivity->getEditingActiveDraftMessage($userDraft);
            $lastEditorId = $userDraft->created_by;
        }
        // Get editor type and handle changes
        $editorType = $this->getEditorType($page);
        $this->updateContentForEditor($page, $editorType);
        // Filter HTML content if required
        if ($editorType->isHtmlBased() && !old('html') && $lastEditorId !== user()->id) {
            $filterConfig = HtmlContentFilterConfig::fromConfigString(config('app.content_filtering'));
            $filter = new HtmlContentFilter($filterConfig);
            $page->html = $filter->filterString($page->html);
        }
        return [
            'page'            => $page,
            'book'            => $page->book,
--- a/app/Http/Middleware/ApiAuthenticate.php
+++ b/app/Http/Middleware/ApiAuthenticate.php
@@ -17,7 +17,7 @@ class ApiAuthenticate
    public function handle(Request $request, Closure $next)
    {
        // Validate the token and it's users API access
-        $this->ensureAuthorizedBySessionOrToken();
+        $this->ensureAuthorizedBySessionOrToken($request);
        return $next($request);
    }
@@ -28,22 +28,28 @@ class ApiAuthenticate
     *
     * @throws ApiAuthException
     */
-    protected function ensureAuthorizedBySessionOrToken(): void
+    protected function ensureAuthorizedBySessionOrToken(Request $request): void
    {
-        // Return if the user is already found to be signed in via session-based auth.
+        // Use the active user session already exists.
-        // This is to make it easy to browser the API via browser after just logging into the system.
+        // This is to make it easy to explore API endpoints via the UI.
-        if (!user()->isGuest() || session()->isStarted()) {
+        if (session()->isStarted()) {
            // Ensure the user has API access permission
            if (!$this->sessionUserHasApiAccess()) {
                throw new ApiAuthException(trans('errors.api_user_no_api_permission'), 403);
            }
            // Only allow GET requests for cookie-based API usage
            if ($request->method() !== 'GET') {
                throw new ApiAuthException(trans('errors.api_cookie_auth_only_get'), 403);
            }
            return;
        }
        // Set our api guard to be the default for this request lifecycle.
        auth()->shouldUse('api');
-        // Validate the token and it's users API access
+        // Validate the token and its users API access
        auth()->authenticate();
    }
--- a/app/Theming/CustomHtmlHeadContentProvider.php
+++ b/app/Theming/CustomHtmlHeadContentProvider.php
@@ -4,25 +4,16 @@ namespace BookStack\Theming;
 use BookStack\Util\CspService;
 use BookStack\Util\HtmlContentFilter;
 use BookStack\Util\HtmlContentFilterConfig;
 use BookStack\Util\HtmlNonceApplicator;
 use Illuminate\Contracts\Cache\Repository as Cache;
 class CustomHtmlHeadContentProvider
 {
-    /**
+    public function __construct(
-     * @var CspService
+        protected CspService $cspService,
-     */
+        protected Cache $cache
-    protected $cspService;
+    ) {
    /**
     * @var Cache
     */
    protected $cache;
    public function __construct(CspService $cspService, Cache $cache)
    {
        $this->cspService = $cspService;
        $this->cache = $cache;
    }
    /**
@@ -50,7 +41,8 @@ class CustomHtmlHeadContentProvider
        $hash = md5($content);
        return $this->cache->remember('custom-head-export:' . $hash, 86400, function () use ($content) {
-            return HtmlContentFilter::removeScriptsFromHtmlString($content);
+            $config = new HtmlContentFilterConfig(filterOutNonContentElements: false, useAllowListFilter: false);
            return (new HtmlContentFilter($config))->filterString($content);
        });
    }
--- a/app/Theming/ThemeController.php
+++ b/app/Theming/ThemeController.php
@@ -5,21 +5,22 @@ namespace BookStack\Theming;
 use BookStack\Facades\Theme;
 use BookStack\Http\Controller;
 use BookStack\Util\FilePathNormalizer;
 use Symfony\Component\HttpFoundation\StreamedResponse;
 class ThemeController extends Controller
 {
    /**
     * Serve a public file from the configured theme.
     */
-    public function publicFile(string $theme, string $path)
+    public function publicFile(string $theme, string $path): StreamedResponse
    {
        $cleanPath = FilePathNormalizer::normalize($path);
        if ($theme !== Theme::getTheme() || !$cleanPath) {
            abort(404);
        }
-        $filePath = theme_path("public/{$cleanPath}");
+        $filePath = Theme::findFirstFile("public/{$cleanPath}");
-        if (!file_exists($filePath)) {
+        if (!$filePath) {
            abort(404);
        }
--- a/app/Theming/ThemeEvents.php
+++ b/app/Theming/ThemeEvents.php
@@ -134,6 +134,16 @@ class ThemeEvents
     */
    const ROUTES_REGISTER_WEB_AUTH = 'routes_register_web_auth';
    /**
     * Theme register views event.
     * Called by the theme system when a theme is active, so that custom view templates can be registered
     * to be rendered in addition to existing app views.
     *
     * @param \BookStack\Theming\ThemeViews $themeViews
     */
    const THEME_REGISTER_VIEWS = 'theme_register_views';
    /**
     * Web before middleware action.
     * Runs before the request is handled but after all other middleware apart from those
--- a/app/Theming/ThemeModule.php
+++ b/app/Theming/ThemeModule.php
@@ -0,0 +1,59 @@
 <?php
 namespace BookStack\Theming;
 readonly class ThemeModule
 {
    public function __construct(
        public string $name,
        public string $description,
        public string $version,
        public string $folderName,
    ) {
    }
    /**
     * Create a ThemeModule instance from JSON data.
     *
     * @throws ThemeModuleException
     */
    public static function fromJson(array $data, string $folderName): self
    {
        if (empty($data['name']) || !is_string($data['name'])) {
            throw new ThemeModuleException("Module in folder \"{$folderName}\" is missing a valid 'name' property");
        }
        if (!isset($data['description']) || !is_string($data['description'])) {
            throw new ThemeModuleException("Module in folder \"{$folderName}\" is missing a valid 'description' property");
        }
        if (!isset($data['version']) || !is_string($data['version'])) {
            throw new ThemeModuleException("Module in folder \"{$folderName}\" is missing a valid 'version' property");
        }
        if (!preg_match('/^v?\d+\.\d+\.\d+(-.*)?$/', $data['version'])) {
            throw new ThemeModuleException("Module in folder \"{$folderName}\" has an invalid 'version' format. Expected semantic version format like '1.0.0' or 'v1.0.0'");
        }
        return new self(
            name: $data['name'],
            description: $data['description'],
            version: $data['version'],
            folderName: $folderName,
        );
    }
    /**
     * Get a path for a file within this module.
     */
    public function path($path = ''): string
    {
        $component = trim($path, '/');
        return theme_path("modules/{$this->folderName}/{$component}");
    }
    public function getVersion(): string
    {
        return str_starts_with($this->version, 'v') ? $this->version : 'v' . $this->version;
    }
 }
--- a/app/Theming/ThemeModuleException.php
+++ b/app/Theming/ThemeModuleException.php
@@ -0,0 +1,7 @@
 <?php
 namespace BookStack\Theming;
 class ThemeModuleException extends \Exception
 {
 }
--- a/app/Theming/ThemeModuleManager.php
+++ b/app/Theming/ThemeModuleManager.php
@@ -0,0 +1,133 @@
 <?php
 namespace BookStack\Theming;
 use Illuminate\Support\Str;
 class ThemeModuleManager
 {
    /** @var array<string, ThemeModule>|null */
    protected array|null $loadedModules = null;
    public function __construct(
        protected string $modulesFolderPath
    ) {
    }
    /**
     * @return array<string, ThemeModule>
     */
    public function getByName(string $name): array
    {
        return array_filter($this->load(), fn(ThemeModule $module) => $module->name === $name);
    }
    public function deleteModuleFolder(string $moduleFolderName): void
    {
        $modules = $this->load();
        $module = $modules[$moduleFolderName] ?? null;
        if (!$module) {
            return;
        }
        $moduleFolderPath = $module->path('');
        if (!file_exists($moduleFolderPath)) {
            return;
        }
        $this->deleteDirectoryRecursively($moduleFolderPath);
        unset($this->loadedModules[$moduleFolderName]);
    }
    /**
     * @throws ThemeModuleException
     */
    public function addFromZip(string $name, ThemeModuleZip $zip): ThemeModule
    {
        $baseFolderName = Str::limit(Str::slug($name), 20);
        $folderName = $baseFolderName;
        while (!$baseFolderName || file_exists($this->modulesFolderPath . DIRECTORY_SEPARATOR . $folderName)) {
            $folderName = ($baseFolderName ?: 'mod') . '-' . Str::random(4);
        }
        $folderPath = $this->modulesFolderPath . DIRECTORY_SEPARATOR . $folderName;
        $zip->extractTo($folderPath);
        $module = $this->loadFromFolder($folderName);
        if (!$module) {
            throw new ThemeModuleException("Failed to load module from zip file after extraction");
        }
        return $module;
    }
    protected function deleteDirectoryRecursively(string $path): void
    {
        $items = array_diff(scandir($path), ['.', '..']);
        foreach ($items as $item) {
            $itemPath = $path . DIRECTORY_SEPARATOR . $item;
            if (is_dir($itemPath)) {
                $this->deleteDirectoryRecursively($itemPath);
            } else {
                $deleted = unlink($itemPath);
                if (!$deleted) {
                    throw new ThemeModuleException("Failed to delete file at \"{$itemPath}\"");
                }
            }
        }
        rmdir($path);
    }
    public function load(): array
    {
        if ($this->loadedModules !== null) {
            return $this->loadedModules;
        }
        if (!is_dir($this->modulesFolderPath)) {
            return [];
        }
        $subFolders = array_filter(scandir($this->modulesFolderPath), function ($item) {
            return $item !== '.' && $item !== '..' && is_dir($this->modulesFolderPath . DIRECTORY_SEPARATOR . $item);
        });
        $modules = [];
        foreach ($subFolders as $folderName) {
            $module = $this->loadFromFolder($folderName);
            if ($module) {
                $modules[$folderName] = $module;
            }
        }
        $this->loadedModules = $modules;
        return $modules;
    }
    protected function loadFromFolder(string $folderName): ThemeModule|null
    {
        $moduleJsonFile = $this->modulesFolderPath . DIRECTORY_SEPARATOR . $folderName . DIRECTORY_SEPARATOR . 'bookstack-module.json';
        if (!file_exists($moduleJsonFile)) {
            return null;
        }
        try {
            $jsonContent = file_get_contents($moduleJsonFile);
            $jsonData = json_decode($jsonContent, true);
            if (json_last_error() !== JSON_ERROR_NONE) {
                throw new ThemeModuleException("Invalid JSON in module file at \"{$moduleJsonFile}\": " . json_last_error_msg());
            }
            $module = ThemeModule::fromJson($jsonData, $folderName);
        } catch (ThemeModuleException $exception) {
            throw $exception;
        } catch (\Exception $exception) {
            throw new ThemeModuleException("Failed loading module from \"{$moduleJsonFile}\" with error: {$exception->getMessage()}");
        }
        return $module;
    }
 }
--- a/app/Theming/ThemeModuleZip.php
+++ b/app/Theming/ThemeModuleZip.php
@@ -0,0 +1,98 @@
 <?php
 namespace BookStack\Theming;
 use ZipArchive;
 readonly class ThemeModuleZip
 {
    public function __construct(
        protected string $path
    ) {
    }
    public function extractTo(string $destinationPath): void
    {
        $zip = new ZipArchive();
        $zip->open($this->path);
        $zip->extractTo($destinationPath);
        $zip->close();
    }
    /**
     * Read the module's JSON metadata to read it into a ThemeModule instance.
     * @throws ThemeModuleException
     */
    public function getModuleInstance(): ThemeModule
    {
        $zip = new ZipArchive();
        $open = $zip->open($this->path);
        if ($open !== true) {
            throw new ThemeModuleException("Unable to open zip file at {$this->path}");
        }
        $moduleJsonText = $zip->getFromName('bookstack-module.json');
        $zip->close();
        if ($moduleJsonText === false) {
            throw new ThemeModuleException("bookstack-module.json not found within module ZIP at {$this->path}");
        }
        $moduleJson = json_decode($moduleJsonText, true);
        if ($moduleJson === null) {
            throw new ThemeModuleException("Could not read JSON from bookstack-module.json within module ZIP at {$this->path}");
        }
        return ThemeModule::fromJson($moduleJson, '_temp');
    }
    /**
     * Get the path to the zip file.
     */
    public function getPath(): string
    {
        return $this->path;
    }
    /**
     * Check if the zip file exists and that it appears to be a valid zip file.
     */
    public function exists(): bool
    {
        if (!file_exists($this->path)) {
            return false;
        }
        $zip = new ZipArchive();
        $open = $zip->open($this->path, ZipArchive::RDONLY);
        if ($open === true) {
            $zip->close();
            return true;
        }
        return false;
    }
    /**
     * Get the total size of the zip file contents when uncompressed.
     */
    public function getContentsSize(): int
    {
        $zip = new ZipArchive();
        if ($zip->open($this->path) !== true) {
            return 0;
        }
        $totalSize = 0;
        for ($i = 0; $i < $zip->numFiles; $i++) {
            $stat = $zip->statIndex($i);
            if ($stat !== false) {
                $totalSize += $stat['size'];
            }
        }
        $zip->close();
        return $totalSize;
    }
 }
--- a/app/Theming/ThemeService.php
+++ b/app/Theming/ThemeService.php
@@ -6,6 +6,7 @@ use BookStack\Access\SocialDriverManager;
 use BookStack\Exceptions\ThemeException;
 use Illuminate\Console\Application;
 use Illuminate\Console\Application as Artisan;
 use Illuminate\View\FileViewFinder;
 use Symfony\Component\Console\Command\Command;
 class ThemeService
@@ -15,6 +16,11 @@ class ThemeService
     */
    protected array $listeners = [];
    /**
     * @var array<string, ThemeModule>
     */
    protected array $modules = [];
    /**
     * Get the currently configured theme.
     * Returns an empty string if not configured.
@@ -76,20 +82,71 @@ class ThemeService
    }
    /**
-     * Read any actions from the set theme path if the 'functions.php' file exists.
+     * Read any actions from the 'functions.php' file of the active theme or its modules.
     */
    public function readThemeActions(): void
    {
-        $themeActionsFile = theme_path('functions.php');
+        $moduleFunctionFiles = array_map(function (ThemeModule $module): string {
-        if ($themeActionsFile && file_exists($themeActionsFile)) {
+            return $module->path('functions.php');
        }, $this->modules);
        $allFunctionFiles = array_merge(array_values($moduleFunctionFiles), [theme_path('functions.php')]);
        $filteredFunctionFiles = array_filter($allFunctionFiles, function (string $file): bool {
            return $file && file_exists($file);
        });
        foreach ($filteredFunctionFiles as $functionFile) {
            try {
-                require $themeActionsFile;
+                require $functionFile;
            } catch (\Error $exception) {
-                throw new ThemeException("Failed loading theme functions file at \"{$themeActionsFile}\" with error: {$exception->getMessage()}");
+                throw new ThemeException("Failed loading theme functions file at \"{$functionFile}\" with error: {$exception->getMessage()}");
            }
        }
    }
    /**
     * Read the modules folder and load in any valid theme modules.
     * @throws ThemeModuleException
     */
    public function loadModules(): void
    {
        $modulesFolder = theme_path('modules');
        if (!$modulesFolder) {
            return;
        }
        $this->modules = (new ThemeModuleManager($modulesFolder))->load();
    }
    /**
     * Get all loaded theme modules.
     * @return array<string, ThemeModule>
     */
    public function getModules(): array
    {
        return $this->modules;
    }
    /**
     * Look for a specific file within the theme or its modules.
     * Returns the first file found or null if not found.
     */
    public function findFirstFile(string $path): ?string
    {
        $themePath = theme_path($path);
        if (file_exists($themePath)) {
            return $themePath;
        }
        foreach ($this->modules as $module) {
            $customizedFile = $module->path($path);
            if (file_exists($customizedFile)) {
                return $customizedFile;
            }
        }
        return null;
    }
    /**
     * @see SocialDriverManager::addSocialDriver
     */
--- a/app/Theming/ThemeViews.php
+++ b/app/Theming/ThemeViews.php
@@ -0,0 +1,115 @@
 <?php
 namespace BookStack\Theming;
 use BookStack\Exceptions\ThemeException;
 use Illuminate\View\FileViewFinder;
 class ThemeViews
 {
    /**
     * @var array<string, array<string, int>>
     */
    protected array $beforeViews = [];
    /**
     * @var array<string, array<string, int>>
     */
    protected array $afterViews = [];
    public function __construct(
        protected FileViewFinder $finder
    ) {
    }
    /**
     * Register any extra paths for where we may expect views to be located
     * with the FileViewFinder, to make custom views available for use.
     * @param ThemeModule[] $modules
     */
    public function registerViewPathsForTheme(array $modules): void
    {
        foreach ($modules as $module) {
            $moduleViewsPath = $module->path('views');
            if (file_exists($moduleViewsPath) && is_dir($moduleViewsPath)) {
                $this->finder->prependLocation($moduleViewsPath);
            }
        }
        $this->finder->prependLocation(theme_path());
    }
    /**
     * Provide the response for a blade template view include.
     */
    public function handleViewInclude(string $viewPath, array $data = [], array $mergeData = []): string
    {
        if (!$this->hasRegisteredViews()) {
            return view()->make($viewPath, $data, $mergeData)->render();
        }
        if (str_contains('book-tree', $viewPath)) {
            dd($viewPath, $data);
        }
        $viewsContent = [
            ...$this->renderViewSets($this->beforeViews[$viewPath] ?? [], $data, $mergeData),
            view()->make($viewPath, $data, $mergeData)->render(),
            ...$this->renderViewSets($this->afterViews[$viewPath] ?? [], $data, $mergeData),
        ];
        return implode("\n", $viewsContent);
    }
    /**
     * Register a custom view to be rendered before the given target view is included in the template system.
     */
    public function renderBefore(string $targetView, string $localView, int $priority = 50): void
    {
        $this->registerAdjacentView($this->beforeViews, $targetView, $localView, $priority);
    }
    /**
     * Register a custom view to be rendered after the given target view is included in the template system.
     */
    public function renderAfter(string $targetView, string $localView, int $priority = 50): void
    {
        $this->registerAdjacentView($this->afterViews, $targetView, $localView, $priority);
    }
    public function hasRegisteredViews(): bool
    {
        return !empty($this->beforeViews) || !empty($this->afterViews);
    }
    protected function registerAdjacentView(array &$location, string $targetView, string $localView, int $priority = 50): void
    {
        try {
            $viewPath = $this->finder->find($localView);
        } catch (\InvalidArgumentException $exception) {
            throw new ThemeException("Expected registered view file with name \"{$localView}\" could not be found.");
        }
        if (!isset($location[$targetView])) {
            $location[$targetView] = [];
        }
        $location[$targetView][$viewPath] = $priority;
    }
    /**
     * @param array<string, int> $viewSet
     * @return string[]
     */
    protected function renderViewSets(array $viewSet, array $data, array $mergeData): array
    {
        $paths = array_keys($viewSet);
        usort($paths, function (string $a, string $b) use ($viewSet) {
            return $viewSet[$a] <=> $viewSet[$b];
        });
        return array_map(function (string $viewPath) use ($data, $mergeData) {
            return view()->file($viewPath, $data, $mergeData)->render();
        }, $paths);
    }
 }
--- a/app/Translation/FileLoader.php
+++ b/app/Translation/FileLoader.php
@@ -2,6 +2,7 @@
 namespace BookStack\Translation;
 use BookStack\Facades\Theme;
 use Illuminate\Translation\FileLoader as BaseLoader;
 class FileLoader extends BaseLoader
@@ -12,11 +13,6 @@ class FileLoader extends BaseLoader
     * Extends Laravel's translation FileLoader to look in multiple directories
     * so that we can load in translation overrides from the theme file if wanted.
     *
     * Note: As of using Laravel 10, this may now be redundant since Laravel's
     * file loader supports multiple paths. This needs further testing though
     * to confirm if Laravel works how we expect, since we specifically need
     * the theme folder to be able to partially override core lang files.
     *
     * @param string      $locale
     * @param string      $group
     * @param string|null $namespace
@@ -32,9 +28,18 @@ class FileLoader extends BaseLoader
        if (is_null($namespace) || $namespace === '*') {
            $themePath = theme_path('lang');
            $themeTranslations = $themePath ? $this->loadPaths([$themePath], $locale, $group) : [];
            $originalTranslations = $this->loadPaths($this->paths, $locale, $group);
-            return array_merge($originalTranslations, $themeTranslations);
+            $modules = Theme::getModules();
            $moduleTranslations = [];
            foreach ($modules as $module) {
                $modulePath = $module->path('lang');
                if (file_exists($modulePath)) {
                    $moduleTranslations = array_merge($moduleTranslations, $this->loadPaths([$modulePath], $locale, $group));
                }
            }
            $originalTranslations = $this->loadPaths($this->paths, $locale, $group);
            return array_merge($originalTranslations, $moduleTranslations, $themeTranslations);
        }
        return $this->loadNamespaced($locale, $group, $namespace);
--- a/app/Util/ConfiguredHtmlPurifier.php
+++ b/app/Util/ConfiguredHtmlPurifier.php
@@ -0,0 +1,150 @@
 <?php
 namespace BookStack\Util;
 use BookStack\App\AppVersion;
 use HTMLPurifier;
 use HTMLPurifier_Config;
 use HTMLPurifier_DefinitionCache_Serializer;
 use HTMLPurifier_HTML5Config;
 use HTMLPurifier_HTMLDefinition;
 /**
 * Provides a configured HTML Purifier instance.
 * https://github.com/ezyang/htmlpurifier
 * Also uses this to extend support to HTML5 elements:
 * https://github.com/xemlock/htmlpurifier-html5
 */
 class ConfiguredHtmlPurifier
 {
    protected HTMLPurifier $purifier;
    protected static bool $cachedChecked = false;
    public function __construct()
    {
        // This is done by the web-server at run-time, with the existing
        // storage/framework/cache folder to ensure we're using a server-writable folder.
        $cachePath = storage_path('framework/cache/purifier');
        $this->createCacheFolderIfNeeded($cachePath);
        $config = HTMLPurifier_HTML5Config::createDefault();
        $this->setConfig($config, $cachePath);
        $this->resetCacheIfNeeded($config);
        $htmlDef = $config->getDefinition('HTML', true, true);
        if ($htmlDef instanceof HTMLPurifier_HTMLDefinition) {
            $this->configureDefinition($htmlDef);
        }
        $this->purifier = new HTMLPurifier($config);
    }
    protected function createCacheFolderIfNeeded(string $cachePath): void
    {
        if (!file_exists($cachePath)) {
            mkdir($cachePath, 0777, true);
        }
    }
    protected function resetCacheIfNeeded(HTMLPurifier_Config $config): void
    {
        if (self::$cachedChecked) {
            return;
        }
        $cachedForVersion = cache('htmlpurifier::cache-version');
        $appVersion = AppVersion::get();
        if ($cachedForVersion !== $appVersion) {
            foreach (['HTML', 'CSS', 'URI'] as $name) {
                $cache = new HTMLPurifier_DefinitionCache_Serializer($name);
                $cache->flush($config);
            }
            cache()->set('htmlpurifier::cache-version', $appVersion);
        }
        self::$cachedChecked = true;
    }
    protected function setConfig(HTMLPurifier_Config $config, string $cachePath): void
    {
        $config->set('Cache.SerializerPath', $cachePath);
        $config->set('Core.AllowHostnameUnderscore', true);
        $config->set('CSS.AllowTricky', true);
        $config->set('HTML.SafeIframe', true);
        $config->set('Attr.EnableID', true);
        $config->set('Attr.ID.HTML5', true);
        $config->set('Output.FixInnerHTML', false);
        $config->set('URI.SafeIframeRegexp', '%^(http://|https://|//)%');
        $config->set('URI.AllowedSchemes', [
            'http' => true,
            'https' => true,
            'mailto' => true,
            'ftp' => true,
            'nntp' => true,
            'news' => true,
            'tel' => true,
            'file' => true,
        ]);
         // $config->set('Cache.DefinitionImpl', null); // Disable cache during testing
    }
    public function configureDefinition(HTMLPurifier_HTMLDefinition $definition): void
    {
        // Allow the object element
        $definition->addElement(
            'object',
            'Inline',
            'Flow',
            'Common',
            [
                'data'   => 'URI',
                'type'   => 'Text',
                'width'  => 'Length',
                'height' => 'Length',
            ]
        );
        // Allow the embed element
        $definition->addElement(
            'embed',
            'Inline',
            'Empty',
            'Common',
            [
                'src'   => 'URI',
                'type'   => 'Text',
                'width'  => 'Length',
                'height' => 'Length',
            ]
        );
        // Allow checkbox inputs
        $definition->addElement(
            'input',
            'Formctrl',
            'Empty',
            'Common',
            [
                'checked' => 'Bool#checked',
                'disabled' => 'Bool#disabled',
                'name' => 'Text',
                'readonly' => 'Bool#readonly',
                'type' => 'Enum#checkbox',
                'value' => 'Text',
            ]
        );
        // Allow the drawio-diagram attribute on div elements
        $definition->addAttribute(
            'div',
            'drawio-diagram',
            'Number',
        );
    }
    public function purify(string $html): string
    {
        return $this->purifier->purify($html);
    }
 }
--- a/app/Util/CspService.php
+++ b/app/Util/CspService.php
@@ -65,7 +65,7 @@ class CspService
     */
    protected function getScriptSrc(): string
    {
-        if (config('app.allow_content_scripts')) {
+        if ($this->scriptFilteringDisabled()) {
            return '';
        }
@@ -108,7 +108,7 @@ class CspService
     */
    protected function getObjectSrc(): string
    {
-        if (config('app.allow_content_scripts')) {
+        if ($this->scriptFilteringDisabled()) {
            return '';
        }
@@ -124,6 +124,11 @@ class CspService
        return "base-uri 'self'";
    }
    protected function scriptFilteringDisabled(): bool
    {
        return !HtmlContentFilterConfig::fromConfigString(config('app.content_filtering'))->filterOutJavaScript;
    }
    protected function getAllowedIframeHosts(): array
    {
        $hosts = config('app.iframe_hosts') ?? '';
--- a/app/Util/HtmlContentFilter.php
+++ b/app/Util/HtmlContentFilter.php
@@ -8,10 +8,46 @@ use DOMNodeList;
 class HtmlContentFilter
 {
-    /**
+    public function __construct(
-     * Remove all the script elements from the given HTML document.
+        protected HtmlContentFilterConfig $config
-     */
+    ) {
-    public static function removeScriptsFromDocument(HtmlDocument $doc)
+    }
    public function filterDocument(HtmlDocument $doc): string
    {
        if ($this->config->filterOutJavaScript) {
            $this->filterOutScriptsFromDocument($doc);
        }
        if ($this->config->filterOutFormElements) {
            $this->filterOutFormElementsFromDocument($doc);
        }
        if ($this->config->filterOutBadHtmlElements) {
            $this->filterOutBadHtmlElementsFromDocument($doc);
        }
        if ($this->config->filterOutNonContentElements) {
            $this->filterOutNonContentElementsFromDocument($doc);
        }
        $filtered = $doc->getBodyInnerHtml();
        if ($this->config->useAllowListFilter) {
            $filtered = $this->applyAllowListFiltering($filtered);
        }
        return $filtered;
    }
    public function filterString(string $html): string
    {
        return $this->filterDocument(new HtmlDocument($html));
    }
    protected function applyAllowListFiltering(string $html): string
    {
        $purifier = new ConfiguredHtmlPurifier();
        return $purifier->purify($html);
    }
    protected function filterOutScriptsFromDocument(HtmlDocument $doc): void
    {
        // Remove standard script tags
        $scriptElems = $doc->queryXPath('//script');
@@ -21,21 +57,21 @@ class HtmlContentFilter
        $badLinks = $doc->queryXPath('//*[' . static::xpathContains('@href', 'javascript:') . ']');
        static::removeNodes($badLinks);
-        // Remove forms with calls to JavaScript URI
+        // Remove elements with form-like attributes with calls to JavaScript URI
        $badForms = $doc->queryXPath('//*[' . static::xpathContains('@action', 'javascript:') . '] | //*[' . static::xpathContains('@formaction', 'javascript:') . ']');
        static::removeNodes($badForms);
-        // Remove meta tag to prevent external redirects
+        // Remove data or JavaScript iFrames & embeds
        $metaTags = $doc->queryXPath('//meta[' . static::xpathContains('@content', 'url') . ']');
        static::removeNodes($metaTags);
        // Remove data or JavaScript iFrames
        $badIframes = $doc->queryXPath('//*[' . static::xpathContains('@src', 'data:') . '] | //*[' . static::xpathContains('@src', 'javascript:') . '] | //*[@srcdoc]');
        static::removeNodes($badIframes);
        // Remove data or JavaScript objects
        $badObjects = $doc->queryXPath('//*[' . static::xpathContains('@data', 'data:') . '] | //*[' . static::xpathContains('@data', 'javascript:') . ']');
        static::removeNodes($badObjects);
        // Remove attributes, within svg children, hiding JavaScript or data uris.
        // A bunch of svg element and attribute combinations expose xss possibilities.
-        // For example, SVG animate tag can exploit javascript in values.
+        // For example, SVG animate tag can exploit JavaScript in values.
        $badValuesAttrs = $doc->queryXPath('//svg//@*[' . static::xpathContains('.', 'data:') . '] | //svg//@*[' . static::xpathContains('.', 'javascript:') . ']');
        static::removeAttributes($badValuesAttrs);
@@ -49,23 +85,52 @@ class HtmlContentFilter
        static::removeAttributes($onAttributes);
    }
-    /**
+    protected function filterOutFormElementsFromDocument(HtmlDocument $doc): void
     * Remove scripts from the given HTML string.
     */
    public static function removeScriptsFromHtmlString(string $html): string
    {
-        if (empty($html)) {
+        // Remove form elements
-            return $html;
+        $formElements = ['form', 'fieldset', 'button', 'textarea', 'select'];
        foreach ($formElements as $formElement) {
            $matchingFormElements = $doc->queryXPath('//' . $formElement);
            static::removeNodes($matchingFormElements);
        }
-        $doc = new HtmlDocument($html);
+        // Remove non-checkbox inputs
-        static::removeScriptsFromDocument($doc);
+        $inputsToRemove = $doc->queryXPath('//input');
        /** @var DOMElement $input */
        foreach ($inputsToRemove as $input) {
            $type = strtolower($input->getAttribute('type'));
            if ($type !== 'checkbox') {
                $input->parentNode->removeChild($input);
            }
        }
-        return $doc->getBodyInnerHtml();
+        // Remove form attributes
        $formAttrs = ['form', 'formaction', 'formmethod', 'formtarget'];
        foreach ($formAttrs as $formAttr) {
            $matchingFormAttrs = $doc->queryXPath('//@' . $formAttr);
            static::removeAttributes($matchingFormAttrs);
        }
    }
    protected function filterOutBadHtmlElementsFromDocument(HtmlDocument $doc): void
    {
        // Remove meta tag to prevent external redirects
        $metaTags = $doc->queryXPath('//meta[' . static::xpathContains('@content', 'url') . ']');
        static::removeNodes($metaTags);
    }
    protected function filterOutNonContentElementsFromDocument(HtmlDocument $doc): void
    {
        // Remove non-content elements
        $formElements = ['link', 'style', 'meta', 'title', 'template'];
        foreach ($formElements as $formElement) {
            $matchingFormElements = $doc->queryXPath('//' . $formElement);
            static::removeNodes($matchingFormElements);
        }
    }
    /**
-     * Create a xpath contains statement with a translation automatically built within
+     * Create an x-path 'contains' statement with a translation automatically built within
     * to affectively search in a cases-insensitive manner.
     */
    protected static function xpathContains(string $property, string $value): string
@@ -99,4 +164,34 @@ class HtmlContentFilter
            $parentNode->removeAttribute($attrName);
        }
    }
    /**
     * Alias using the old method name to avoid potential compatibility breaks during patch release.
     * To remove in future feature release.
     * @deprecated Use filterDocument instead.
     */
    public static function removeScriptsFromDocument(HtmlDocument $doc): void
    {
        $config = new HtmlContentFilterConfig(
            filterOutNonContentElements: false,
            useAllowListFilter: false,
        );
        $filter = new self($config);
        $filter->filterDocument($doc);
    }
    /**
     * Alias using the old method name to avoid potential compatibility breaks during patch release.
     * To remove in future feature release.
     * @deprecated Use filterString instead.
     */
    public static function removeScriptsFromHtmlString(string $html): string
    {
        $config = new HtmlContentFilterConfig(
            filterOutNonContentElements: false,
            useAllowListFilter: false,
        );
        $filter = new self($config);
        return $filter->filterString($html);
    }
 }
--- a/app/Util/HtmlContentFilterConfig.php
+++ b/app/Util/HtmlContentFilterConfig.php
@@ -0,0 +1,31 @@
 <?php
 namespace BookStack\Util;
 readonly class HtmlContentFilterConfig
 {
    public function __construct(
        public bool $filterOutJavaScript = true,
        public bool $filterOutBadHtmlElements = true,
        public bool $filterOutFormElements = true,
        public bool $filterOutNonContentElements = true,
        public bool $useAllowListFilter = true,
    ) {
    }
    /**
     * Create an instance from a config string, where the string
     * is a combination of characters to enable filters.
     */
    public static function fromConfigString(string $config): self
    {
        $config = strtolower($config);
        return new self(
            filterOutJavaScript: str_contains($config, 'j'),
            filterOutBadHtmlElements: str_contains($config, 'h'),
            filterOutFormElements: str_contains($config, 'f'),
            filterOutNonContentElements: str_contains($config, 'h'),
            useAllowListFilter: str_contains($config, 'a'),
        );
    }
 }
--- a/app/Util/HtmlDocument.php
+++ b/app/Util/HtmlDocument.php
@@ -103,7 +103,13 @@ class HtmlDocument
     */
    public function getBody(): DOMNode
    {
-        return $this->document->getElementsByTagName('body')[0];
+        $bodies = $this->document->getElementsByTagName('body');
        if ($bodies->length === 0) {
            return new DOMElement('body', '');
        }
        return $bodies[0];
    }
    /**
--- a/app/Util/SvgIcon.php
+++ b/app/Util/SvgIcon.php
@@ -2,6 +2,8 @@
 namespace BookStack\Util;
 use BookStack\Facades\Theme;
 class SvgIcon
 {
    public function __construct(
@@ -23,12 +25,9 @@ class SvgIcon
            $attrString .= $attrName . '="' . $attr . '" ';
        }
-        $iconPath = resource_path('icons/' . $this->name . '.svg');
+        $defaultIconPath = resource_path('icons/' . $this->name . '.svg');
-        $themeIconPath = theme_path('icons/' . $this->name . '.svg');
+        $iconPath = Theme::findFirstFile("icons/{$this->name}.svg") ?? $defaultIconPath;
-
+        if (!file_exists($iconPath)) {
        if ($themeIconPath && file_exists($themeIconPath)) {
            $iconPath = $themeIconPath;
        } elseif (!file_exists($iconPath)) {
            return '';
        }
--- a/composer.json
+++ b/composer.json
@@ -19,6 +19,7 @@
        "ext-zip": "*",
        "bacon/bacon-qr-code": "^3.0",
        "dompdf/dompdf": "^3.1",
        "ezyang/htmlpurifier": "^4.19",
        "guzzlehttp/guzzle": "^7.4",
        "intervention/image": "^3.5",
        "knplabs/knp-snappy": "^1.5",
@@ -38,7 +39,8 @@
        "socialiteproviders/microsoft-azure": "^5.1",
        "socialiteproviders/okta": "^4.2",
        "socialiteproviders/twitch": "^5.3",
-        "ssddanbrown/htmldiff": "^2.0.0"
+        "ssddanbrown/htmldiff": "^2.0.0",
        "xemlock/htmlpurifier-html5": "^0.1.12"
    },
    "require-dev": {
        "fakerphp/faker": "^1.21",
--- a/composer.lock
+++ b/composer.lock
--- a/dev/docs/logical-theme-system.md
+++ b/dev/docs/logical-theme-system.md
@@ -99,6 +99,41 @@ Theme::listen(ThemeEvents::APP_BOOT, function($app) {
 });
 ```
 ## Custom View Registration Example
 Using the logical theme system, you can register custom views to be rendered before/after other existing views, providing a flexible way to add content without needing to override and/or replicate existing content. This is done by listening to the `THEME_REGISTER_VIEWS`.
 **Note:** You don't need to use this to override existing views, or register whole new main views to use, since that's done automatically based on their existence. This is just for advanced capabilities like inserting before/after existing views.
 This event provides a `ThemeViews` instance which has the following methods made available:
 - `renderBefore(string $targetView, string $localView, int $priority)`
 - `renderAfter(string $targetView, string $localView, int $priority)`
 The target view is the name of that which we want to insert our custom view relative to.
 The local view is the name of the view we want to add and render.
 The priority provides a suggestion to the ordering of view display, with lower numbers being shown first. This defaults to 50 if not provided.
 Here's an example of this in use:
 ```php
 <?php
 use BookStack\Facades\Theme;
 use BookStack\Theming\ThemeEvents;
 use BookStack\Theming\ThemeViews;
 Theme::listen(ThemeEvents::THEME_REGISTER_VIEWS, function (ThemeViews $themeViews) {
    $themeViews->renderBefore('layouts.parts.header', 'welcome-banner', 4);
    $themeViews->renderAfter('layouts.parts.header', 'information-alert');
    $themeViews->renderAfter('layouts.parts.header', 'additions.password-notice', 20);
 });
 ```
 In this example, we're inserting custom views before and after the main header bar.
 BookStack will look for a `welcome-banner.blade.php` file within our theme folder (or a theme module view folder) to render before the header. It'll look for the `information-alert.blade.php` and `additions/password-notice.blade.php` views to render afterwards.
 The password notice will be shown above the information alert view, since it has a specified priority of 20, whereas the information alert view would default to a priority of 50.
 ## Custom Command Registration Example
 The logical theme system supports adding custom [artisan commands](https://laravel.com/docs/8.x/artisan) to BookStack.
--- a/dev/docs/theme-system-modules.md
+++ b/dev/docs/theme-system-modules.md
@@ -0,0 +1,71 @@
 # Theme System Modules
 A theme system module is a collection of customizations using the [visual](visual-theme-system.md) and [logical](logical-theme-system.md) theme systems, provided along with some metadata, that can be installed alongside other modules within a theme. They can effectively be thought of as "plugins" or "extensions" that can be applied in addition to any customizations in the active theme.
 ### Module Location
 Modules are contained within a folder themselves, which should be located inside a `modules` folder within a [BookStack theme folder](visual-theme-system.md#getting-started). 
 As an example, starting from the `themes/` top-level folder of a BookStack instance:
 ```txt
 themes
 └── my-theme
    └── modules
        ├── module-a
        │   └── bookstack-module.json
        └── module-b
            └── bookstack-module.json
 ```
 ### Module Format
 A module exists as a folder in the location [as detailed above](#module-location).
 The content within the module folder should then follow this format:
 - `bookstack-module.json` - REQUIRED - A JSON file containing [the metadata](#module-json-metadata) for the module.
 - `functions.php` - OPTIONAL - A PHP file containing code for the [logical theme system](logical-theme-system.md).
 - `icons/` - OPTIONAL - A folder containing any icons to use as per [the visual theme system](visual-theme-system.md#customizing-icons).
 - `lang/` - OPTIONAL - A folder containing any language files to use as per [the visual theme system](visual-theme-system.md#customizing-text-content).
 - `public/` - OPTIONAL - A folder containing any files to expose into public web-space as per [the visual theme system](visual-theme-system.md#publicly-accessible-files).
 - `views/` - OPTIONAL - A folder containing any view additions or overrides as per [the visual theme system](visual-theme-system.md#customizing-view-files).
 You can create additional directories/files for your own needs within the module, but ideally name them something unique to prevent conflicts with the above structure.
 ### Module JSON Metadata
 Modules are required to have a `bookstack-module.json` file in the top level directory of the module.
 This must be a JSON file with the following properties:
 - `name` - string - An (ideally unique) name for the module.
 - `description` - string - A short description of the module.
 - `version` - string - A string version number generally following [semantic versioning](https://semver.org/).
  - Examples: `v0.4.0`, `4.3.12`,  `v0.1.0-beta4`.
 ### Customization Order/Precedence
 It's possible that multiple modules may override/customize the same content.
 Right now, there's no assurance in regard to the order in which modules may be loaded.
 Generally they will be used/searched in order of their module folder name, but this is not assured and should not be relied upon.
 It's also possible that modules customize the same content as the configured theme.
 In this scenario, the theme takes precedence. Modules are designed to be more portable and instance abstract, whereas the theme folder would typically be specific to the instance. 
 This allows the theme to be used to customize or override module content for the BookStack instance, without altering the module code itself.
 ### Module Best Practices
 Here are some general best practices when it comes to creating modules:
 - Use a unique name and clear description so the user can understand the purpose of the module.
 - Increment the metadata version on change, keeping to [semver](https://semver.org/) to indicate compatibility of new versions.
 - Where possible, prefer to [insert views before/after](logical-theme-system.md#custom-view-registration-example) instead of overriding existing views, to reduce likelihood of conflicts or update troubles.
 - When using/registering custom views, use some level of unique namespacing within the view path to prevent potential conflicts with other customizations.
  - For example, I may store a view within my module as `views/my-module-name-welcome.blade.php`, to be registered as 'my-module-name-welcome'.
  - This is important since views may be resolved from other modules or the active theme, which may/will override your module level view.
 ### Distribution Format
 Modules are expected to be distributed as a compressed ZIP file, where the ZIP contents follow that of a module folder.
 BookStack provides a `php artisan bookstack:install-module` command which allows modules to be installed from these ZIP files, either from a local path or from a web URL.
 Currently, there's a hardcoded total filesize limit of 50MB for module contents installed via this method.
 There is not yet any direct update mechanism for modules, although this is something we may introduce in the future.
--- a/dev/docs/visual-theme-system.md
+++ b/dev/docs/visual-theme-system.md
@@ -4,7 +4,7 @@ BookStack allows visual customization via the theme system which enables you to
 This is part of the theme system alongside the [logical theme system](./logical-theme-system.md).
-**Note:** This theme system itself is maintained and supported but usages of this system, including the files you are able to override, are not considered stable and may change upon any update. You should test any customizations made after updates.
+**Note:** This theme system itself is maintained and supported, but usages of this system, including the files you are able to override, are not considered stable and may change upon any update. You should test any customizations made after updates.
 ## Getting Started
@@ -18,6 +18,9 @@ You'll need to tell BookStack to use your theme via the `APP_THEME` option in yo
 Content placed in your `themes/<theme_name>/` folder will override the original view files found in the `resources/views` folder. These files are typically [Laravel Blade](https://laravel.com/docs/10.x/blade) files.
 As an example, I could override the `resources/views/books/parts/list-item.blade.php` file with my own template at the path `themes/<theme_name>/books/parts/list-item.blade.php`. 
 In addition to overriding original views, this could be used to add new views for use via the [logical theme system](logical-theme-system.md).
 By using the `THEME_REGISTER_VIEWS` logical event, you can also register your views to be rendered before/after existing views. An example of this can be found in our [logical theme guidance](logical-theme-system.md#custom-view-registration-example).
 ## Customizing Icons
 SVG files placed in a `themes/<theme_name>/icons` folder will override any icons of the same name within `resources/icons`. You'd typically want to follow the format convention of the existing icons, where no XML deceleration is included and no width & height attributes are set, to ensure optimal compatibility. 
@@ -50,7 +53,7 @@ configured application theme.
 There are some considerations to these publicly served files:
- Only a predetermined range "web safe" content-types are currently served.
+- Only a predetermined range of "web safe" content-types are currently served.
  - This limits running into potential insecure scenarios in serving problematic file types.
 - A static 1-day cache time it set on files served from this folder.
  - You can use alternative cache-breaking techniques (change of query string) upon changes if needed. 
--- a/dev/licensing/php-library-licenses.txt
+++ b/dev/licensing/php-library-licenses.txt
@@ -98,6 +98,13 @@ Copyright: Copyright (c) 2013-2023 Eduardo Gulias Davis
 Source: https://github.com/egulias/EmailValidator.git
 Link: https://github.com/egulias/EmailValidator
 -----------
 ezyang/htmlpurifier
 License: LGPL-2.1-or-later
 License File: vendor/ezyang/htmlpurifier/LICENSE
 Copyright: Copyright (C) 1991, 1999 Free Software Foundation, Inc.
 Source: https://github.com/ezyang/htmlpurifier.git
 Link: http://htmlpurifier.org/
 -----------
 firebase/php-jwt
 License: BSD-3-Clause
 License File: vendor/firebase/php-jwt/LICENSE
@@ -237,21 +244,21 @@ Link: https://config.thephpleague.com
 league/flysystem
 License: MIT
 License File: vendor/league/flysystem/LICENSE
-Copyright: Copyright (c) 2013-2024 Frank de Jonge
+Copyright: Copyright (c) 2013-2026 Frank de Jonge
 Source: https://github.com/thephpleague/flysystem.git
 Link: https://github.com/thephpleague/flysystem.git
 -----------
 league/flysystem-aws-s3-v3
 License: MIT
 License File: vendor/league/flysystem-aws-s3-v3/LICENSE
-Copyright: Copyright (c) 2013-2024 Frank de Jonge
+Copyright: Copyright (c) 2013-2026 Frank de Jonge
 Source: https://github.com/thephpleague/flysystem-aws-s3-v3.git
 Link: https://github.com/thephpleague/flysystem-aws-s3-v3.git
 -----------
 league/flysystem-local
 License: MIT
 License File: vendor/league/flysystem-local/LICENSE
-Copyright: Copyright (c) 2013-2024 Frank de Jonge
+Copyright: Copyright (c) 2013-2026 Frank de Jonge
 Source: https://github.com/thephpleague/flysystem-local.git
 Link: https://github.com/thephpleague/flysystem-local.git
 -----------
@@ -323,7 +330,7 @@ License: MIT
 License File: vendor/nesbot/carbon/LICENSE
 Copyright: Copyright (C) Brian Nesbitt
 Source: https://github.com/CarbonPHP/carbon.git
-Link: https://carbon.nesbot.com
+Link: https://carbonphp.github.io/carbon/
 -----------
 nette/schema
 License: BSD-3-Clause GPL-2.0-only GPL-3.0-only
@@ -465,7 +472,7 @@ Link: https://github.com/php-fig/simple-cache.git
 psy/psysh
 License: MIT
 License File: vendor/psy/psysh/LICENSE
-Copyright: Copyright (c) 2012-2025 Justin Hileman
+Copyright: Copyright (c) 2012-2026 Justin Hileman
 Source: https://github.com/bobthecow/psysh.git
 Link: https://psysh.org
 -----------
@@ -787,3 +794,10 @@ License File: vendor/voku/portable-ascii/LICENSE.txt
 Copyright: Copyright (C) 2019 Lars Moelleken
 Source: https://github.com/voku/portable-ascii.git
 Link: https://github.com/voku/portable-ascii
 -----------
 xemlock/htmlpurifier-html5
 License: MIT
 License File: vendor/xemlock/htmlpurifier-html5/LICENSE
 Copyright: Copyright (c) 2015 Xemlock
 Source: https://github.com/xemlock/htmlpurifier-html5.git
 Link: https://github.com/xemlock/htmlpurifier-html5
--- a/lang/ar/errors.php
+++ b/lang/ar/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'الشفرة المُقدمة لرمز API المستخدم المحدد غير صحيحة',
    'api_user_no_api_permission' => 'مالك رمز API المستخدم ليس لديه الصلاحية لإجراء مكالمات API',
    'api_user_token_expired' => 'انتهت صلاحية رمز الترخيص المستخدم',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'حدث خطأ عند إرسال بريد إلكتروني تجريبي:',
--- a/lang/bg/errors.php
+++ b/lang/bg/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Секретния код, който беше предоставен за достъп до API-а е неправилен',
    'api_user_no_api_permission' => 'Собственика на АPI кода няма право да прави API заявки',
    'api_user_token_expired' => 'Кода за достъп, който беше използван, вече не е валиден',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Беше върната грешка, когато се изпрати тестовият емейл:',
--- a/lang/bn/errors.php
+++ b/lang/bn/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'The secret provided for the given used API token is incorrect',
    'api_user_no_api_permission' => 'The owner of the used API token does not have permission to make API calls',
    'api_user_token_expired' => 'The authorization token used has expired',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Error thrown when sending a test email:',
--- a/lang/bs/errors.php
+++ b/lang/bs/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Tajni ključ naveden za dati korišteni API token nije tačan',
    'api_user_no_api_permission' => 'Vlasnik korištenog API tokena nema dozvolu za upućivanje API poziva',
    'api_user_token_expired' => 'Autorizacijski token je istekao',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Došlo je do greške prilikom slanja testnog e-maila:',
--- a/lang/ca/errors.php
+++ b/lang/ca/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'El secret proporcionat per al testimoni d’API utilitzat no és correcte.',
    'api_user_no_api_permission' => 'El propietari del testimoni API utilitzat no té permís per a fer crides a l’API.',
    'api_user_token_expired' => 'El testimoni d’autorització utilitzat ha caducat.',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'S’ha produït un error en enviar el correu electrònic de prova:',
--- a/lang/cs/errors.php
+++ b/lang/cs/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Poskytnutý Token Secret neodpovídá použitému API tokenu',
    'api_user_no_api_permission' => 'Vlastník použitého API tokenu nemá oprávnění provádět API volání',
    'api_user_token_expired' => 'Platnost autorizačního tokenu vypršela',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Při posílání testovacího e-mailu nastala chyba:',
--- a/lang/cy/errors.php
+++ b/lang/cy/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Mae\'r gyfrinach a ddarparwyd ar gyfer y tocyn API defnyddiedig a roddwyd yn anghywir',
    'api_user_no_api_permission' => 'Nid oes gan berchennog y tocyn API a ddefnyddiwyd ganiatâd i wneud galwadau API',
    'api_user_token_expired' => 'Mae\'r tocyn awdurdodi a ddefnyddiwyd wedi dod i ben',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Gwall a daflwyd wrth anfon e-bost prawf:',
--- a/lang/da/editor.php
+++ b/lang/da/editor.php
@@ -48,7 +48,7 @@ return [
    'superscript' => 'Hævet',
    'subscript' => 'Sænket',
    'text_color' => 'Tekstfarve',
-    'highlight_color' => 'Highlight color',
+    'highlight_color' => 'Fremhævelsesfarve',
    'custom_color' => 'Tilpasset farve',
    'remove_color' => 'Fjern farve',
    'background_color' => 'Baggrundsfarve',
--- a/lang/da/entities.php
+++ b/lang/da/entities.php
@@ -252,7 +252,7 @@ return [
    'pages_edit_switch_to_markdown_stable' => '(Stabilt indhold)',
    'pages_edit_switch_to_wysiwyg' => 'Skift til WYSIWYG redigering',
    'pages_edit_switch_to_new_wysiwyg' => 'Skift til ny WYSIWYG (Hvad man ser, er hvad man får)',
-    'pages_edit_switch_to_new_wysiwyg_desc' => '(In Beta Testing)',
+    'pages_edit_switch_to_new_wysiwyg_desc' => '(I Beta Test)',
    'pages_edit_set_changelog' => 'Sæt ændringsoversigt',
    'pages_edit_enter_changelog_desc' => 'Indtast en kort beskrivelse af ændringer du har lavet',
    'pages_edit_enter_changelog' => 'Indtast ændringsoversigt',
@@ -397,11 +397,11 @@ return [
    'comment' => 'Kommentar',
    'comments' => 'Kommentarer',
    'comment_add' => 'Tilføj kommentar',
-    'comment_none' => 'No comments to display',
+    'comment_none' => 'Ingen kommentarer at vise',
    'comment_placeholder' => 'Skriv en kommentar her',
-    'comment_thread_count' => ':count Comment Thread|:count Comment Threads',
+    'comment_thread_count' => ':count Kommentar Tråde:count Kommentar Tråde',
    'comment_archived_count' => ':count Arkiveret',
-    'comment_archived_threads' => 'Archived Threads',
+    'comment_archived_threads' => 'Arkiverede Tråde',
    'comment_save' => 'Gem kommentar',
    'comment_new' => 'Ny kommentar',
    'comment_created' => 'kommenteret :createDiff',
@@ -410,8 +410,8 @@ return [
    'comment_deleted_success' => 'Kommentar slettet',
    'comment_created_success' => 'Kommentaren er tilføjet',
    'comment_updated_success' => 'Kommentaren er opdateret',
-    'comment_archive_success' => 'Comment archived',
+    'comment_archive_success' => 'Kommentar arkiveret',
-    'comment_unarchive_success' => 'Comment un-archived',
+    'comment_unarchive_success' => 'Kommentaren er ikke længere arkiveret',
    'comment_view' => 'Se kommentar',
    'comment_jump_to_thread' => 'Hop til tråd',
    'comment_delete_confirm' => 'Er du sikker på, at du vil slette denne kommentar?',
--- a/lang/da/errors.php
+++ b/lang/da/errors.php
@@ -109,7 +109,7 @@ return [
    'import_zip_cant_read' => 'Kunne ikke læse ZIP-filen.',
    'import_zip_cant_decode_data' => 'Kunne ikke finde og afkode ZIP data.json-indhold.',
    'import_zip_no_data' => 'ZIP-filens data har ikke noget forventet bog-, kapitel- eller sideindhold.',
-    'import_zip_data_too_large' => 'ZIP data.json content exceeds the configured application maximum upload size.',
+    'import_zip_data_too_large' => 'Indholdet af ZIP data.json overstiger den konfigurerede maksimale uploadstørrelse for applikationen.',
    'import_validation_failed' => 'Import ZIP kunne ikke valideres med fejl:',
    'import_zip_failed_notification' => 'Kunne ikke importere ZIP-fil.',
    'import_perms_books' => 'Du mangler de nødvendige tilladelser til at oprette bøger.',
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Hemmeligheden leveret til det givne anvendte API-token er forkert',
    'api_user_no_api_permission' => 'Ejeren af den brugte API token har ikke adgang til at foretage API-kald',
    'api_user_token_expired' => 'Den brugte godkendelsestoken er udløbet',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Følgende fejl opstod under afsendelse af testemail:',
--- a/lang/da/notifications.php
+++ b/lang/da/notifications.php
@@ -11,8 +11,8 @@ return [
    'updated_page_subject' => 'Opdateret side: :pageName',
    'updated_page_intro' => 'En side er blevet opdateret i :appName:',
    'updated_page_debounce' => 'For at forhindre en masse af notifikationer, i et stykke tid vil du ikke blive sendt notifikationer for yderligere redigeringer til denne side af den samme editor.',
-    'comment_mention_subject' => 'You have been mentioned in a comment on page: :pageName',
+    'comment_mention_subject' => 'Du er blevet nævnt i en kommentar på siden: :pageName',
-    'comment_mention_intro' => 'You were mentioned in a comment on :appName:',
+    'comment_mention_intro' => 'Du blev nævnt i en kommentar på :appName:',
    'detail_page_name' => 'Sidens navn:',
    'detail_page_path' => 'Sidesti:',
--- a/lang/da/preferences.php
+++ b/lang/da/preferences.php
@@ -23,7 +23,7 @@ return [
    'notifications_desc' => 'Administrer de e-mail-notifikationer, du modtager, når visse aktiviteter udføres i systemet.',
    'notifications_opt_own_page_changes' => 'Adviser ved ændringer af sider, jeg ejer',
    'notifications_opt_own_page_comments' => 'Adviser ved kommentarer på sider, jeg ejer',
-    'notifications_opt_comment_mentions' => 'Notify when I\'m mentioned in a comment',
+    'notifications_opt_comment_mentions' => 'Giv besked, når jeg er nævnt i en kommentar',
    'notifications_opt_comment_replies' => 'Adviser ved svar på mine kommentarer',
    'notifications_save' => 'Gem indstillinger',
    'notifications_update_success' => 'Indstillinger for notifikationer er blevet opdateret!',
--- a/lang/da/settings.php
+++ b/lang/da/settings.php
@@ -75,8 +75,8 @@ return [
    'reg_confirm_restrict_domain_placeholder' => 'Ingen restriktion opsat',
    // Sorting Settings
-    'sorting' => 'Lists & Sorting',
+    'sorting' => 'Lister & Sortering',
-    'sorting_book_default' => 'Default Book Sort Rule',
+    'sorting_book_default' => 'Standardregel for sortering af bog',
    'sorting_book_default_desc' => 'Vælg den standardsorteringsregel, der skal gælde for nye bøger. Dette påvirker ikke eksisterende bøger og kan tilsidesættes for hver enkelt bog.',
    'sorting_rules' => 'Regler for sortering',
    'sorting_rules_desc' => 'Det er foruddefinerede sorteringsoperationer, som kan anvendes på indhold i systemet.',
@@ -103,8 +103,8 @@ return [
    'sort_rule_op_updated_date' => 'Opdateret dato',
    'sort_rule_op_chapters_first' => 'Kapitler først',
    'sort_rule_op_chapters_last' => 'De sidste kapitler',
-    'sorting_page_limits' => 'Per-Page Display Limits',
+    'sorting_page_limits' => 'Visningsgrænser pr. side',
-    'sorting_page_limits_desc' => 'Set how many items to show per-page in various lists within the system. Typically a lower amount will be more performant, while a higher amount avoids the need to click through multiple pages. Using an even multiple of 3 (18, 24, 30, etc...) is recommended.',
+    'sorting_page_limits_desc' => 'Angiv, hvor mange elementer der skal vises pr. side i forskellige lister i systemet. Typisk vil et lavere beløb være mere effektivt, mens et højere beløb undgår behovet for at klikke sig igennem flere sider. Det anbefales at bruge et lige multiplum af 3 (18, 24, 30 osv.).',
    // Maintenance settings
    'maint' => 'Vedligeholdelse',
@@ -197,13 +197,13 @@ return [
    'role_import_content' => 'Importer indhold',
    'role_editor_change' => 'Skift side editor',
    'role_notifications' => 'Modtag og administrer notifikationer',
-    'role_permission_note_users_and_roles' => 'These permissions will technically also provide visibility & searching of users & roles in the system.',
+    'role_permission_note_users_and_roles' => 'Disse tilladelser vil teknisk set også give synlighed og søgning efter brugere og roller i systemet.',
    'role_asset' => 'Tilladelser for medier og "assets"',
    'roles_system_warning' => 'Vær opmærksom på, at adgang til alle af de ovennævnte tre tilladelser, kan give en bruger mulighed for at ændre deres egne brugerrettigheder eller brugerrettigheder for andre i systemet. Tildel kun roller med disse tilladelser til betroede brugere.',
    'role_asset_desc' => 'Disse tilladelser kontrollerer standardadgang til medier og "assets" i systemet. Tilladelser til bøger, kapitler og sider tilsidesætter disse tilladelser.',
    'role_asset_admins' => 'Administratorer får automatisk adgang til alt indhold, men disse indstillinger kan vise eller skjule UI-indstillinger.',
    'role_asset_image_view_note' => 'Dette vedrører synlighed i billedhåndteringen. Den faktiske adgang til uploadede billedfiler vil afhænge af systemets billedlagringsindstilling.',
-    'role_asset_users_note' => 'These permissions will technically also provide visibility & searching of users in the system.',
+    'role_asset_users_note' => 'Disse tilladelser vil teknisk set også give synlighed og søgning efter brugere i systemet.',
    'role_all' => 'Alle',
    'role_own' => 'Eget',
    'role_controlled_by_asset' => 'Styres af det medie/"asset", de uploades til',
--- a/lang/da/validation.php
+++ b/lang/da/validation.php
@@ -106,7 +106,7 @@ return [
    'uploaded'             => 'Filen kunne ikke oploades. Serveren accepterer muligvis ikke filer af denne størrelse.',
    'zip_file' => 'Attributten skal henvise til en fil i ZIP.',
-    'zip_file_size' => 'The file :attribute must not exceed :size MB.',
+    'zip_file_size' => 'Filen :attribute må ikke overstige: størrelse MB.',
    'zip_file_mime' => 'Attributten skal henvise til en fil af typen: validTypes, fundet:foundType.',
    'zip_model_expected' => 'Data objekt forventet men ":type" fundet.',
    'zip_unique' => 'Attributten skal være unik for objekttypen i ZIP.',
--- a/lang/de/errors.php
+++ b/lang/de/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Das Kennwort für das angegebene API-Token ist falsch',
    'api_user_no_api_permission' => 'Der Besitzer des verwendeten API-Tokens hat keine Berechtigung für API-Aufrufe',
    'api_user_token_expired' => 'Das verwendete Autorisierungstoken ist abgelaufen',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Fehler beim Versenden einer Test E-Mail:',
--- a/lang/de_informal/errors.php
+++ b/lang/de_informal/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Das für den API-Token angegebene geheime Token ist falsch',
    'api_user_no_api_permission' => 'Der Besitzer des verwendeten API-Token hat keine Berechtigung für API-Aufrufe',
    'api_user_token_expired' => 'Das verwendete Autorisierungs-Token ist abgelaufen',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Fehler beim Senden einer Test E-Mail:',
--- a/lang/el/errors.php
+++ b/lang/el/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Το μυστικό που παρέχεται για το δεδομένο χρησιμοποιημένο διακριτικό API είναι εσφαλμένο',
    'api_user_no_api_permission' => 'Ο ιδιοκτήτης του χρησιμοποιημένου διακριτικού API δεν έχει άδεια για να κάνει κλήσεις API',
    'api_user_token_expired' => 'Το διακριτικό εξουσιοδότησης που χρησιμοποιείται έχει λήξει',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Σφάλμα κατά την αποστολή δοκιμαστικού email:',
--- a/lang/en/errors.php
+++ b/lang/en/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'The secret provided for the given used API token is incorrect',
    'api_user_no_api_permission' => 'The owner of the used API token does not have permission to make API calls',
    'api_user_token_expired' => 'The authorization token used has expired',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Error thrown when sending a test email:',
--- a/lang/es/errors.php
+++ b/lang/es/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'El secreto proporcionado para el token API usado es incorrecto',
    'api_user_no_api_permission' => 'El propietario del token API usado no tiene permiso para hacer llamadas API',
    'api_user_token_expired' => 'El token de autorización usado ha caducado',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Error al enviar un email de prueba:',
--- a/lang/es_AR/errors.php
+++ b/lang/es_AR/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'El secreto proporcionado para el token API usado es incorrecto',
    'api_user_no_api_permission' => 'El propietario del token API usado no tiene permiso para hacer llamadas API',
    'api_user_token_expired' => 'El token de autorización usado ha caducado',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Error al enviar un email de prueba:',
--- a/lang/et/errors.php
+++ b/lang/et/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'API tunnusele lisatud salajane võti ei ole korrektne',
    'api_user_no_api_permission' => 'Selle API tunnuse omanikul ei ole õigust API päringuid teha',
    'api_user_token_expired' => 'Volitustunnus on aegunud',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Test e-kirja saatmisel tekkis viga:',
--- a/lang/eu/errors.php
+++ b/lang/eu/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'The secret provided for the given used API token is incorrect',
    'api_user_no_api_permission' => 'The owner of the used API token does not have permission to make API calls',
    'api_user_token_expired' => 'The authorization token used has expired',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Error thrown when sending a test email:',
--- a/lang/fa/errors.php
+++ b/lang/fa/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'راز ارائه شده برای کد API استفاده شده نادرست است',
    'api_user_no_api_permission' => 'مالک نشانه API استفاده شده اجازه برقراری تماس های API را ندارد',
    'api_user_token_expired' => 'رمز مجوز استفاده شده منقضی شده است',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'خطا در هنگام ارسال ایمیل آزمایشی:',
--- a/lang/fi/errors.php
+++ b/lang/fi/errors.php
@@ -126,6 +126,7 @@ Sovellus ei tunnista ulkoisen todennuspalvelun pyyntöä. Ongelman voi aiheuttaa
    'api_incorrect_token_secret' => 'API-tunnisteelle annettu salainen avain on virheellinen',
    'api_user_no_api_permission' => 'Käytetyn API-tunnisteen omistajalla ei ole oikeutta tehdä API-kutsuja',
    'api_user_token_expired' => 'Käytetty valtuutuskoodi on vanhentunut',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Virhe testisähköpostia lähetettäessä:',
--- a/lang/fr/errors.php
+++ b/lang/fr/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Le secret fourni pour le jeton d\'API utilisé est incorrect',
    'api_user_no_api_permission' => 'Le propriétaire du jeton API utilisé n\'a pas la permission de passer des requêtes API',
    'api_user_token_expired' => 'Le jeton d\'autorisation utilisé a expiré',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Erreur émise lors de l\'envoi d\'un e-mail de test :',
--- a/lang/he/errors.php
+++ b/lang/he/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'The secret provided for the given used API token is incorrect',
    'api_user_no_api_permission' => 'The owner of the used API token does not have permission to make API calls',
    'api_user_token_expired' => 'The authorization token used has expired',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Error thrown when sending a test email:',
--- a/lang/hr/errors.php
+++ b/lang/hr/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Netočan API token',
    'api_user_no_api_permission' => 'Vlasnik API tokena nema potrebna dopuštenja',
    'api_user_token_expired' => 'Autorizacija je istekla',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Pogreška prilikom slanja testnog email:',
--- a/lang/hu/errors.php
+++ b/lang/hu/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Az API tokenhez használt secret helytelen',
    'api_user_no_api_permission' => 'A használt API vezérjel tulajdonosának nincs jogosultsága API hívások végrehajtásához',
    'api_user_token_expired' => 'A használt hitelesítési vezérjel lejárt',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Hiba történt egy teszt email küldésekor:',
--- a/lang/id/errors.php
+++ b/lang/id/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Rahasia yang diberikan untuk token API bekas yang diberikan salah',
    'api_user_no_api_permission' => 'Pemilik token API yang digunakan tidak memiliki izin untuk melakukan panggilan API',
    'api_user_token_expired' => 'Token otorisasi yang digunakan telah kedaluwarsa',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Kesalahan dilempar saat mengirim email uji:',
--- a/lang/is/errors.php
+++ b/lang/is/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Leyndarmálið sem gefið var upp fyrir API tókann er rangt',
    'api_user_no_api_permission' => 'Eigandi API tókans hefur ekki heimild til að gera API köll',
    'api_user_token_expired' => 'Auðkenningar tókin er útrunninn',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Villa kom upp viðað reyna senda prufu tölvupóst:',
--- a/lang/it/errors.php
+++ b/lang/it/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Il token segreto fornito per il token API utilizzato non è corretto',
    'api_user_no_api_permission' => 'Il proprietario del token API utilizzato non ha il permesso di effettuare chiamate API',
    'api_user_token_expired' => 'Il token di autorizzazione utilizzato è scaduto',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Si è verificato un errore durante l\'invio di una e-mail di prova:',
--- a/lang/ja/errors.php
+++ b/lang/ja/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => '利用されたAPIトークンに対して提供されたシークレットが正しくありません',
    'api_user_no_api_permission' => '使用されているAPIトークンの所有者には、API呼び出しを行う権限がありません',
    'api_user_token_expired' => '認証トークンが期限切れです。',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'テストメール送信時にエラーが発生しました:',
--- a/lang/ka/errors.php
+++ b/lang/ka/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'The secret provided for the given used API token is incorrect',
    'api_user_no_api_permission' => 'The owner of the used API token does not have permission to make API calls',
    'api_user_token_expired' => 'The authorization token used has expired',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Error thrown when sending a test email:',
--- a/lang/ko/errors.php
+++ b/lang/ko/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'API 토큰이 제공한 암호에 문제가 있습니다.',
    'api_user_no_api_permission' => 'API 토큰의 소유자가 API를 호출할 권한이 없습니다.',
    'api_user_token_expired' => '인증 토큰이 만료되었습니다.',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => '메일을 발송하는 도중 문제가 생겼습니다:',
--- a/lang/ku/errors.php
+++ b/lang/ku/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'The secret provided for the given used API token is incorrect',
    'api_user_no_api_permission' => 'The owner of the used API token does not have permission to make API calls',
    'api_user_token_expired' => 'The authorization token used has expired',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Error thrown when sending a test email:',
--- a/lang/lt/errors.php
+++ b/lang/lt/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Pateiktas panaudoto API žetono slėpinys yra neteisingas',
    'api_user_no_api_permission' => 'API prieigos rakto savininkas neturi leidimo daryti API skambučius',
    'api_user_token_expired' => 'Prieigos rakto naudojimas baigė galioti',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Siunčiant bandymo email: įvyko klaida',
--- a/lang/lv/errors.php
+++ b/lang/lv/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Norādītā slepenā atslēga izmantotajam API žetonam nav pareiza',
    'api_user_no_api_permission' => 'Izmantotā API žetona īpašniekam nav tiesības veikt API izsaukumus',
    'api_user_token_expired' => 'Autorizācijas žetona derīguma termiņš ir izbeidzies',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Radusies kļūda sūtot testa epastu:',
--- a/lang/nb/errors.php
+++ b/lang/nb/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Hemmeligheten som er gitt for det gitte brukte API-tokenet er feil',
    'api_user_no_api_permission' => 'Eieren av det brukte API-tokenet har ikke tillatelse til å ringe API-samtaler',
    'api_user_token_expired' => 'Autorisasjonstokenet som er brukt, har utløpt',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Feil kastet når du sendte en test-e-post:',
--- a/lang/ne/errors.php
+++ b/lang/ne/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'दिइएको API टोकनको लागि प्रदान गरिएको गोप्य सही छैन।',
    'api_user_no_api_permission' => 'API टोकनको मालिकसँग API कल गर्ने अनुमति छैन।',
    'api_user_token_expired' => 'प्रमाणीकरण टोकन समाप्त भइसकेको छ।',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'टेस्ट इमेल पठाउँदा त्रुटि:',
--- a/lang/nl/errors.php
+++ b/lang/nl/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Het opgegeven geheim voor de API-token is onjuist',
    'api_user_no_api_permission' => 'De eigenaar van de gebruikte API-token heeft geen machtiging om API calls te maken',
    'api_user_token_expired' => 'De gebruikte autorisatie token is verlopen',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Fout opgetreden bij het verzenden van een test email:',
--- a/lang/nn/errors.php
+++ b/lang/nn/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Hemmeligheten som er gitt for det gitte brukte API-tokenet er feil',
    'api_user_no_api_permission' => 'Eieren av det brukte API-tokenet har ikke tillatelse til å ringe API-samtaler',
    'api_user_token_expired' => 'Autorisasjonstokenet som er brukt, har utløpt',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Feil kastet når du sendte en test-e-post:',
--- a/lang/pl/activities.php
+++ b/lang/pl/activities.php
@@ -6,52 +6,52 @@
 return [
    // Pages
-    'page_create'                 => 'utworzył stronę',
+    'page_create'                 => 'utworzono stronę',
    'page_create_notification'    => 'Strona została utworzona',
-    'page_update'                 => 'zaktualizował stronę',
+    'page_update'                 => 'zaktualizowano stronę',
    'page_update_notification'    => 'Strona zaktualizowana pomyślnie',
-    'page_delete'                 => 'usunął stronę',
+    'page_delete'                 => 'usunięto stronę',
    'page_delete_notification'    => 'Strona została usunięta',
-    'page_restore'                => 'przywrócił stronę',
+    'page_restore'                => 'przywrócono stronę',
    'page_restore_notification'   => 'Strona przywrócona pomyślnie',
-    'page_move'                   => 'przeniósł stronę',
+    'page_move'                   => 'przeniesiono stronę',
    'page_move_notification'      => 'Strona przeniesiona pomyślnie',
    // Chapters
-    'chapter_create'              => 'utworzył rozdział',
+    'chapter_create'              => 'utworzono rozdział',
    'chapter_create_notification' => 'Rozdział utworzony pomyślnie',
-    'chapter_update'              => 'zaktualizował rozdział',
+    'chapter_update'              => 'zaktualizowano rozdział',
    'chapter_update_notification' => 'Rozdział zaktualizowany pomyślnie',
-    'chapter_delete'              => 'usunął rozdział',
+    'chapter_delete'              => 'usunięto rozdział',
    'chapter_delete_notification' => 'Rozdział usunięty pomyślnie',
-    'chapter_move'                => 'przeniósł rozdział',
+    'chapter_move'                => 'przeniesiono rozdział',
    'chapter_move_notification' => 'Rozdział przeniesiony pomyślnie',
    // Books
-    'book_create'                 => 'utworzył książkę',
+    'book_create'                 => 'utworzono książkę',
    'book_create_notification'    => 'Książka utworzona pomyślnie',
-    'book_create_from_chapter'              => 'skonwertował rozdział na książkę',
+    'book_create_from_chapter'              => 'przekonwertowano rozdział na książkę',
    'book_create_from_chapter_notification' => 'Rozdział został pomyślnie skonwertowany do książki',
-    'book_update'                 => 'zaktualizował książkę',
+    'book_update'                 => 'zaktualizowano książkę',
    'book_update_notification'    => 'Książka zaktualizowana pomyślnie',
-    'book_delete'                 => 'usunął książkę',
+    'book_delete'                 => 'usunięto książkę',
    'book_delete_notification'    => 'Książka usunięta pomyślnie',
-    'book_sort'                   => 'posortował książkę',
+    'book_sort'                   => 'posortowano książkę',
    'book_sort_notification'      => 'Książka posortowana pomyślnie',
    // Bookshelves
-    'bookshelf_create'            => 'utworzył półkę',
+    'bookshelf_create'            => 'utworzyono półkę',
    'bookshelf_create_notification'    => 'Półka utworzona pomyślnie',
-    'bookshelf_create_from_book'    => 'skonwertował książkę na półkę',
+    'bookshelf_create_from_book'    => 'przekonwertowano książkę na półkę',
    'bookshelf_create_from_book_notification'    => 'Książka została pomyślnie skonwertowana na półkę',
-    'bookshelf_update'                 => 'zaktualizował półkę',
+    'bookshelf_update'                 => 'zaktualizowano półkę',
    'bookshelf_update_notification'    => 'Półka zaktualizowana pomyślnie',
-    'bookshelf_delete'                 => 'usunął półkę',
+    'bookshelf_delete'                 => 'usunięto półkę',
    'bookshelf_delete_notification'    => 'Półka usunięta pomyślnie',
    // Revisions
-    'revision_restore' => 'przywrócił wersję',
+    'revision_restore' => 'przywrócono wersję',
-    'revision_delete' => 'usunął wersję',
+    'revision_delete' => 'usunięto wersję',
    'revision_delete_notification' => 'Wersja usunięta pomyślnie',
    // Favourites
@@ -72,54 +72,54 @@ return [
    'mfa_remove_method_notification' => 'Metoda wieloskładnikowa pomyślnie usunięta',
    // Settings
-    'settings_update' => 'zaktualizował ustawienia',
+    'settings_update' => 'zaktualizowano ustawienia',
    'settings_update_notification' => 'Ustawienia zaktualizowane pomyślnie',
-    'maintenance_action_run' => 'uruchomił akcję konserwacji',
+    'maintenance_action_run' => 'uruchomiono akcję konserwacji',
    // Webhooks
-    'webhook_create' => 'utworzył webhook',
+    'webhook_create' => 'utworzono webhook',
    'webhook_create_notification' => 'Webhook utworzony pomyślnie',
-    'webhook_update' => 'zaktualizował webhook',
+    'webhook_update' => 'zaktualizowano webhook',
    'webhook_update_notification' => 'Webhook zaktualizowany pomyślnie',
-    'webhook_delete' => 'usunął webhook',
+    'webhook_delete' => 'usunięto webhook',
    'webhook_delete_notification' => 'Webhook usunięty pomyślnie',
    // Imports
    'import_create' => 'utworzono import',
-    'import_create_notification' => 'Import successfully uploaded',
+    'import_create_notification' => 'Import zakończony sukcesem',
-    'import_run' => 'updated import',
+    'import_run' => 'zaktualizowano import',
-    'import_run_notification' => 'Content successfully imported',
+    'import_run_notification' => 'Zawartość pomyślnie zaimportowana',
-    'import_delete' => 'deleted import',
+    'import_delete' => 'usunięto import',
-    'import_delete_notification' => 'Import successfully deleted',
+    'import_delete_notification' => 'Import usunięty',
    // Users
-    'user_create' => 'utworzył użytkownika',
+    'user_create' => 'utworzono użytkownika',
    'user_create_notification' => 'Użytkownik utworzony pomyślnie',
-    'user_update' => 'zaktualizował użytkownika',
+    'user_update' => 'zaktualizowano użytkownika',
    'user_update_notification' => 'Użytkownik zaktualizowany pomyślnie',
-    'user_delete' => 'usunął użytkownika',
+    'user_delete' => 'usunięto użytkownika',
    'user_delete_notification' => 'Użytkownik pomyślnie usunięty',
    // API Tokens
-    'api_token_create' => 'utworzył token API',
+    'api_token_create' => 'utworzono token API',
    'api_token_create_notification' => 'Token API został poprawnie utworzony',
-    'api_token_update' => 'zaktualizował token API',
+    'api_token_update' => 'zaktualizowano token API',
    'api_token_update_notification' => 'Token API został pomyślnie zaktualizowany',
-    'api_token_delete' => 'usunął token API',
+    'api_token_delete' => 'usunięto token API',
    'api_token_delete_notification' => 'Token API został pomyślnie usunięty',
    // Roles
-    'role_create' => 'utworzył rolę',
+    'role_create' => 'utworzono rolę',
    'role_create_notification' => 'Rola utworzona pomyślnie',
-    'role_update' => 'zaktualizował rolę',
+    'role_update' => 'zaktualizowano rolę',
    'role_update_notification' => 'Rola zaktualizowana pomyślnie',
-    'role_delete' => 'usunął rolę',
+    'role_delete' => 'usunięto rolę',
    'role_delete_notification' => 'Rola usunięta pomyślnie',
    // Recycle Bin
-    'recycle_bin_empty' => 'opróżnił kosz',
+    'recycle_bin_empty' => 'opróżniono kosz',
-    'recycle_bin_restore' => 'przywrócił z kosza',
+    'recycle_bin_restore' => 'przywrócono z kosza',
-    'recycle_bin_destroy' => 'usunął z kosza',
+    'recycle_bin_destroy' => 'usunięto z kosza',
    // Comments
    'commented_on'                => 'skomentował',
@@ -128,12 +128,12 @@ return [
    'comment_delete'              => 'usunął komentarz',
    // Sort Rules
-    'sort_rule_create' => 'created sort rule',
+    'sort_rule_create' => 'utworzono regułę sortowania',
-    'sort_rule_create_notification' => 'Sort rule successfully created',
+    'sort_rule_create_notification' => 'Reguła sortowania została pomyślnie stworzona',
-    'sort_rule_update' => 'updated sort rule',
+    'sort_rule_update' => 'zaktualizowano regułę sortowania',
-    'sort_rule_update_notification' => 'Sort rule successfully updated',
+    'sort_rule_update_notification' => 'Reguła sortowania została pomyślnie zaktualizowana',
-    'sort_rule_delete' => 'deleted sort rule',
+    'sort_rule_delete' => 'usunięto regułę sortowania',
-    'sort_rule_delete_notification' => 'Sort rule successfully deleted',
+    'sort_rule_delete_notification' => 'Reguła sortowania została pomyślnie usunięta',
    // Other
    'permissions_update'          => 'zaktualizował uprawnienia',
--- a/lang/pl/common.php
+++ b/lang/pl/common.php
@@ -30,8 +30,8 @@ return [
    'create' => 'Utwórz',
    'update' => 'Zaktualizuj',
    'edit' => 'Edytuj',
-    'archive' => 'Archive',
+    'archive' => 'Archiwizuj',
-    'unarchive' => 'Un-Archive',
+    'unarchive' => 'Wypakuj z archiwum',
    'sort' => 'Sortuj',
    'move' => 'Przenieś',
    'copy' => 'Skopiuj',
--- a/lang/pl/editor.php
+++ b/lang/pl/editor.php
@@ -13,7 +13,7 @@ return [
    'cancel' => 'Anuluj',
    'save' => 'Zapisz',
    'close' => 'Zamknij',
-    'apply' => 'Apply',
+    'apply' => 'Zatwierdź',
    'undo' => 'Cofnij',
    'redo' => 'Ponów',
    'left' => 'Lewa strona',
@@ -48,7 +48,7 @@ return [
    'superscript' => 'Indeks górny',
    'subscript' => 'Indeks dolny',
    'text_color' => 'Kolor tekstu',
-    'highlight_color' => 'Highlight color',
+    'highlight_color' => 'Kolor podkreślenia',
    'custom_color' => 'Kolor niestandardowy',
    'remove_color' => 'Usuń kolor',
    'background_color' => 'Kolor tła',
@@ -149,7 +149,7 @@ return [
    'url' => 'Adres URL',
    'text_to_display' => 'Tekst do wyświetlenia',
    'title' => 'Tytuł',
-    'browse_links' => 'Browse links',
+    'browse_links' => 'Przeglądaj linki',
    'open_link' => 'Otwórz link',
    'open_link_in' => 'Otwórz link w...',
    'open_link_current' => 'Bieżące okno',
@@ -166,8 +166,8 @@ return [
    'about' => 'O edytorze',
    'about_title' => 'O edytorze WYSIWYG',
    'editor_license' => 'Licencja edytora i prawa autorskie',
-    'editor_lexical_license' => 'This editor is built as a fork of :lexicalLink which is distributed under the MIT license.',
+    'editor_lexical_license' => 'Ten edytor został zbudowany na podstawie :lexicalLink, który jest dystrybuowany na licencji MIT.',
-    'editor_lexical_license_link' => 'Full license details can be found here.',
+    'editor_lexical_license_link' => 'Pełne szczegóły licencji znajdziesz tutaj.',
    'editor_tiny_license' => 'Ten edytor jest zbudowany przy użyciu :tinyLink, który jest udostępniany na licencji MIT.',
    'editor_tiny_license_link' => 'Szczegóły dotyczące praw autorskich i licencji TinyMCE można znaleźć tutaj.',
    'save_continue' => 'Zapisz stronę i kontynuuj',
--- a/lang/pl/entities.php
+++ b/lang/pl/entities.php
@@ -39,30 +39,30 @@ return [
    'export_pdf' => 'Plik PDF',
    'export_text' => 'Plik tekstowy',
    'export_md' => 'Pliki Markdown',
-    'export_zip' => 'Portable ZIP',
+    'export_zip' => 'Archiwum ZIP',
    'default_template' => 'Domyślny szablon strony',
    'default_template_explain' => 'Przypisz szablon strony, który będzie używany jako domyślna zawartość dla wszystkich stron utworzonych w tym elemencie. Pamiętaj, że będzie to używane tylko wtedy, gdy twórca strony ma dostęp do wybranej strony szablonu.',
    'default_template_select' => 'Wybierz stronę szablonu',
-    'import' => 'Import',
+    'import' => 'Importuj',
-    'import_validate' => 'Validate Import',
+    'import_validate' => 'Zweryfikuj import',
-    'import_desc' => 'Import books, chapters & pages using a portable zip export from the same, or a different, instance. Select a ZIP file to proceed. After the file has been uploaded and validated you\'ll be able to configure & confirm the import in the next view.',
+    'import_desc' => 'Importuj książki, rozdziały i strony za pomocą eksportu archiwum ZIP z tej samej lub innej instancji. Wybierz plik ZIP, aby kontynuować. Po przesłaniu i potwierdzeniu pliku będziesz mógł skonfigurować i potwierdzić import w następnym kroku.',
-    'import_zip_select' => 'Select ZIP file to upload',
+    'import_zip_select' => 'Wybierz archiwum ZIP do wgrania',
-    'import_zip_validation_errors' => 'Errors were detected while validating the provided ZIP file:',
+    'import_zip_validation_errors' => 'Podczas sprawdzania poprawności dostarczonego pliku ZIP wykryto błędy:',
-    'import_pending' => 'Pending Imports',
+    'import_pending' => 'Oczekujące importy',
-    'import_pending_none' => 'No imports have been started.',
+    'import_pending_none' => 'Żaden import nie został uruchomiony.',
-    'import_continue' => 'Continue Import',
+    'import_continue' => 'Kontynuuj import',
-    'import_continue_desc' => 'Review the content due to be imported from the uploaded ZIP file. When ready, run the import to add its contents to this system. The uploaded ZIP import file will be automatically removed on successful import.',
+    'import_continue_desc' => 'Przejrzyj zawartość, która ma być zaimportowana z przesłanego pliku ZIP. Kiedy będziesz gotowy, uruchom import, aby dodać jego zawartość do systemu. Przesłane archiwum ZIP zostanie automatycznie usunięte po udanym importowaniu.',
-    'import_details' => 'Import Details',
+    'import_details' => 'Szczegóły importu',
-    'import_run' => 'Run Import',
+    'import_run' => 'Wykonaj import',
-    'import_size' => ':size Import ZIP Size',
+    'import_size' => ':size wielkość importu ZIP',
-    'import_uploaded_at' => 'Uploaded :relativeTime',
+    'import_uploaded_at' => 'Przesłano :relativeTime',
-    'import_uploaded_by' => 'Uploaded by',
+    'import_uploaded_by' => 'Przesłane przez',
-    'import_location' => 'Import Location',
+    'import_location' => 'Lokalizacja importu',
-    'import_location_desc' => 'Select a target location for your imported content. You\'ll need the relevant permissions to create within the location you choose.',
+    'import_location_desc' => 'Wybierz docelową lokalizację dla importowanej zawartości. Będziesz potrzebować odpowiednich uprawnień do tworzenia w wybranej lokalizacji.',
-    'import_delete_confirm' => 'Are you sure you want to delete this import?',
+    'import_delete_confirm' => 'Czy na pewno chcesz usunąć ten import?',
-    'import_delete_desc' => 'This will delete the uploaded import ZIP file, and cannot be undone.',
+    'import_delete_desc' => 'Spowoduje to usunięcie zaimportowanego archiwum ZIP. Tej operacji nie da się cofnąć.',
-    'import_errors' => 'Import Errors',
+    'import_errors' => 'Błędy importu',
-    'import_errors_desc' => 'The follow errors occurred during the import attempt:',
+    'import_errors_desc' => 'Podczas próby importu wystąpiły następujące błędy:',
    'breadcrumb_siblings_for_page' => 'Navigate siblings for page',
    'breadcrumb_siblings_for_chapter' => 'Navigate siblings for chapter',
    'breadcrumb_siblings_for_book' => 'Navigate siblings for book',
@@ -171,8 +171,8 @@ return [
    'books_navigation' => 'Nawigacja po książce',
    'books_sort' => 'Sortuj zawartość książki',
    'books_sort_desc' => 'Move chapters and pages within a book to reorganise its contents. Other books can be added which allows easy moving of chapters and pages between books. Optionally an auto sort rule can be set to automatically sort this book\'s contents upon changes.',
-    'books_sort_auto_sort' => 'Auto Sort Option',
+    'books_sort_auto_sort' => 'Opcja automatycznego sortowania',
-    'books_sort_auto_sort_active' => 'Auto Sort Active: :sortName',
+    'books_sort_auto_sort_active' => 'Automatyczne sortowanie aktywne: :sortName',
    'books_sort_named' => 'Sortuj książkę :bookName',
    'books_sort_name' => 'Sortuj według nazwy',
    'books_sort_created' => 'Sortuj według daty utworzenia',
@@ -252,7 +252,7 @@ return [
    'pages_edit_switch_to_markdown_stable' => '(Statyczna zawartość)',
    'pages_edit_switch_to_wysiwyg' => 'Przełącz na edytor WYSIWYG',
    'pages_edit_switch_to_new_wysiwyg' => 'Przełącz na nowy WYSIWYG',
-    'pages_edit_switch_to_new_wysiwyg_desc' => '(In Beta Testing)',
+    'pages_edit_switch_to_new_wysiwyg_desc' => '(W testach beta)',
    'pages_edit_set_changelog' => 'Ustaw dziennik zmian',
    'pages_edit_enter_changelog_desc' => 'Opisz zmiany, które zostały wprowadzone',
    'pages_edit_enter_changelog' => 'Wyświetl dziennik zmian',
@@ -272,7 +272,7 @@ return [
    'pages_md_insert_drawing' => 'Wstaw rysunek',
    'pages_md_show_preview' => 'Pokaż podgląd',
    'pages_md_sync_scroll' => 'Synchronizuj przewijanie podglądu',
-    'pages_md_plain_editor' => 'Plaintext editor',
+    'pages_md_plain_editor' => 'Zwykły edytor',
    'pages_drawing_unsaved' => 'Znaleziono niezapisany rysunek',
    'pages_drawing_unsaved_confirm' => 'Znaleziono niezapisane dane rysowania z poprzedniej nieudanej próby zapisu. Czy chcesz przywrócić i kontynuować edycję tego niezapisanego rysunku?',
    'pages_not_in_chapter' => 'Strona nie została umieszczona w rozdziale',
@@ -397,11 +397,11 @@ return [
    'comment' => 'Komentarz',
    'comments' => 'Komentarze',
    'comment_add' => 'Dodaj komentarz',
-    'comment_none' => 'No comments to display',
+    'comment_none' => 'Brak komentarzy do wyświetlenia',
    'comment_placeholder' => 'Napisz swój komentarz tutaj',
-    'comment_thread_count' => ':count Comment Thread|:count Comment Threads',
+    'comment_thread_count' => ':count wątek komentarza|:count wątków komentarzy',
-    'comment_archived_count' => ':count Archived',
+    'comment_archived_count' => ':count zarchiwizowanych',
-    'comment_archived_threads' => 'Archived Threads',
+    'comment_archived_threads' => 'Zarchiwizowane wątki',
    'comment_save' => 'Zapisz komentarz',
    'comment_new' => 'Nowy komentarz',
    'comment_created' => 'Skomentowano :createDiff',
@@ -410,14 +410,14 @@ return [
    'comment_deleted_success' => 'Komentarz usunięty',
    'comment_created_success' => 'Komentarz dodany',
    'comment_updated_success' => 'Komentarz zaktualizowany',
-    'comment_archive_success' => 'Comment archived',
+    'comment_archive_success' => 'Komentarz zarchiwizowany',
-    'comment_unarchive_success' => 'Comment un-archived',
+    'comment_unarchive_success' => 'Komentarz usunięty z archiwum',
-    'comment_view' => 'View comment',
+    'comment_view' => 'Zobacz komentarz',
-    'comment_jump_to_thread' => 'Jump to thread',
+    'comment_jump_to_thread' => 'Przejdź do wątku',
    'comment_delete_confirm' => 'Czy na pewno chcesz usunąc ten komentarz?',
    'comment_in_reply_to' => 'W odpowiedzi na :commentId',
-    'comment_reference' => 'Reference',
+    'comment_reference' => 'Odwołania',
-    'comment_reference_outdated' => '(Outdated)',
+    'comment_reference_outdated' => '(Przestarzałe)',
    'comment_editor_explain' => 'Oto komentarze pozostawione na tej stronie. Komentarze mogą być dodawane i zarządzane podczas przeglądania zapisanej strony.',
    // Revision
--- a/lang/pl/errors.php
+++ b/lang/pl/errors.php
@@ -106,17 +106,17 @@ return [
    'back_soon' => 'Niedługo zostanie uruchomiona ponownie.',
    // Import
-    'import_zip_cant_read' => 'Could not read ZIP file.',
+    'import_zip_cant_read' => 'Nie można odczytać archiwum ZIP.',
-    'import_zip_cant_decode_data' => 'Could not find and decode ZIP data.json content.',
+    'import_zip_cant_decode_data' => 'Nie udało się odnaleźć i dekodować pliku data.json w zawartości archiwum ZIP.',
-    'import_zip_no_data' => 'ZIP file data has no expected book, chapter or page content.',
+    'import_zip_no_data' => 'Dane archiwum ZIP nie zawierają oczekiwanej zawartości książki, rozdziału lub strony.',
-    'import_zip_data_too_large' => 'ZIP data.json content exceeds the configured application maximum upload size.',
+    'import_zip_data_too_large' => 'Zawartość pliku data.json w archiwum ZIP przekracza maksymalny dopuszczalny rozmiar narzucony przez aktualną konfigurację aplikacji.',
-    'import_validation_failed' => 'Import ZIP failed to validate with errors:',
+    'import_validation_failed' => 'Walidacja importu archiwum ZIP nie powiodła się z błędami:',
-    'import_zip_failed_notification' => 'Failed to import ZIP file.',
+    'import_zip_failed_notification' => 'Nie udało się zaimportować archiwum ZIP.',
-    'import_perms_books' => 'You are lacking the required permissions to create books.',
+    'import_perms_books' => 'Brakuje Ci wymaganych uprawnień do tworzenia książek.',
-    'import_perms_chapters' => 'You are lacking the required permissions to create chapters.',
+    'import_perms_chapters' => 'Brakuje Ci wymaganych uprawnień do tworzenia rozdziałów.',
-    'import_perms_pages' => 'You are lacking the required permissions to create pages.',
+    'import_perms_pages' => 'Brakuje Ci wymaganych uprawnień do tworzenia stron.',
-    'import_perms_images' => 'You are lacking the required permissions to create images.',
+    'import_perms_images' => 'Brakuje Ci wymaganych uprawnień do tworzenia zdjęć.',
-    'import_perms_attachments' => 'You are lacking the required permission to create attachments.',
+    'import_perms_attachments' => 'Brakuje Ci wymaganych uprawnień do tworzenia załączników.',
    // API errors
    'api_no_authorization_found' => 'Nie znaleziono tokenu autoryzacji dla żądania',
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Podany sekret dla tego API jest nieprawidłowy',
    'api_user_no_api_permission' => 'Właściciel używanego tokenu API nie ma uprawnień do wykonywania zapytań do API',
    'api_user_token_expired' => 'Token uwierzytelniania wygasł',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Błąd podczas wysyłania testowej wiadomości e-mail:',
--- a/lang/pl/notifications.php
+++ b/lang/pl/notifications.php
@@ -11,8 +11,8 @@ return [
    'updated_page_subject' => 'Zaktualizowano stronę: :pageName',
    'updated_page_intro' => 'Strona została zaktualizowana w :appName:',
    'updated_page_debounce' => 'Aby zapobiec nadmiarowi powiadomień, przez jakiś czas nie będziesz otrzymywać powiadomień o dalszych edycjach tej strony przez tego samego edytora.',
-    'comment_mention_subject' => 'You have been mentioned in a comment on page: :pageName',
+    'comment_mention_subject' => 'Zostałeś oznaczony w komentarzu na stronie: :pageName',
-    'comment_mention_intro' => 'You were mentioned in a comment on :appName:',
+    'comment_mention_intro' => 'Zostałeś oznaczony w komentarzu w :appName:',
    'detail_page_name' => 'Nazwa strony:',
    'detail_page_path' => 'Ścieżka strony:',
--- a/lang/pl/preferences.php
+++ b/lang/pl/preferences.php
@@ -23,7 +23,7 @@ return [
    'notifications_desc' => 'Kontroluj otrzymywane powiadomienia e-mail, gdy określona aktywność jest wykonywana w systemie.',
    'notifications_opt_own_page_changes' => 'Powiadom o zmianach na stronach, których jestem właścicielem',
    'notifications_opt_own_page_comments' => 'Powiadom o komentarzach na stronach, których jestem właścicielem',
-    'notifications_opt_comment_mentions' => 'Notify when I\'m mentioned in a comment',
+    'notifications_opt_comment_mentions' => 'Powiadom, kiedy zostanę oznaczony w komentarzu',
    'notifications_opt_comment_replies' => 'Powiadom o odpowiedziach na moje komentarze',
    'notifications_save' => 'Zapisz preferencje',
    'notifications_update_success' => 'Preferencje powiadomień zostały zaktualizowane!',
--- a/lang/pl/settings.php
+++ b/lang/pl/settings.php
@@ -20,12 +20,12 @@ return [
    'app_name_header' => 'Pokaż nazwę aplikacji w nagłówku',
    'app_public_access' => 'Dostęp publiczny',
    'app_public_access_desc' => 'Włączenie tej opcji umożliwi niezalogowanym odwiedzającym dostęp do treści w Twojej instancji BookStack.',
-    'app_public_access_desc_guest' => 'Dostęp dla niezalogowanych odwiedzających jest dostępny poprzez użytkownika "Guest".',
+    'app_public_access_desc_guest' => 'Dostęp dla niezalogowanych odwiedzających jest kontrolowany poprzez użytkownika "Guest".',
    'app_public_access_toggle' => 'Zezwalaj na dostęp publiczny',
    'app_public_viewing' => 'Zezwolić na publiczne przeglądanie?',
-    'app_secure_images' => 'Włączyć przesyłanie obrazów o wyższym poziomie bezpieczeństwa?',
+    'app_secure_images' => 'Bezpieczniejsze przesyłanie obrazów',
    'app_secure_images_toggle' => 'Włącz wyższy poziom bezpieczeństwa dla obrazów',
-    'app_secure_images_desc' => 'Ze względów wydajnościowych wszystkie obrazki są publiczne. Ta opcja dodaje dodatkowy, trudny do odgadnięcia losowy ciąg na początku nazwy obrazka. Upewnij się że indeksowanie katalogów jest zablokowane, aby uniemożliwić łatwy dostęp do obrazków.',
+    'app_secure_images_desc' => 'Ze względu na wydajność systemu wszystkie obrazki są publiczne. Ta opcja dodaje trudny do odgadnięcia losowy ciąg znaków na początku nazwy obrazka. Upewnij się, że indeksowanie katalogów jest wyłączone, aby uniemożliwić łatwy dostęp do obrazków.',
    'app_default_editor' => 'Domyślny edytor stron',
    'app_default_editor_desc' => 'Wybierz, który edytor będzie domyślnie używany podczas edycji nowych stron. Może to być nadpisane na poziomie strony, na którym pozwalają na to uprawnienia.',
    'app_custom_html' => 'Własna zawartość w tagu <head>',
@@ -64,47 +64,47 @@ return [
    'reg_settings' => 'Ustawienia rejestracji',
    'reg_enable' => 'Włącz rejestrację',
    'reg_enable_toggle' => 'Włącz rejestrację',
-    'reg_enable_desc' => 'Po włączeniu rejestracji użytkownicy ci będą mogli się samodzielnie zarejestrować i otrzymają domyślną rolę.',
+    'reg_enable_desc' => 'Przy włączonej rejestracji użytkownicy będą w stanie samodzielnie założyć sobie konto w systemie. Po rejestracji automatycznie otrzymają domyślną rolę.',
    'reg_default_role' => 'Domyślna rola użytkownika po rejestracji',
    'reg_enable_external_warning' => 'Powyższa opcja jest ignorowana, gdy zewnętrzne uwierzytelnianie LDAP lub SAML jest aktywne. Konta użytkowników dla nieistniejących użytkowników zostaną automatycznie utworzone, jeśli uwierzytelnianie za pomocą systemu zewnętrznego zakończy się sukcesem.',
    'reg_email_confirmation' => 'Potwierdzenie adresu email',
    'reg_email_confirmation_toggle' => 'Wymagaj potwierdzenia adresu email',
-    'reg_confirm_email_desc' => 'Jeśli restrykcje domenowe zostały ustawione, potwierdzenie adresu stanie się konieczne, a poniższa wartośc zostanie zignorowana.',
+    'reg_confirm_email_desc' => 'Jeśli restrykcje domenowe zostały ustawione, potwierdzenie adresu email stanie się konieczne i ta opcja zostanie zignorowana.',
-    'reg_confirm_restrict_domain' => 'Restrykcje domenowe dot. adresu e-mail',
+    'reg_confirm_restrict_domain' => 'Restrykcje domenowe',
-    'reg_confirm_restrict_domain_desc' => 'Wprowadź listę domen adresów e-mail, rozdzieloną przecinkami, którym chciałbyś zezwolić na rejestrację. Wymusi to konieczność potwierdzenia adresu e-mail przez użytkownika przed uzyskaniem dostępu do aplikacji. <br> Pamiętaj, że użytkownicy będą mogli zmienić adres e-mail po rejestracji.',
+    'reg_confirm_restrict_domain_desc' => 'Wprowadź listę domen adresów email, rozdzieloną przecinkami, którym chciałbyś zezwolić na rejestrację. Wymusi to konieczność potwierdzenia adresu e-mail przez użytkownika przed uzyskaniem dostępu do aplikacji. <br> Pamiętaj, że użytkownicy będą mogli zmienić adres e-mail po rejestracji.',
    'reg_confirm_restrict_domain_placeholder' => 'Brak restrykcji',
    // Sorting Settings
-    'sorting' => 'Lists & Sorting',
+    'sorting' => 'Listy i sortowanie',
-    'sorting_book_default' => 'Default Book Sort Rule',
+    'sorting_book_default' => 'Domyślna reguła sortowania książek',
-    'sorting_book_default_desc' => 'Select the default sort rule to apply to new books. This won\'t affect existing books, and can be overridden per-book.',
+    'sorting_book_default_desc' => 'Wybierz domyślną regułę sortowania dla nowych książek. To nie wpłynie na istniejące książki i może być nadpisane per książka.',
-    'sorting_rules' => 'Sort Rules',
+    'sorting_rules' => 'Reguły sortowania',
-    'sorting_rules_desc' => 'These are predefined sorting operations which can be applied to content in the system.',
+    'sorting_rules_desc' => 'Są to wstępnie zdefiniowane operacje sortowania, które mogą być stosowane do treści w systemie.',
-    'sort_rule_assigned_to_x_books' => 'Assigned to :count Book|Assigned to :count Books',
+    'sort_rule_assigned_to_x_books' => 'Przypisane do :count książki|Przypisane do :count książek',
-    'sort_rule_create' => 'Create Sort Rule',
+    'sort_rule_create' => 'Utwórz regułę sortowania',
-    'sort_rule_edit' => 'Edit Sort Rule',
+    'sort_rule_edit' => 'Edytuj regułę sortowania',
-    'sort_rule_delete' => 'Delete Sort Rule',
+    'sort_rule_delete' => 'Usuń regułę sortowania',
-    'sort_rule_delete_desc' => 'Remove this sort rule from the system. Books using this sort will revert to manual sorting.',
+    'sort_rule_delete_desc' => 'Usuń tę regułę sortowania z systemu. Książki używające tej reguły powrócą do ręcznego sortowania.',
-    'sort_rule_delete_warn_books' => 'This sort rule is currently used on :count book(s). Are you sure you want to delete this?',
+    'sort_rule_delete_warn_books' => 'Ta reguła sortowania jest obecnie używana na :count książkach. Czy na pewno chcesz ją usunąć?',
-    'sort_rule_delete_warn_default' => 'This sort rule is currently used as the default for books. Are you sure you want to delete this?',
+    'sort_rule_delete_warn_default' => 'Ta reguła sortowania jest obecnie używana jako domyślna dla książek. Czy na pewno chcesz ją usunąć?',
-    'sort_rule_details' => 'Sort Rule Details',
+    'sort_rule_details' => 'Szczegóły reguły sortowania',
-    'sort_rule_details_desc' => 'Set a name for this sort rule, which will appear in lists when users are selecting a sort.',
+    'sort_rule_details_desc' => 'Ustaw nazwę dla tej reguły sortowania, która pojawi się na listach, gdy użytkownicy skorzystają z sortowania.',
-    'sort_rule_operations' => 'Sort Operations',
+    'sort_rule_operations' => 'Operacje sortowania',
-    'sort_rule_operations_desc' => 'Configure the sort actions to be performed by moving them from the list of available operations. Upon use, the operations will be applied in order, from top to bottom. Any changes made here will be applied to all assigned books upon save.',
+    'sort_rule_operations_desc' => 'Skonfiguruj akcje sortowanie do wykonania, przenosząc je z listy dostępnych operacji. Po użyciu operacje zostaną zastosowane w kolejności od góry do dołu. Wszelkie zmiany wprowadzone tutaj zostaną zastosowane do wszystkich przypisanych książek po zapisaniu.',
-    'sort_rule_available_operations' => 'Available Operations',
+    'sort_rule_available_operations' => 'Dostępne operacje',
-    'sort_rule_available_operations_empty' => 'No operations remaining',
+    'sort_rule_available_operations_empty' => 'Brak pozostałych operacji',
-    'sort_rule_configured_operations' => 'Configured Operations',
+    'sort_rule_configured_operations' => 'Skonfigurowane operacje',
-    'sort_rule_configured_operations_empty' => 'Drag/add operations from the "Available Operations" list',
+    'sort_rule_configured_operations_empty' => 'Przeciągnij/dodaj operacje z listy "Dostępne Operacje"',
-    'sort_rule_op_asc' => '(Asc)',
+    'sort_rule_op_asc' => '(rosnąco)',
-    'sort_rule_op_desc' => '(Desc)',
+    'sort_rule_op_desc' => '(malejąco)',
-    'sort_rule_op_name' => 'Name - Alphabetical',
+    'sort_rule_op_name' => 'Nazwa — alfabetycznie',
-    'sort_rule_op_name_numeric' => 'Name - Numeric',
+    'sort_rule_op_name_numeric' => 'Nazwa — numerycznie',
-    'sort_rule_op_created_date' => 'Created Date',
+    'sort_rule_op_created_date' => 'Data utworzenia',
-    'sort_rule_op_updated_date' => 'Updated Date',
+    'sort_rule_op_updated_date' => 'Data aktualizacji',
-    'sort_rule_op_chapters_first' => 'Chapters First',
+    'sort_rule_op_chapters_first' => 'Rozdziały na początku',
-    'sort_rule_op_chapters_last' => 'Chapters Last',
+    'sort_rule_op_chapters_last' => 'Rozdziały na końcu',
-    'sorting_page_limits' => 'Per-Page Display Limits',
+    'sorting_page_limits' => 'Limity wyświetlania per strona',
-    'sorting_page_limits_desc' => 'Set how many items to show per-page in various lists within the system. Typically a lower amount will be more performant, while a higher amount avoids the need to click through multiple pages. Using an even multiple of 3 (18, 24, 30, etc...) is recommended.',
+    'sorting_page_limits_desc' => 'Ustaw ile elementów pokazywać per strona w różnych listach w systemie. Zazwyczaj mniejsza ilość będzie bardziej wydajna, podczas gdy większa ilość unika konieczności przeglądania wielu stron. Zaleca się stosowanie parzystej wielokrotności 3 (18, 24, 30 itp...).',
    // Maintenance settings
    'maint' => 'Konserwacja',
@@ -194,16 +194,16 @@ return [
    'role_access_api' => 'Dostęp do systemowego API',
    'role_manage_settings' => 'Zarządzanie ustawieniami aplikacji',
    'role_export_content' => 'Eksportuj zawartość',
-    'role_import_content' => 'Import content',
+    'role_import_content' => 'Importuj zawartość',
    'role_editor_change' => 'Zmień edytor strony',
    'role_notifications' => 'Odbieranie i zarządzanie powiadomieniami',
-    'role_permission_note_users_and_roles' => 'These permissions will technically also provide visibility & searching of users & roles in the system.',
+    'role_permission_note_users_and_roles' => 'Uprawnienia te mogą zapewnić również widoczność i wyszukiwanie użytkowników i ról w systemie.',
    'role_asset' => 'Zarządzanie zasobami',
    'roles_system_warning' => 'Pamiętaj, że dostęp do trzech powyższych uprawnień może pozwolić użytkownikowi na zmianę własnych uprawnień lub uprawnień innych osób w systemie. Przypisz tylko role z tymi uprawnieniami do zaufanych użytkowników.',
    'role_asset_desc' => 'Te ustawienia kontrolują zarządzanie zasobami systemu. Uprawnienia książek, rozdziałów i stron nadpisują te ustawienia.',
    'role_asset_admins' => 'Administratorzy mają automatycznie dostęp do wszystkich treści, ale te opcję mogą być pokazywać lub ukrywać opcje interfejsu użytkownika.',
    'role_asset_image_view_note' => 'To odnosi się do widoczności w ramach menedżera obrazów. Rzeczywista możliwość dostępu do przesłanych plików obrazów będzie zależeć od systemowej opcji przechowywania obrazów.',
-    'role_asset_users_note' => 'These permissions will technically also provide visibility & searching of users in the system.',
+    'role_asset_users_note' => 'Uprawnienia te mogą zapewnić również widoczność i wyszukiwanie użytkowników w systemie.',
    'role_all' => 'Wszyscy',
    'role_own' => 'Własne',
    'role_controlled_by_asset' => 'Kontrolowane przez zasób, do którego zostały udostępnione',
--- a/lang/pl/validation.php
+++ b/lang/pl/validation.php
@@ -105,11 +105,11 @@ return [
    'url'                  => 'Format :attribute jest nieprawidłowy.',
    'uploaded'             => 'Plik nie może zostać wysłany. Serwer nie akceptuje plików o takim rozmiarze.',
-    'zip_file' => 'The :attribute needs to reference a file within the ZIP.',
+    'zip_file' => ':attribute musi odnosić się do pliku w archiwum ZIP.',
-    'zip_file_size' => 'The file :attribute must not exceed :size MB.',
+    'zip_file_size' => 'Plik :attribute nie może przekraczać :size MB.',
-    'zip_file_mime' => 'The :attribute needs to reference a file of type :validTypes, found :foundType.',
+    'zip_file_mime' => ':attribute musi odnosić się do pliku typu :validTypes. Znaleziono :foundType.',
-    'zip_model_expected' => 'Data object expected but ":type" found.',
+    'zip_model_expected' => 'Oczekiwano obiektu danych, ale znaleziono ":type".',
-    'zip_unique' => 'The :attribute must be unique for the object type within the ZIP.',
+    'zip_unique' => ':attribute musi być unikalny dla typu obiektu w archiwum ZIP.',
    // Custom validation lines
    'custom' => [
--- a/lang/pt/errors.php
+++ b/lang/pt/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'O segredo fornecido para o token de API usado está incorreto',
    'api_user_no_api_permission' => 'O proprietário do token de API utilizado não tem permissão para fazer requisições de API',
    'api_user_token_expired' => 'O token de autenticação expirou',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Erro lançado ao enviar um e-mail de teste:',
--- a/lang/pt_BR/errors.php
+++ b/lang/pt_BR/errors.php
@@ -126,6 +126,7 @@ return [
    'api_incorrect_token_secret' => 'O segredo fornecido para o código de API usado está incorreto',
    'api_user_no_api_permission' => 'O proprietário do código de API utilizado não tem permissão para fazer requisições de API',
    'api_user_token_expired' => 'O código de autenticação expirou',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Erro encontrado ao enviar uma mensagem eletrônica de teste:',
--- a/lang/ro/errors.php
+++ b/lang/ro/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Secretul furnizat pentru token-ul API folosit este incorect',
    'api_user_no_api_permission' => 'Proprietarul token-ului API folosit nu are permisiunea de a efectua apeluri API',
    'api_user_token_expired' => 'Token-ul de autorizare utilizat a expirat',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Eroare la trimiterea unui e-mail de test:',
--- a/lang/ru/errors.php
+++ b/lang/ru/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Секрет, предоставленный для данного использованного API токена неверен',
    'api_user_no_api_permission' => 'Владелец используемого API токена не имеет прав на выполнение вызовов API',
    'api_user_token_expired' => 'Срок действия используемого токена авторизации истек',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Ошибка при отправке тестового письма:',
--- a/lang/sk/errors.php
+++ b/lang/sk/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Secret poskytnutý pre daný token API je nesprávny',
    'api_user_no_api_permission' => 'Vlastník použitého tokenu API nemá povolenie na uskutočňovanie volaní rozhrania API',
    'api_user_token_expired' => 'Platnosť použitého autorizačného tokenu vypršala',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Chyba pri odosielaní testovacieho e-mailu:',
--- a/lang/sl/errors.php
+++ b/lang/sl/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Skrivnost, ki je bila dana za uporabljeni žeton API, je napačna',
    'api_user_no_api_permission' => 'Lastnik API nima pravic za klicanje API',
    'api_user_token_expired' => 'Avtorizacijski žeton je pretečen',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Napaka se je pojavila pri pošiljanju testne e-pošte:',
--- a/lang/sq/errors.php
+++ b/lang/sq/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'The secret provided for the given used API token is incorrect',
    'api_user_no_api_permission' => 'The owner of the used API token does not have permission to make API calls',
    'api_user_token_expired' => 'The authorization token used has expired',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Error thrown when sending a test email:',
--- a/lang/sr/errors.php
+++ b/lang/sr/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'The secret provided for the given used API token is incorrect',
    'api_user_no_api_permission' => 'The owner of the used API token does not have permission to make API calls',
    'api_user_token_expired' => 'The authorization token used has expired',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Error thrown when sending a test email:',
--- a/lang/sv/errors.php
+++ b/lang/sv/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Hemligheten för den angivna API-token är felaktig',
    'api_user_no_api_permission' => 'Ägaren av den använda API-token har inte behörighet att göra API-anrop',
    'api_user_token_expired' => 'Den använda auktoriseringstoken har löpt ut',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Ett fel uppstod när ett test mail skulle skickas:',
--- a/lang/tk/errors.php
+++ b/lang/tk/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'The secret provided for the given used API token is incorrect',
    'api_user_no_api_permission' => 'The owner of the used API token does not have permission to make API calls',
    'api_user_token_expired' => 'The authorization token used has expired',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Error thrown when sending a test email:',
--- a/lang/tr/errors.php
+++ b/lang/tr/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Kullanılan API için sağlanan gizli anahtar doğru değil',
    'api_user_no_api_permission' => 'Kullanılan API anahtarının sahibi API çağrısı yapmak için izne sahip değil',
    'api_user_token_expired' => 'Kullanılan yetkilendirme anahtarının süresi doldu',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Test e-postası gönderilirken bir hata meydana geldi:',
--- a/lang/uk/errors.php
+++ b/lang/uk/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'Секрет, наданий для даного використовуваного токена API є неправильним',
    'api_user_no_api_permission' => 'Власник використовуваного токена API не має дозволу здійснювати виклики API',
    'api_user_token_expired' => 'Термін дії токена авторизації закінчився',
    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Помилка під час надсилання тестового електронного листа:',
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Dan Brown	9a12e3a8b7	Book API: Added shelves list to show endpoint For #6006 Added test to cover.	2026-02-24 10:25:17 +00:00
Dan Brown	6808292c90	Editors: Made drawings appear clickiable via cursor During review of #5864	2026-02-21 16:00:14 +00:00
Dan Brown	c10b0fd5b9	Merge branch 'patch-1' of github.com:lublak/BookStack into lublak-patch-1	2026-02-21 15:52:25 +00:00
Dan Brown	1077a4efd0	Merge branch 'v25-12' into development	2026-02-21 13:59:29 +00:00
Dan Brown	23f3f35f6b	Readme: Updated sponsors	2026-02-21 13:56:50 +00:00
Dan Brown	229a99ba24	Descriptions: Improved empty field handling, reduces whitespace For #5724	2026-02-20 14:22:54 +00:00
Dan Brown	8e99fc6783	Books: On delete, redirect to shelf if in context For #6029 Added tests to cover	2026-02-20 11:23:26 +00:00
Dan Brown	80204518a2	Page Content: Better handling for empty content filtering For #6028	2026-02-19 23:25:00 +00:00
Dan Brown	a8d96fd389	Content filter: Allowed custom diagram attribute in allow-list For #6026	2026-02-18 19:33:35 +00:00
Dan Brown	9d15c79fee	Deps: Updated PHP package versions	2026-02-18 19:24:06 +00:00
Dan Brown	e1de1f0583	git: Added old purifier location to gitignore	2026-02-17 18:34:14 +00:00
Dan Brown	a2017ffa55	Caching: Altered purifier cache folder to be server-created Moved from a static folder to a dynamically created folder in the framework/cache directory, to increase the chance that it's created with server-writable permissions. This is due to an issue where users had permission issues, since adding a new folder means it's created by the git user and often non-web-writable.	2026-02-17 18:22:13 +00:00
Dan Brown	9646339933	Testing: Addressed failing tests and static checks	2026-02-17 11:31:47 +00:00
Dan Brown	e4383765e1	Meta: Updated licenses and config wording	2026-02-17 11:00:37 +00:00
Dan Brown	5d547fcf4c	Deps: Updated PHP packages Also fixed test namespace	2026-02-17 09:44:56 +00:00
Dan Brown	826b36c985	Editors: Added HTML filtering in certain loading conditions When loaded via ajax for draft revert live in editor, or when loaded into the editor by a different user.	2026-02-16 15:50:54 +00:00
Dan Brown	3fa1174e7a	Content filtering: Updated config and readme attribution	2026-02-16 13:46:45 +00:00
Dan Brown	50e8501027	Content Filter: Added extra object filtering Was blocked by CSP anyway, but best to have an extra layer.	2026-02-16 13:02:24 +00:00
Dan Brown	8a221f64e4	Content Filtering: Covered new config options and filters with tests	2026-02-16 10:11:48 +00:00
Dan Brown	035be66ebc	Content: Updated tests and CSP usage of content script setting Updates CSP to use new content_filtering option. Splits out content filtering tests to their own class. Updated tests where needed to adapt to changes.	2026-02-15 18:44:14 +00:00
Dan Brown	227027fc45	Content: Updated purifier and content caching - Updated page content cache to use app version in cache key - Moved purifier cache into framework to better work with existing expected folders. - Added app version check to purifier so that it will reset its own cache on app version change.	2026-02-15 16:46:09 +00:00
Dan Brown	0f040fe8b1	Content: Tuned HTML purifier for our use Tested it with a range of supported, including uncommon, content types and added support, or changed config, where needed. Been through docs for all HTMLPurifier options to assess what's relevant.	2026-02-15 16:17:03 +00:00
Dan Brown	10ebe53bd9	Page Content: Added more complex & configurable content filtering - Added new option to control parts of the filter. - Added whitelist filtering pass via HTMLPurifier.	2026-02-13 14:14:28 +00:00
Dan Brown	5e12b678c7	Merge pull request #5998 from BookStackApp/further_theme_development Further theme system developments	2026-02-09 13:34:15 +00:00
Dan Brown	057d7be0bc	Views: Made index/show sidebars a lot more modular Split out each sidebar block into their own template for easier customization of those elements, and less code to manage when overriding the parent show/index views.	2026-02-08 17:03:48 +00:00
Dan Brown	984a73159f	Theme modules: Updated view includes to prevent caching conflicts	2026-02-08 13:39:34 +00:00
Dan Brown	a20438b901	Theme System: Fixed theme view before/after issues - Updated the system to work with modules. - Updated module docs to consider namespacing. - Fixed view loading and registration event ordering. - Fixed checking if views are registered.	2026-02-07 23:01:13 +00:00
Dan Brown	9d3d0a4a07	Theme Modules: Added testing coverage for install command	2026-02-05 21:57:12 +00:00
Dan Brown	5038d124e1	Theme modules: Updated docs to cover ZIP format	2026-02-05 18:01:17 +00:00
Dan Brown	f7890c2dd9	Theme Modules: Fixes and improvements after manual testing - Added (limited) redirect handling to module downloads. - Adjusted wording/text for consistency and clarity. - Fixed scenarios where process was not stopped on error. - Fixed module folder creation check/logic. - Added better failed request handling to module downloads. - Updated download response streaming to monitor/limit download size.	2026-02-05 17:49:35 +00:00
Dan Brown	45ae03ceac	Theme Modules: Added install helper command Not yet tested at all, either manually or via PHPUnit	2026-02-03 20:43:01 +00:00
Dan Brown	aa0a8dda11	Theme Modules: Added dev documentation	2026-02-02 18:29:35 +00:00
Dan Brown	120ee38383	Theme Modules: Added testing coverage	2026-02-01 17:31:21 +00:00
Dan Brown	cd84074cdf	Theme System: Split & organised tests, changed module version to string	2026-02-01 16:27:52 +00:00
Dan Brown	4949520194	Theme System: Added initial module implementations	2026-02-01 11:53:46 +00:00
Dan Brown	46dcc30bf7	Updated translator & dependency attribution before release v25.12.3	2026-01-29 15:18:06 +00:00
Dan Brown	9f7d3b55dd	Updated translations with latest Crowdin changes (#5997 )	2026-01-29 15:11:40 +00:00
Dan Brown	3e5e88dc87	Deps: Updated PHP package versions via composer	2026-01-29 14:57:05 +00:00
Dan Brown	c77a0fdff3	Page Content: Added form elements to filtering Added and updated tests to cover. Also updated API auth to a narrower focus of existing session instead of also existing user auth. This is mainly for tests, to ensure they're following the session process we'd see for activity in the UI.	2026-01-29 14:54:08 +00:00
Dan Brown	6a63b38bb3	API: Prevented non-GET requests when using cookie-based auth Added test to cover.	2026-01-29 03:37:16 +00:00
Dan Brown	1b17bb3929	Theme: Changed how before/after views are registered Changed the system out to be a theme event instead of method, to align with other registration events, and so that the theme view work can better be contained in its own class.	2026-01-27 16:50:50 +00:00
Dan Brown	9fcfc762ec	Theme: Added testing of registerViewToRender* functions Updated function name also.	2026-01-27 00:36:35 +00:00
Dan Brown	c32b1686a9	Theme: Added the ability to add views before/after existing ones Adds a registration system via the logical theme system, to tell BookStack about views to render before or after a specific template is included in the system.	2026-01-26 17:16:14 +00:00
Dan Brown	36649a6188	Theme: Updated view registration to be dynamic Within the responsibility of the theme service instead of being part of the app configuration.	2026-01-26 11:55:39 +00:00
lublak	570ded10fa	Set cursor to pointer for drawio diagrams Add cursor style for drawio diagrams in TinyMCE.	2025-10-31 12:51:04 +01:00