mirror of
https://github.com/BookStackApp/BookStack.git
synced 2026-02-20 11:19:38 +03:00
Compare commits
23 Commits
v25.12.4
...
l10n_devel
| Author | SHA1 | Date | |
|---|---|---|---|
|
08313ab6cc | ||
|
|
3726c80dab | ||
|
|
31d1cf409d | ||
|
|
b1a033f69c | ||
|
|
2bfe546a05 | ||
|
|
946d5ecac9 | ||
|
|
8a972f6209 | ||
|
|
dbed8173a4 | ||
|
|
bc627663c3 | ||
|
|
4fe0f6132b | ||
|
|
c008dd76d7 | ||
|
|
119fcada30 | ||
|
|
ad60ac905f | ||
|
|
cd5f1620f1 | ||
|
|
aa341bdfdf | ||
|
|
cd2f4f290a | ||
|
|
06d66222e4 | ||
|
|
09774817ef | ||
|
|
258b6d4b95 | ||
|
|
ce99a1aee7 | ||
|
|
9c09f6a770 | ||
|
|
63fcd09d87 | ||
|
|
509c739c66 |
@@ -351,25 +351,10 @@ EXPORT_PDF_COMMAND_TIMEOUT=15
|
||||
# Only used if 'ALLOW_UNTRUSTED_SERVER_FETCHING=true' which disables security protections.
|
||||
WKHTMLTOPDF=false
|
||||
|
||||
# Allow JavaScript, and other potentiall dangerous content in page content.
|
||||
# This also removes CSP-level JavaScript control.
|
||||
# Allow <script> tags in page content
|
||||
# Note, if set to 'true' the page editor may still escape scripts.
|
||||
# DEPRECATED: Use 'APP_CONTENT_FILTERING' instead as detailed below. Activiting this option
|
||||
# effectively sets APP_CONTENT_FILTERING='' (No filtering)
|
||||
ALLOW_CONTENT_SCRIPTS=false
|
||||
|
||||
# Control the behaviour of content filtering, primarily used for page content.
|
||||
# This setting is a string of characters which represent different available filters:
|
||||
# - j - Filter out JavaScript and unknown binary data based content
|
||||
# - h - Filter out unexpected, and potentially dangerous, HTML elements
|
||||
# - f - Filter out unexpected form elements
|
||||
# - a - Run content through a more complex allowlist filter
|
||||
# This defaults to using all filters, unless ALLOW_CONTENT_SCRIPTS is set to true in which case no filters are used.
|
||||
# Note: These filters are a best-attempt and may not be 100% effective. They are typically a layer used in addition to other security measures.
|
||||
# Note: The default value will always be the most-strict, so it's advised to leave this unset in your own configuration
|
||||
# to ensure you are always using the full range of filters.
|
||||
APP_CONTENT_FILTERING="jfha"
|
||||
|
||||
# Indicate if robots/crawlers should crawl your instance.
|
||||
# Can be 'true', 'false' or 'null'.
|
||||
# The behaviour of the default 'null' option will depend on the 'app-public' admin setting.
|
||||
|
||||
6
.gitignore
vendored
6
.gitignore
vendored
@@ -8,10 +8,10 @@ Homestead.yaml
|
||||
.idea
|
||||
npm-debug.log
|
||||
yarn-error.log
|
||||
/public/dist/*.map
|
||||
/public/dist
|
||||
/public/plugins
|
||||
/public/css/*.map
|
||||
/public/js/*.map
|
||||
/public/css
|
||||
/public/js
|
||||
/public/bower
|
||||
/public/build/
|
||||
/public/favicon.ico
|
||||
|
||||
@@ -8,7 +8,6 @@ use BookStack\Permissions\PermissionApplicator;
|
||||
use BookStack\Users\Models\HasCreatorAndUpdater;
|
||||
use BookStack\Users\Models\OwnableInterface;
|
||||
use BookStack\Util\HtmlContentFilter;
|
||||
use BookStack\Util\HtmlContentFilterConfig;
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
||||
use Illuminate\Database\Eloquent\Relations\BelongsTo;
|
||||
@@ -83,8 +82,7 @@ class Comment extends Model implements Loggable, OwnableInterface
|
||||
|
||||
public function safeHtml(): string
|
||||
{
|
||||
$filter = new HtmlContentFilter(new HtmlContentFilterConfig());
|
||||
return $filter->filterString($this->html ?? '');
|
||||
return HtmlContentFilter::removeActiveContentFromHtmlString($this->html ?? '');
|
||||
}
|
||||
|
||||
public function jointPermissions(): HasMany
|
||||
|
||||
@@ -37,15 +37,10 @@ return [
|
||||
// The limit for all uploaded files, including images and attachments in MB.
|
||||
'upload_limit' => env('FILE_UPLOAD_SIZE_LIMIT', 50),
|
||||
|
||||
// Control the behaviour of content filtering, primarily used for page content.
|
||||
// This setting is a string of characters which represent different available filters:
|
||||
// - j - Filter out JavaScript and unknown binary data based content
|
||||
// - h - Filter out unexpected, and potentially dangerous, HTML elements
|
||||
// - f - Filter out unexpected form elements
|
||||
// - a - Run content through a more complex allowlist filter
|
||||
// This defaults to using all filters, unless ALLOW_CONTENT_SCRIPTS is set to true in which case no filters are used.
|
||||
// Note: These filters are a best-attempt and may not be 100% effective. They are typically a layer used in addition to other security measures.
|
||||
'content_filtering' => env('APP_CONTENT_FILTERING', env('ALLOW_CONTENT_SCRIPTS', false) === true ? '' : 'jhfa'),
|
||||
// Allow <script> tags to entered within page content.
|
||||
// <script> tags are escaped by default.
|
||||
// Even when overridden the WYSIWYG editor may still escape script content.
|
||||
'allow_content_scripts' => env('ALLOW_CONTENT_SCRIPTS', false),
|
||||
|
||||
// Allow server-side fetches to be performed to potentially unknown
|
||||
// and user-provided locations. Primarily used in exports when loading
|
||||
@@ -53,8 +48,8 @@ return [
|
||||
'allow_untrusted_server_fetching' => env('ALLOW_UNTRUSTED_SERVER_FETCHING', false),
|
||||
|
||||
// Override the default behaviour for allowing crawlers to crawl the instance.
|
||||
// May be ignored if the underlying view has been overridden or modified.
|
||||
// Defaults to null in which case the 'app-public' status is used instead.
|
||||
// May be ignored if view has be overridden or modified.
|
||||
// Defaults to null since, if not set, 'app-public' status used instead.
|
||||
'allow_robots' => env('ALLOW_ROBOTS', null),
|
||||
|
||||
// Application Base URL, Used by laravel in development commands
|
||||
|
||||
@@ -21,8 +21,6 @@ use BookStack\Exceptions\PermissionsException;
|
||||
use BookStack\Http\Controller;
|
||||
use BookStack\Permissions\Permission;
|
||||
use BookStack\References\ReferenceFetcher;
|
||||
use BookStack\Util\HtmlContentFilter;
|
||||
use BookStack\Util\HtmlContentFilterConfig;
|
||||
use Exception;
|
||||
use Illuminate\Database\Eloquent\Relations\BelongsTo;
|
||||
use Illuminate\Http\Request;
|
||||
@@ -175,7 +173,7 @@ class PageController extends Controller
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a page from an ajax request.
|
||||
* Get page from an ajax request.
|
||||
*
|
||||
* @throws NotFoundException
|
||||
*/
|
||||
@@ -185,10 +183,6 @@ class PageController extends Controller
|
||||
$page->setHidden(array_diff($page->getHidden(), ['html', 'markdown']));
|
||||
$page->makeHidden(['book']);
|
||||
|
||||
$filterConfig = HtmlContentFilterConfig::fromConfigString(config('app.content_filtering'));
|
||||
$filter = new HtmlContentFilter($filterConfig);
|
||||
$page->html = $filter->filterString($page->html);
|
||||
|
||||
return response()->json($page);
|
||||
}
|
||||
|
||||
|
||||
@@ -6,7 +6,6 @@ use BookStack\Entities\Models\Book;
|
||||
use BookStack\Entities\Models\Bookshelf;
|
||||
use BookStack\Entities\Models\Chapter;
|
||||
use BookStack\Util\HtmlContentFilter;
|
||||
use BookStack\Util\HtmlContentFilterConfig;
|
||||
|
||||
class EntityHtmlDescription
|
||||
{
|
||||
@@ -51,8 +50,7 @@ class EntityHtmlDescription
|
||||
return $html;
|
||||
}
|
||||
|
||||
$filter = new HtmlContentFilter(new HtmlContentFilterConfig());
|
||||
return $filter->filterString($html);
|
||||
return HtmlContentFilter::removeActiveContentFromHtmlString($html);
|
||||
}
|
||||
|
||||
public function getPlain(): string
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
|
||||
namespace BookStack\Entities\Tools;
|
||||
|
||||
use BookStack\App\AppVersion;
|
||||
use BookStack\Entities\Models\Page;
|
||||
use BookStack\Entities\Queries\PageQueries;
|
||||
use BookStack\Entities\Tools\Markdown\MarkdownToHtml;
|
||||
@@ -14,7 +13,6 @@ use BookStack\Uploads\ImageRepo;
|
||||
use BookStack\Uploads\ImageService;
|
||||
use BookStack\Users\Models\User;
|
||||
use BookStack\Util\HtmlContentFilter;
|
||||
use BookStack\Util\HtmlContentFilterConfig;
|
||||
use BookStack\Util\HtmlDocument;
|
||||
use BookStack\Util\WebSafeMimeSniffer;
|
||||
use Closure;
|
||||
@@ -319,30 +317,11 @@ class PageContent
|
||||
$this->updateIdsRecursively($doc->getBody(), 0, $idMap, $changeMap);
|
||||
}
|
||||
|
||||
$cacheKey = $this->getContentCacheKey($doc->getBodyInnerHtml());
|
||||
$cached = cache()->get($cacheKey, null);
|
||||
if ($cached !== null) {
|
||||
return $cached;
|
||||
if (!config('app.allow_content_scripts')) {
|
||||
HtmlContentFilter::removeActiveContentFromDocument($doc);
|
||||
}
|
||||
|
||||
$filterConfig = HtmlContentFilterConfig::fromConfigString(config('app.content_filtering'));
|
||||
$filter = new HtmlContentFilter($filterConfig);
|
||||
$filtered = $filter->filterDocument($doc);
|
||||
|
||||
$cacheTime = 86400 * 7; // 1 week
|
||||
cache()->put($cacheKey, $filtered, $cacheTime);
|
||||
|
||||
return $filtered;
|
||||
}
|
||||
|
||||
protected function getContentCacheKey(string $html): string
|
||||
{
|
||||
$contentHash = md5($html);
|
||||
$contentId = $this->page->id;
|
||||
$contentTime = $this->page->updated_at?->timestamp ?? time();
|
||||
$appVersion = AppVersion::get();
|
||||
$filterConfig = config('app.content_filtering') ?? '';
|
||||
return "page-content-cache::{$filterConfig}::{$appVersion}::{$contentId}::{$contentTime}::{$contentHash}";
|
||||
return $doc->getBodyInnerHtml();
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -8,8 +8,6 @@ use BookStack\Entities\Queries\EntityQueries;
|
||||
use BookStack\Entities\Tools\Markdown\HtmlToMarkdown;
|
||||
use BookStack\Entities\Tools\Markdown\MarkdownToHtml;
|
||||
use BookStack\Permissions\Permission;
|
||||
use BookStack\Util\HtmlContentFilter;
|
||||
use BookStack\Util\HtmlContentFilterConfig;
|
||||
|
||||
class PageEditorData
|
||||
{
|
||||
@@ -49,7 +47,6 @@ class PageEditorData
|
||||
$isDraftRevision = false;
|
||||
$this->warnings = [];
|
||||
$editActivity = new PageEditActivity($page);
|
||||
$lastEditorId = $page->updated_by ?? user()->id;
|
||||
|
||||
if ($editActivity->hasActiveEditing()) {
|
||||
$this->warnings[] = $editActivity->activeEditingMessage();
|
||||
@@ -61,20 +58,11 @@ class PageEditorData
|
||||
$page->forceFill($userDraft->only(['name', 'html', 'markdown']));
|
||||
$isDraftRevision = true;
|
||||
$this->warnings[] = $editActivity->getEditingActiveDraftMessage($userDraft);
|
||||
$lastEditorId = $userDraft->created_by;
|
||||
}
|
||||
|
||||
// Get editor type and handle changes
|
||||
$editorType = $this->getEditorType($page);
|
||||
$this->updateContentForEditor($page, $editorType);
|
||||
|
||||
// Filter HTML content if required
|
||||
if ($editorType->isHtmlBased() && !old('html') && $lastEditorId !== user()->id) {
|
||||
$filterConfig = HtmlContentFilterConfig::fromConfigString(config('app.content_filtering'));
|
||||
$filter = new HtmlContentFilter($filterConfig);
|
||||
$page->html = $filter->filterString($page->html);
|
||||
}
|
||||
|
||||
return [
|
||||
'page' => $page,
|
||||
'book' => $page->book,
|
||||
|
||||
@@ -4,16 +4,25 @@ namespace BookStack\Theming;
|
||||
|
||||
use BookStack\Util\CspService;
|
||||
use BookStack\Util\HtmlContentFilter;
|
||||
use BookStack\Util\HtmlContentFilterConfig;
|
||||
use BookStack\Util\HtmlNonceApplicator;
|
||||
use Illuminate\Contracts\Cache\Repository as Cache;
|
||||
|
||||
class CustomHtmlHeadContentProvider
|
||||
{
|
||||
public function __construct(
|
||||
protected CspService $cspService,
|
||||
protected Cache $cache
|
||||
) {
|
||||
/**
|
||||
* @var CspService
|
||||
*/
|
||||
protected $cspService;
|
||||
|
||||
/**
|
||||
* @var Cache
|
||||
*/
|
||||
protected $cache;
|
||||
|
||||
public function __construct(CspService $cspService, Cache $cache)
|
||||
{
|
||||
$this->cspService = $cspService;
|
||||
$this->cache = $cache;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -41,8 +50,7 @@ class CustomHtmlHeadContentProvider
|
||||
$hash = md5($content);
|
||||
|
||||
return $this->cache->remember('custom-head-export:' . $hash, 86400, function () use ($content) {
|
||||
$config = new HtmlContentFilterConfig(filterOutNonContentElements: false, useAllowListFilter: false);
|
||||
return (new HtmlContentFilter($config))->filterString($content);
|
||||
return HtmlContentFilter::removeActiveContentFromHtmlString($content);
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
@@ -1,131 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace BookStack\Util;
|
||||
|
||||
use BookStack\App\AppVersion;
|
||||
use HTMLPurifier;
|
||||
use HTMLPurifier_Config;
|
||||
use HTMLPurifier_DefinitionCache_Serializer;
|
||||
use HTMLPurifier_HTML5Config;
|
||||
use HTMLPurifier_HTMLDefinition;
|
||||
|
||||
/**
|
||||
* Provides a configured HTML Purifier instance.
|
||||
* https://github.com/ezyang/htmlpurifier
|
||||
* Also uses this to extend support to HTML5 elements:
|
||||
* https://github.com/xemlock/htmlpurifier-html5
|
||||
*/
|
||||
class ConfiguredHtmlPurifier
|
||||
{
|
||||
protected HTMLPurifier $purifier;
|
||||
protected static bool $cachedChecked = false;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$config = HTMLPurifier_HTML5Config::createDefault();
|
||||
$this->setConfig($config);
|
||||
$this->resetCacheIfNeeded($config);
|
||||
|
||||
$htmlDef = $config->getDefinition('HTML', true, true);
|
||||
if ($htmlDef instanceof HTMLPurifier_HTMLDefinition) {
|
||||
$this->configureDefinition($htmlDef);
|
||||
}
|
||||
|
||||
$this->purifier = new HTMLPurifier($config);
|
||||
}
|
||||
|
||||
protected function resetCacheIfNeeded(HTMLPurifier_Config $config): void
|
||||
{
|
||||
if (self::$cachedChecked) {
|
||||
return;
|
||||
}
|
||||
|
||||
$cachedForVersion = cache('htmlpurifier::cache-version');
|
||||
$appVersion = AppVersion::get();
|
||||
if ($cachedForVersion !== $appVersion) {
|
||||
foreach (['HTML', 'CSS', 'URI'] as $name) {
|
||||
$cache = new HTMLPurifier_DefinitionCache_Serializer($name);
|
||||
$cache->flush($config);
|
||||
}
|
||||
cache()->set('htmlpurifier::cache-version', $appVersion);
|
||||
}
|
||||
|
||||
self::$cachedChecked = true;
|
||||
}
|
||||
|
||||
protected function setConfig(HTMLPurifier_Config $config): void
|
||||
{
|
||||
$config->set('Cache.SerializerPath', storage_path('framework/purifier'));
|
||||
$config->set('Core.AllowHostnameUnderscore', true);
|
||||
$config->set('CSS.AllowTricky', true);
|
||||
$config->set('HTML.SafeIframe', true);
|
||||
$config->set('Attr.EnableID', true);
|
||||
$config->set('Attr.ID.HTML5', true);
|
||||
$config->set('Output.FixInnerHTML', false);
|
||||
$config->set('URI.SafeIframeRegexp', '%^(http://|https://|//)%');
|
||||
$config->set('URI.AllowedSchemes', [
|
||||
'http' => true,
|
||||
'https' => true,
|
||||
'mailto' => true,
|
||||
'ftp' => true,
|
||||
'nntp' => true,
|
||||
'news' => true,
|
||||
'tel' => true,
|
||||
'file' => true,
|
||||
]);
|
||||
|
||||
// $config->set('Cache.DefinitionImpl', null); // Disable cache during testing
|
||||
}
|
||||
|
||||
public function configureDefinition(HTMLPurifier_HTMLDefinition $definition): void
|
||||
{
|
||||
// Allow the object element
|
||||
$definition->addElement(
|
||||
'object',
|
||||
'Inline',
|
||||
'Flow',
|
||||
'Common',
|
||||
[
|
||||
'data' => 'URI',
|
||||
'type' => 'Text',
|
||||
'width' => 'Length',
|
||||
'height' => 'Length',
|
||||
]
|
||||
);
|
||||
|
||||
// Allow the embed element
|
||||
$definition->addElement(
|
||||
'embed',
|
||||
'Inline',
|
||||
'Empty',
|
||||
'Common',
|
||||
[
|
||||
'src' => 'URI',
|
||||
'type' => 'Text',
|
||||
'width' => 'Length',
|
||||
'height' => 'Length',
|
||||
]
|
||||
);
|
||||
|
||||
// Allow checkbox inputs
|
||||
$definition->addElement(
|
||||
'input',
|
||||
'Formctrl',
|
||||
'Empty',
|
||||
'Common',
|
||||
[
|
||||
'checked' => 'Bool#checked',
|
||||
'disabled' => 'Bool#disabled',
|
||||
'name' => 'Text',
|
||||
'readonly' => 'Bool#readonly',
|
||||
'type' => 'Enum#checkbox',
|
||||
'value' => 'Text',
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
public function purify(string $html): string
|
||||
{
|
||||
return $this->purifier->purify($html);
|
||||
}
|
||||
}
|
||||
@@ -65,7 +65,7 @@ class CspService
|
||||
*/
|
||||
protected function getScriptSrc(): string
|
||||
{
|
||||
if ($this->scriptFilteringDisabled()) {
|
||||
if (config('app.allow_content_scripts')) {
|
||||
return '';
|
||||
}
|
||||
|
||||
@@ -108,7 +108,7 @@ class CspService
|
||||
*/
|
||||
protected function getObjectSrc(): string
|
||||
{
|
||||
if ($this->scriptFilteringDisabled()) {
|
||||
if (config('app.allow_content_scripts')) {
|
||||
return '';
|
||||
}
|
||||
|
||||
@@ -124,11 +124,6 @@ class CspService
|
||||
return "base-uri 'self'";
|
||||
}
|
||||
|
||||
protected function scriptFilteringDisabled(): bool
|
||||
{
|
||||
return !HtmlContentFilterConfig::fromConfigString(config('app.content_filtering'))->filterOutJavaScript;
|
||||
}
|
||||
|
||||
protected function getAllowedIframeHosts(): array
|
||||
{
|
||||
$hosts = config('app.iframe_hosts') ?? '';
|
||||
|
||||
@@ -8,46 +8,12 @@ use DOMNodeList;
|
||||
|
||||
class HtmlContentFilter
|
||||
{
|
||||
public function __construct(
|
||||
protected HtmlContentFilterConfig $config
|
||||
) {
|
||||
}
|
||||
|
||||
public function filterDocument(HtmlDocument $doc): string
|
||||
{
|
||||
if ($this->config->filterOutJavaScript) {
|
||||
$this->filterOutScriptsFromDocument($doc);
|
||||
}
|
||||
if ($this->config->filterOutFormElements) {
|
||||
$this->filterOutFormElementsFromDocument($doc);
|
||||
}
|
||||
if ($this->config->filterOutBadHtmlElements) {
|
||||
$this->filterOutBadHtmlElementsFromDocument($doc);
|
||||
}
|
||||
if ($this->config->filterOutNonContentElements) {
|
||||
$this->filterOutNonContentElementsFromDocument($doc);
|
||||
}
|
||||
|
||||
$filtered = $doc->getBodyInnerHtml();
|
||||
if ($this->config->useAllowListFilter) {
|
||||
$filtered = $this->applyAllowListFiltering($filtered);
|
||||
}
|
||||
|
||||
return $filtered;
|
||||
}
|
||||
|
||||
public function filterString(string $html): string
|
||||
{
|
||||
return $this->filterDocument(new HtmlDocument($html));
|
||||
}
|
||||
|
||||
protected function applyAllowListFiltering(string $html): string
|
||||
{
|
||||
$purifier = new ConfiguredHtmlPurifier();
|
||||
return $purifier->purify($html);
|
||||
}
|
||||
|
||||
protected function filterOutScriptsFromDocument(HtmlDocument $doc): void
|
||||
/**
|
||||
* Remove all active content from the given HTML document.
|
||||
* This aims to cover anything which can dynamically deal with, or send, data
|
||||
* like any JavaScript actions or form content.
|
||||
*/
|
||||
public static function removeActiveContentFromDocument(HtmlDocument $doc): void
|
||||
{
|
||||
// Remove standard script tags
|
||||
$scriptElems = $doc->queryXPath('//script');
|
||||
@@ -61,17 +27,17 @@ class HtmlContentFilter
|
||||
$badForms = $doc->queryXPath('//*[' . static::xpathContains('@action', 'javascript:') . '] | //*[' . static::xpathContains('@formaction', 'javascript:') . ']');
|
||||
static::removeNodes($badForms);
|
||||
|
||||
// Remove data or JavaScript iFrames & embeds
|
||||
// Remove meta tag to prevent external redirects
|
||||
$metaTags = $doc->queryXPath('//meta[' . static::xpathContains('@content', 'url') . ']');
|
||||
static::removeNodes($metaTags);
|
||||
|
||||
// Remove data or JavaScript iFrames
|
||||
$badIframes = $doc->queryXPath('//*[' . static::xpathContains('@src', 'data:') . '] | //*[' . static::xpathContains('@src', 'javascript:') . '] | //*[@srcdoc]');
|
||||
static::removeNodes($badIframes);
|
||||
|
||||
// Remove data or JavaScript objects
|
||||
$badObjects = $doc->queryXPath('//*[' . static::xpathContains('@data', 'data:') . '] | //*[' . static::xpathContains('@data', 'javascript:') . ']');
|
||||
static::removeNodes($badObjects);
|
||||
|
||||
// Remove attributes, within svg children, hiding JavaScript or data uris.
|
||||
// A bunch of svg element and attribute combinations expose xss possibilities.
|
||||
// For example, SVG animate tag can exploit JavaScript in values.
|
||||
// For example, SVG animate tag can exploit javascript in values.
|
||||
$badValuesAttrs = $doc->queryXPath('//svg//@*[' . static::xpathContains('.', 'data:') . '] | //svg//@*[' . static::xpathContains('.', 'javascript:') . ']');
|
||||
static::removeAttributes($badValuesAttrs);
|
||||
|
||||
@@ -83,10 +49,7 @@ class HtmlContentFilter
|
||||
// Remove 'on*' attributes
|
||||
$onAttributes = $doc->queryXPath('//@*[starts-with(name(), \'on\')]');
|
||||
static::removeAttributes($onAttributes);
|
||||
}
|
||||
|
||||
protected function filterOutFormElementsFromDocument(HtmlDocument $doc): void
|
||||
{
|
||||
// Remove form elements
|
||||
$formElements = ['form', 'fieldset', 'button', 'textarea', 'select'];
|
||||
foreach ($formElements as $formElement) {
|
||||
@@ -112,21 +75,41 @@ class HtmlContentFilter
|
||||
}
|
||||
}
|
||||
|
||||
protected function filterOutBadHtmlElementsFromDocument(HtmlDocument $doc): void
|
||||
/**
|
||||
* Remove active content from the given HTML string.
|
||||
* This aims to cover anything which can dynamically deal with, or send, data
|
||||
* like any JavaScript actions or form content.
|
||||
*/
|
||||
public static function removeActiveContentFromHtmlString(string $html): string
|
||||
{
|
||||
// Remove meta tag to prevent external redirects
|
||||
$metaTags = $doc->queryXPath('//meta[' . static::xpathContains('@content', 'url') . ']');
|
||||
static::removeNodes($metaTags);
|
||||
if (empty($html)) {
|
||||
return $html;
|
||||
}
|
||||
|
||||
$doc = new HtmlDocument($html);
|
||||
static::removeActiveContentFromDocument($doc);
|
||||
|
||||
return $doc->getBodyInnerHtml();
|
||||
}
|
||||
|
||||
protected function filterOutNonContentElementsFromDocument(HtmlDocument $doc): void
|
||||
/**
|
||||
* Alias using the old method name to avoid potential compatibility breaks during patch release.
|
||||
* To remove in future feature release.
|
||||
* @deprecated Use removeActiveContentFromDocument instead.
|
||||
*/
|
||||
public static function removeScriptsFromDocument(HtmlDocument $doc): void
|
||||
{
|
||||
// Remove non-content elements
|
||||
$formElements = ['link', 'style', 'meta', 'title', 'template'];
|
||||
foreach ($formElements as $formElement) {
|
||||
$matchingFormElements = $doc->queryXPath('//' . $formElement);
|
||||
static::removeNodes($matchingFormElements);
|
||||
}
|
||||
static::removeActiveContentFromDocument($doc);
|
||||
}
|
||||
|
||||
/**
|
||||
* Alias using the old method name to avoid potential compatibility breaks during patch release.
|
||||
* To remove in future feature release.
|
||||
* @deprecated Use removeActiveContentFromHtmlString instead.
|
||||
*/
|
||||
public static function removeScriptsFromHtmlString(string $html): string
|
||||
{
|
||||
return static::removeActiveContentFromHtmlString($html);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -164,34 +147,4 @@ class HtmlContentFilter
|
||||
$parentNode->removeAttribute($attrName);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Alias using the old method name to avoid potential compatibility breaks during patch release.
|
||||
* To remove in future feature release.
|
||||
* @deprecated Use filterDocument instead.
|
||||
*/
|
||||
public static function removeScriptsFromDocument(HtmlDocument $doc): void
|
||||
{
|
||||
$config = new HtmlContentFilterConfig(
|
||||
filterOutNonContentElements: false,
|
||||
useAllowListFilter: false,
|
||||
);
|
||||
$filter = new self($config);
|
||||
$filter->filterDocument($doc);
|
||||
}
|
||||
|
||||
/**
|
||||
* Alias using the old method name to avoid potential compatibility breaks during patch release.
|
||||
* To remove in future feature release.
|
||||
* @deprecated Use filterString instead.
|
||||
*/
|
||||
public static function removeScriptsFromHtmlString(string $html): string
|
||||
{
|
||||
$config = new HtmlContentFilterConfig(
|
||||
filterOutNonContentElements: false,
|
||||
useAllowListFilter: false,
|
||||
);
|
||||
$filter = new self($config);
|
||||
return $filter->filterString($html);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,31 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace BookStack\Util;
|
||||
|
||||
readonly class HtmlContentFilterConfig
|
||||
{
|
||||
public function __construct(
|
||||
public bool $filterOutJavaScript = true,
|
||||
public bool $filterOutBadHtmlElements = true,
|
||||
public bool $filterOutFormElements = true,
|
||||
public bool $filterOutNonContentElements = true,
|
||||
public bool $useAllowListFilter = true,
|
||||
) {
|
||||
}
|
||||
|
||||
/**
|
||||
* Create an instance from a config string, where the string
|
||||
* is a combination of characters to enable filters.
|
||||
*/
|
||||
public static function fromConfigString(string $config): self
|
||||
{
|
||||
$config = strtolower($config);
|
||||
return new self(
|
||||
filterOutJavaScript: str_contains($config, 'j'),
|
||||
filterOutBadHtmlElements: str_contains($config, 'h'),
|
||||
filterOutFormElements: str_contains($config, 'f'),
|
||||
filterOutNonContentElements: str_contains($config, 'h'),
|
||||
useAllowListFilter: str_contains($config, 'a'),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -19,7 +19,6 @@
|
||||
"ext-zip": "*",
|
||||
"bacon/bacon-qr-code": "^3.0",
|
||||
"dompdf/dompdf": "^3.1",
|
||||
"ezyang/htmlpurifier": "^4.19",
|
||||
"guzzlehttp/guzzle": "^7.4",
|
||||
"intervention/image": "^3.5",
|
||||
"knplabs/knp-snappy": "^1.5",
|
||||
@@ -39,8 +38,7 @@
|
||||
"socialiteproviders/microsoft-azure": "^5.1",
|
||||
"socialiteproviders/okta": "^4.2",
|
||||
"socialiteproviders/twitch": "^5.3",
|
||||
"ssddanbrown/htmldiff": "^2.0.0",
|
||||
"xemlock/htmlpurifier-html5": "^0.1.12"
|
||||
"ssddanbrown/htmldiff": "^2.0.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"fakerphp/faker": "^1.21",
|
||||
|
||||
425
composer.lock
generated
425
composer.lock
generated
@@ -4,7 +4,7 @@
|
||||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||
"This file is @generated automatically"
|
||||
],
|
||||
"content-hash": "8dc695e5ecb6cea01e282394da136713",
|
||||
"content-hash": "556613432c8fb7d8f96bcf637c8c07a9",
|
||||
"packages": [
|
||||
{
|
||||
"name": "aws/aws-crt-php",
|
||||
@@ -62,16 +62,16 @@
|
||||
},
|
||||
{
|
||||
"name": "aws/aws-sdk-php",
|
||||
"version": "3.369.35",
|
||||
"version": "3.369.22",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/aws/aws-sdk-php.git",
|
||||
"reference": "0f3e296342fe965271b5dd0bded4a18bdab8aba5"
|
||||
"reference": "fe83cbc3adb5ed384179ac6d63531aadde0198e3"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/0f3e296342fe965271b5dd0bded4a18bdab8aba5",
|
||||
"reference": "0f3e296342fe965271b5dd0bded4a18bdab8aba5",
|
||||
"url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/fe83cbc3adb5ed384179ac6d63531aadde0198e3",
|
||||
"reference": "fe83cbc3adb5ed384179ac6d63531aadde0198e3",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -153,9 +153,9 @@
|
||||
"support": {
|
||||
"forum": "https://github.com/aws/aws-sdk-php/discussions",
|
||||
"issues": "https://github.com/aws/aws-sdk-php/issues",
|
||||
"source": "https://github.com/aws/aws-sdk-php/tree/3.369.35"
|
||||
"source": "https://github.com/aws/aws-sdk-php/tree/3.369.22"
|
||||
},
|
||||
"time": "2026-02-16T19:15:41+00:00"
|
||||
"time": "2026-01-28T19:19:00+00:00"
|
||||
},
|
||||
{
|
||||
"name": "bacon/bacon-qr-code",
|
||||
@@ -214,16 +214,16 @@
|
||||
},
|
||||
{
|
||||
"name": "brick/math",
|
||||
"version": "0.14.8",
|
||||
"version": "0.14.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/brick/math.git",
|
||||
"reference": "63422359a44b7f06cae63c3b429b59e8efcc0629"
|
||||
"reference": "f05858549e5f9d7bb45875a75583240a38a281d0"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/brick/math/zipball/63422359a44b7f06cae63c3b429b59e8efcc0629",
|
||||
"reference": "63422359a44b7f06cae63c3b429b59e8efcc0629",
|
||||
"url": "https://api.github.com/repos/brick/math/zipball/f05858549e5f9d7bb45875a75583240a38a281d0",
|
||||
"reference": "f05858549e5f9d7bb45875a75583240a38a281d0",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -262,7 +262,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/brick/math/issues",
|
||||
"source": "https://github.com/brick/math/tree/0.14.8"
|
||||
"source": "https://github.com/brick/math/tree/0.14.1"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -270,7 +270,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2026-02-10T14:33:43+00:00"
|
||||
"time": "2025-11-24T14:40:29+00:00"
|
||||
},
|
||||
{
|
||||
"name": "carbonphp/carbon-doctrine-types",
|
||||
@@ -919,67 +919,6 @@
|
||||
],
|
||||
"time": "2025-03-06T22:45:56+00:00"
|
||||
},
|
||||
{
|
||||
"name": "ezyang/htmlpurifier",
|
||||
"version": "v4.19.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/ezyang/htmlpurifier.git",
|
||||
"reference": "b287d2a16aceffbf6e0295559b39662612b77fcf"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/b287d2a16aceffbf6e0295559b39662612b77fcf",
|
||||
"reference": "b287d2a16aceffbf6e0295559b39662612b77fcf",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": "~5.6.0 || ~7.0.0 || ~7.1.0 || ~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0 || ~8.5.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"cerdic/css-tidy": "^1.7 || ^2.0",
|
||||
"simpletest/simpletest": "dev-master"
|
||||
},
|
||||
"suggest": {
|
||||
"cerdic/css-tidy": "If you want to use the filter 'Filter.ExtractStyleBlocks'.",
|
||||
"ext-bcmath": "Used for unit conversion and imagecrash protection",
|
||||
"ext-iconv": "Converts text to and from non-UTF-8 encodings",
|
||||
"ext-tidy": "Used for pretty-printing HTML"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
"files": [
|
||||
"library/HTMLPurifier.composer.php"
|
||||
],
|
||||
"psr-0": {
|
||||
"HTMLPurifier": "library/"
|
||||
},
|
||||
"exclude-from-classmap": [
|
||||
"/library/HTMLPurifier/Language/"
|
||||
]
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"LGPL-2.1-or-later"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Edward Z. Yang",
|
||||
"email": "admin@htmlpurifier.org",
|
||||
"homepage": "http://ezyang.com"
|
||||
}
|
||||
],
|
||||
"description": "Standards compliant HTML filter written in PHP",
|
||||
"homepage": "http://htmlpurifier.org/",
|
||||
"keywords": [
|
||||
"html"
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/ezyang/htmlpurifier/issues",
|
||||
"source": "https://github.com/ezyang/htmlpurifier/tree/v4.19.0"
|
||||
},
|
||||
"time": "2025-10-17T16:34:55+00:00"
|
||||
},
|
||||
{
|
||||
"name": "firebase/php-jwt",
|
||||
"version": "v7.0.2",
|
||||
@@ -1733,29 +1672,29 @@
|
||||
},
|
||||
{
|
||||
"name": "knplabs/knp-snappy",
|
||||
"version": "v1.6.0",
|
||||
"version": "v1.5.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/KnpLabs/snappy.git",
|
||||
"reference": "af73003db677563fa982b50c1aec4d1e2b2f30b2"
|
||||
"reference": "3dd138e9e47de91cd2e056c5e6e1a0dd72547ee7"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/KnpLabs/snappy/zipball/af73003db677563fa982b50c1aec4d1e2b2f30b2",
|
||||
"reference": "af73003db677563fa982b50c1aec4d1e2b2f30b2",
|
||||
"url": "https://api.github.com/repos/KnpLabs/snappy/zipball/3dd138e9e47de91cd2e056c5e6e1a0dd72547ee7",
|
||||
"reference": "3dd138e9e47de91cd2e056c5e6e1a0dd72547ee7",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=8.1",
|
||||
"psr/log": "^2.0||^3.0",
|
||||
"symfony/process": "^5.0||^6.0||^7.0||^8.0"
|
||||
"symfony/process": "^5.0||^6.0||^7.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"friendsofphp/php-cs-fixer": "^3.0",
|
||||
"pedrotroller/php-cs-custom-fixer": "^2.19",
|
||||
"phpstan/phpstan": "^1.0.0",
|
||||
"phpstan/phpstan-phpunit": "^1.0.0",
|
||||
"phpunit/phpunit": "^9.6.29"
|
||||
"phpunit/phpunit": "^8.5"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
@@ -1794,22 +1733,22 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/KnpLabs/snappy/issues",
|
||||
"source": "https://github.com/KnpLabs/snappy/tree/v1.6.0"
|
||||
"source": "https://github.com/KnpLabs/snappy/tree/v1.5.1"
|
||||
},
|
||||
"time": "2026-02-13T12:50:40+00:00"
|
||||
"time": "2025-01-06T16:53:26+00:00"
|
||||
},
|
||||
{
|
||||
"name": "laravel/framework",
|
||||
"version": "v12.51.0",
|
||||
"version": "v12.49.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/laravel/framework.git",
|
||||
"reference": "ce4de3feb211e47c4f959d309ccf8a2733b1bc16"
|
||||
"reference": "4bde4530545111d8bdd1de6f545fa8824039fcb5"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/laravel/framework/zipball/ce4de3feb211e47c4f959d309ccf8a2733b1bc16",
|
||||
"reference": "ce4de3feb211e47c4f959d309ccf8a2733b1bc16",
|
||||
"url": "https://api.github.com/repos/laravel/framework/zipball/4bde4530545111d8bdd1de6f545fa8824039fcb5",
|
||||
"reference": "4bde4530545111d8bdd1de6f545fa8824039fcb5",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -2018,34 +1957,34 @@
|
||||
"issues": "https://github.com/laravel/framework/issues",
|
||||
"source": "https://github.com/laravel/framework"
|
||||
},
|
||||
"time": "2026-02-10T18:20:19+00:00"
|
||||
"time": "2026-01-28T03:40:49+00:00"
|
||||
},
|
||||
{
|
||||
"name": "laravel/prompts",
|
||||
"version": "v0.3.13",
|
||||
"version": "v0.3.11",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/laravel/prompts.git",
|
||||
"reference": "ed8c466571b37e977532fb2fd3c272c784d7050d"
|
||||
"reference": "dd2a2ed95acacbcccd32fd98dee4c946ae7a7217"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/laravel/prompts/zipball/ed8c466571b37e977532fb2fd3c272c784d7050d",
|
||||
"reference": "ed8c466571b37e977532fb2fd3c272c784d7050d",
|
||||
"url": "https://api.github.com/repos/laravel/prompts/zipball/dd2a2ed95acacbcccd32fd98dee4c946ae7a7217",
|
||||
"reference": "dd2a2ed95acacbcccd32fd98dee4c946ae7a7217",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"composer-runtime-api": "^2.2",
|
||||
"ext-mbstring": "*",
|
||||
"php": "^8.1",
|
||||
"symfony/console": "^6.2|^7.0|^8.0"
|
||||
"symfony/console": "^6.2|^7.0"
|
||||
},
|
||||
"conflict": {
|
||||
"illuminate/console": ">=10.17.0 <10.25.0",
|
||||
"laravel/framework": ">=10.17.0 <10.25.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"illuminate/collections": "^10.0|^11.0|^12.0|^13.0",
|
||||
"illuminate/collections": "^10.0|^11.0|^12.0",
|
||||
"mockery/mockery": "^1.5",
|
||||
"pestphp/pest": "^2.3|^3.4|^4.0",
|
||||
"phpstan/phpstan": "^1.12.28",
|
||||
@@ -2075,33 +2014,33 @@
|
||||
"description": "Add beautiful and user-friendly forms to your command-line applications.",
|
||||
"support": {
|
||||
"issues": "https://github.com/laravel/prompts/issues",
|
||||
"source": "https://github.com/laravel/prompts/tree/v0.3.13"
|
||||
"source": "https://github.com/laravel/prompts/tree/v0.3.11"
|
||||
},
|
||||
"time": "2026-02-06T12:17:10+00:00"
|
||||
"time": "2026-01-27T02:55:06+00:00"
|
||||
},
|
||||
{
|
||||
"name": "laravel/serializable-closure",
|
||||
"version": "v2.0.9",
|
||||
"version": "v2.0.8",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/laravel/serializable-closure.git",
|
||||
"reference": "8f631589ab07b7b52fead814965f5a800459cb3e"
|
||||
"reference": "7581a4407012f5f53365e11bafc520fd7f36bc9b"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/laravel/serializable-closure/zipball/8f631589ab07b7b52fead814965f5a800459cb3e",
|
||||
"reference": "8f631589ab07b7b52fead814965f5a800459cb3e",
|
||||
"url": "https://api.github.com/repos/laravel/serializable-closure/zipball/7581a4407012f5f53365e11bafc520fd7f36bc9b",
|
||||
"reference": "7581a4407012f5f53365e11bafc520fd7f36bc9b",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": "^8.1"
|
||||
},
|
||||
"require-dev": {
|
||||
"illuminate/support": "^10.0|^11.0|^12.0|^13.0",
|
||||
"illuminate/support": "^10.0|^11.0|^12.0",
|
||||
"nesbot/carbon": "^2.67|^3.0",
|
||||
"pestphp/pest": "^2.36|^3.0|^4.0",
|
||||
"phpstan/phpstan": "^2.0",
|
||||
"symfony/var-dumper": "^6.2.0|^7.0.0|^8.0.0"
|
||||
"symfony/var-dumper": "^6.2.0|^7.0.0"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
@@ -2138,7 +2077,7 @@
|
||||
"issues": "https://github.com/laravel/serializable-closure/issues",
|
||||
"source": "https://github.com/laravel/serializable-closure"
|
||||
},
|
||||
"time": "2026-02-03T06:55:34+00:00"
|
||||
"time": "2026-01-08T16:22:46+00:00"
|
||||
},
|
||||
{
|
||||
"name": "laravel/socialite",
|
||||
@@ -2214,16 +2153,16 @@
|
||||
},
|
||||
{
|
||||
"name": "laravel/tinker",
|
||||
"version": "v2.11.1",
|
||||
"version": "v2.11.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/laravel/tinker.git",
|
||||
"reference": "c9f80cc835649b5c1842898fb043f8cc098dd741"
|
||||
"reference": "3d34b97c9a1747a81a3fde90482c092bd8b66468"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/laravel/tinker/zipball/c9f80cc835649b5c1842898fb043f8cc098dd741",
|
||||
"reference": "c9f80cc835649b5c1842898fb043f8cc098dd741",
|
||||
"url": "https://api.github.com/repos/laravel/tinker/zipball/3d34b97c9a1747a81a3fde90482c092bd8b66468",
|
||||
"reference": "3d34b97c9a1747a81a3fde90482c092bd8b66468",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -2274,9 +2213,9 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/laravel/tinker/issues",
|
||||
"source": "https://github.com/laravel/tinker/tree/v2.11.1"
|
||||
"source": "https://github.com/laravel/tinker/tree/v2.11.0"
|
||||
},
|
||||
"time": "2026-02-06T14:12:35+00:00"
|
||||
"time": "2025-12-19T19:16:45+00:00"
|
||||
},
|
||||
{
|
||||
"name": "league/commonmark",
|
||||
@@ -3465,16 +3404,16 @@
|
||||
},
|
||||
{
|
||||
"name": "nette/schema",
|
||||
"version": "v1.3.4",
|
||||
"version": "v1.3.3",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/nette/schema.git",
|
||||
"reference": "086497a2f34b82fede9b5a41cc8e131d087cd8f7"
|
||||
"reference": "2befc2f42d7c715fd9d95efc31b1081e5d765004"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/nette/schema/zipball/086497a2f34b82fede9b5a41cc8e131d087cd8f7",
|
||||
"reference": "086497a2f34b82fede9b5a41cc8e131d087cd8f7",
|
||||
"url": "https://api.github.com/repos/nette/schema/zipball/2befc2f42d7c715fd9d95efc31b1081e5d765004",
|
||||
"reference": "2befc2f42d7c715fd9d95efc31b1081e5d765004",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -3482,8 +3421,8 @@
|
||||
"php": "8.1 - 8.5"
|
||||
},
|
||||
"require-dev": {
|
||||
"nette/tester": "^2.6",
|
||||
"phpstan/phpstan": "^2.0@stable",
|
||||
"nette/tester": "^2.5.2",
|
||||
"phpstan/phpstan-nette": "^2.0@stable",
|
||||
"tracy/tracy": "^2.8"
|
||||
},
|
||||
"type": "library",
|
||||
@@ -3524,22 +3463,22 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/nette/schema/issues",
|
||||
"source": "https://github.com/nette/schema/tree/v1.3.4"
|
||||
"source": "https://github.com/nette/schema/tree/v1.3.3"
|
||||
},
|
||||
"time": "2026-02-08T02:54:00+00:00"
|
||||
"time": "2025-10-30T22:57:59+00:00"
|
||||
},
|
||||
{
|
||||
"name": "nette/utils",
|
||||
"version": "v4.1.3",
|
||||
"version": "v4.1.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/nette/utils.git",
|
||||
"reference": "bb3ea637e3d131d72acc033cfc2746ee893349fe"
|
||||
"reference": "c99059c0315591f1a0db7ad6002000288ab8dc72"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/nette/utils/zipball/bb3ea637e3d131d72acc033cfc2746ee893349fe",
|
||||
"reference": "bb3ea637e3d131d72acc033cfc2746ee893349fe",
|
||||
"url": "https://api.github.com/repos/nette/utils/zipball/c99059c0315591f1a0db7ad6002000288ab8dc72",
|
||||
"reference": "c99059c0315591f1a0db7ad6002000288ab8dc72",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -3551,10 +3490,8 @@
|
||||
},
|
||||
"require-dev": {
|
||||
"jetbrains/phpstorm-attributes": "^1.2",
|
||||
"nette/phpstan-rules": "^1.0",
|
||||
"nette/tester": "^2.5",
|
||||
"phpstan/extension-installer": "^1.4@stable",
|
||||
"phpstan/phpstan": "^2.1@stable",
|
||||
"phpstan/phpstan-nette": "^2.0@stable",
|
||||
"tracy/tracy": "^2.9"
|
||||
},
|
||||
"suggest": {
|
||||
@@ -3615,9 +3552,9 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/nette/utils/issues",
|
||||
"source": "https://github.com/nette/utils/tree/v4.1.3"
|
||||
"source": "https://github.com/nette/utils/tree/v4.1.1"
|
||||
},
|
||||
"time": "2026-02-13T03:05:33+00:00"
|
||||
"time": "2025-12-22T12:14:32+00:00"
|
||||
},
|
||||
{
|
||||
"name": "nikic/php-parser",
|
||||
@@ -3679,31 +3616,31 @@
|
||||
},
|
||||
{
|
||||
"name": "nunomaduro/termwind",
|
||||
"version": "v2.4.0",
|
||||
"version": "v2.3.3",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/nunomaduro/termwind.git",
|
||||
"reference": "712a31b768f5daea284c2169a7d227031001b9a8"
|
||||
"reference": "6fb2a640ff502caace8e05fd7be3b503a7e1c017"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/nunomaduro/termwind/zipball/712a31b768f5daea284c2169a7d227031001b9a8",
|
||||
"reference": "712a31b768f5daea284c2169a7d227031001b9a8",
|
||||
"url": "https://api.github.com/repos/nunomaduro/termwind/zipball/6fb2a640ff502caace8e05fd7be3b503a7e1c017",
|
||||
"reference": "6fb2a640ff502caace8e05fd7be3b503a7e1c017",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"ext-mbstring": "*",
|
||||
"php": "^8.2",
|
||||
"symfony/console": "^7.4.4 || ^8.0.4"
|
||||
"symfony/console": "^7.3.6"
|
||||
},
|
||||
"require-dev": {
|
||||
"illuminate/console": "^11.47.0",
|
||||
"laravel/pint": "^1.27.1",
|
||||
"illuminate/console": "^11.46.1",
|
||||
"laravel/pint": "^1.25.1",
|
||||
"mockery/mockery": "^1.6.12",
|
||||
"pestphp/pest": "^2.36.0 || ^3.8.4 || ^4.3.2",
|
||||
"pestphp/pest": "^2.36.0 || ^3.8.4 || ^4.1.3",
|
||||
"phpstan/phpstan": "^1.12.32",
|
||||
"phpstan/phpstan-strict-rules": "^1.6.2",
|
||||
"symfony/var-dumper": "^7.3.5 || ^8.0.4",
|
||||
"symfony/var-dumper": "^7.3.5",
|
||||
"thecodingmachine/phpstan-strict-rules": "^1.0.0"
|
||||
},
|
||||
"type": "library",
|
||||
@@ -3735,7 +3672,7 @@
|
||||
"email": "enunomaduro@gmail.com"
|
||||
}
|
||||
],
|
||||
"description": "It's like Tailwind CSS, but for the console.",
|
||||
"description": "Its like Tailwind CSS, but for the console.",
|
||||
"keywords": [
|
||||
"cli",
|
||||
"console",
|
||||
@@ -3746,7 +3683,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/nunomaduro/termwind/issues",
|
||||
"source": "https://github.com/nunomaduro/termwind/tree/v2.4.0"
|
||||
"source": "https://github.com/nunomaduro/termwind/tree/v2.3.3"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -3762,7 +3699,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2026-02-16T23:10:27+00:00"
|
||||
"time": "2025-11-20T02:34:59+00:00"
|
||||
},
|
||||
{
|
||||
"name": "onelogin/php-saml",
|
||||
@@ -4186,16 +4123,16 @@
|
||||
},
|
||||
{
|
||||
"name": "predis/predis",
|
||||
"version": "v3.4.0",
|
||||
"version": "v3.3.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/predis/predis.git",
|
||||
"reference": "1183f5732e6b10efd33f64984a96726eaecb59aa"
|
||||
"reference": "153097374b39a2f737fe700ebcd725642526cdec"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/predis/predis/zipball/1183f5732e6b10efd33f64984a96726eaecb59aa",
|
||||
"reference": "1183f5732e6b10efd33f64984a96726eaecb59aa",
|
||||
"url": "https://api.github.com/repos/predis/predis/zipball/153097374b39a2f737fe700ebcd725642526cdec",
|
||||
"reference": "153097374b39a2f737fe700ebcd725642526cdec",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4237,7 +4174,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/predis/predis/issues",
|
||||
"source": "https://github.com/predis/predis/tree/v3.4.0"
|
||||
"source": "https://github.com/predis/predis/tree/v3.3.0"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4245,7 +4182,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2026-02-11T17:30:28+00:00"
|
||||
"time": "2025-11-24T17:48:50+00:00"
|
||||
},
|
||||
{
|
||||
"name": "psr/clock",
|
||||
@@ -4661,16 +4598,16 @@
|
||||
},
|
||||
{
|
||||
"name": "psy/psysh",
|
||||
"version": "v0.12.20",
|
||||
"version": "v0.12.18",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/bobthecow/psysh.git",
|
||||
"reference": "19678eb6b952a03b8a1d96ecee9edba518bb0373"
|
||||
"reference": "ddff0ac01beddc251786fe70367cd8bbdb258196"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/bobthecow/psysh/zipball/19678eb6b952a03b8a1d96ecee9edba518bb0373",
|
||||
"reference": "19678eb6b952a03b8a1d96ecee9edba518bb0373",
|
||||
"url": "https://api.github.com/repos/bobthecow/psysh/zipball/ddff0ac01beddc251786fe70367cd8bbdb258196",
|
||||
"reference": "ddff0ac01beddc251786fe70367cd8bbdb258196",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4734,9 +4671,9 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/bobthecow/psysh/issues",
|
||||
"source": "https://github.com/bobthecow/psysh/tree/v0.12.20"
|
||||
"source": "https://github.com/bobthecow/psysh/tree/v0.12.18"
|
||||
},
|
||||
"time": "2026-02-11T15:05:28+00:00"
|
||||
"time": "2025-12-17T14:35:46+00:00"
|
||||
},
|
||||
{
|
||||
"name": "ralouphie/getallheaders",
|
||||
@@ -7993,16 +7930,16 @@
|
||||
},
|
||||
{
|
||||
"name": "thecodingmachine/safe",
|
||||
"version": "v3.4.0",
|
||||
"version": "v3.3.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/thecodingmachine/safe.git",
|
||||
"reference": "705683a25bacf0d4860c7dea4d7947bfd09eea19"
|
||||
"reference": "2cdd579eeaa2e78e51c7509b50cc9fb89a956236"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/thecodingmachine/safe/zipball/705683a25bacf0d4860c7dea4d7947bfd09eea19",
|
||||
"reference": "705683a25bacf0d4860c7dea4d7947bfd09eea19",
|
||||
"url": "https://api.github.com/repos/thecodingmachine/safe/zipball/2cdd579eeaa2e78e51c7509b50cc9fb89a956236",
|
||||
"reference": "2cdd579eeaa2e78e51c7509b50cc9fb89a956236",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -8112,7 +8049,7 @@
|
||||
"description": "PHP core functions that throw exceptions instead of returning FALSE on error",
|
||||
"support": {
|
||||
"issues": "https://github.com/thecodingmachine/safe/issues",
|
||||
"source": "https://github.com/thecodingmachine/safe/tree/v3.4.0"
|
||||
"source": "https://github.com/thecodingmachine/safe/tree/v3.3.0"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -8123,16 +8060,12 @@
|
||||
"url": "https://github.com/shish",
|
||||
"type": "github"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/silasjoisten",
|
||||
"type": "github"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/staabm",
|
||||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2026-02-04T18:08:13+00:00"
|
||||
"time": "2025-05-14T06:15:44+00:00"
|
||||
},
|
||||
{
|
||||
"name": "tijsverkoyen/css-to-inline-styles",
|
||||
@@ -8346,66 +8279,6 @@
|
||||
}
|
||||
],
|
||||
"time": "2024-11-21T01:49:47+00:00"
|
||||
},
|
||||
{
|
||||
"name": "xemlock/htmlpurifier-html5",
|
||||
"version": "v0.1.12",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/xemlock/htmlpurifier-html5.git",
|
||||
"reference": "535349cb160bf79752920e1e83c4a94c3e7d2b21"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/xemlock/htmlpurifier-html5/zipball/535349cb160bf79752920e1e83c4a94c3e7d2b21",
|
||||
"reference": "535349cb160bf79752920e1e83c4a94c3e7d2b21",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"ezyang/htmlpurifier": "^4.8",
|
||||
"php": ">=5.3"
|
||||
},
|
||||
"require-dev": {
|
||||
"masterminds/html5": "^2.7",
|
||||
"php-coveralls/php-coveralls": "^1.1|^2.1",
|
||||
"phpunit/phpunit": ">=4.7 <10.0"
|
||||
},
|
||||
"suggest": {
|
||||
"masterminds/html5": "Required to use HTMLPurifier_Lexer_HTML5"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
"classmap": [
|
||||
"library/HTMLPurifier/"
|
||||
]
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "xemlock",
|
||||
"email": "xemlock@gmail.com"
|
||||
}
|
||||
],
|
||||
"description": "HTML5 support for HTML Purifier",
|
||||
"homepage": "https://github.com/xemlock/htmlpurifier-html5",
|
||||
"keywords": [
|
||||
"HTML5",
|
||||
"Purifier",
|
||||
"html",
|
||||
"htmlpurifier",
|
||||
"security",
|
||||
"tidy",
|
||||
"validator",
|
||||
"xss"
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/xemlock/htmlpurifier-html5/issues",
|
||||
"source": "https://github.com/xemlock/htmlpurifier-html5/tree/v0.1.12"
|
||||
},
|
||||
"time": "2026-02-09T21:03:14+00:00"
|
||||
}
|
||||
],
|
||||
"packages-dev": [
|
||||
@@ -8596,16 +8469,16 @@
|
||||
},
|
||||
{
|
||||
"name": "iamcal/sql-parser",
|
||||
"version": "v0.7",
|
||||
"version": "v0.6",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/iamcal/SQLParser.git",
|
||||
"reference": "610392f38de49a44dab08dc1659960a29874c4b8"
|
||||
"reference": "947083e2dca211a6f12fb1beb67a01e387de9b62"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/iamcal/SQLParser/zipball/610392f38de49a44dab08dc1659960a29874c4b8",
|
||||
"reference": "610392f38de49a44dab08dc1659960a29874c4b8",
|
||||
"url": "https://api.github.com/repos/iamcal/SQLParser/zipball/947083e2dca211a6f12fb1beb67a01e387de9b62",
|
||||
"reference": "947083e2dca211a6f12fb1beb67a01e387de9b62",
|
||||
"shasum": ""
|
||||
},
|
||||
"require-dev": {
|
||||
@@ -8631,9 +8504,9 @@
|
||||
"description": "MySQL schema parser",
|
||||
"support": {
|
||||
"issues": "https://github.com/iamcal/SQLParser/issues",
|
||||
"source": "https://github.com/iamcal/SQLParser/tree/v0.7"
|
||||
"source": "https://github.com/iamcal/SQLParser/tree/v0.6"
|
||||
},
|
||||
"time": "2026-01-28T22:20:33+00:00"
|
||||
"time": "2025-03-17T16:59:46+00:00"
|
||||
},
|
||||
{
|
||||
"name": "itsgoingd/clockwork",
|
||||
@@ -8713,21 +8586,21 @@
|
||||
},
|
||||
{
|
||||
"name": "larastan/larastan",
|
||||
"version": "v3.9.2",
|
||||
"version": "v3.9.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/larastan/larastan.git",
|
||||
"reference": "2e9ed291bdc1969e7f270fb33c9cdf3c912daeb2"
|
||||
"reference": "4b92d9627f779fd32bdc16f53f8ce88c50446ff5"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/larastan/larastan/zipball/2e9ed291bdc1969e7f270fb33c9cdf3c912daeb2",
|
||||
"reference": "2e9ed291bdc1969e7f270fb33c9cdf3c912daeb2",
|
||||
"url": "https://api.github.com/repos/larastan/larastan/zipball/4b92d9627f779fd32bdc16f53f8ce88c50446ff5",
|
||||
"reference": "4b92d9627f779fd32bdc16f53f8ce88c50446ff5",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"ext-json": "*",
|
||||
"iamcal/sql-parser": "^0.7.0",
|
||||
"iamcal/sql-parser": "^0.6.0",
|
||||
"illuminate/console": "^11.44.2 || ^12.4.1",
|
||||
"illuminate/container": "^11.44.2 || ^12.4.1",
|
||||
"illuminate/contracts": "^11.44.2 || ^12.4.1",
|
||||
@@ -8791,7 +8664,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/larastan/larastan/issues",
|
||||
"source": "https://github.com/larastan/larastan/tree/v3.9.2"
|
||||
"source": "https://github.com/larastan/larastan/tree/v3.9.1"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -8799,7 +8672,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2026-01-30T15:16:32+00:00"
|
||||
"time": "2026-01-21T09:15:17+00:00"
|
||||
},
|
||||
{
|
||||
"name": "mockery/mockery",
|
||||
@@ -8946,36 +8819,39 @@
|
||||
},
|
||||
{
|
||||
"name": "nunomaduro/collision",
|
||||
"version": "v8.9.0",
|
||||
"version": "v8.8.3",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/nunomaduro/collision.git",
|
||||
"reference": "f52cab234f37641bd759c0ad56de17f632851419"
|
||||
"reference": "1dc9e88d105699d0fee8bb18890f41b274f6b4c4"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/nunomaduro/collision/zipball/f52cab234f37641bd759c0ad56de17f632851419",
|
||||
"reference": "f52cab234f37641bd759c0ad56de17f632851419",
|
||||
"url": "https://api.github.com/repos/nunomaduro/collision/zipball/1dc9e88d105699d0fee8bb18890f41b274f6b4c4",
|
||||
"reference": "1dc9e88d105699d0fee8bb18890f41b274f6b4c4",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"filp/whoops": "^2.18.4",
|
||||
"nunomaduro/termwind": "^2.3.3",
|
||||
"filp/whoops": "^2.18.1",
|
||||
"nunomaduro/termwind": "^2.3.1",
|
||||
"php": "^8.2.0",
|
||||
"symfony/console": "^7.4.4 || ^8.0.4"
|
||||
"symfony/console": "^7.3.0"
|
||||
},
|
||||
"conflict": {
|
||||
"laravel/framework": "<11.48.0 || >=14.0.0",
|
||||
"phpunit/phpunit": "<11.5.50 || >=13.0.0"
|
||||
"laravel/framework": "<11.44.2 || >=13.0.0",
|
||||
"phpunit/phpunit": "<11.5.15 || >=13.0.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"brianium/paratest": "^7.8.5",
|
||||
"larastan/larastan": "^3.9.2",
|
||||
"laravel/framework": "^11.48.0 || ^12.51.0",
|
||||
"laravel/pint": "^1.27.1",
|
||||
"orchestra/testbench-core": "^9.12.0 || ^10.9.0",
|
||||
"pestphp/pest": "^3.8.5 || ^4.3.2",
|
||||
"sebastian/environment": "^7.2.1 || ^8.0.3"
|
||||
"brianium/paratest": "^7.8.3",
|
||||
"larastan/larastan": "^3.4.2",
|
||||
"laravel/framework": "^11.44.2 || ^12.18",
|
||||
"laravel/pint": "^1.22.1",
|
||||
"laravel/sail": "^1.43.1",
|
||||
"laravel/sanctum": "^4.1.1",
|
||||
"laravel/tinker": "^2.10.1",
|
||||
"orchestra/testbench-core": "^9.12.0 || ^10.4",
|
||||
"pestphp/pest": "^3.8.2 || ^4.0.0",
|
||||
"sebastian/environment": "^7.2.1 || ^8.0"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
@@ -9038,7 +8914,7 @@
|
||||
"type": "patreon"
|
||||
}
|
||||
],
|
||||
"time": "2026-02-16T23:05:52+00:00"
|
||||
"time": "2025-11-20T02:55:25+00:00"
|
||||
},
|
||||
{
|
||||
"name": "phar-io/manifest",
|
||||
@@ -9160,11 +9036,11 @@
|
||||
},
|
||||
{
|
||||
"name": "phpstan/phpstan",
|
||||
"version": "2.1.39",
|
||||
"version": "2.1.37",
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/c6f73a2af4cbcd99c931d0fb8f08548cc0fa8224",
|
||||
"reference": "c6f73a2af4cbcd99c931d0fb8f08548cc0fa8224",
|
||||
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/28cd424c5ea984128c95cfa7ea658808e8954e49",
|
||||
"reference": "28cd424c5ea984128c95cfa7ea658808e8954e49",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -9209,7 +9085,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2026-02-11T14:48:56+00:00"
|
||||
"time": "2026-01-24T08:21:55+00:00"
|
||||
},
|
||||
{
|
||||
"name": "phpunit/php-code-coverage",
|
||||
@@ -9303,28 +9179,28 @@
|
||||
},
|
||||
{
|
||||
"name": "phpunit/php-file-iterator",
|
||||
"version": "5.1.1",
|
||||
"version": "5.1.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/sebastianbergmann/php-file-iterator.git",
|
||||
"reference": "2f3a64888c814fc235386b7387dd5b5ed92ad903"
|
||||
"reference": "118cfaaa8bc5aef3287bf315b6060b1174754af6"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/2f3a64888c814fc235386b7387dd5b5ed92ad903",
|
||||
"reference": "2f3a64888c814fc235386b7387dd5b5ed92ad903",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/118cfaaa8bc5aef3287bf315b6060b1174754af6",
|
||||
"reference": "118cfaaa8bc5aef3287bf315b6060b1174754af6",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=8.2"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "^11.3"
|
||||
"phpunit/phpunit": "^11.0"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
"dev-main": "5.1-dev"
|
||||
"dev-main": "5.0-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
@@ -9352,27 +9228,15 @@
|
||||
"support": {
|
||||
"issues": "https://github.com/sebastianbergmann/php-file-iterator/issues",
|
||||
"security": "https://github.com/sebastianbergmann/php-file-iterator/security/policy",
|
||||
"source": "https://github.com/sebastianbergmann/php-file-iterator/tree/5.1.1"
|
||||
"source": "https://github.com/sebastianbergmann/php-file-iterator/tree/5.1.0"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
"url": "https://github.com/sebastianbergmann",
|
||||
"type": "github"
|
||||
},
|
||||
{
|
||||
"url": "https://liberapay.com/sebastianbergmann",
|
||||
"type": "liberapay"
|
||||
},
|
||||
{
|
||||
"url": "https://thanks.dev/u/gh/sebastianbergmann",
|
||||
"type": "thanks_dev"
|
||||
},
|
||||
{
|
||||
"url": "https://tidelift.com/funding/github/packagist/phpunit/php-file-iterator",
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-02-02T13:52:54+00:00"
|
||||
"time": "2024-08-27T05:02:59+00:00"
|
||||
},
|
||||
{
|
||||
"name": "phpunit/php-invoker",
|
||||
@@ -9560,16 +9424,16 @@
|
||||
},
|
||||
{
|
||||
"name": "phpunit/phpunit",
|
||||
"version": "11.5.53",
|
||||
"version": "11.5.50",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/sebastianbergmann/phpunit.git",
|
||||
"reference": "a997a653a82845f1240d73ee73a8a4e97e4b0607"
|
||||
"reference": "fdfc727f0fcacfeb8fcb30c7e5da173125b58be3"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/a997a653a82845f1240d73ee73a8a4e97e4b0607",
|
||||
"reference": "a997a653a82845f1240d73ee73a8a4e97e4b0607",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/fdfc727f0fcacfeb8fcb30c7e5da173125b58be3",
|
||||
"reference": "fdfc727f0fcacfeb8fcb30c7e5da173125b58be3",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -9584,7 +9448,7 @@
|
||||
"phar-io/version": "^3.2.1",
|
||||
"php": ">=8.2",
|
||||
"phpunit/php-code-coverage": "^11.0.12",
|
||||
"phpunit/php-file-iterator": "^5.1.1",
|
||||
"phpunit/php-file-iterator": "^5.1.0",
|
||||
"phpunit/php-invoker": "^5.0.1",
|
||||
"phpunit/php-text-template": "^4.0.1",
|
||||
"phpunit/php-timer": "^7.0.1",
|
||||
@@ -9596,7 +9460,6 @@
|
||||
"sebastian/exporter": "^6.3.2",
|
||||
"sebastian/global-state": "^7.0.2",
|
||||
"sebastian/object-enumerator": "^6.0.1",
|
||||
"sebastian/recursion-context": "^6.0.3",
|
||||
"sebastian/type": "^5.1.3",
|
||||
"sebastian/version": "^5.0.2",
|
||||
"staabm/side-effects-detector": "^1.0.5"
|
||||
@@ -9642,7 +9505,7 @@
|
||||
"support": {
|
||||
"issues": "https://github.com/sebastianbergmann/phpunit/issues",
|
||||
"security": "https://github.com/sebastianbergmann/phpunit/security/policy",
|
||||
"source": "https://github.com/sebastianbergmann/phpunit/tree/11.5.53"
|
||||
"source": "https://github.com/sebastianbergmann/phpunit/tree/11.5.50"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -9666,7 +9529,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-02-10T12:28:25+00:00"
|
||||
"time": "2026-01-27T05:59:18+00:00"
|
||||
},
|
||||
{
|
||||
"name": "sebastian/cli-parser",
|
||||
|
||||
@@ -1 +1 @@
|
||||
5732efe93a37a665ec9e526d713293b438e610dcf0c6e950fa7317907e480252
|
||||
22e02ee72d21ff719c1073abbec8302f8e2096ba6d072e133051064ed24b45b1
|
||||
|
||||
@@ -98,13 +98,6 @@ Copyright: Copyright (c) 2013-2023 Eduardo Gulias Davis
|
||||
Source: https://github.com/egulias/EmailValidator.git
|
||||
Link: https://github.com/egulias/EmailValidator
|
||||
-----------
|
||||
ezyang/htmlpurifier
|
||||
License: LGPL-2.1-or-later
|
||||
License File: vendor/ezyang/htmlpurifier/LICENSE
|
||||
Copyright: Copyright (C) 1991, 1999 Free Software Foundation, Inc.
|
||||
Source: https://github.com/ezyang/htmlpurifier.git
|
||||
Link: http://htmlpurifier.org/
|
||||
-----------
|
||||
firebase/php-jwt
|
||||
License: BSD-3-Clause
|
||||
License File: vendor/firebase/php-jwt/LICENSE
|
||||
@@ -472,7 +465,7 @@ Link: https://github.com/php-fig/simple-cache.git
|
||||
psy/psysh
|
||||
License: MIT
|
||||
License File: vendor/psy/psysh/LICENSE
|
||||
Copyright: Copyright (c) 2012-2026 Justin Hileman
|
||||
Copyright: Copyright (c) 2012-2025 Justin Hileman
|
||||
Source: https://github.com/bobthecow/psysh.git
|
||||
Link: https://psysh.org
|
||||
-----------
|
||||
@@ -794,10 +787,3 @@ License File: vendor/voku/portable-ascii/LICENSE.txt
|
||||
Copyright: Copyright (C) 2019 Lars Moelleken
|
||||
Source: https://github.com/voku/portable-ascii.git
|
||||
Link: https://github.com/voku/portable-ascii
|
||||
-----------
|
||||
xemlock/htmlpurifier-html5
|
||||
License: MIT
|
||||
License File: vendor/xemlock/htmlpurifier-html5/LICENSE
|
||||
Copyright: Copyright (c) 2015 Xemlock
|
||||
Source: https://github.com/xemlock/htmlpurifier-html5.git
|
||||
Link: https://github.com/xemlock/htmlpurifier-html5
|
||||
|
||||
@@ -125,7 +125,7 @@ return [
|
||||
'api_incorrect_token_secret' => 'Poskytnutý Token Secret neodpovídá použitému API tokenu',
|
||||
'api_user_no_api_permission' => 'Vlastník použitého API tokenu nemá oprávnění provádět API volání',
|
||||
'api_user_token_expired' => 'Platnost autorizačního tokenu vypršela',
|
||||
'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
|
||||
'api_cookie_auth_only_get' => 'Při používání API s ověřováním pomocí souborů cookie jsou povoleny pouze požadavky GET',
|
||||
|
||||
// Settings & Maintenance
|
||||
'maintenance_test_email_failure' => 'Při posílání testovacího e-mailu nastala chyba:',
|
||||
|
||||
@@ -125,7 +125,7 @@ return [
|
||||
'api_incorrect_token_secret' => 'El secreto proporcionado para el token API usado es incorrecto',
|
||||
'api_user_no_api_permission' => 'El propietario del token API usado no tiene permiso para hacer llamadas API',
|
||||
'api_user_token_expired' => 'El token de autorización usado ha caducado',
|
||||
'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
|
||||
'api_cookie_auth_only_get' => 'Sólo se permiten peticiones GET cuando se utiliza el API con autenticación basada en cookies',
|
||||
|
||||
// Settings & Maintenance
|
||||
'maintenance_test_email_failure' => 'Error al enviar un email de prueba:',
|
||||
|
||||
@@ -125,7 +125,7 @@ return [
|
||||
'api_incorrect_token_secret' => 'API tunnusele lisatud salajane võti ei ole korrektne',
|
||||
'api_user_no_api_permission' => 'Selle API tunnuse omanikul ei ole õigust API päringuid teha',
|
||||
'api_user_token_expired' => 'Volitustunnus on aegunud',
|
||||
'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
|
||||
'api_cookie_auth_only_get' => 'Küpsistega autentimisel on API kasutamisel lubatud ainult GET päringud',
|
||||
|
||||
// Settings & Maintenance
|
||||
'maintenance_test_email_failure' => 'Test e-kirja saatmisel tekkis viga:',
|
||||
|
||||
@@ -13,7 +13,7 @@ return [
|
||||
'auth_pre_register_theme_prevention' => 'Le compte utilisateur n\'a pas pu être enregistré avec les informations fournies',
|
||||
'email_already_confirmed' => 'Cet e-mail a déjà été validé, vous pouvez vous connecter.',
|
||||
'email_confirmation_invalid' => 'Cette confirmation est invalide. Veuillez essayer de vous inscrire à nouveau.',
|
||||
'email_confirmation_expired' => 'Le jeton de confirmation est périmé. Un nouvel e-mail vous a été envoyé.',
|
||||
'email_confirmation_expired' => 'Le jeton de confirmation a expiré. Un nouvel e-mail vous a été envoyé.',
|
||||
'email_confirmation_awaiting' => 'L\'adresse e-mail du compte utilisé doit être confirmée',
|
||||
'ldap_fail_anonymous' => 'L\'accès LDAP anonyme n\'a pas abouti',
|
||||
'ldap_fail_authed' => 'L\'accès LDAP n\'a pas abouti avec cet utilisateur et ce mot de passe',
|
||||
@@ -125,7 +125,7 @@ return [
|
||||
'api_incorrect_token_secret' => 'Le secret fourni pour le jeton d\'API utilisé est incorrect',
|
||||
'api_user_no_api_permission' => 'Le propriétaire du jeton API utilisé n\'a pas la permission de passer des requêtes API',
|
||||
'api_user_token_expired' => 'Le jeton d\'autorisation utilisé a expiré',
|
||||
'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
|
||||
'api_cookie_auth_only_get' => 'Seules les requêtes GET sont autorisées lors de l’utilisation de l’API avec une authentification basée sur les cookies',
|
||||
|
||||
// Settings & Maintenance
|
||||
'maintenance_test_email_failure' => 'Erreur émise lors de l\'envoi d\'un e-mail de test :',
|
||||
|
||||
@@ -125,7 +125,7 @@ return [
|
||||
'api_incorrect_token_secret' => '利用されたAPIトークンに対して提供されたシークレットが正しくありません',
|
||||
'api_user_no_api_permission' => '使用されているAPIトークンの所有者には、API呼び出しを行う権限がありません',
|
||||
'api_user_token_expired' => '認証トークンが期限切れです。',
|
||||
'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
|
||||
'api_cookie_auth_only_get' => 'Cookie ベースの認証で API を使用する場合、GET リクエストのみが許可されます',
|
||||
|
||||
// Settings & Maintenance
|
||||
'maintenance_test_email_failure' => 'テストメール送信時にエラーが発生しました:',
|
||||
|
||||
@@ -110,7 +110,7 @@ return [
|
||||
'import_zip_cant_read' => 'Não foi possível ler o arquivo ZIP.',
|
||||
'import_zip_cant_decode_data' => 'Não foi possível encontrar e decodificar o conteúdo ZIP data.json.',
|
||||
'import_zip_no_data' => 'Os dados do arquivo ZIP não têm o conteúdo esperado livro, capítulo ou página.',
|
||||
'import_zip_data_too_large' => 'ZIP data.json content exceeds the configured application maximum upload size.',
|
||||
'import_zip_data_too_large' => 'O conteúdo ZIP data.json excede o tamanho máximo de upload configurado para a aplicação.',
|
||||
'import_validation_failed' => 'Falhou na validação da importação do ZIP com erros:',
|
||||
'import_zip_failed_notification' => 'Falhou ao importar arquivo ZIP.',
|
||||
'import_perms_books' => 'Você não tem as permissões necessárias para criar livros.',
|
||||
@@ -126,7 +126,7 @@ return [
|
||||
'api_incorrect_token_secret' => 'O segredo fornecido para o código de API usado está incorreto',
|
||||
'api_user_no_api_permission' => 'O proprietário do código de API utilizado não tem permissão para fazer requisições de API',
|
||||
'api_user_token_expired' => 'O código de autenticação expirou',
|
||||
'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
|
||||
'api_cookie_auth_only_get' => 'Somente solicitações GET são permitidas ao usar a API com autenticação baseada em cookies',
|
||||
|
||||
// Settings & Maintenance
|
||||
'maintenance_test_email_failure' => 'Erro encontrado ao enviar uma mensagem eletrônica de teste:',
|
||||
|
||||
@@ -11,8 +11,8 @@ return [
|
||||
'updated_page_subject' => 'Página atualizada: :pageName',
|
||||
'updated_page_intro' => 'Uma página foi atualizada em :appName:',
|
||||
'updated_page_debounce' => 'Para prevenir notificações em massa, por enquanto notificações não serão enviadas para você para próximas edições nessa página pelo mesmo editor.',
|
||||
'comment_mention_subject' => 'You have been mentioned in a comment on page: :pageName',
|
||||
'comment_mention_intro' => 'You were mentioned in a comment on :appName:',
|
||||
'comment_mention_subject' => 'Você foi mencionado em um comentário na página: :pageName',
|
||||
'comment_mention_intro' => 'Você foi mencionado em um comentário sobre :appName:',
|
||||
|
||||
'detail_page_name' => 'Nome da Página:',
|
||||
'detail_page_path' => 'Caminho da Página:',
|
||||
|
||||
@@ -23,7 +23,7 @@ return [
|
||||
'notifications_desc' => 'Controle as notificações por e-mail que você recebe quando uma determinada atividade é executada no sistema.',
|
||||
'notifications_opt_own_page_changes' => 'Notificar quando houver alterações em páginas que eu possuo',
|
||||
'notifications_opt_own_page_comments' => 'Notificar comentários nas páginas que eu possuo',
|
||||
'notifications_opt_comment_mentions' => 'Notify when I\'m mentioned in a comment',
|
||||
'notifications_opt_comment_mentions' => 'Notificar quando eu for mencionado em um comentário',
|
||||
'notifications_opt_comment_replies' => 'Notificar ao responder aos meus comentários',
|
||||
'notifications_save' => 'Salvar Preferências',
|
||||
'notifications_update_success' => 'Preferências de notificação foram atualizadas!',
|
||||
|
||||
@@ -197,13 +197,13 @@ return [
|
||||
'role_import_content' => 'Importar conteúdo',
|
||||
'role_editor_change' => 'Alterar página de edição',
|
||||
'role_notifications' => 'Receber e gerenciar notificações',
|
||||
'role_permission_note_users_and_roles' => 'These permissions will technically also provide visibility & searching of users & roles in the system.',
|
||||
'role_permission_note_users_and_roles' => 'Essas permissões tecnicamente também fornecerão visibilidade e busca de usuários e perfis no sistema.',
|
||||
'role_asset' => 'Permissões de Ativos',
|
||||
'roles_system_warning' => 'Esteja ciente de que o acesso a qualquer uma das três permissões acima pode permitir que um usuário altere seus próprios privilégios ou privilégios de outros usuários no sistema. Apenas atribua perfis com essas permissões para usuários confiáveis.',
|
||||
'role_asset_desc' => 'Essas permissões controlam o acesso padrão para os ativos dentro do sistema. Permissões em Livros, Capítulos e Páginas serão sobrescritas por essas permissões.',
|
||||
'role_asset_admins' => 'Administradores recebem automaticamente acesso a todo o conteúdo, mas essas opções podem mostrar ou ocultar as opções da Interface de Usuário.',
|
||||
'role_asset_image_view_note' => 'Isso está relacionado à visibilidade no gerenciador de imagens. O acesso real dos arquivos de imagem carregados dependerá da opção de armazenamento de imagem do sistema.',
|
||||
'role_asset_users_note' => 'These permissions will technically also provide visibility & searching of users in the system.',
|
||||
'role_asset_users_note' => 'Essas permissões tecnicamente também fornecerão visibilidade e busca de usuários do sistema.',
|
||||
'role_all' => 'Todos',
|
||||
'role_own' => 'Próprio',
|
||||
'role_controlled_by_asset' => 'Controlado pelos ativos nos quais o upload foi realizado',
|
||||
|
||||
@@ -106,7 +106,7 @@ return [
|
||||
'uploaded' => 'O arquivo não pôde ser carregado. O servidor pode não aceitar arquivos deste tamanho.',
|
||||
|
||||
'zip_file' => 'O :attribute precisa fazer referência a um arquivo do ZIP.',
|
||||
'zip_file_size' => 'The file :attribute must not exceed :size MB.',
|
||||
'zip_file_size' => 'O arquivo :attribute não deve exceder :size MB.',
|
||||
'zip_file_mime' => 'O :attribute precisa fazer referência a um arquivo do tipo :validTypes, encontrado :foundType.',
|
||||
'zip_model_expected' => 'Objeto de dados esperado, mas ":type" encontrado.',
|
||||
'zip_unique' => 'O :attribute deve ser único para o tipo de objeto dentro do ZIP.',
|
||||
|
||||
@@ -39,21 +39,21 @@ return [
|
||||
'export_pdf' => 'PDF файл',
|
||||
'export_text' => 'Текстовый файл',
|
||||
'export_md' => 'Файл Markdown',
|
||||
'export_zip' => 'Portable ZIP',
|
||||
'export_zip' => 'Портативный ZIP',
|
||||
'default_template' => 'Шаблон страницы по умолчанию',
|
||||
'default_template_explain' => 'Назначить шаблон страницы, который будет использоваться в качестве содержимого по умолчанию для всех страниц, созданных в этом элементе. Имейте в виду, что это будет работать, только если создатель страницы имеет доступ к выбранной странице шаблона.',
|
||||
'default_template_select' => 'Выберите страницу шаблона',
|
||||
'import' => 'Импорт',
|
||||
'import_validate' => 'Validate Import',
|
||||
'import_validate' => 'Проверка импорта',
|
||||
'import_desc' => 'Импортировать книги, главы и страницы с помощью ZIP-файла, экспортированного из этого или другого источника. Выберите ZIP-файл, чтобы продолжить. После загрузки и проверки файла вы сможете настроить и подтвердить импорт в следующем окне.',
|
||||
'import_zip_select' => 'Select ZIP file to upload',
|
||||
'import_zip_validation_errors' => 'Errors were detected while validating the provided ZIP file:',
|
||||
'import_pending' => 'Pending Imports',
|
||||
'import_pending_none' => 'No imports have been started.',
|
||||
'import_continue' => 'Continue Import',
|
||||
'import_zip_select' => 'Выберите ZIP файл для загрузки',
|
||||
'import_zip_validation_errors' => 'Были обнаружены ошибки при проверке предоставленного ZIP файла:',
|
||||
'import_pending' => 'Ожидается импорт',
|
||||
'import_pending_none' => 'Импорт не был запущен.',
|
||||
'import_continue' => 'Продолжить импорт',
|
||||
'import_continue_desc' => 'Review the content due to be imported from the uploaded ZIP file. When ready, run the import to add its contents to this system. The uploaded ZIP import file will be automatically removed on successful import.',
|
||||
'import_details' => 'Import Details',
|
||||
'import_run' => 'Run Import',
|
||||
'import_run' => 'Запустить импорт',
|
||||
'import_size' => ':size Import ZIP Size',
|
||||
'import_uploaded_at' => 'Uploaded :relativeTime',
|
||||
'import_uploaded_by' => 'Uploaded by',
|
||||
@@ -61,7 +61,7 @@ return [
|
||||
'import_location_desc' => 'Select a target location for your imported content. You\'ll need the relevant permissions to create within the location you choose.',
|
||||
'import_delete_confirm' => 'Are you sure you want to delete this import?',
|
||||
'import_delete_desc' => 'This will delete the uploaded import ZIP file, and cannot be undone.',
|
||||
'import_errors' => 'Import Errors',
|
||||
'import_errors' => 'Ошибки импорта',
|
||||
'import_errors_desc' => 'The follow errors occurred during the import attempt:',
|
||||
'breadcrumb_siblings_for_page' => 'Navigate siblings for page',
|
||||
'breadcrumb_siblings_for_chapter' => 'Navigate siblings for chapter',
|
||||
@@ -252,7 +252,7 @@ return [
|
||||
'pages_edit_switch_to_markdown_stable' => 'Полное сохранение форматирования (HTML)',
|
||||
'pages_edit_switch_to_wysiwyg' => 'Переключиться в WYSIWYG',
|
||||
'pages_edit_switch_to_new_wysiwyg' => 'Switch to new WYSIWYG',
|
||||
'pages_edit_switch_to_new_wysiwyg_desc' => '(In Beta Testing)',
|
||||
'pages_edit_switch_to_new_wysiwyg_desc' => '(В бета-тестировании)',
|
||||
'pages_edit_set_changelog' => 'Задать список изменений',
|
||||
'pages_edit_enter_changelog_desc' => 'Введите краткое описание внесенных изменений',
|
||||
'pages_edit_enter_changelog' => 'Введите список изменений',
|
||||
@@ -397,11 +397,11 @@ return [
|
||||
'comment' => 'Комментарий',
|
||||
'comments' => 'Комментарии',
|
||||
'comment_add' => 'Комментировать',
|
||||
'comment_none' => 'No comments to display',
|
||||
'comment_none' => 'Нет комментариев для отображения',
|
||||
'comment_placeholder' => 'Оставить комментарий здесь',
|
||||
'comment_thread_count' => ':count Comment Thread|:count Comment Threads',
|
||||
'comment_archived_count' => ':count Archived',
|
||||
'comment_archived_threads' => 'Archived Threads',
|
||||
'comment_archived_count' => ':count архивировано',
|
||||
'comment_archived_threads' => 'Архивированные темы',
|
||||
'comment_save' => 'Сохранить комментарий',
|
||||
'comment_new' => 'Новый комментарий',
|
||||
'comment_created' => 'прокомментировал :createDiff',
|
||||
@@ -410,14 +410,14 @@ return [
|
||||
'comment_deleted_success' => 'Комментарий удален',
|
||||
'comment_created_success' => 'Комментарий добавлен',
|
||||
'comment_updated_success' => 'Комментарий обновлен',
|
||||
'comment_archive_success' => 'Comment archived',
|
||||
'comment_unarchive_success' => 'Comment un-archived',
|
||||
'comment_view' => 'View comment',
|
||||
'comment_jump_to_thread' => 'Jump to thread',
|
||||
'comment_archive_success' => 'Комментарий заархивирован',
|
||||
'comment_unarchive_success' => 'Комментарий разархивирован',
|
||||
'comment_view' => 'Просмотреть комментарий',
|
||||
'comment_jump_to_thread' => 'Перейти к теме',
|
||||
'comment_delete_confirm' => 'Удалить этот комментарий?',
|
||||
'comment_in_reply_to' => 'В ответ на :commentId',
|
||||
'comment_reference' => 'Reference',
|
||||
'comment_reference_outdated' => '(Outdated)',
|
||||
'comment_reference' => 'Ссылка',
|
||||
'comment_reference_outdated' => '(Устаревшее)',
|
||||
'comment_editor_explain' => 'Вот комментарии, которые были оставлены на этой странице. Комментарии могут быть добавлены и управляться при просмотре сохраненной страницы.',
|
||||
|
||||
// Revision
|
||||
|
||||
@@ -11,7 +11,7 @@ return [
|
||||
'updated_page_subject' => 'Обновлена страница: :pageName',
|
||||
'updated_page_intro' => 'Страница была обновлена в :appName:',
|
||||
'updated_page_debounce' => 'Чтобы предотвратить массовые уведомления, в течение некоторого времени вы не будете получать уведомления о дальнейших правках этой страницы этим же редактором.',
|
||||
'comment_mention_subject' => 'You have been mentioned in a comment on page: :pageName',
|
||||
'comment_mention_subject' => 'Вы были упомянуты в комментарии на странице: :pageName',
|
||||
'comment_mention_intro' => 'You were mentioned in a comment on :appName:',
|
||||
|
||||
'detail_page_name' => 'Имя страницы:',
|
||||
|
||||
@@ -75,7 +75,7 @@ return [
|
||||
'reg_confirm_restrict_domain_placeholder' => 'Без ограничений',
|
||||
|
||||
// Sorting Settings
|
||||
'sorting' => 'Lists & Sorting',
|
||||
'sorting' => 'Списки и сортировка',
|
||||
'sorting_book_default' => 'Default Book Sort Rule',
|
||||
'sorting_book_default_desc' => 'Выберите правило сортировки по умолчанию для новых книг. Это не повлияет на существующие книги, и может быть изменено для каждой книги отдельно.',
|
||||
'sorting_rules' => 'Правила сортировки',
|
||||
@@ -101,7 +101,7 @@ return [
|
||||
'sort_rule_op_name_numeric' => 'По нумерации',
|
||||
'sort_rule_op_created_date' => 'Created Date',
|
||||
'sort_rule_op_updated_date' => 'Updated Date',
|
||||
'sort_rule_op_chapters_first' => 'Chapters First',
|
||||
'sort_rule_op_chapters_first' => 'Главы в начале',
|
||||
'sort_rule_op_chapters_last' => 'Главы в конце',
|
||||
'sorting_page_limits' => 'Per-Page Display Limits',
|
||||
'sorting_page_limits_desc' => 'Set how many items to show per-page in various lists within the system. Typically a lower amount will be more performant, while a higher amount avoids the need to click through multiple pages. Using an even multiple of 3 (18, 24, 30, etc...) is recommended.',
|
||||
|
||||
@@ -397,7 +397,7 @@ return [
|
||||
'comment' => 'Kommentar',
|
||||
'comments' => 'Kommentarer',
|
||||
'comment_add' => 'Lägg till kommentar',
|
||||
'comment_none' => 'No comments to display',
|
||||
'comment_none' => 'Inga kommentarer att visa',
|
||||
'comment_placeholder' => 'Lämna en kommentar här',
|
||||
'comment_thread_count' => ':count Comment Thread|:count Comment Threads',
|
||||
'comment_archived_count' => ':count Archived',
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
*/
|
||||
|
||||
return [
|
||||
'my_account' => 'My Account',
|
||||
'my_account' => 'Mitt Konto',
|
||||
|
||||
'shortcuts' => 'Genvägar',
|
||||
'shortcuts_interface' => 'UI Shortcut Preferences',
|
||||
|
||||
@@ -48,7 +48,7 @@ return [
|
||||
'superscript' => '上标',
|
||||
'subscript' => '下标',
|
||||
'text_color' => '文本颜色',
|
||||
'highlight_color' => 'Highlight color',
|
||||
'highlight_color' => '高亮颜色',
|
||||
'custom_color' => '自定义颜色',
|
||||
'remove_color' => '移除颜色',
|
||||
'background_color' => '背景色',
|
||||
|
||||
@@ -63,10 +63,10 @@ return [
|
||||
'import_delete_desc' => '这将删除上传的ZIP文件,不能撤消。',
|
||||
'import_errors' => '导入错误',
|
||||
'import_errors_desc' => '在尝试导入过程中出现了以下错误:',
|
||||
'breadcrumb_siblings_for_page' => 'Navigate siblings for page',
|
||||
'breadcrumb_siblings_for_chapter' => 'Navigate siblings for chapter',
|
||||
'breadcrumb_siblings_for_book' => 'Navigate siblings for book',
|
||||
'breadcrumb_siblings_for_bookshelf' => 'Navigate siblings for shelf',
|
||||
'breadcrumb_siblings_for_page' => '导航页面',
|
||||
'breadcrumb_siblings_for_chapter' => '导航章节',
|
||||
'breadcrumb_siblings_for_book' => '导航书籍',
|
||||
'breadcrumb_siblings_for_bookshelf' => '导航书架',
|
||||
|
||||
// Permissions and restrictions
|
||||
'permissions' => '权限',
|
||||
@@ -399,7 +399,7 @@ return [
|
||||
'comment_add' => '添加评论',
|
||||
'comment_none' => '没有要显示的评论',
|
||||
'comment_placeholder' => '在这里评论',
|
||||
'comment_thread_count' => ':count Comment Thread|:count Comment Threads',
|
||||
'comment_thread_count' => ':count 条',
|
||||
'comment_archived_count' => ':count 条评论已存档',
|
||||
'comment_archived_threads' => '已存档的贴子',
|
||||
'comment_save' => '保存评论',
|
||||
|
||||
@@ -109,7 +109,7 @@ return [
|
||||
'import_zip_cant_read' => '无法读取 ZIP 文件。',
|
||||
'import_zip_cant_decode_data' => '无法找到并解码 ZIP data.json 内容。',
|
||||
'import_zip_no_data' => 'ZIP 文件数据没有预期的书籍、章节或页面内容。',
|
||||
'import_zip_data_too_large' => 'ZIP data.json content exceeds the configured application maximum upload size.',
|
||||
'import_zip_data_too_large' => '超出最大上传大小。',
|
||||
'import_validation_failed' => '导入 ZIP 验证失败,出现错误:',
|
||||
'import_zip_failed_notification' => 'ZIP 文件导入失败。',
|
||||
'import_perms_books' => '您缺少创建书籍所需的权限。',
|
||||
@@ -125,7 +125,7 @@ return [
|
||||
'api_incorrect_token_secret' => '给已给出的API所提供的密钥不正确',
|
||||
'api_user_no_api_permission' => '使用过的 API 令牌的所有者没有进行API 调用的权限',
|
||||
'api_user_token_expired' => '所使用的身份令牌已过期',
|
||||
'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',
|
||||
'api_cookie_auth_only_get' => '使用基于 Cookie 的身份验证 API 时,仅允许 GET 请求。',
|
||||
|
||||
// Settings & Maintenance
|
||||
'maintenance_test_email_failure' => '发送测试电子邮件时出现错误:',
|
||||
|
||||
@@ -11,8 +11,8 @@ return [
|
||||
'updated_page_subject' => '页面更新::pageName',
|
||||
'updated_page_intro' => ':appName: 中的一个页面已被更新',
|
||||
'updated_page_debounce' => '为了防止出现大量通知,一段时间内您不会收到同一编辑者再次编辑本页面的通知。',
|
||||
'comment_mention_subject' => 'You have been mentioned in a comment on page: :pageName',
|
||||
'comment_mention_intro' => 'You were mentioned in a comment on :appName:',
|
||||
'comment_mention_subject' => '在页面中被提及::pageName',
|
||||
'comment_mention_intro' => '在 :appName 中被提及:',
|
||||
|
||||
'detail_page_name' => '页面名称:',
|
||||
'detail_page_path' => '页面路径:',
|
||||
|
||||
@@ -23,7 +23,7 @@ return [
|
||||
'notifications_desc' => '控制在系统内发生某些活动时您会收到的电子邮件通知。',
|
||||
'notifications_opt_own_page_changes' => '在我拥有的页面被修改时通知我',
|
||||
'notifications_opt_own_page_comments' => '在我拥有的页面上有新评论时通知我',
|
||||
'notifications_opt_comment_mentions' => 'Notify when I\'m mentioned in a comment',
|
||||
'notifications_opt_comment_mentions' => '当我在评论中被提及时通知我',
|
||||
'notifications_opt_comment_replies' => '在有人回复我的频率时通知我',
|
||||
'notifications_save' => '保存偏好设置',
|
||||
'notifications_update_success' => '通知偏好设置已更新!',
|
||||
|
||||
@@ -75,8 +75,8 @@ return [
|
||||
'reg_confirm_restrict_domain_placeholder' => '尚未设置限制',
|
||||
|
||||
// Sorting Settings
|
||||
'sorting' => 'Lists & Sorting',
|
||||
'sorting_book_default' => 'Default Book Sort Rule',
|
||||
'sorting' => '列表和排序',
|
||||
'sorting_book_default' => '默认排序规则',
|
||||
'sorting_book_default_desc' => '选择要应用于新书的默认排序规则。这不会影响现有书,并且可以每本书覆盖。',
|
||||
'sorting_rules' => '排序规则',
|
||||
'sorting_rules_desc' => '这些是预定义的排序操作,可应用于系统中的内容。',
|
||||
@@ -103,8 +103,8 @@ return [
|
||||
'sort_rule_op_updated_date' => '更新时间',
|
||||
'sort_rule_op_chapters_first' => '章节正序',
|
||||
'sort_rule_op_chapters_last' => '章节倒序',
|
||||
'sorting_page_limits' => 'Per-Page Display Limits',
|
||||
'sorting_page_limits_desc' => 'Set how many items to show per-page in various lists within the system. Typically a lower amount will be more performant, while a higher amount avoids the need to click through multiple pages. Using an even multiple of 3 (18, 24, 30, etc...) is recommended.',
|
||||
'sorting_page_limits' => '每页显示限制',
|
||||
'sorting_page_limits_desc' => '设置系统中各种列表每页显示的项目数。通常,项目数越少性能越好,而项目数越多可以避免用户点击多个页面。建议使用 3 的整数倍(例如 18、24、30 等)。',
|
||||
|
||||
// Maintenance settings
|
||||
'maint' => '维护',
|
||||
@@ -197,13 +197,13 @@ return [
|
||||
'role_import_content' => '导入内容',
|
||||
'role_editor_change' => '更改页面编辑器',
|
||||
'role_notifications' => '管理和接收通知',
|
||||
'role_permission_note_users_and_roles' => 'These permissions will technically also provide visibility & searching of users & roles in the system.',
|
||||
'role_permission_note_users_and_roles' => '从技术上讲,这些权限还将提供对系统中用户和角色的可见性和搜索功能。',
|
||||
'role_asset' => '资源许可',
|
||||
'roles_system_warning' => '请注意,拥有以上三个权限中的任何一个都会允许用户更改自己的权限或系统中其他人的权限。 请只将拥有这些权限的角色分配给你信任的用户。',
|
||||
'role_asset_desc' => '对系统内资源的默认访问许可将由这些权限控制。单独设置在书籍、章节和页面上的权限将覆盖这里的权限设定。',
|
||||
'role_asset_admins' => '管理员可自动获得对所有内容的访问权限,但这些选项可能会显示或隐藏UI选项。',
|
||||
'role_asset_image_view_note' => '这与图像管理器中的可见性有关。已经上传的图片的实际访问取决于系统图像存储选项。',
|
||||
'role_asset_users_note' => 'These permissions will technically also provide visibility & searching of users in the system.',
|
||||
'role_asset_users_note' => '从技术上讲,这些权限还将提供对系统中用户和角色的可见性和搜索功能。',
|
||||
'role_all' => '全部的',
|
||||
'role_own' => '拥有的',
|
||||
'role_controlled_by_asset' => '由其所在的资源来控制',
|
||||
|
||||
@@ -106,7 +106,7 @@ return [
|
||||
'uploaded' => '无法上传文件。 服务器可能不接受此大小的文件。',
|
||||
|
||||
'zip_file' => ':attribute 需要引用 ZIP 内的文件。',
|
||||
'zip_file_size' => 'The file :attribute must not exceed :size MB.',
|
||||
'zip_file_size' => ':attribute 不能超过 :size MB 。',
|
||||
'zip_file_mime' => ':attribute 需要引用类型为 :validTypes 的文件,找到 :foundType 。',
|
||||
'zip_model_expected' => '预期的数据对象,但找到了 ":type" 。',
|
||||
'zip_unique' => '对于 ZIP 中的对象类型来说,:attribute 必须是唯一的。',
|
||||
|
||||
@@ -34,7 +34,6 @@
|
||||
<server name="AUTH_AUTO_INITIATE" value="false"/>
|
||||
<server name="DISABLE_EXTERNAL_SERVICES" value="true"/>
|
||||
<server name="ALLOW_UNTRUSTED_SERVER_FETCHING" value="false"/>
|
||||
<server name="CONTENT_FILTERING" value="jhfa"/>
|
||||
<server name="ALLOW_CONTENT_SCRIPTS" value="false"/>
|
||||
<server name="AVATAR_URL" value=""/>
|
||||
<server name="LDAP_START_TLS" value="false"/>
|
||||
|
||||
33
public/dist/app.js
vendored
33
public/dist/app.js
vendored
File diff suppressed because one or more lines are too long
32
public/dist/code.js
vendored
32
public/dist/code.js
vendored
File diff suppressed because one or more lines are too long
1
public/dist/export-styles.css
vendored
1
public/dist/export-styles.css
vendored
File diff suppressed because one or more lines are too long
3
public/dist/legacy-modes.js
vendored
3
public/dist/legacy-modes.js
vendored
File diff suppressed because one or more lines are too long
28
public/dist/markdown.js
vendored
28
public/dist/markdown.js
vendored
File diff suppressed because one or more lines are too long
1
public/dist/styles.css
vendored
1
public/dist/styles.css
vendored
File diff suppressed because one or more lines are too long
32
public/dist/wysiwyg.js
vendored
32
public/dist/wysiwyg.js
vendored
File diff suppressed because one or more lines are too long
@@ -155,7 +155,7 @@ The website which contains the project docs & blog can be found in the [BookStac
|
||||
The BookStack source is provided under the [MIT License](https://github.com/BookStackApp/BookStack/blob/development/LICENSE).
|
||||
|
||||
The libraries used by, and included with, BookStack are provided under their own licenses and copyright.
|
||||
The licenses for many of our core dependencies can be found in the attribution list below, but this is not an exhaustive list of all projects used within BookStack.
|
||||
The licenses for many of our core dependencies can be found in the attribution list below but this is not an exhaustive list of all projects used within BookStack.
|
||||
|
||||
## 👪 Attribution
|
||||
|
||||
@@ -187,6 +187,5 @@ Note: This is not an exhaustive list of all libraries and projects that would be
|
||||
* [PHPStan](https://phpstan.org/) & [Larastan](https://github.com/nunomaduro/larastan) - _[MIT](https://github.com/phpstan/phpstan/blob/master/LICENSE) and [MIT](https://github.com/nunomaduro/larastan/blob/master/LICENSE.md)_
|
||||
* [PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer) - _[BSD 3-Clause](https://github.com/squizlabs/PHP_CodeSniffer/blob/master/licence.txt)_
|
||||
* [JakeArchibald/IDB-Keyval](https://github.com/jakearchibald/idb-keyval) - _[Apache-2.0](https://github.com/jakearchibald/idb-keyval/blob/main/LICENCE)_
|
||||
* [HTML Purifier](https://github.com/ezyang/htmlpurifier) and [htmlpurifier-html5](https://github.com/xemlock/htmlpurifier-html5) - _[LGPL-2.1](https://github.com/ezyang/htmlpurifier/blob/master/LICENSE) and [MIT](https://github.com/xemlock/htmlpurifier-html5/blob/master/LICENSE)_
|
||||
|
||||
For a detailed breakdown of the JavaScript & PHP projects imported and used via NPM & composer package managers, along with their licenses, please see the [dev/licensing/js-library-licenses.txt](dev/licensing/js-library-licenses.txt) and [dev/licensing/php-library-licenses.txt](dev/licensing/php-library-licenses.txt) files.
|
||||
For a detailed breakdown of the JavaScript & PHP projects imported & used via NPM & composer package managers, along with their licenses, please see the [dev/licensing/js-library-licenses.txt](dev/licensing/js-library-licenses.txt) and [dev/licensing/php-library-licenses.txt](dev/licensing/php-library-licenses.txt) files.
|
||||
2
storage/framework/purifier/.gitignore
vendored
2
storage/framework/purifier/.gitignore
vendored
@@ -1,2 +0,0 @@
|
||||
*
|
||||
!.gitignore
|
||||
@@ -1,480 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace Tests\Entity;
|
||||
|
||||
use Tests\TestCase;
|
||||
|
||||
class PageContentFilteringTest extends TestCase
|
||||
{
|
||||
public function test_page_content_scripts_removed_by_default()
|
||||
{
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
$script = 'abc123<script>console.log("hello-test")</script>abc123';
|
||||
$page->html = "escape {$script}";
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$pageView->assertDontSee($script, false);
|
||||
$pageView->assertSee('abc123abc123');
|
||||
}
|
||||
|
||||
public function test_more_complex_content_script_escaping_scenarios()
|
||||
{
|
||||
config()->set('app.content_filtering', 'j');
|
||||
|
||||
$checks = [
|
||||
"<p>Some script</p><script>alert('cat')</script>",
|
||||
"<div><div><div><div><p>Some script</p><script>alert('cat')</script></div></div></div></div>",
|
||||
"<p>Some script<script>alert('cat')</script></p>",
|
||||
"<p>Some script <div><script>alert('cat')</script></div></p>",
|
||||
"<p>Some script <script><div>alert('cat')</script></div></p>",
|
||||
"<p>Some script <script><div>alert('cat')</script><script><div>alert('cat')</script></p><script><div>alert('cat')</script>",
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', '<script>');
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', '</script>');
|
||||
}
|
||||
}
|
||||
|
||||
public function test_js_and_base64_src_urls_are_removed()
|
||||
{
|
||||
config()->set('app.content_filtering', 'j');
|
||||
|
||||
$checks = [
|
||||
'<iframe src="javascript:alert(document.cookie)"></iframe>',
|
||||
'<iframe src="JavAScRipT:alert(document.cookie)"></iframe>',
|
||||
'<iframe src="JavAScRipT:alert(document.cookie)"></iframe>',
|
||||
'<iframe SRC=" javascript: alert(document.cookie)"></iframe>',
|
||||
'<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',
|
||||
'<iframe src="DaTa:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',
|
||||
'<iframe src=" data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',
|
||||
'<img src="javascript:alert(document.cookie)"/>',
|
||||
'<img src="JavAScRipT:alert(document.cookie)"/>',
|
||||
'<img src="JavAScRipT:alert(document.cookie)"/>',
|
||||
'<img SRC=" javascript: alert(document.cookie)"/>',
|
||||
'<img src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
|
||||
'<img src="DaTa:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
|
||||
'<img src=" data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
|
||||
'<iframe srcdoc="<script>window.alert(document.cookie)</script>"></iframe>',
|
||||
'<iframe SRCdoc="<script>window.alert(document.cookie)</script>"></iframe>',
|
||||
'<IMG SRC=`javascript:alert("RSnake says, \'XSS\'")`>',
|
||||
'<object data="javascript:alert(document.cookie)"></object>',
|
||||
'<object data="JavAScRipT:alert(document.cookie)"></object>',
|
||||
'<object data="JavAScRipT:alert(document.cookie)"></object>',
|
||||
'<object SRC=" javascript: alert(document.cookie)"></object>',
|
||||
'<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></object>',
|
||||
'<object data="DaTa:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></object>',
|
||||
'<object data=" data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></object>',
|
||||
'<embed src="javascript:alert(document.cookie)"/>',
|
||||
'<embed src="JavAScRipT:alert(document.cookie)"/>',
|
||||
'<embed src="JavAScRipT:alert(document.cookie)"/>',
|
||||
'<embed SRC=" javascript: alert(document.cookie)"/>',
|
||||
'<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
|
||||
'<embed src="DaTa:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
|
||||
'<embed src=" data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$html = $this->withHtml($pageView);
|
||||
$html->assertElementNotContains('.page-content', '<object');
|
||||
$html->assertElementNotContains('.page-content', 'data=');
|
||||
$html->assertElementNotContains('.page-content', '<iframe>');
|
||||
$html->assertElementNotContains('.page-content', '<img');
|
||||
$html->assertElementNotContains('.page-content', '</iframe>');
|
||||
$html->assertElementNotContains('.page-content', 'src=');
|
||||
$html->assertElementNotContains('.page-content', 'javascript:');
|
||||
$html->assertElementNotContains('.page-content', 'data:');
|
||||
$html->assertElementNotContains('.page-content', 'base64');
|
||||
}
|
||||
}
|
||||
|
||||
public function test_javascript_uri_links_are_removed()
|
||||
{
|
||||
config()->set('app.content_filtering', 'j');
|
||||
|
||||
$checks = [
|
||||
'<a id="xss" href="javascript:alert(document.cookie)>Click me</a>',
|
||||
'<a id="xss" href="javascript: alert(document.cookie)>Click me</a>',
|
||||
'<a id="xss" href="JaVaScRiPt: alert(document.cookie)>Click me</a>',
|
||||
'<a id="xss" href=" JaVaScRiPt: alert(document.cookie)>Click me</a>',
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', '<a id="xss"');
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', 'href=javascript:');
|
||||
}
|
||||
}
|
||||
|
||||
public function test_form_filtering_is_controlled_by_config()
|
||||
{
|
||||
config()->set('app.content_filtering', '');
|
||||
$page = $this->entities->page();
|
||||
$page->html = '<form><input type="text" id="dont-see-this" value="test"></form>';
|
||||
$page->save();
|
||||
|
||||
$this->asEditor()->get($page->getUrl())->assertSee('dont-see-this', false);
|
||||
|
||||
config()->set('app.content_filtering', 'f');
|
||||
$this->get($page->getUrl())->assertDontSee('dont-see-this', false);
|
||||
}
|
||||
|
||||
public function test_form_actions_with_javascript_are_removed()
|
||||
{
|
||||
config()->set('app.content_filtering', 'j');
|
||||
|
||||
$checks = [
|
||||
'<customform><custominput id="xss" type=submit formaction=javascript:alert(document.domain) value=Submit><custominput></customform>',
|
||||
'<customform ><custombutton id="xss" formaction="JaVaScRiPt:alert(document.domain)">Click me</custombutton></customform>',
|
||||
'<customform ><custombutton id="xss" formaction=javascript:alert(document.domain)>Click me</custombutton></customform>',
|
||||
'<customform id="xss" action=javascript:alert(document.domain)><input type=submit value=Submit></customform>',
|
||||
'<customform id="xss" action="JaVaScRiPt:alert(document.domain)"><input type=submit value=Submit></customform>',
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$pageView->assertDontSee('id="xss"', false);
|
||||
$pageView->assertDontSee('action=javascript:', false);
|
||||
$pageView->assertDontSee('action=JaVaScRiPt:', false);
|
||||
$pageView->assertDontSee('formaction=javascript:', false);
|
||||
$pageView->assertDontSee('formaction=JaVaScRiPt:', false);
|
||||
}
|
||||
}
|
||||
|
||||
public function test_form_elements_are_removed()
|
||||
{
|
||||
config()->set('app.content_filtering', 'f');
|
||||
|
||||
$checks = [
|
||||
'<p>thisisacattofind</p><form>thisdogshouldnotbefound</form>',
|
||||
'<p>thisisacattofind</p><input type="text" value="thisdogshouldnotbefound">',
|
||||
'<p>thisisacattofind</p><select><option>thisdogshouldnotbefound</option></select>',
|
||||
'<p>thisisacattofind</p><textarea>thisdogshouldnotbefound</textarea>',
|
||||
'<p>thisisacattofind</p><fieldset>thisdogshouldnotbefound</fieldset>',
|
||||
'<p>thisisacattofind</p><button>thisdogshouldnotbefound</button>',
|
||||
'<p>thisisacattofind</p><BUTTON>thisdogshouldnotbefound</BUTTON>',
|
||||
<<<'TESTCASE'
|
||||
<svg width="200" height="100" xmlns="http://www.w3.org/2000/svg">
|
||||
<foreignObject width="100%" height="100%">
|
||||
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>thisisacattofind</p>
|
||||
<form>
|
||||
<p>thisdogshouldnotbefound</p>
|
||||
</form>
|
||||
<input type="text" placeholder="thisdogshouldnotbefound" />
|
||||
<button type="submit">thisdogshouldnotbefound</button>
|
||||
</body>
|
||||
|
||||
</foreignObject>
|
||||
</svg>
|
||||
TESTCASE
|
||||
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$pageView->assertSee('thisisacattofind');
|
||||
$pageView->assertDontSee('thisdogshouldnotbefound');
|
||||
}
|
||||
}
|
||||
|
||||
public function test_form_attributes_are_removed()
|
||||
{
|
||||
config()->set('app.content_filtering', 'f');
|
||||
|
||||
$withinSvgSample = <<<'TESTCASE'
|
||||
<svg width="200" height="100" xmlns="http://www.w3.org/2000/svg">
|
||||
<foreignObject width="100%" height="100%">
|
||||
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p formaction="a">thisisacattofind</p>
|
||||
<p formaction="a">thisisacattofind</p>
|
||||
</body>
|
||||
|
||||
</foreignObject>
|
||||
</svg>
|
||||
TESTCASE;
|
||||
|
||||
$checks = [
|
||||
'formaction' => '<p formaction="a">thisisacattofind</p>',
|
||||
'form' => '<p form="a">thisisacattofind</p>',
|
||||
'formmethod' => '<p formmethod="a">thisisacattofind</p>',
|
||||
'formtarget' => '<p formtarget="a">thisisacattofind</p>',
|
||||
'FORMTARGET' => '<p FORMTARGET="a">thisisacattofind</p>',
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $attribute => $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$pageView->assertSee('thisisacattofind');
|
||||
$this->withHtml($pageView)->assertElementNotExists(".page-content [{$attribute}]");
|
||||
}
|
||||
|
||||
$page->html = $withinSvgSample;
|
||||
$page->save();
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$html = $this->withHtml($pageView);
|
||||
foreach ($checks as $attribute => $check) {
|
||||
$pageView->assertSee('thisisacattofind');
|
||||
$html->assertElementNotExists(".page-content [{$attribute}]");
|
||||
}
|
||||
}
|
||||
|
||||
public function test_metadata_redirects_are_removed()
|
||||
{
|
||||
config()->set('app.content_filtering', 'h');
|
||||
|
||||
$checks = [
|
||||
'<meta http-equiv="refresh" content="0; url=//external_url">',
|
||||
'<meta http-equiv="refresh" ConTeNt="0; url=//external_url">',
|
||||
'<meta http-equiv="refresh" content="0; UrL=//external_url">',
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', '<meta>');
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', '</meta>');
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', 'content=');
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', 'external_url');
|
||||
}
|
||||
}
|
||||
|
||||
public function test_page_inline_on_attributes_removed_by_default()
|
||||
{
|
||||
config()->set('app.content_filtering', 'j');
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
$script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
|
||||
$page->html = "escape {$script}";
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$pageView->assertDontSee($script, false);
|
||||
$pageView->assertSee('<p>Hello</p>', false);
|
||||
}
|
||||
|
||||
public function test_more_complex_inline_on_attributes_escaping_scenarios()
|
||||
{
|
||||
config()->set('app.content_filtering', 'j');
|
||||
|
||||
$checks = [
|
||||
'<p onclick="console.log(\'test\')">Hello</p>',
|
||||
'<p OnCliCk="console.log(\'test\')">Hello</p>',
|
||||
'<div>Lorem ipsum dolor sit amet.</div><p onclick="console.log(\'test\')">Hello</p>',
|
||||
'<div>Lorem ipsum dolor sit amet.<p onclick="console.log(\'test\')">Hello</p></div>',
|
||||
'<div><div><div><div>Lorem ipsum dolor sit amet.<p onclick="console.log(\'test\')">Hello</p></div></div></div></div>',
|
||||
'<div onclick="console.log(\'test\')">Lorem ipsum dolor sit amet.</div><p onclick="console.log(\'test\')">Hello</p><div></div>',
|
||||
'<a a="<img src=1 onerror=\'alert(1)\'> ',
|
||||
'\<a onclick="alert(document.cookie)"\>xss link\</a\>',
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', 'onclick');
|
||||
}
|
||||
}
|
||||
|
||||
public function test_page_content_scripts_show_with_filters_disabled()
|
||||
{
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
config()->set('app.content_filtering', '');
|
||||
|
||||
$script = 'abc123<script>console.log("hello-test")</script>abc123';
|
||||
$page->html = "no escape {$script}";
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertSee($script, false);
|
||||
$pageView->assertDontSee('abc123abc123');
|
||||
}
|
||||
|
||||
public function test_svg_script_usage_is_removed()
|
||||
{
|
||||
config()->set('app.content_filtering', 'j');
|
||||
|
||||
$checks = [
|
||||
'<svg id="test" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="100" height="100"><a xlink:href="javascript:alert(document.domain)"><rect x="0" y="0" width="100" height="100" /></a></svg>',
|
||||
'<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><use xlink:href="data:application/xml;base64 ,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KPGRlZnM+CjxjaXJjbGUgaWQ9InRlc3QiIHI9IjAiIGN4PSIwIiBjeT0iMCIgc3R5bGU9ImZpbGw6ICNGMDAiPgo8c2V0IGF0dHJpYnV0ZU5hbWU9ImZpbGwiIGF0dHJpYnV0ZVR5cGU9IkNTUyIgb25iZWdpbj0nYWxlcnQoZG9jdW1lbnQuZG9tYWluKScKb25lbmQ9J2FsZXJ0KCJvbmVuZCIpJyB0bz0iIzAwRiIgYmVnaW49IjBzIiBkdXI9Ijk5OXMiIC8+CjwvY2lyY2xlPgo8L2RlZnM+Cjx1c2UgeGxpbms6aHJlZj0iI3Rlc3QiLz4KPC9zdmc+#test"/></svg>',
|
||||
'<svg><animate href=#xss attributeName=href values=javascript:alert(1) /></svg>',
|
||||
'<svg><animate href="#xss" attributeName="href" values="a;javascript:alert(1)" /></svg>',
|
||||
'<svg><animate href="#xss" attributeName="href" values="a;data:alert(1)" /></svg>',
|
||||
'<svg><animate href=#xss attributeName=href from=javascript:alert(1) to=1 /><a id=xss><text x=20 y=20>XSS</text></a>',
|
||||
'<svg><set href=#xss attributeName=href from=? to=javascript:alert(1) /><a id=xss><text x=20 y=20>XSS</text></a>',
|
||||
'<svg><g><g><g><animate href=#xss attributeName=href values=javascript:alert(1) /></g></g></g></svg>',
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$html = $this->withHtml($pageView);
|
||||
$html->assertElementNotContains('.page-content', 'alert');
|
||||
$html->assertElementNotContains('.page-content', 'xlink:href');
|
||||
$html->assertElementNotContains('.page-content', 'application/xml');
|
||||
$html->assertElementNotContains('.page-content', 'javascript');
|
||||
}
|
||||
}
|
||||
|
||||
public function test_page_inline_on_attributes_show_with_filters_disabled()
|
||||
{
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
config()->set('app.content_filtering', '');
|
||||
|
||||
$script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
|
||||
$page->html = "escape {$script}";
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertSee($script, false);
|
||||
$pageView->assertDontSee('<p>Hello</p>', false);
|
||||
}
|
||||
|
||||
public function test_non_content_filtering_is_controlled_by_config()
|
||||
{
|
||||
config()->set('app.content_filtering', '');
|
||||
$page = $this->entities->page();
|
||||
$html = <<<'HTML'
|
||||
<style>superbeans!</style>
|
||||
<template id="template">superbeans!</template>
|
||||
HTML;
|
||||
$page->html = $html;
|
||||
$page->save();
|
||||
|
||||
$resp = $this->asEditor()->get($page->getUrl());
|
||||
$resp->assertSee('superbeans', false);
|
||||
|
||||
config()->set('app.content_filtering', 'h');
|
||||
|
||||
$resp = $this->asEditor()->get($page->getUrl());
|
||||
$resp->assertDontSee('superbeans', false);
|
||||
}
|
||||
|
||||
public function test_non_content_filtering()
|
||||
{
|
||||
config()->set('app.content_filtering', 'h');
|
||||
$page = $this->entities->page();
|
||||
$html = <<<'HTML'
|
||||
<style>superbeans!</style>
|
||||
<p>inbetweenpsection</p>
|
||||
<link rel="stylesheet" href="https://example.com/superbeans.css">
|
||||
<meta name="description" content="superbeans!">
|
||||
<title>superbeans!</title>
|
||||
<template id="template">superbeans!</template>
|
||||
HTML;
|
||||
|
||||
$page->html = $html;
|
||||
$page->save();
|
||||
|
||||
$resp = $this->asEditor()->get($page->getUrl());
|
||||
$resp->assertDontSee('superbeans', false);
|
||||
$resp->assertSee('inbetweenpsection', false);
|
||||
}
|
||||
|
||||
public function test_allow_list_filtering_is_controlled_by_config()
|
||||
{
|
||||
config()->set('app.content_filtering', '');
|
||||
$page = $this->entities->page();
|
||||
$page->html = '<div style="position: absolute; left: 0;color:#00FFEE;">Hello!</div>';
|
||||
$page->save();
|
||||
|
||||
$resp = $this->asEditor()->get($page->getUrl());
|
||||
$resp->assertSee('style="position: absolute; left: 0;color:#00FFEE;"', false);
|
||||
|
||||
config()->set('app.content_filtering', 'a');
|
||||
$resp = $this->get($page->getUrl());
|
||||
$resp->assertDontSee('style="position: absolute; left: 0;color:#00FFEE;"', false);
|
||||
$resp->assertSee('style="color:#00FFEE;"', false);
|
||||
}
|
||||
|
||||
public function test_allow_list_style_filtering()
|
||||
{
|
||||
$testCasesExpectedByInput = [
|
||||
'<div style="position:absolute;left:0;color:#00FFEE;">Hello!</div>' => '<div style="color:#00FFEE;">Hello!</div>',
|
||||
'<div style="background:#FF0000;left:0;color:#00FFEE;">Hello!</div>' => '<div style="background:#FF0000;color:#00FFEE;">Hello!</div>',
|
||||
'<div style="color:#00FFEE;">Hello!<style>testinghello!</style></div>' => '<div style="color:#00FFEE;">Hello!</div>',
|
||||
];
|
||||
|
||||
config()->set('app.content_filtering', 'a');
|
||||
$page = $this->entities->page();
|
||||
$this->asEditor();
|
||||
|
||||
foreach ($testCasesExpectedByInput as $input => $expected) {
|
||||
$page->html = $input;
|
||||
$page->save();
|
||||
$resp = $this->get($page->getUrl());
|
||||
|
||||
$resp->assertSee($expected, false);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -101,6 +101,351 @@ class PageContentTest extends TestCase
|
||||
$pageResp->assertSee('Hello Barry');
|
||||
}
|
||||
|
||||
public function test_page_content_scripts_removed_by_default()
|
||||
{
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
$script = 'abc123<script>console.log("hello-test")</script>abc123';
|
||||
$page->html = "escape {$script}";
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$pageView->assertDontSee($script, false);
|
||||
$pageView->assertSee('abc123abc123');
|
||||
}
|
||||
|
||||
public function test_more_complex_content_script_escaping_scenarios()
|
||||
{
|
||||
$checks = [
|
||||
"<p>Some script</p><script>alert('cat')</script>",
|
||||
"<div><div><div><div><p>Some script</p><script>alert('cat')</script></div></div></div></div>",
|
||||
"<p>Some script<script>alert('cat')</script></p>",
|
||||
"<p>Some script <div><script>alert('cat')</script></div></p>",
|
||||
"<p>Some script <script><div>alert('cat')</script></div></p>",
|
||||
"<p>Some script <script><div>alert('cat')</script><script><div>alert('cat')</script></p><script><div>alert('cat')</script>",
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', '<script>');
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', '</script>');
|
||||
}
|
||||
}
|
||||
|
||||
public function test_js_and_base64_src_urls_are_removed()
|
||||
{
|
||||
$checks = [
|
||||
'<iframe src="javascript:alert(document.cookie)"></iframe>',
|
||||
'<iframe src="JavAScRipT:alert(document.cookie)"></iframe>',
|
||||
'<iframe src="JavAScRipT:alert(document.cookie)"></iframe>',
|
||||
'<iframe SRC=" javascript: alert(document.cookie)"></iframe>',
|
||||
'<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',
|
||||
'<iframe src="DaTa:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',
|
||||
'<iframe src=" data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',
|
||||
'<img src="javascript:alert(document.cookie)"/>',
|
||||
'<img src="JavAScRipT:alert(document.cookie)"/>',
|
||||
'<img src="JavAScRipT:alert(document.cookie)"/>',
|
||||
'<img SRC=" javascript: alert(document.cookie)"/>',
|
||||
'<img src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
|
||||
'<img src="DaTa:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
|
||||
'<img src=" data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
|
||||
'<iframe srcdoc="<script>window.alert(document.cookie)</script>"></iframe>',
|
||||
'<iframe SRCdoc="<script>window.alert(document.cookie)</script>"></iframe>',
|
||||
'<IMG SRC=`javascript:alert("RSnake says, \'XSS\'")`>',
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$html = $this->withHtml($pageView);
|
||||
$html->assertElementNotContains('.page-content', '<iframe>');
|
||||
$html->assertElementNotContains('.page-content', '<img');
|
||||
$html->assertElementNotContains('.page-content', '</iframe>');
|
||||
$html->assertElementNotContains('.page-content', 'src=');
|
||||
$html->assertElementNotContains('.page-content', 'javascript:');
|
||||
$html->assertElementNotContains('.page-content', 'data:');
|
||||
$html->assertElementNotContains('.page-content', 'base64');
|
||||
}
|
||||
}
|
||||
|
||||
public function test_javascript_uri_links_are_removed()
|
||||
{
|
||||
$checks = [
|
||||
'<a id="xss" href="javascript:alert(document.cookie)>Click me</a>',
|
||||
'<a id="xss" href="javascript: alert(document.cookie)>Click me</a>',
|
||||
'<a id="xss" href="JaVaScRiPt: alert(document.cookie)>Click me</a>',
|
||||
'<a id="xss" href=" JaVaScRiPt: alert(document.cookie)>Click me</a>',
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', '<a id="xss"');
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', 'href=javascript:');
|
||||
}
|
||||
}
|
||||
|
||||
public function test_form_actions_with_javascript_are_removed()
|
||||
{
|
||||
$checks = [
|
||||
'<customform><custominput id="xss" type=submit formaction=javascript:alert(document.domain) value=Submit><custominput></customform>',
|
||||
'<customform ><custombutton id="xss" formaction="JaVaScRiPt:alert(document.domain)">Click me</custombutton></customform>',
|
||||
'<customform ><custombutton id="xss" formaction=javascript:alert(document.domain)>Click me</custombutton></customform>',
|
||||
'<customform id="xss" action=javascript:alert(document.domain)><input type=submit value=Submit></customform>',
|
||||
'<customform id="xss" action="JaVaScRiPt:alert(document.domain)"><input type=submit value=Submit></customform>',
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$pageView->assertDontSee('id="xss"', false);
|
||||
$pageView->assertDontSee('action=javascript:', false);
|
||||
$pageView->assertDontSee('action=JaVaScRiPt:', false);
|
||||
$pageView->assertDontSee('formaction=javascript:', false);
|
||||
$pageView->assertDontSee('formaction=JaVaScRiPt:', false);
|
||||
}
|
||||
}
|
||||
|
||||
public function test_form_elements_are_removed()
|
||||
{
|
||||
$checks = [
|
||||
'<p>thisisacattofind</p><form>thisdogshouldnotbefound</form>',
|
||||
'<p>thisisacattofind</p><input type="text" value="thisdogshouldnotbefound">',
|
||||
'<p>thisisacattofind</p><select><option>thisdogshouldnotbefound</option></select>',
|
||||
'<p>thisisacattofind</p><textarea>thisdogshouldnotbefound</textarea>',
|
||||
'<p>thisisacattofind</p><fieldset>thisdogshouldnotbefound</fieldset>',
|
||||
'<p>thisisacattofind</p><button>thisdogshouldnotbefound</button>',
|
||||
'<p>thisisacattofind</p><BUTTON>thisdogshouldnotbefound</BUTTON>',
|
||||
<<<'TESTCASE'
|
||||
<svg width="200" height="100" xmlns="http://www.w3.org/2000/svg">
|
||||
<foreignObject width="100%" height="100%">
|
||||
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>thisisacattofind</p>
|
||||
<form>
|
||||
<p>thisdogshouldnotbefound</p>
|
||||
</form>
|
||||
<input type="text" placeholder="thisdogshouldnotbefound" />
|
||||
<button type="submit">thisdogshouldnotbefound</button>
|
||||
</body>
|
||||
|
||||
</foreignObject>
|
||||
</svg>
|
||||
TESTCASE
|
||||
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$pageView->assertSee('thisisacattofind');
|
||||
$pageView->assertDontSee('thisdogshouldnotbefound');
|
||||
}
|
||||
}
|
||||
|
||||
public function test_form_attributes_are_removed()
|
||||
{
|
||||
$withinSvgSample = <<<'TESTCASE'
|
||||
<svg width="200" height="100" xmlns="http://www.w3.org/2000/svg">
|
||||
<foreignObject width="100%" height="100%">
|
||||
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p formaction="a">thisisacattofind</p>
|
||||
<p formaction="a">thisisacattofind</p>
|
||||
</body>
|
||||
|
||||
</foreignObject>
|
||||
</svg>
|
||||
TESTCASE;
|
||||
|
||||
$checks = [
|
||||
'formaction' => '<p formaction="a">thisisacattofind</p>',
|
||||
'form' => '<p form="a">thisisacattofind</p>',
|
||||
'formmethod' => '<p formmethod="a">thisisacattofind</p>',
|
||||
'formtarget' => '<p formtarget="a">thisisacattofind</p>',
|
||||
'FORMTARGET' => '<p FORMTARGET="a">thisisacattofind</p>',
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $attribute => $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$pageView->assertSee('thisisacattofind');
|
||||
$this->withHtml($pageView)->assertElementNotExists(".page-content [{$attribute}]");
|
||||
}
|
||||
|
||||
$page->html = $withinSvgSample;
|
||||
$page->save();
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$html = $this->withHtml($pageView);
|
||||
foreach ($checks as $attribute => $check) {
|
||||
$pageView->assertSee('thisisacattofind');
|
||||
$html->assertElementNotExists(".page-content [{$attribute}]");
|
||||
}
|
||||
}
|
||||
|
||||
public function test_metadata_redirects_are_removed()
|
||||
{
|
||||
$checks = [
|
||||
'<meta http-equiv="refresh" content="0; url=//external_url">',
|
||||
'<meta http-equiv="refresh" ConTeNt="0; url=//external_url">',
|
||||
'<meta http-equiv="refresh" content="0; UrL=//external_url">',
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', '<meta>');
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', '</meta>');
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', 'content=');
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', 'external_url');
|
||||
}
|
||||
}
|
||||
|
||||
public function test_page_inline_on_attributes_removed_by_default()
|
||||
{
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
$script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
|
||||
$page->html = "escape {$script}";
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$pageView->assertDontSee($script, false);
|
||||
$pageView->assertSee('<p>Hello</p>', false);
|
||||
}
|
||||
|
||||
public function test_more_complex_inline_on_attributes_escaping_scenarios()
|
||||
{
|
||||
$checks = [
|
||||
'<p onclick="console.log(\'test\')">Hello</p>',
|
||||
'<p OnCliCk="console.log(\'test\')">Hello</p>',
|
||||
'<div>Lorem ipsum dolor sit amet.</div><p onclick="console.log(\'test\')">Hello</p>',
|
||||
'<div>Lorem ipsum dolor sit amet.<p onclick="console.log(\'test\')">Hello</p></div>',
|
||||
'<div><div><div><div>Lorem ipsum dolor sit amet.<p onclick="console.log(\'test\')">Hello</p></div></div></div></div>',
|
||||
'<div onclick="console.log(\'test\')">Lorem ipsum dolor sit amet.</div><p onclick="console.log(\'test\')">Hello</p><div></div>',
|
||||
'<a a="<img src=1 onerror=\'alert(1)\'> ',
|
||||
'\<a onclick="alert(document.cookie)"\>xss link\</a\>',
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$this->withHtml($pageView)->assertElementNotContains('.page-content', 'onclick');
|
||||
}
|
||||
}
|
||||
|
||||
public function test_page_content_scripts_show_when_configured()
|
||||
{
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
config()->set('app.allow_content_scripts', 'true');
|
||||
|
||||
$script = 'abc123<script>console.log("hello-test")</script>abc123';
|
||||
$page->html = "no escape {$script}";
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertSee($script, false);
|
||||
$pageView->assertDontSee('abc123abc123');
|
||||
}
|
||||
|
||||
public function test_svg_script_usage_is_removed()
|
||||
{
|
||||
$checks = [
|
||||
'<svg id="test" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="100" height="100"><a xlink:href="javascript:alert(document.domain)"><rect x="0" y="0" width="100" height="100" /></a></svg>',
|
||||
'<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><use xlink:href="data:application/xml;base64 ,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KPGRlZnM+CjxjaXJjbGUgaWQ9InRlc3QiIHI9IjAiIGN4PSIwIiBjeT0iMCIgc3R5bGU9ImZpbGw6ICNGMDAiPgo8c2V0IGF0dHJpYnV0ZU5hbWU9ImZpbGwiIGF0dHJpYnV0ZVR5cGU9IkNTUyIgb25iZWdpbj0nYWxlcnQoZG9jdW1lbnQuZG9tYWluKScKb25lbmQ9J2FsZXJ0KCJvbmVuZCIpJyB0bz0iIzAwRiIgYmVnaW49IjBzIiBkdXI9Ijk5OXMiIC8+CjwvY2lyY2xlPgo8L2RlZnM+Cjx1c2UgeGxpbms6aHJlZj0iI3Rlc3QiLz4KPC9zdmc+#test"/></svg>',
|
||||
'<svg><animate href=#xss attributeName=href values=javascript:alert(1) /></svg>',
|
||||
'<svg><animate href="#xss" attributeName="href" values="a;javascript:alert(1)" /></svg>',
|
||||
'<svg><animate href="#xss" attributeName="href" values="a;data:alert(1)" /></svg>',
|
||||
'<svg><animate href=#xss attributeName=href from=javascript:alert(1) to=1 /><a id=xss><text x=20 y=20>XSS</text></a>',
|
||||
'<svg><set href=#xss attributeName=href from=? to=javascript:alert(1) /><a id=xss><text x=20 y=20>XSS</text></a>',
|
||||
'<svg><g><g><g><animate href=#xss attributeName=href values=javascript:alert(1) /></g></g></g></svg>',
|
||||
];
|
||||
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
foreach ($checks as $check) {
|
||||
$page->html = $check;
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertStatus(200);
|
||||
$html = $this->withHtml($pageView);
|
||||
$html->assertElementNotContains('.page-content', 'alert');
|
||||
$html->assertElementNotContains('.page-content', 'xlink:href');
|
||||
$html->assertElementNotContains('.page-content', 'application/xml');
|
||||
$html->assertElementNotContains('.page-content', 'javascript');
|
||||
}
|
||||
}
|
||||
|
||||
public function test_page_inline_on_attributes_show_if_configured()
|
||||
{
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
config()->set('app.allow_content_scripts', 'true');
|
||||
|
||||
$script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
|
||||
$page->html = "escape {$script}";
|
||||
$page->save();
|
||||
|
||||
$pageView = $this->get($page->getUrl());
|
||||
$pageView->assertSee($script, false);
|
||||
$pageView->assertDontSee('<p>Hello</p>', false);
|
||||
}
|
||||
|
||||
public function test_duplicate_ids_does_not_break_page_render()
|
||||
{
|
||||
$this->asEditor();
|
||||
@@ -304,7 +649,6 @@ class PageContentTest extends TestCase
|
||||
|
||||
public function test_page_markdown_single_html_comment_saving()
|
||||
{
|
||||
config()->set('app.content_filtering', 'jfh');
|
||||
$this->asEditor();
|
||||
$page = $this->entities->page();
|
||||
|
||||
@@ -312,7 +656,7 @@ class PageContentTest extends TestCase
|
||||
$this->put($page->getUrl(), [
|
||||
'name' => $page->name, 'markdown' => $content,
|
||||
'html' => '', 'summary' => '',
|
||||
])->assertRedirect();
|
||||
]);
|
||||
|
||||
$page->refresh();
|
||||
$this->assertStringMatchesFormat($content, $page->html);
|
||||
|
||||
@@ -160,11 +160,9 @@ class PageDraftTest extends TestCase
|
||||
{
|
||||
$this->asAdmin();
|
||||
$page = $this->entities->page();
|
||||
$page->html = '<p>test content<script>hellotherekitty</script></p>';
|
||||
$page->save();
|
||||
|
||||
$this->getJson('/ajax/page/' . $page->id)->assertJson([
|
||||
'html' => '<p>test content</p>',
|
||||
'html' => $page->html,
|
||||
]);
|
||||
}
|
||||
|
||||
|
||||
@@ -265,21 +265,4 @@ class PageEditorTest extends TestCase
|
||||
$this->assertEquals($test['expected'], $page->refresh()->editor, "Failed asserting global editor {$test['setting']} with request editor {$test['request']} results in {$test['expected']} set for the page");
|
||||
}
|
||||
}
|
||||
|
||||
public function test_editor_html_content_is_filtered_if_loaded_by_a_different_user()
|
||||
{
|
||||
$editor = $this->users->editor();
|
||||
$page = $this->entities->page();
|
||||
$page->html = '<style>hellotherethisisaturtlemonster</style>';
|
||||
$page->updated_by = $editor->id;
|
||||
$page->save();
|
||||
|
||||
$resp = $this->asAdmin()->get($page->getUrl('edit'));
|
||||
$resp->assertOk();
|
||||
$resp->assertDontSee('hellotherethisisaturtlemonster', false);
|
||||
|
||||
$resp = $this->asAdmin()->get("/ajax/page/{$page->id}");
|
||||
$resp->assertOk();
|
||||
$resp->assertDontSee('hellotherethisisaturtlemonster', false);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -93,14 +93,14 @@ class SecurityHeaderTest extends TestCase
|
||||
$this->assertNotEquals($firstHeader, $secondHeader);
|
||||
}
|
||||
|
||||
public function test_content_filtering_config_controls_csp_script_headers()
|
||||
public function test_allow_content_scripts_settings_controls_csp_script_headers()
|
||||
{
|
||||
config()->set('app.content_filtering', '');
|
||||
config()->set('app.allow_content_scripts', true);
|
||||
$resp = $this->get('/');
|
||||
$scriptHeader = $this->getCspHeader($resp, 'script-src');
|
||||
$this->assertEmpty($scriptHeader);
|
||||
|
||||
config()->set('app.content_filtering', 'j');
|
||||
config()->set('app.allow_content_scripts', false);
|
||||
$resp = $this->get('/');
|
||||
$scriptHeader = $this->getCspHeader($resp, 'script-src');
|
||||
$this->assertNotEmpty($scriptHeader);
|
||||
|
||||
@@ -170,27 +170,6 @@ class ConfigTest extends TestCase
|
||||
}
|
||||
}
|
||||
|
||||
public function test_content_filtering_defaults_to_enabled()
|
||||
{
|
||||
$this->runWithEnv(['APP_CONTENT_FILTERING' => null, 'ALLOW_CONTENT_SCRIPTS' => null], function () {
|
||||
$this->assertEquals('jhfa', config('app.content_filtering'));
|
||||
});
|
||||
}
|
||||
|
||||
public function test_content_filtering_can_be_disabled()
|
||||
{
|
||||
$this->runWithEnv(['APP_CONTENT_FILTERING' => "", 'ALLOW_CONTENT_SCRIPTS' => null], function () {
|
||||
$this->assertEquals('', config('app.content_filtering'));
|
||||
});
|
||||
}
|
||||
|
||||
public function test_allow_content_scripts_disables_content_filtering()
|
||||
{
|
||||
$this->runWithEnv(['APP_CONTENT_FILTERING' => null, 'ALLOW_CONTENT_SCRIPTS' => 'true'], function () {
|
||||
$this->assertEquals('', config('app.content_filtering'));
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Set an environment variable of the given name and value
|
||||
* then check the given config key to see if it matches the given result.
|
||||
|
||||
Reference in New Issue
Block a user