[PR #5405] [MERGED] Theme System: Public serving of files #6490

New Issue

OVERLORD · 2026-02-05T10:33:37+03:00

OVERLORD commented

2026-02-05 10:33:37 +03:00

📋 Pull Request Information

Original PR: https://github.com/BookStackApp/BookStack/pull/5405
Author: @ssddanbrown
Created: 1/13/2025
Status: ✅ Merged
Merged: 1/14/2025
Merged by: @ssddanbrown

Base: development ← Head: public_theme_files

📝 Commits (3)

593645a Themes: Added route to serve public theme files
481580b Themes: Added testing and better mime sniffing for public serving
25c4f4b Themes: Documented public file serving

📊 Changes

17 files changed (+183 additions, -22 deletions)

View changed files

📝 app/App/helpers.php (+2 -2)
📝 app/Exports/Controllers/BookExportController.php (+1 -1)
📝 app/Exports/Controllers/ChapterExportController.php (+1 -1)
📝 app/Exports/Controllers/PageExportController.php (+1 -1)
📝 app/Http/DownloadResponseFactory.php (+19 -2)
📝 app/Http/Middleware/PreventResponseCaching.php (+14 -0)
📝 app/Http/RangeSupportedStream.php (+2 -2)
➕ app/Theming/ThemeController.php (+31 -0)
📝 app/Theming/ThemeService.php (+9 -0)
📝 app/Uploads/FileStorage.php (+5 -4)
📝 app/Uploads/ImageStorageDisk.php (+5 -4)
➕ app/Util/FilePathNormalizer.php (+17 -0)
📝 app/Util/WebSafeMimeSniffer.php (+14 -2)
📝 dev/docs/logical-theme-system.md (+3 -1)
📝 dev/docs/visual-theme-system.md (+24 -1)
📝 routes/web.php (+7 -1)
📝 tests/ThemeTest.php (+28 -0)

📄 Description

Allows files to be placed within a public/ folder within a theme directory which the contents of will served by BookStack for access. For #3904

A file placed at <theme_folder>/public/cat.jpg could be accessible at /theme/<theme_folder>/cat.jpg.
Theme name included for potential multi-theme compatibility.

Considerations

Only "web safe" content-types are provided (to limit access surface area of serving html/php files).
A static 1 day cache time it set on served files (could be override at webserver level if needed).

Todo

Testing
Update dev docs for theme systems

Doc Updates

Note potential breaking change/exposure if a public/ theme folder already exists.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BookStackApp/BookStack/pull/5405 **Author:** [@ssddanbrown](https://github.com/ssddanbrown) **Created:** 1/13/2025 **Status:** ✅ Merged **Merged:** 1/14/2025 **Merged by:** [@ssddanbrown](https://github.com/ssddanbrown) **Base:** `development` ← **Head:** `public_theme_files` --- ### 📝 Commits (3) - [`593645a`](https://github.com/BookStackApp/BookStack/commit/593645acfe8521db97d7469c92546c8529703969) Themes: Added route to serve public theme files - [`481580b`](https://github.com/BookStackApp/BookStack/commit/481580be172a4813ee98ad1b945d12d731e71cdb) Themes: Added testing and better mime sniffing for public serving - [`25c4f4b`](https://github.com/BookStackApp/BookStack/commit/25c4f4b02ba06f66f5239de48ae005f895146f8d) Themes: Documented public file serving ### 📊 Changes **17 files changed** (+183 additions, -22 deletions) <details> <summary>View changed files</summary> 📝 `app/App/helpers.php` (+2 -2) 📝 `app/Exports/Controllers/BookExportController.php` (+1 -1) 📝 `app/Exports/Controllers/ChapterExportController.php` (+1 -1) 📝 `app/Exports/Controllers/PageExportController.php` (+1 -1) 📝 `app/Http/DownloadResponseFactory.php` (+19 -2) 📝 `app/Http/Middleware/PreventResponseCaching.php` (+14 -0) 📝 `app/Http/RangeSupportedStream.php` (+2 -2) ➕ `app/Theming/ThemeController.php` (+31 -0) 📝 `app/Theming/ThemeService.php` (+9 -0) 📝 `app/Uploads/FileStorage.php` (+5 -4) 📝 `app/Uploads/ImageStorageDisk.php` (+5 -4) ➕ `app/Util/FilePathNormalizer.php` (+17 -0) 📝 `app/Util/WebSafeMimeSniffer.php` (+14 -2) 📝 `dev/docs/logical-theme-system.md` (+3 -1) 📝 `dev/docs/visual-theme-system.md` (+24 -1) 📝 `routes/web.php` (+7 -1) 📝 `tests/ThemeTest.php` (+28 -0) </details> ### 📄 Description Allows files to be placed within a `public/` folder within a theme directory which the contents of will served by BookStack for access. For #3904 A file placed at `<theme_folder>/public/cat.jpg` could be accessible at `/theme/<theme_folder>/cat.jpg`. Theme name included for potential multi-theme compatibility. ### Considerations - Only "web safe" content-types are provided (to limit access surface area of serving html/php files). - A static 1 day cache time it set on served files (could be override at webserver level if needed). ### Todo - [x] Testing - [x] Update dev docs for theme systems ### Doc Updates - Note potential breaking change/exposure if a `public/` theme folder already exists. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

OVERLORD added the pull-request label 2026-02-05 10:33:37 +03:00

OVERLORD closed this issue

2026-02-05 10:33:38 +03:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#6490